DCE at University of Stuttgart Can distributed information be
both secure and accessible?
The University of Stuttgart is proving the value of DCE for serving hundreds of academic
and commercial clients.
"We're aiming to be Germany's first national supercomputing center", says
Walter Wehinger, systems manager at RUS, the computing center of the University of
Stuttgart. In addition to serving the University's 22,500 students, RUS also sells
scientific and technical computing services to the region's academic and business
communities.
"The security that DCE provides is a priority, because we sell our powerful
computing resources to commercial companies as well as other university and research
institutions."
Walter Wehinger
RUS systems manager
Demands on the network are heavy: with educational and commercial customers combined,
RUS handles more than a million files each day, many of them larger than 1 Megabyte. It
runs the university's own LAN with nearly 5,000 nodes (UNIX workstations and PCs), and
also runs the LAN for more than 130 educational institutions in the State of
Baden-Wurtemberg. Further, RUS is a powerful computing resource for the region's famous
industrial companies, including Porsche and Mercedes-Benz. Focused on engineering, the
specialist departments at the University of Stuttgart attract one third of their funds
from external sources--the largest percentage of all the technical universities in
Germany. Because of this, departments are free to invest their own IS budget--with the
result that while the university built up considerable experience, it also ended up with
many different machines and networks. Increasingly, the workload of supporting them was
eating into valuable research time, so the university looked to RUS for a solution.
In 1991, RUS defined three fundamental requirements:
- Transparent access to consistent data across the network, without users having to know
the data's location, format, or other details Protected access to resources, conforming to
different security requirements for internal and external clients
- Cost-effective management of the heterogeneous client/server network
"The goal of a campus-wide DCE cell is to provide a transparent single system
image to all users at the University."
Walter Wehinger
"IBM's help was excellent: we wanted to implement DCE as early as possible, and
IBM worked with us to create the DCE cell."
Gehard Rentschler
RUS systems engineer
DCE was new--but right for the job
With IBM's help, RUS began a project to evaluate the available distributed computing
technologies, including the Open Software Foundation's Distributed Computing Environment
(DCE), which is open to any vendor.
Although it was barely out of the blueprint state, DCE met the challenges with the
required features and functions. In late 1992, RUS and IBM began a test program using the
AIX implementation of DCE.
Within a few months, RUS was operating its first truly distributed environment, having
successfully migrated from a centralized structure. By keeping the goals and requirements
clearly in mind during the project, RUS was able to make the best technical choices along
the way.
Critical factor one: A truly transparent and scalable distributed file system
Since RUS was planning to distribute data previously held on a mainframe, consistency
across the campus was a major concern. Although RUS had some experience with Network File
System (NFS), an existing technology for file storage and administration, there was
uncertainty about its ability to support large numbers of users.
Instead, the Center chose to move ahead with the Andrew File System (AFS). This is the
base distributed file server technology selected by OSF for its Distributed File System
(DFS), so it was easy to move to DFS when the RISC System/6000 cluster was installed. DFS
clients are included with the AIX operating system, IBM's implementation of UNIX.
"We had to provide a single system image for users," says Dr. Dieter Mack.
"They're not interested in network addresses, system names, or where the data is
located. The basic product we needed was the Global File System, which is DFS."
DFS extends transparency to a much higher degree than NFS by presenting all files in
the network as a single directory structure. DFS users can access files within their cell
by name, without knowing whether the files are local or remote, or even which server
stores the files.
It also greatly simplifies data administration. Through its Local File System (LFS),
DFS allows groups of files, called filesets, to be replicated, migrated, backed up, and
restored online--transparently to the user.
DFS backs its transparency with efficient client-side caching and robust
synchronization to ensure that all users on the network are provided with consistent
versions of the files they access, regardless of their physical location. At the same
time, caching also reduces load on the network since file data can be obtained from the
client cache instead of from the file server itself.
Replication improves data availability and enables load-sharing by routing client
requests across multiple servers. As a result of its efficient caching and load-balancing,
DFS can realistically be scaled to much larger configurations than NFS. DFS is integrated
with the DCE Security and Directory services.
One large organization in the US reports that they need only one administrator for
every 1,000 users with DFS, instead of one per 100-150 users with NFS.
DFS also allows for a very detailed, granular approach (even allowing users to lock
individual directories if required).
Applications that enhance DCE include the NFS/DFS gateway. This provides a migration
path to the great function of DFS for companies with many NFS users.
Critical factor two: Campus-wide, client/server security
The choice of DCE also provides RUS and its clients with security far beyond conventional
password levels. It entrusts security NOT to the client or the server, but to a
"third party"--a dedicated and physically secure DCE security server. The
security server controls three security processes: The first is
"Authentication," to identify both the client and the server. This involves a
complex process of encrypted tickets, and thus avoids the exposure of sending passwords
over the network. The second is "Authorization," which determines whether that
client has the right to access the resources it is requesting (the server holds access
control lists). The third process is "Encryption," based on the DES encryption
algorithm that enables an organization to choose various levels of security up to full
encryption with all data encoded. All of this complexity is hidden from users. What they
see is a simple means of using one password and one user name to gain access to any data
to which they are entitled, anywhere on the network, without having to ask for access to
individual networks and servers.
"You have to grasp a completely new idea: you don't care where the data is
located, you just use it!"
Dr. Dieter Mack
RUS systems engineer
Critical factor three: Real, measurable benefits for RUS
- Reduced administration and management because changes are made only once at a single
point in the DCE cell for distribution across the whole network
- Tighter security through a dedicated security server for both internal and external
clients
- Consistent data because DFS holds only one logical copy of a file for the whole network,
no matter how many cache copies exist
- Flexibility to add to the network easily because DCE is a true open system, multi-vendor
technology
- Single system image provides easier access to data anywhere in the network for
authorized users, with just one password
For today and the future
Today, RUS runs a highly successful DCE environment driven by IBM RISC System/6000s, and
is currently adding an IBM SP2 Supercomputer to this cluster to provide most of the
general services for the network. Clients are truly multi-vendor--with machines from DEC,
SUN, and Hewlett-Packard. One DCE cell can service thousands of clients. It consists of a
Security Server, several Distributed File Servers, (DFS services), Time Servers (to
coordinate time across the network), and Directory Services (to locate resources easily).
With the first DCE cell established in the computing center, RUS is now working to extend
the DCE environment across the University campus, using IBM tools supplied with AIX 4.1.
"We can use these easy tools for 75% of our work", says systems engineer Gerhard
Rentschler. "And they're a great help for beginners."
DCE: Delivering the promise of client/server
"A single system image of all the organization's data and easy management of
change" are the promises of client/server computing. But as more companies follow the
trend towards downsized client/server networks, some find the promise elusive. Security,
scalability and administration costs are three of the key issues. For example, the simple
addition of a new user can require the definition to be added to every server in the
network.
DCE cuts through these problems and helps deliver the true benefits of client/server
networks.
It consists of the following services:
- Remove procedure call (RPC), a common synchronous communications mechanism between
processes which provides strong support for large, enterprise-wide network configurations
- Directory and naming service, which enables clients to locate resources easily
- Security service, based on Kerberos from MIT (authentication, authorization, encryption)
- Distributed time services, which implements a common time standard for the distributed
network
- Threads, which allow development of multi-threaded applications that can dramatically
improve performance
- Distributed File Systems (DFS) which runs on top of the DCE infrastructure to provide a
Global File System, a single directory structure
DCE clients and servers can run on many IBM and non IBM platforms.