OSF hereby grants permission to all interested parties to copy and distribute this copyrighted material, provided that it is copied only in its entirety, and without any alterations or additions. Also, this notice, in its entirety, must be prominently and conspicuously placed on all copies.

(c) Copyright 1992. Open Software Foundation, Inc. All Rights Reserved.

The OSF(tm) Distributed Computing Environment

The availability of personal computers, workstations, local area networks (LANs), and high performance wide area networks (WANs) is dramatically changing the way information is processed. No longer are dedicated, single- user systems the norm. Today, users expect to be able to reach beyond the limits of their desktop computers to a wider level of features, functionality and performance. Interoperability in heterogeneous, networked environments is the goal.

To achieve interoperability, users need an environment in which all systems and their resources are widely available. Networks, which provide communication, are only part of the solution. A distributed computing environment goes beyond simple communication. It provides a wide range of computer services to applications regardless of the location of the user, the application, or the required resources. This allows applications to provide users with better performance and more effective use of computing resources on the network.

The OSF Distributed Computing Environment (DCE) is a comprehensive, integrated set of services that supports the development, use and maintenance of distributed applications. The availability of a uniform set of services, anywhere in the network, enables applications to effectively harness the power that tends to lie unused in many networks.

The DCE also is operating system- and network-independent, providing compatibility with users' existing environments. This compatibility is strengthened with innovation -- a comprehensive set of state-of-the-art distributed services which provide the industry's only commercial-quality, interoperable distributed computing environment.

OSF's Role in Distributed Computing

Surveys of users, independent software vendors and system vendors -- including a survey of its members conducted by OSF, and X/Open's Open Systems Directive -- have pointed to interoperability as the greatest need facing the industry. Many vendors and organizations have developed partial solutions, but until now, none had provided a complete distributed computing environment.

The architecture of the DCE (Figure 1) is a layered model which integrates a set of technologies, described in more detail in the sections which follow. The architecture is layered bottom-up from the most basic, or supplier services (the operating system), to the highest-level consumers of services (applications). Security and management are essential to all layers of the environment. To applications, the environment appears as a single logical system rather than a collection of disparate services.

Through its open process, OSF has reviewed and selected the best technologies to provide a fully integrated, coherent, stable distributed processing environment based on an architecture designed to accommodate the inclusion of new technologies in the future.

OSF Distributed Computing Environment Architecture -- Figure 1

Distributed Computing Environment Overview

Computer users require a communications environment that will allow information to flow from wherever it is stored to wherever it is needed, without exposing the network's complexity to the end user, system administrator or application developer. The architecture of OSF's DCE masks the physical complexity of the networked environment and provides a layer of logical simplicity. The offering is composed of a set of services that can be used, separately or in combination, to form a distributed computing environment. The services are organized into two categories:

Fundamental Distributed Services provide tools for software developers to create the end-user services needed for distributed computing. They include

Data-Sharing Services provide end users with capabilities built upon the Fundamental Distributed Services. These services require no programming on the part of the end user and facilitate better use of information. They include

Fundamental Distributed Services

The Fundamental Distributed Services form the base set of services and tools that can be used by developers to build distributed environments and applications for end users.

REMOTE PROCEDURE CALL

The OSF Remote Procedure Call (RPC) capability is based on a simple premise: make individual procedures in an application run on a computer somewhere else in the network. In this way, it distributes application execution. OSF's RPC extends the local procedure call model by supporting direct calls to procedures on remote systems, enabling programmers to develop distributed applications as easily as traditional, single-system programs. RPC presentation services mask the differences between data representations on different machines, allowing programs to work across heterogeneous systems.

OSF's RPC provides programmers with powerful tools necessary to build client/server applications. It includes two major components:

Features and Benefits

Integration with Threads Service Ð Allows clients to interact with multiple servers and servers to handle multiple clients simultaneously.

Directory Service independence
Allows clients to identify and locate servers by name. RPC applications, integrated with the Directory Service, are insulated from the details of the service, thus allowing them to take advantage of future enhancements.

Ease of use
RPC features an easy-to-understand interface definition language that allows programmers to specify the operations exported by a server to clients.

Network and protocol independence
OSF's RPC provides the same behavior for applications regardless of the transport service used; applications need not be rewritten for different transport services. Both connectionless and connection-oriented transports are supported.

Secure RPC
OSF's RPC provides secure communication between a client and a server, allowing developers to build secure distributed applications. The DCE RPC is fully integrated with the DCE Security Service to guarantee authenticity, integrity, and privacy of communications.

Support for large data-processing applications
RPC supports large data- processing applications by permitting unlimited argument size, efficiently handling bulk data.
Internationalization support
RPC supports data types from multibyte character sets, such as those used by Japanese, Arabic, and Chinese languages, in a manner consistent with ISO standards.

DISTRIBUTED DIRECTORY SERVICE

OSF's Distributed Directory Service provides a single naming model throughout the distributed environment. This model allows users to identify by name resources such as servers, files, disks, or print queues, and gain access to them without needing to know where they are located in a network. As a result, users can continue referring to a resource by one name even when a characteristic of the resource, such as its network address, changes.

Features and Benefits

The OSF Directory Service provides a number of features and benefits important in a distributed, networked environment, including

Integration of Directory Systems
OSF's Directory Service seamlessly integrates the X.500 global naming system with a fast replicated local naming system. Programmers can move transparently from environments supporting full ISO functionality to those supporting only the local naming service component. The system allows the transparent integration of other services, such as distributed file services, into the Directory Service.
Full X.500 support
The global portion of the Directory Service offers full X.500 functionality through the X/Open Directory Service API and through a standard management interface.
Replication
The Directory Service allows users or administrators to create multiple copies of critical data, assuring availability across communication and hardware failures. It also provides a sophisticated update mechanism that ensures consistency. Changes to names or their attributes are automatically propagated to all replicas. In addition, replication allows names to be replicated near the people who use them, providing better performance.
Caching
The Directory Service caches the results of lookups, greatly increasing the efficiency and speed of subsequent lookups of the same name.
Security
The Directory Service is integrated with the Security Service, which provides secure communications. Sophisticated access control provides protection for entries. Scalability
OSF's Directory Service can accommodate large networks as easily as small ones. The ability to add servers, directories, and directory levels makes painless growth possible.
Transport independence
OSF's Directory Service is implemented on top of the OSF RPC, which operates transparently over a wide range of transports. This allows the Directory Service to work in LAN as well as WAN environments.

TIME SERVICE

Many applications need a single time reference to schedule activity and determine event sequencing and duration. Different components of a distributed application may obtain the time from clocks on different computers. A distributed time service regulates the system clocks in a computer network so that they closely match each other, providing accurate time for distributed applications.

The OSF distributed Time Service is a software-based service that synchronizes each computer to a widely-recognized time standard. This provides precise, fault-tolerant clock synchronization for systems in both local area networks and wide area networks. OSF's Time Service software is integrated with the RPC, Directory, and Security services.

To support distributed sites using the Network Time Protocol (NTP), the OSF Time Service also permits the use of time values from outside sources.

Features and Benefits

OSF's Time Service provides valuable services for computer networks and distributed applications, including keeping track of the time in a network and tracking the accuracy associated with each clock. These services allow reliable comparison of time stamps in the distributed environment.

Reliable Distributed Operation
The Time Service allows reliable comparison of time stamps in a distributed system.
Tolerance
The Time Service identifies servers with faulty clocks and does not use their time values during clock synchronizations.
Management
OSF's Time Service requires little system administrator support and offers a user interface for controlling and monitoring the software.

THREADS SERVICE

Programmers want to exploit the computing power and inherent parallelism available throughout the distributed environment. The OSF Threads Service provides portable facilities that support concurrent programming, allowing an application to perform many actions simultaneously. While one thread executes a remote procedure call, another thread can process user input. The Threads Service includes operations to create and control multiple threads of execution in a single process and to synchronize access to global data within an application. Because a server process using threads can handle many clients at the same time, the Threads Service is ideally suited to dealing with multiple clients in client/server-based applications. The Threads Service is used by a number of DCE components, including Remote Procedure Call; Security, Directory, and Time services; and the Distributed File System.

Features and Benefits

Easy-to-use concurrency mechanism
The Threads Service provides a simple programming model for building concurrent applications.
Multi-language support
Services are easy to access from C and other high- level languages.
Transparent multiprocessing support
Applications need not know whether threads are executing on one or several processors.

SECURITY SERVICE

In most conventional timesharing systems, the operating system authenticates the identity of users and authorizes access to resources. In a distributed computing environment, however, where activities span multiple hosts with multiple operating systems, authentication and authorization require an independent security service that can be trusted by many hosts. OSF's Distributed Computing Environment provides such a service. The DCE Security Service component is well integrated within the fundamental distributed service and data-sharing components. It provides the network with three conventional services: authentication, authorization, and user account management. These facilities are made available through a secure means of communication that ensures both integrity and privacy.

SECURE RPC

In order to use authentication and authorization services effectively, users must be able to protect the integrity of communications. OSF's RPC supports secure communications in the distributed environment by allowing detection of message corruption. It also ensures the privacy of confidential information.

KERBEROS AUTHENTICATION

OSF's distributed Security Service incorporates an authentication service based on the Kerberos(tm) system from MIT's Project Athena. Kerberos is a trusted service that validates the identity of a user or service, preventing fraudulent requests.

AUTHORIZATION TOOLS

After users are authenticated, they must receive authorization to use resources, such as files. The Authorization facility gives applications the tools they need to determine whether a user should have access to resources. It also provides a simple and consistent way to manage access control information. OSF's Authorization Tools are well integrated with the Authentication Service.

USER REGISTRY

Every computer system requires a mechanism for managing user account information. OSF's User Registry solves the traditional problems of user account control in distributed, multivendor networks by providing a single, scalable system for consolidating and managing user information. The User Registry ensures the use of unique user names and passwords across the distributed network of systems and services, ensures the accuracy and consistency of this information at all sites, and provides security for updates and changes. It maintains a single, logical database of user account information including user and group naming information, login account information, and general system properties and policies. It is well integrated with Kerberos to provide an integrated, secure, reliable user account management system.

Features and Benefits

The Security Service provides features essential to maintaining the integrity, privacy and authenticity of the distributed environment. These include
Distributed Authentication Service
This trusted service allows multiple hosts and operating systems to trust the authenticity of requests made across the network.
Single Repository
The User Registry provides a single repository of user account information, eliminating the potential for conflicts in logins and passwords.
Privilege Management
This feature allows users to be identified by individual user privilege and by group membership. Privileges can be fine- tuned to match a task.
High Availability
The User Registry database is replicated around the network, providing high availability and quick responsiveness to queries.
Time, effort, and cost savings
The User Registry simplifies system administration and eliminates the need for training on different systems.

DATA-SHARING SERVICES

Data-Sharing Services in the OSF Distributed Computing Environment are built upon the Fundamental Distributed Services. Once integrated with the operating system, they provide end users and developers with key functionality without the need for additional programming.

DISTRIBUTED FILE SYSTEM

OSF's key information-sharing component is the Distributed File System. By joining the file systems of individual workstations and providing a consistent interface, the Distributed File System makes global file access as easy as local access.

The OSF Distributed File System utilizes the client/server model common to other distributed file systems. It is easy to use, provides good performance and is easy to manage and administer. The file system gives users a uniform name space, file location transparency, and high availability. It performs exceptionally well across long distances and with large numbers of users.

Reliability is enhanced with a log-based physical file system which allows quick recovery after server failures. Files and directories are replicated invisibly on multiple machines, providing reliable file access and availability, even when servers fail. Security is provided through the use of a secure RPC service and Access Control Lists (ACLs).

Features and Benefits

The OSF Distributed File System solves the problem of accessing remote files in a convenient, timely fashion, regardless of installation size, geographic location or hardware types. The Distributed File System appears to the user as a local file system, providing access to files from anywhere in the network for any user, with the same filename used by all. Additionally, the Distributed File System provides
Interoperability
The Distributed File System interoperates with the Network File System (NFS(r)) from Sun Microsystems. The Distributed File System can communicate with and provide file services to clients of other file services.
High Performance
In OSF's Distributed File System, copies of currently- used files are cached on a user's workstation, providing access to these files without having to go across the network and retrieve them from a file server. This leads to improved performance, reduced network load, better server load balance and lower communication costs.
Scalability
The Distributed File System supports both small, local groups of users, and large groups of thousands of users across wide-area networks without loss of performance.
Security
The Distributed File System is built upon OSF's secure RPC. Users can fine-tune access to their own files and directories through access control lists (ACLs), which allow access to groups and/or individual users.

DISKLESS SUPPORT

The OSF Distributed File System accommodates diskless workstations and provides well-defined, general-purpose protocols for diskless support.

Features and Benefits

Lower cost
Diskless support allows low-cost workstations to use disks on servers instead of expensive local disks.
Performance
Diskless support provides high throughput with minimal network overhead.

DCE and the Desktop

The trend among computer users is to downsize and distribute resources. The result is an assortment of individual low-end computers connected to the network. DCE allows the processing power inherent in the network to be extended to large numbers of nodes.

DCE extends the power of the network -- and all its resources -- to individual users on PCs and Macintosh(r) computers. As a result, PCs and Macintosh machines interconnected by LANs or network servers are no longer isolated. With DCE, they become trusted peer-level client systems that can reach out to servers for valuable information and processing services.

The DCE provides capability beyond that provided by some network operating system technologies. Those technologies extend the benefits of multi-user systems to low-end and single-user systems. For example, they allow stand-alone applications running on a PC to access shared files and peripherals in a distributed environment. Full-function DCE on PC platforms provides this support and more. It supports not only stand-alone applications that currently are available from products such as PC-NFS(r) and LAN Manager for UNIX, but also supports network-aware applications such as network licensing and installation.

When ported to an MS-DOS(r) or Macintosh environment, DCE allows personal computers to interoperate with all other DCE-compliant systems as trusted peers. DCE also provides software developers APIs that ease the development of distributed applications for personal computers.

Features and Benefits

Support for development of distributed applications
The DCE RPC allows low-end systems to interoperate with other architectures and share applications with other systems in the network.
DCE Directory Services
Users of low-end systems can take advantage of Directory Services for easy access to information and compute resources distributed throughout the enterprise.
File Support
PCs running OS/2(r) and MS-DOS as well as Macintosh computers can view, copy, and move files to and from systems running the UNIX operating system as well as to and from proprietary systems.
Security
The DCE Security Service provides a powerful, flexible security mechanism, including both user- and share-level security.

Support for Standards

The DCE supports International Open Systems Interconnect (OSI) standards, which are critical to global interconnectivity. The ISO directory system, also known as CCITT X.500, is an example of a standard in an area fundamental to distributed computing. In addition, DCE implements other ISO standards such as the Remote Operations and Association Control Service Elements (ROSE and ACSE), and the ISO session and presentation services.

The Distributed Computing Environment also supports Internet standards such as the TCP/IP transport and network protocols, as well as the Domain Name System and Network Time Protocol provided by Internet.

As a member of X/Open, OSF is committed to providing software that meets the X/Open guidelines for directory services, transport services including the X/Open Transport Interface (XTI).

Users who wish to track industry standards can benefit from early adoption of OSF's Distributed Computing Environment. As new standards develop in areas related to distributed computing, OSF will implement them.

Operating System and Network Independence

OSF's Distributed Computing Environment can be used on a variety of networks and operating systems by system vendors, software developers or end users. It can be used with any network hardware and transport software, including TCP/IP, OSI, and X.25, as well as other similar products.

The Distributed Computing Environment is a portable implementation, written in standard C, which makes use of standard interfaces for operating system services, such as POSIX and X/Open guidelines. It can be ported easily to OSF/1(tm), AIX(tm), DOMAIN OS(tm),ULTRIX(tm), HP-UX(tm), SINIX(tm), SunOS(tm), and UNIX(r) System V operating systems.

In addition, because it is delivered in source form, the Distributed Computing Environment can be tailored to system environments that offer similar services but different interfaces. Examples are VMS(tm), OS/2 and other operating systems.

Conclusion

OSF's Distributed Computing Environment is the first of its kind--a fully- integrated distributed environment incorporating leading technology from the worldwide industry. No company or organization alone could have developed, integrated and delivered a vendor-neutral, interoperable, extensible distributed environment. OSF's open process provided the means for the worldwide computer industry to address and solve its number one problem: interoperability in heterogeneous, networked environments.

The OSF Distributed Computing Environment is a complete set of well- integrated enabling system services. It provides operating system and network independence, enabling users to obtain the maximum value from their installed systems and networks, while providing an innovative architecture designed to permit the inclusion of new technologies. Each component is a mature, proven technology. Taken as an integrated whole, OSF's Distributed Computing Environment forms a comprehensive software platform on which distributed applications can be easily built, executed, and maintained.

(c) Copyright 1992. Open Software Foundation, Inc. All Rights Reserved.

Printed in U.S.A.