ASCI logo AASCI - Distributed Computing Environments Production Support
Facility Tri-Lab Collaborative Computing


Mission The Tri-Lab Distributed Computing team (a consortium of computer scientists from Lawrence Livermore, Los Alamos, and Sandia National Laboratories) is collaborating on a project to provide a common set of distributed computing services at each of the three laboratories to facilitate the joint development and use of terascale applications. These distributed computing services are structured to give users a single view of the unique ASCI high-performance computing resources in a secure, user-authenticated environment with a common home directory.
Impact The success of the ASCI Problem Solving Environment (PSE) depends greatly on the use of a common set of distributed computing software across the ASCI complex to smoothly extend the computational reach of customers from their desktops to the unique resources installed at any of the Tri-Lab sites. The middleware component of the PSE is the Open Software Foundation's Distributed Computing Environment (OSF/DCE). We are planning to support all user services and PSE layered products (e.g., Distributed Resource Management, High Performance Storage System, Distributed Visualization, Scientific Data Management) over the DCE components.

The Open Software Foundation's Distributed Computing Environment (OSF/DCE) provides services and tools that support the creation, use, and maintenance of distributed applications in a heterogeneous computing environment. Distributed computing involves the cooperation of two or more machines communicating over a network. DCE provides services that allow distributed applications to interact securely with a collection of possibly heterogeneous computers, operating systems, and networks as if they were a single system.
The most important DCE application is the Distributed File Service (DFS), which forms the foundation of the PSE global file system. Through the planning and cooperation of the Tri-Lab sites, an authorized customer will be able to access one common home directory from any of the three sites and, through the use of fine-grain access controls, securely share classified information via the Web.

Main Window image

Multi-Site Infrastructure

DCE Production Cells
DCE production cells are administrative domains of server machines that offer DCE core and distributed file services, and client processes that make use of these services. The DCE core services include the Security Service, Cell Directory Service, Global Directory Agent, and Time Service. All use POSIX threads to process multiple requests concurrently and the DCE Remote Procedure Call (RPC) for secure communication with the client processes. The DCE Project team will leverage the availability of the DCE core services on multiple vendor operating systems and configure the services to provide consistency across the three laboratories. Because much of the ASCI work is classified, the most important of the core services is the Security Service.
The Tri-Lab environment requires a common, network-based, secure authentication and authorization mechanism to support the common environment. Inter-cell trust relationships enable a user with a single authentication sign-on, with no transmission of clear text passwords over the network, to access those ASCI resources for which the user is authorized. Each Need To Know group will have the responsibility for creating and maintaining the access control lists (ACL), which limit the exposure of the group's shared information.
Efforts in early FY97 will concentrate on providing secure and consistent access to the Options Red and Blue initial delivery machines from any Tri-Lab site. This requires accreditation of DCE in the Tri-Lab (SecureNet) environment, interoperability with Kerberos clients, and the establishment of inter-cell trust relationships. We will also refine production systems, upgrade to DCE 1.2.1, and prepare for upgrade to DCE 1.2.2.

Main Window image

DCE-Web product plans

Distributed File Service (DFS) Production Servers

The Distributed File Service (DFS) is the foremost DCE application because its tight integration with DCE provides a secure, location-independent, and efficient means of building a global file system. Any user in the ASCI Tri-Lab environment can share data by placing it in the global namespace. The data is then accessible to a userŠspecified list of authorized clients.
DFS serves as an implicit part of the file-sharing infrastructure for the Problem Solving Environment. In order to make PSE effective, we will need to develop a global file structure that is shared between the laboratories.
We will build on the experience gained from establishing DFS production servers in the open environment at each site by deploying DCE/DFS clients with which users can access shared home directories from their desktops. Once security and test plans are approved, we will bring this same service to the closed environment. By deploying clients and establishing cooperative agreements between administrators of the DFS servers, we will construct a DFS backbone, or global file system.


Several commercial products based on the DCE Web technology are being evaluated for their utility in exchanging sensitive and classified information via the World Wide Web. This technology offers secure communication using the DCE RPC between any commercial Web browser and the Wand (Web and DCE) server. In addition, it provides access protection down to the URL level for any information stored on the server.

DCE Desktop Deployment

The services offered by the DCE cells will be useful to the customers and their organizations only if we make a concerted effort to integrate the local computing environments and desktops at each site into the DCE. Our goal is to make the transition to full desktop use of DCE as painless as possible; therefore, a major effort will be undertaken to put DCE on users' desktops in various organizations supporting ASCI and to build system manager DCE knowledge in those environments.

Object-based Distributed Computing Environments

DCE is a major part of the Problem Solving Environment and is the only complete distributed environment with integrated security and file systems. Object-based technologies are, however, of more interest to some developers of distributed applications for ASCI. The Legion Project, partially funded by ASCI, is one such object-based environment that needs to be integrated into the ASCI distributed environment. The Common Object Request Broker Architecture (CORBA) and use of CORBA by such systems as POOMA must also be integrated into the ASCI distributed environment. We don't expect to completely solve these issues in FY97, but progress in this area is essential to make these environments useful for ASCI.

For more information, contact:
Bob Tomlinson, LANL,
Barry Howard, LLNL (lead PI),
Doug Brown, SNL,

Joanne Perra: Webmaster
Kay Rivers: Designer/Author