SYSTEM MODEL
From Chapter 2 of Distributed Systems
Concepts and Design,4th Edition,
By G. Coulouris, J. Dollimore and T. Kindberg
Published by Addison Wesley/Pearson
Education June 2005
1
SYSTEM MODEL
Topics
▪ Introduction
▪ Architectural Models
▪ Fundamental Models
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
2
Introduction
▪ Systems that are intended for use in real-world should be
designed to function correctly in the widest possible
range of circumstances and in the face of many possible
difficulties and threats.
▪ Some of the problems that the designers of distributed
systems face:
Widely varying modes of use:
In a website some web pages are accessed by millions of users
at a time.
Again some parts of the system may be disconnected or poorly
connected some of the time----for example when mobile
computers are included in the system.
Some applications have special requirements for high
communication bandwidth and low latency.
3
Introduction (Cont…)
Wide range of system environments:
A distributed system must accommodate heterogenous
hardware, operating systems and networks.
The network may differ widely in performance-----a wirelss
networks operate at a fraction of the speed of locan networks.
▪ Internal Problems:
Non-synchronized clocks, conflicting data update, many modes
of hardware and software failure involving the individual
components of the system
▪ External Threats:
Attacks on data integrity and secrecy, denial of service etc.
4
SYSTEM MODEL
Architectural Model
▪ An architectural model of a distributed
system is concerned with the placement of
its parts and the relationships between
them.
▪ Examples include:
Client-Server model
Peer-to-Peer model
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
5
SYSTEM MODEL
Architectural Model(Cont…)
▪ The client-server model can be modified
by:
The partition of data or replication at
cooperative servers
The caching of data by proxy servers and
clients
The use of mobile code and mobile agents
The requirement to add or remove mobile
devices in a convenient manner
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
6
SYSTEM MODEL
Architectural Model(Cont…)
▪ Some fundamental properties in
distributed systems are:
There is no global time in a distributed
system.
All communication between processes is
achieved by means of messages.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
7
SYSTEM MODEL
Architectural Model (Message
Communication Issues)
▪ Message communication over a computer
network can be affected by delays, can
suffer from a variety of failures and is
vulnerable to security attacks.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
8
SYSTEM MODEL
Introduction
▪ Message communication issues are
addressed by three models:
Interaction Model
❖ It deals with performance and with the
difficulty of setting of time limits in a
distributed system. For example, for
message delivery.
Failure Model
❖ It attempts to give a precise specification of
the faults that can be exhibited by
processes and communication channels.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
9
SYSTEM MODEL
Introduction
Security Model
❖ It discusses possible threats to processes
and communication channels. It introduces
the concept of a secure channel, which is
secure against those threats.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
10
Architectural Models-Intro
▪ An architectural model defines the way in which
the components of systems interact with one
another and the way in which they are mapped
onto an underlying network of computers.
The overall goal is to ensure that the
structure will meet present and likely future
demands on it.
Major concerns are to make the system:
❖
❖
❖
❖
Reliable
Manageable
Adaptable
Cost-effective
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
11
SYSTEM MODEL
Architectural Models-Intro
▪ An architectural Model of a distributed
system first simplifies and abstracts the
functions of the individual components of a
distributed system.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
12
SYSTEM MODEL
Architectural Models-Intro
▪ An initial simplification is achieved by
classifying processes as:
Server processes
Client processes
Peer processes
❖ Cooperate and communicate in a symmetric
manner to perform a task.
❖ This classification of processes identifies the
responsibilities of each and therefore helps us to assess
their workloads and to determine the impact of failure in
each of them.
❖ The result of this analysis can then be used to specify
the placement of the processes in a manner that meet
performance and reliability goals of the resulting system
13
SYSTEM MODEL
Software Layers
▪ Software architecture referred to:
The structuring of software as layers or modules in a single
computer and
The services offered and requested between processes
located in the same or different computers.
▪ A distributed service can be provided by one or more
server processes, interacting with each other and with
client processes in order to maintain a consistent
system-wide view of the server’s resources.
▪ Software layer can be broadly classified into two layers:
▪ Platform
▪ Middleware
14
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
SYSTEM MODEL
Software Layers
Layer N
…
Layer 2
(services offered to above layer)
Layer 1
Figure 1. Software layers
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
15
SYSTEM MODEL
Software Layers
Figure 2. Software and hardware service layers in distributed systems
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
16
SYSTEM MODEL
Software Layers
▪ Platform
The lowest-level hardware and software
layers are often referred to as a platform
for distributed systems and applications.
❖ These low-level layers provide services to
the layers above them, which are
implemented independently in each
computer.
❖ These low-level layers bring the system’s
programming interface up to a level that
facilitates communication and coordination
between processes.
(Figure 2)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
17
SYSTEM MODEL
Software Layers
▪ Common examples of platform are:
Intel x86/Windows
Intel x86/Linux
Intel x86/Solaris
SPARC/SunOS
PowePC/MacOS
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
18
SYSTEM MODEL
Software Layers
▪ Middleware
A layer of software whose purpose is
❖ to mask heterogeneity presented in
distributed systems.
❖ To provide a convenient programming
model to application developers.
Major Examples of middleware are:
❖ Sun RPC (Remote Procedure Calls)
❖ OMG CORBA (Common Request Broker
Architecture)
❖ Microsoft D-COM (Distributed Component
Object Model)
❖ Sun Java RMI
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
19
Limitation of Middleware
▪ Many distributes applications rely entirely on the services
provided by the available middleware to support their
needs for communication and data sharing.
For example an application that is suited to the client-server
model such as database of names and addresses can rely on
middleware that provides only remote method invocation.
▪ Much has been achieved in simplifying the programming of
distributed systems through the development of middleware
support but some aspect of the dependability of systems
requires support at the application level.
Consider the transfer of large e-mail from the mail host of the sender to the
receiver. At first sight this is a simple application of TCP data transmission
protocol. But if the mail is a very large file and if the network is unreliable then
TCP cannot provide recovery from major network interruption. In that case, the
mail transfer service adds another level of fault tolerance, maintaining a record of
20
progress and resuming transmission using a new TCP connection if the original
breaks.
SYSTEM MODEL
System Architectures
▪ The most evident aspect of distributed
system design is the division of
responsibilities between system
components (applications, servers, and
other processes) and the placement of the
components on computers in the network.
▪ It has major implication for:
Performance
Reliability
Security
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
21
SYSTEM MODEL
System Architectures
▪ Client-Server model
Most common architecture for distributed
systems.
Client process interact with individual
server processes in a separate host
computers in order to access the shared
resources
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
22
SYSTEM MODEL
System Architectures
Servers may in turn be clients of other
servers.
❖ E.g. a web server is often a client of a local
file server that manages the files in which
the web pages are stored.
❖ E.g. a search engine can be both a server
and a client: it responds to queries from
browser clients and it runs web crawlers that
act as clients of other web servers.
(Figure 3,4)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
23
SYSTEM MODEL
System Architectures
Figure 3. General interaction between a client and a server.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
24
SYSTEM MODEL
System Architectures
Figure 4. Clients invoke individual servers
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
25
SYSTEM MODEL
System Architectures
▪ Peer-to-Peer model
All of the processes play similar roles,
interacting cooperatively as peers to
perform a distributed activities or
computations without any distinction
between clients and servers or the
computers that they run on.
E.g., music sharing systems Napster
(Figure 5)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
26
SYSTEM MODEL
System Architectures
Figure 5. A distributed application based on the peer-to-peer architecture
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
27
SYSTEM MODEL
Variants of Client Sever Model
▪ The problem of client-server model is placing a
service in a server at a single address that does
not scale well beyond the capacity of computer
host and bandwidth of network connections.
▪ To address this problem, several variations of
client-server model have been proposed.
▪ Some of these variations are discussed in the
next slide.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
28
SYSTEM MODEL
Variants of Client Sever Model
▪Services provided by multiple servers
Services may be implemented as several
server processes in separate host
computers interacting as necessary to
provide a service to client processes.
E.g. cluster that can be used for search
engines.
(Figure 6)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
29
SYSTEM MODEL
Variants of Client Sever Model
Figure 6. A service provided by multiple servers.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
30
SYSTEM MODEL
Variants of Client Sever Model
▪Proxy servers and caches
A cache is a store of recently used data
objects.
When a new object is received at a
computer it is added to the cache store,
replacing some existing objects if
necessary.
When an object is needed by a client
process the caching service first checks
the cache and supplies the object from
there if an up-to-date copy is available.
If not, an up-to-data copy is fetched.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
31
SYSTEM MODEL
Variants of Client Sever Model
Caches may be collected with each client or they
may be located in a proxy server that can be
shared by several clients.
Web server maintain a cache of recently visited
web pages and other web resources in the
client’s local file system, using a special HTTP
request to check with the original server that
cached pages are up to date before displaying
them.
Web proxy servers provide a shared cache of
web resources for client machines at a site or
across several sites.
The purpose of web servers is to increase
availability and performance of the services by
reducing the load on the wide-area network and
web servers.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
(Figure 7)
32
SYSTEM MODEL
Variants of Client Sever Model
Figure 7. Web proxy server
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
33
SYSTEM MODEL
Variants of Client Sever Model
▪Mobile code
Mobile code is any program, application, or content capable of
movement while embedded in an email, document or website.
Mobile code uses network or storage media, such as a Universal
Serial Bus (USB) flash drive, to execute local code execution from
another computer system.
Applets are a well-known and widely used example of
mobile code.
Applets downloaded to clients give good interactive
response
The user running a browser selects a link to an applet
whose code is stored on a web server; the code is
downloaded to the browser and runs there.
An advantage of running downloaded code locally is that it
can give good interactive response since it does not suffer
from the delays or variability of bandwidth associated with
network communication.
Mobile codes such as Applets are a potential security threat
to the local resources in the destination computer.
34
SYSTEM MODEL
Variants of Client Sever Model
Browsers give applets limited access to
local resources. For example, by providing
no access to local user file system.
❖ E.g. a stockbroker might provide a
customized service to notify customers of
changes in the prices of shares; to use the
service, each customer would have to
download a special applet that receives
updates from the broker’s server, display
them to the user and perhaps performs
automatic to buy and sell operations
triggered by conditions set up by the
customer and stored locally in the
customer’s computer.
(Figure 8)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
35
SYSTEM MODEL
Variants of Client Sever Model
Figure 8. Web applets
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
36
Software Agents
(Definition)
1.
2.
3.
A software agent is a computer program that acts for a user or other
program in a relationship of agency. Such "action on behalf of" implies the
authority to decide which, if any, action is appropriate
An entity is a software agent if and only if it communicates correctly in an
agent communication language. [Genesereth and Ketchpel, 1994]
Intelligent agents continuously perform three functions: perception of
dynamic conditions in the environment; action to affect conditions
in the environment; and reasoning to interpret perceptions, solve
problems, draw inferences, and determine actions. [Hayes-Roth,
▪
1995]
Software agent is just the generic term for some sort of autonomous
process capable of reacting to and initiating changes in its environment.
The key here is that it's autonomous, i.e., it is capable of making
choices for the users(s) who have started it running.
Different Types of Agents
▪ Collaborative Agent:
Is an agent that forms part of a multiagent system, in which
agents seek to achieve some common goal through
collaboration.
A typical application where collaborative agents could be used is:
arranging a meeting.
Each attendee is represented by an agent that has access to
that user’s personal agenda.
Considering all the individual constraints with respect to time,
travel, place and so on, the separate agents would collaborate in
setting up a meeting.
▪ From the distributed system’s perspective: exactly which
information is exchanged and how is processed is of less
concern. Important is how communication takes place.
Continue…
■
Mobile Agent:
A self-contained process that can autonomously
migrate from host to host in order to perform its
task on Internet.
The motto of Mobile Agents is: (ImP)
move the computations to the data rather than the
data to the computations
Why do we need mobile
agents?
Client
Custo
mer
transfer
informati
on
buy / sell stocks
implement
Intellige
nt
Agent
Client
buy / sell
stocks
Stock market
IBM: $20
Microsoft: $21
HP: $22
Stock
server
transfer
informati
on
send
agent
implement
Mobile
Intellige
nt
Agent
…
Client
receive
agent
dispatch
buy / sell
stocks
…
Carry the
Distributed Systems
40
result
Why do we need mobile
agents?
●
We defined the scenario, such that a customer wants to trade his stocks in the
remote stock market through the Internet. The remote stock market is indicated
by a stock server, with maintains all the stock information.
●
Choice 1: sit in front of the client machine, logon to the website of the stock
market, monitor the latest stock prices and pick up the right moment for trading.
● Disadvantage: need to sit there the whole day.
● Network connection between the client machine and the stock server need
to be active all the time.
● Network traffic is heavy because the stock prices need to be updated
instantly.
●
Choice 2: implement an intelligent agent, and let the agent monitor the stock
market for the customer.
● Disadvantages: the network connection still needs to be keep active all the
time.
● Disadvantages: the network traffic for instant stock prices updating remains
the same.
Why do we need mobile
agents?
● Choice 3: implement an mobile intelligent agent, which can be delivered
to the remote server. Therefore the missions of stock trading can be
fulfilled on the remote stock server. This agent will be sent back to the
client machine carrying the trade results after finishing all the
operations.
● Advantages: the network connection only need to be available
during the periods of agent sending and returning back, which
makes the entire system more reliable.
● Advantages: the network traffic will become much less. Because the
network resources are only charged for delivering the mobile
intelligent agent, which normally will be just a small piece of code
(few k bytes).
This example shows that the mobile agent system does give us
some benefits when it is used in particular situations.
Different Types of Agents
(Continue…)
▪ Interface Agent:
Are agents that assist an end user in the use of one or more
applications.
An interface agent has learning capabilities.
The more often it interacts with the user, the better its assistance
become.
For example: special interface agent exists that actively seek to bring
buyers and sellers together.
▪ Information Agent:
The main function of these agents is to manage information from
many different sources.
Managing information includes ordering, filtering, collating and so
on.
For example: an e-mail agent may be capable of filtering unwanted
mail from its owner’s mailbox or automatically distributing
incoming mail into appropriate subject-specific mailboxes.
Software Agents in Distributed Systems
(ImP)
Property
Common to
all agents?
Description
Autonomous
Yes
Can act on its own
Reactive
Yes
Responds timely to changes in its environment
Proactive
Yes
Initiates actions that affects its environment
Communicative
Yes
Can exchange information with users and other
agents
Continuous
No
Has a relatively long lifespan
Mobile
No
Can migrate from one site to another
Adaptive
No
Capable of learning
Some important properties by which different
types of agents can be distinguished.
Distributed Systems
44
SYSTEM MODEL
Variants of Client Sever Model (Self study)
▪Network computers
▪ Applications run on a desktop computer local to the user.
▪ The operating systems and application software for
desktop computers typically require much of the active
code and data to be located on a local disk.
▪ But for the case of Network Computers:
It downloads its operating system and any application
software needed by the user from a remote file server.
Applications are run locally but the file are managed by a
remote file server.
Network applications such as a Web browser can also be
run.
Since all the application data and code is stored by a file
server, the user may migrate from one network computer to
other.
45
SYSTEM MODEL
Variants of Client Sever Model
▪Thin clients
It is a software layer that supports a window-based user
interface on a computer that is local to the user while
executing application programs on a remote computer.
This architecture has the same low management and
hardware costs as the network computer scheme.
Instead of downloading the code of applications into
the user’s computer, it runs them on a compute server.
Compute server is a powerful computer that has the
capacity to run large numbers of application simultaneously.
The compute server will be a multiprocessor or cluster
computer running a multiprocessor version of an operation
system such as UNIX or Windows.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
46
SYSTEM MODEL
Variants of Client Sever Model
Compute server
Network computer or PC
Thin
Client
network
Application
Process
Figure 9. Thin clients and compute servers
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
47
SYSTEM MODEL
Variants of Client Sever Model
▪Mobile devices and spontaneous
interoperation
Mobile devices are hardware computing
components that move between physical
locations and thus networks, carrying
software component with them.
Many of these devices are capable of
wireless networking ranges of hundreds of
meters such as WiFi (IEEE 802.11), or
about 10 meters such as Bluetooth.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
48
SYSTEM MODEL
Variants of Client Sever Model
Mobile devices include:
❖
❖
❖
❖
❖
Laptops
Personal digital assistants (PDAs)
Mobile phones
Digital cameras
Wearable computers such as smart watches
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
49
Mobile devices and spontaneous
interoperation
▪ Device mobility has many implications with several for client-server
systems among them.
▪ Both clients and servers may exist on mobile devices----mobile
clients being by far the most common case.
50
SYSTEM MODEL
Design Requirements for distributed architectures
▪Performance Issues
Performance issues arising from the
limited processing and communication
capacities of computers and networks are
considered under the following
subheading:
❖ Responsiveness
▪ Users of interactive applications require a fast
and consistent response to interaction; but client
program often need to access shared resources.
▪ When a remote service is invoked, the speed at
which the response is generated is determined
not just by the load and performance of the
server and the network but also by delays in all
the software components involved.
• E.g. a web browser can access the cached
pages faster than the non-cached pages.
51
Design Requirements for distributed
architectures (ImP) [52-55]
❖ Throughput
▪ Throughput is the rate at which the computation
is done.
▪ The ability of a distributed system to perform
work for all its users is affected by processing
speeds at clients and servers and by data
transfer rate.
▪ Data that is located on a remote server must be
transferred from the server process to the client
process, passing through several software layers
in both computers. The throughput of the
intervening software layers is important as well
as that of the network.
52
Design Requirements for distributed
architectures
▪ Load Balancing:
One of the purposes of distributed systems is to
enable applications and service processes to proceed
concurrently without competing for the same
resources and to exploit the available computational
resources.
For example, the ability to run applets on client
computers removes load form the web server,
enabling it to provide a better service.
53
SYSTEM MODEL
Design Requirements for distributed architectures
▪ Quality of service
The ability of systems to meet deadlines.
It depends on availability of the necessary
computing and network resources at the
appropriate time.
This implies a requirement for the system to provide
guaranteed computing and communication
resources that are sufficient to enable applications
to complete each task on time.
❖ E.g. the task of displaying a frame of video
The networks commonly used today, for example to
browse the Web, may have good performance
characteristics, but when they are heavily loaded their
performance degrades significantly----in no way can they
be said to provide QoS.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
54
SYSTEM MODEL
Design Requirements for distributed
architectures(QoS)
▪ Use of caching and replication
Distributed systems overcome the performance issues by the use
of data replication and caching.
▪ Dependability issues
Dependability is the requirement in most application domain.
Dependability of computer systems is defined as:
❖ Correctness
▪ The development of techniques for checking or
ensuring the correctness of distributed and
concurrent programs is the subject of much current
and recent research.
❖ Security
• Security is locating sensitive data and other
resources only in computers that can be secured
effectively against attack.E.g. a hospital database
❖ Fault tolerance
• Dependable applications should continue to function
in the presence of faults in hardware, software, and
networks.
• Reliability is achieved by redundancy.
55
SYSTEM MODEL
Fundamental Models
▪
▪
▪
▪
Introduction
Interaction Model
Failure Model
Security Model
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
56
SYSTEM MODEL
Fundamental Models-Intro
▪Fundamental Models are concerned with a
more formal description of the properties
that are common in all of the architectural
models.
▪All architectural models are composed of
processes that communicate with each
other by sending messages over a
computer networks.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
57
SYSTEM MODEL
Fundamental Models-Intro
▪Aspects of distributed systems that are
discussed in fundamental models are:
Interaction model
❖ Computation occurs within processes.
❖ The processes interact by passing
messages, resulting in:
• Communication (information flow)
• Coordination (synchronization and ordering of
activities) between processes
❖ Interaction model reflects the facts that
communication takes place with delays.
Failure model
❖ Failure model defines and classifies the
faults.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
58
SYSTEM MODEL
Fundamental Models-Intro
Security model
❖ Security model defines and classifies the
forms of attacks.
❖ It provides a basis for analysis of threats to
a system
❖ It is used to design of systems that are able
to resist threats.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
59
SYSTEM MODEL
Interaction Model
▪Distributed systems are composed of many
processes, interacting in the following
ways:
Multiple server processes may cooperate
with one another to provide a service
❖ E.g. Domain Name Service
A set of peer processes may cooperate
with one another to achieve a common
goal
❖ E.g. voice conferencing
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
60
Interacting Model
▪ Distributed systems composed of multiple processes. Their behavior
and states can be described by a distributed algorithm-------a
definition of the steps to be taken by each of the processes of which
the system is composed, including the transmission of messages
between them.
▪ Messages are transmitted between processes to transfer
information between them and to coordinate their activity.
▪ The rate at which each process proceeds and the timing of the
transmission of messages between them cannot be predicted.
▪ Interacting processes performs all the activity in a distributed
system.
▪ Each process has its own state, consisting of the set of data that it
can access and update, including the variables in its program. The
state belonging to each process is completely private----it cannot be
changed or updated by another process.
61
SYSTEM MODEL
Interaction Model
Two significant factors affecting interacting
processes in a distributed system are:
❖ Communication performance is often a
limiting characteristic.
❖ It is impossible to maintain a single global
notion of time.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
62
SYSTEM MODEL
Interaction Model-Communication Channels
▪Performance of communication channels
The communication channels in our model
are realized in a variety of ways in
distributed systems, for example
❖ By an implementation of streams
❖ By simple message passing over a
computer network
Communication over a computer network
has the performance characteristics such
as:
❖ Latency
• The delay between the start of a message’s
transmission from one process to the beginning
of its receipt by another.
• The delay in accessing the network specially
63
when the network is heavily loaded
SYSTEM MODEL
Interaction Model-Communication Channels
❖ Bandwidth
• The total amount of information that can be
transmitted over a computer network in a given
time.
• Communication channels using the same
network, have to share the available bandwidth.
❖ Jitter
• The variation in the time taken to deliver a series
of messages.
• It is relevant to multimedia data.
❑For example, if consecutive samples of audio
data are played with differing time intervals
then the sound will be badly distorted.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
64
SYSTEM MODEL
Interaction Model-Computer Clock
▪Computer clocks and timing events
Each computer in a distributed system has
its own internal clock, which can be used
by local processes to obtain the value of
the current time.
Two processes running on different
computers can associate timestamp with
their events.
Even if two processes read their clock at
the same time, their local clocks may
supply different time.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
65
SYSTEM MODEL
Interaction Model-Computer Clock
This is because computer clock drift from
perfect time and their drift rates differ from
one another.
Clock drift rate refers to the relative
amount that a computer clock differs from
a perfect reference clock.
Even if the clocks on all the computers in a
distributed system are set to the same
time initially, their clocks would eventually
vary quite significantly unless corrections
are applied.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
66
SYSTEM MODEL
Interaction Model-Computer Clock
There are several techniques to correcting
time on computer clocks.
❖ For example, computers may use radio
signal receivers to get readings from GPS
(Global Positioning System) with an
accuracy about 1 microsecond.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
67
SYSTEM MODEL
Interaction Model-Variations
▪Two variants of the interaction model
In a distributed system it is hard to set time
limits on the time taken for process
execution, message delivery or clock drift.
Two models of time assumption in
distributed systems are:
❖ Synchronous distributed systems
• It has a strong assumption of time
• The time to execute each step of a process has
known lower and upper bounds.
• Each message transmitted over a channel is
received within a known bounded time.
• Each process has a local clock whose drift rate
from real time has a known bound.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
68
SYSTEM MODEL
Interaction Model
❖ Asynchronous distributed system
• It has no assumption about time.
• There is no bound on process execution speeds.
❑Each step may take an arbitrary long time.
• There is no bound on message transmission
delays.
❑A message may be received after an arbitrary
long time.
• There is no bound on clock drift rates.
❑The drift rate of a clock is arbitrary.
❑ The Internet works with this model, in which there is
no intrinsic bound on server or network load and
therefore on how long it takes, for example, to
transfer a file using ftp.
❑ Sometimes an e-mail may takes days to arrive.
❑ Actual distributed systems are very often
asynchronous because o the need for processes to
share the processors and for communication
69
channels to share network.
SYSTEM MODEL
Interaction Model
▪Event ordering
In many cases, we are interested in
knowing whether an event (sending or
receiving a message) at one process
occurred before, after, or concurrently with
another event at another process.
The execution of a system can be
described in terms of events and their
ordering despite the lack of accurate
clocks.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
70
SYSTEM MODEL
Interaction Model
❖
For example, consider a mailing list with users X,
Y, Z, and A.
1.
User X sends a message with the
subject Meeting.
2.
Users Y and Z reply by sending a
message with the subject RE: Meeting.
• In real time, X’s message was sent first, Y reads it and
replies; Z reads both X’s message and Y’s reply and then
sends another reply, which references both X’s and Y’s
messages.
• But due to the independent delays in message delivery,
the messages may be delivered in the order is shown in
figure 10.
• It shows user A might see the two messages in the wrong
order.
(Figure 10)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
71
SYSTEM MODEL
Interaction Model
Figure 10. Real-time ordering of events.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
72
SYSTEM MODEL
Interaction Model
•
•
Some users may view two messages in the wrong order,
for example, user A might see
Item is a sequence number that shows the order of
receiving emails.
Item
23
From
Z
Subject
Re: Meeting
24
26
X
Y
Meeting
Re: Meeting
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
73
SYSTEM MODEL
Failure Model (ImP)
▪In a distributed system both processes and
communication channels may fail – That is,
they may depart from what is considered to
be correct or desirable behavior.
▪Types of failures:
Omission Failures
Arbitrary Failures
Timing Failures
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
74
SYSTEM MODEL
Failure Model
▪Omission failure
Omission failures refer to cases when a
process or communication channel fails to
perform actions that it is supposed to do.
The chief omission failure of a process is
to crash. In case of the crash, the process
has halted and will not execute any further
steps of its program.
Another type of omission failure is related
to the communication which is called
communication omission failure shown in
Figure 11.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
75
SYSTEM MODEL
Failure Model
Figure 11. Processes and channels.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
76
SYSTEM MODEL
Failure Model
The communication channel produces an
omission failure if it does not transport a
message from “p”s outgoing message
buffer to “q”’s incoming message buffer.
This is known as “dropping messages”
and is generally caused by lack of buffer
space at the receiver or at an gateway or
by a network transmission error, detected
by a checksum carried with the message
data.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
77
SYSTEM MODEL
Failure Model
▪Arbitrary failure
Arbitrary failure is used to describe the
worst possible failure semantics, in which
any type of error may occur.
❖ E.g. a process may set a wrong values in its
data items, or it may return a wrong value in
response to an invocation.
Communication channel can suffer from
arbitrary failures.
❖ E.g. message contents may be corrupted or
non-existent messages may be delivered or
real messages may be delivered more than
once.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
78
SYSTEM MODEL
Failure Model
The omission failures are classified
together with arbitrary failures shown in
Figure 12.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
79
SYSTEM MODEL
Failure Model
Class of
failure
Fail-sto
p
Crash
Affect
s
Proces
s
Proces
s
Omissio
Channe
n
l
Send-omissio
Proces
n
s
Receive-omissio Proces
n
s
Arbitrary
Process
(Byzantine)
channel
or
Descriptio
nProcess halts and remains halted. Other processes
detect
may this
Process
state. halts and remains halted. Other processes
not be able to detect this
may
A
message inserted in an outgoing message buffer
state.
arrives at the other end’s incoming message
never
A
process completes asend, but the message is not
buffer.
in its outgoing message put
A
message is put in a process’s incoming
buffer.
buffer,
messagebut that process does not receive
Process/channel
exhibits arbitrary behaviour: it
it.
send/transmit
arbitrary messages at arbitrary
may
commit
times, omissions; a process may stop or take
incorrect
an
Figurestep.
12. Omission and arbitrary failures.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
80
SYSTEM MODEL
Failure Model
▪Timing failure
Timing failures are applicable in
synchronized distributed systems where
time limits are set on process execution
time, message delivery time and clock drift
rate.
(Figure 13)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
81
SYSTEM MODEL
Failure Model
Class of
Failure
Clock
Performanc
e
Performanc
e
Affect
sProces
s
Proces
s
Channe
l
Descriptio
n
Process’s local clock exceeds the bounds on
rate
its of drift from real
Process
time. exceeds the bounds on the
between two
interval
A
message’s transmission takes longer than
steps.
stated
the
bound.
Figure 13. Timing failures.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
82
SYSTEM MODEL
Failure Model
▪Masking failure
It is possible to construct reliable services
from components that exhibit failure.
❖ E.g. multiple servers that hold replicas of
data can continue to provide a service when
one of them crashes.
A service masks a failure, either by hiding
it altogether or by converting it into a more
acceptable type of failure.
❖ E.g. checksums are used to mask corrupted
messages- effectively converting an
arbitrary failure into an omission failure.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
83
SYSTEM MODEL
Security Model (ImP)
▪The security of a distributed system can be
achieved by securing the processes and
the channels used in their interactions.
▪Also, by protecting the objects that they
encapsulate against unauthorized access.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
84
SYSTEM MODEL
Security Model
▪Protecting Objects
Access rights
❖ Access rights specify who is allowed to
perform the operations on a object.
• Who is allowed to read or write its state.
Principal
❖ Principal is the authority associated with
each invocation and each result.
❖ A principal may be a user or a process.
❖ The invocation comes from a user and the
result from a server.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
85
SYSTEM MODEL
Security Model
The sever is responsible for
❖ Verifying the identity of the principal (user)
behind each invocation.
❖ Checking that they have sufficient access
rights to perform the requested operation on
the particular object invoked.
❖ Rejecting those that do not.
(Figure 14)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
86
SYSTEM MODEL
Security Model
Figure 14. Objects and principals.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
87
SYSTEM MODEL
Security Model
▪The enemy
To model security threats, we assume an
enemy that is capable of sending any
message to any process and reading or
copying any message between a pair of
processes.
(Figure 15)88
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
88
SYSTEM MODEL
Security Model
Copy ofm
The enemy
Processp
m
m
’
Processq
Communication channel
Figure 15. The enemy
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
89
SYSTEM MODEL
Security Model
Threats from a potential enemy are
classified as:
❖ Threats to processes
❖ Threats to communication channels
❖ Denial of service
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
90
SYSTEM MODEL
Security Model
▪Defeating security threats
Secure systems are based on the
following main techniques:
❖ Cryptography and shared secrets
• Cryptography is the science of keeping message
secure.
• Encryption is the process of scrambling a
message in such a way as to hide its contents.
❖ Authentication
• The use of shared secrets and encryption
provides the basis for the authentication of
messages.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
91
SYSTEM MODEL
Security Model
❖ Secure channels
• Encryption and authentication are use to build
secure channels as a service layer on top of the
existing communication services.
• A secure channel is a communication channel
connecting a pair of processes, each of which
acts on behalf of a principal.
• VPN (Virtual Private Network) and secure socket
layer (SSL) protocols are instances of secure
channel.
(Figure 16)
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
92
SYSTEM MODEL
Security Model
Principa B
l
Principa A
l
Proces p
s
Secure
channel
Proces q
s
Figure 16. Secure channels
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
93
SYSTEM MODEL
Security Model
• A secure channel has the following properties:
» Each of the processes knows the identity of
the principal on whose behalf the other
process is executing.
» In a secure channel, the server knows the
identity of the principal behind the invocations
and can check their access rights before
performing an operation.
» A secure channel ensures the privacy and
integrity of the data transmitted across it.
» Each message includes a physical or logical
time stamp to prevent messages from being
replayed or reordered.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
94
SYSTEM MODEL
Security Model
▪Other possible threats from an enemy
Denial of service
❖ This is a form of attack in which the enemy
interferes with the activities of authorized
users by making excessive and pointless
invocations on services of message
transmissions in a network.
❖ It results in overloading of physical
resources (network bandwidth, server
processing capacity).
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
95
SYSTEM MODEL
Security Model
Mobile code
❖ Mobile code is security problem for any
process that receives and executes program
code from elsewhere, such as the email
attachment.
❖ Such attachment may include a code that
accesses or modifies resources that are
available to the host process but not to the
originator of the code.
Couloris,Dollimore and Kindberg Distributed Systems: Concepts & Design Edn. 4 , Pearson Education 2005
96