Can distributed information be both secure and accessible?
The University of Stuttgart is proving the value of DCE for serving hundreds of academic and commercial clients.

"We're aiming to be Germany's first national supercomputing center", says Walter Wehinger, systems manager at RUS, the computing center of the University of Stuttgart. In addition to serving the University's 22,500 students, RUS also sells scientific and technical computing services to the region's academic and business communities.

"The security that DCE provides is a priority, because we sell our powerful computing resources to commercial companies as well as other university and research institutions."

Walter Wehinger
RUS systems manager

Demands on the network are heavy: with educational and commercial customers combined, RUS handles more than a million files each day, many of them larger than 1 Megabyte. It runs the university's own LAN with nearly 5,000 nodes (UNIX workstations and PCs), and also runs the LAN for more than 130 educational institutions in the State of Baden-Wurtemberg. Further, RUS is a powerful computing resource for the region's famous industrial companies, including Porsche and Mercedes-Benz. Focused on engineering, the specialist departments at the University of Stuttgart attract one third of their funds from external sources--the largest percentage of all the technical universities in Germany. Because of this, departments are free to invest their own IS budget--with the result that while the university built up considerable experience, it also ended up with many different machines and networks. Increasingly, the workload of supporting them was eating into valuable research time, so the university looked to RUS for a solution.

In 1991, RUS defined three fundamental requirements:

• Transparent access to consistent data across the network, without users having to know the data's location, format, or other details Protected access to resources, conforming to different security requirements for internal and external clients
• Cost-effective management of the heterogeneous client/server network

"The goal of a campus-wide DCE cell is to provide a transparent single system image to all users at the University."

Walter Wehinger

"IBM's help was excellent: we wanted to implement DCE as early as possible, and IBM worked with us to create the DCE cell."

Gehard Rentschler
RUS systems engineer

DCE was new--but right for the job
With IBM's help, RUS began a project to evaluate the available distributed computing technologies, including the Open Software Foundation's Distributed Computing Environment (DCE), which is open to any vendor.

Although it was barely out of the blueprint state, DCE met the challenges with the required features and functions. In late 1992, RUS and IBM began a test program using the AIX implementation of DCE.

Within a few months, RUS was operating its first truly distributed environment, having successfully migrated from a centralized structure. By keeping the goals and requirements clearly in mind during the project, RUS was able to make the best technical choices along the way.

Critical factor one: A truly transparent and scalable distributed file system
Since RUS was planning to distribute data previously held on a mainframe, consistency across the campus was a major concern. Although RUS had some experience with Network File System (NFS), an existing technology for file storage and administration, there was uncertainty about its ability to support large numbers of users.

Instead, the Center chose to move ahead with the Andrew File System (AFS). This is the base distributed file server technology selected by OSF for its Distributed File System (DFS), so it was easy to move to DFS when the RISC System/6000 cluster was installed. DFS clients are included with the AIX operating system, IBM's implementation of UNIX.

"We had to provide a single system image for users," says Dr. Dieter Mack. "They're not interested in network addresses, system names, or where the data is located. The basic product we needed was the Global File System, which is DFS."

DFS extends transparency to a much higher degree than NFS by presenting all files in the network as a single directory structure. DFS users can access files within their cell by name, without knowing whether the files are local or remote, or even which server stores the files.

It also greatly simplifies data administration. Through its Local File System (LFS), DFS allows groups of files, called filesets, to be replicated, migrated, backed up, and restored online--transparently to the user.

DFS backs its transparency with efficient client-side caching and robust synchronization to ensure that all users on the network are provided with consistent versions of the files they access, regardless of their physical location. At the same time, caching also reduces load on the network since file data can be obtained from the client cache instead of from the file server itself.

Replication improves data availability and enables load-sharing by routing client requests across multiple servers. As a result of its efficient caching and load-balancing, DFS can realistically be scaled to much larger configurations than NFS. DFS is integrated with the DCE Security and Directory services.

One large organization in the US reports that they need only one administrator for every 1,000 users with DFS, instead of one per 100-150 users with NFS.

DFS also allows for a very detailed, granular approach (even allowing users to lock individual directories if required).

Applications that enhance DCE include the NFS/DFS gateway. This provides a migration path to the great function of DFS for companies with many NFS users.

Critical factor two: Campus-wide, client/server security
The choice of DCE also provides RUS and its clients with security far beyond conventional password levels. It entrusts security NOT to the client or the server, but to a "third party"--a dedicated and physically secure DCE security server. The security server controls three security processes: The first is "Authentication," to identify both the client and the server. This involves a complex process of encrypted tickets, and thus avoids the exposure of sending passwords over the network. The second is "Authorization," which determines whether that client has the right to access the resources it is requesting (the server holds access control lists). The third process is "Encryption," based on the DES encryption algorithm that enables an organization to choose various levels of security up to full encryption with all data encoded. All of this complexity is hidden from users. What they see is a simple means of using one password and one user name to gain access to any data to which they are entitled, anywhere on the network, without having to ask for access to individual networks and servers.

"You have to grasp a completely new idea: you don't care where the data is located, you just use it!"

Dr. Dieter Mack
RUS systems engineer

Critical factor three: Real, measurable benefits for RUS

• Reduced administration and management because changes are made only once at a single point in the DCE cell for distribution across the whole network
• Tighter security through a dedicated security server for both internal and external clients
• Consistent data because DFS holds only one logical copy of a file for the whole network, no matter how many cache copies exist
• Flexibility to add to the network easily because DCE is a true open system, multi-vendor technology
• Single system image provides easier access to data anywhere in the network for authorized users, with just one password

For today and the future
Today, RUS runs a highly successful DCE environment driven by IBM RISC System/6000s, and is currently adding an IBM SP2 Supercomputer to this cluster to provide most of the general services for the network. Clients are truly multi-vendor--with machines from DEC, SUN, and Hewlett-Packard. One DCE cell can service thousands of clients. It consists of a Security Server, several Distributed File Servers, (DFS services), Time Servers (to coordinate time across the network), and Directory Services (to locate resources easily). With the first DCE cell established in the computing center, RUS is now working to extend the DCE environment across the University campus, using IBM tools supplied with AIX 4.1. "We can use these easy tools for 75% of our work", says systems engineer Gerhard Rentschler. "And they're a great help for beginners."

DCE: Delivering the promise of client/server
"A single system image of all the organization's data and easy management of change" are the promises of client/server computing. But as more companies follow the trend towards downsized client/server networks, some find the promise elusive. Security, scalability and administration costs are three of the key issues. For example, the simple addition of a new user can require the definition to be added to every server in the network.

DCE cuts through these problems and helps deliver the true benefits of client/server networks.

It consists of the following services:

• Remove procedure call (RPC), a common synchronous communications mechanism between processes which provides strong support for large, enterprise-wide network configurations
• Directory and naming service, which enables clients to locate resources easily
• Security service, based on Kerberos from MIT (authentication, authorization, encryption)
• Distributed time services, which implements a common time standard for the distributed network
• Threads, which allow development of multi-threaded applications that can dramatically improve performance
• Distributed File Systems (DFS) which runs on top of the DCE infrastructure to provide a Global File System, a single directory structure