DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 5 Naming Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Names, Identifiers, And Addresses Properties of a true identifier: • An identifier refers to at most one entity. • Each entity is referred to by at most one identifier. • An identifier always refers to the same entity Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Flat naming Broadcasting e Multicasting • Solo per reti locali • Viene inviato un messaggio contenente un identificatore a tutte le macchine e viene richiesto a ciascuna di verificarne la corrispondenza • Es. ARP per capire la corrispondenza IP/Indirizzo ethernet Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Flat naming Forwarding pointers • Usato per entità mobili; • Quando un oggetto si sposta lascia nel punto di partenza un riferimento al punto di arrivo • Le catene di riferimenti possono diventare lunghe Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Forwarding Pointers (1) Figure 5-1. The principle of forwarding pointers using (client stub, server stub) pairs. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Forwarding Pointers (2) Figure 5-2. Redirecting a forwarding pointer by storing a shortcut in a client stub. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Forwarding Pointers (3) Figure 5-2. Redirecting a forwarding pointer by storing a shortcut in a client stub. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Home-Based Approaches Figure 5-3. The principle of Mobile IP. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Distributed Hash Tables General Mechanism Figure 5-4. Resolving key 26 from node 1 and key 12 from node 28 in a Chord system. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Hierarchical Approaches (1) Figure 5-5. Hierarchical organization of a location service into domains, each having an associated directory node. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Name Space Distribution (1) Figure 5-13. An example partitioning of the DNS name space, including Internet-accessible files, into three layers. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Name Space Distribution (2) Figure 5-14. A comparison between name servers for implementing nodes from a large-scale name space partitioned into a global layer, an administrational layer, and a managerial layer. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Example: The Domain Name System Figure 5-18. The comparison between recursive and iterative name resolution with respect to communication costs. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 What are directory services? All Directory services use a hierarchical structure that stores information about objects on the network. What differentiates the various implementations are the types of objects that they track. Shared Resources: – – – – Servers, Shared volumes, Printers; Applications Administration of: – – – – Users User/Group access Network resources Management of domains, applications, services, security policies, and just about everything else in your network. http://www.ischool.washington.edu/mcdonald/courses/imt546_au04/pres-12.11/ActiveDirectoryFinal.ppt Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Basic Network Identity Services Microsoft's Active Directory Novell Directory Services (NDS) Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 x.500 • X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by ITU-T, formerly known as CCITT. • The directory services were developed in order to support the requirements of X.400 electronic mail exchange and name lookup. • ISO was a partner in developing the standards, incorporating them into the Open Systems Interconnection suite of protocols. ISO/IEC 9594 is the corresponding ISO identification. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 x.500 The protocols defined by X.500 include: • DAP (Directory Access Protocol) • DSP (Directory System Protocol) • DISP (Directory Information Shadowing Protocol) • DOP (Directory Operational Bindings Management Protocol) Because these protocols used the OSI networking stack, a number of alternatives to DAP were developed to allow Internet clients to access to the X.500 Directory using the TCP/IP networking stack. The most well-known alternative to DAP is Lightweight Directory Access Protocol (LDAP). http://en.wikipedia.org/wiki/X.500 Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 The LDAP Name Space Attribute Abbr. Value Country C NL Locality L Amsterdam Organization L Vrije Universiteit OrganizationalUnit OU Math. & Comp. Sc. CommonName CN Main server Mail_Servers -- 130.37.24.6, 192.31.231,192.31.231.66 FTP_Server -- 130.37.21.11 WWW_Server -- 130.37.21.11 A simple example of a LDAP directory entry using LDAP naming conventions. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 The LDAP Name Space Part of the directory information tree. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 The LDAP Name Space Attribute Value Attribute Value Country NL Country NL Locality Amsterdam Locality Amsterdam Organization Vrije Universiteit Organization Vrije Universiteit OrganizationalUnit Math. & Comp. Sc. OrganizationalUnit Math. & Comp. Sc. CommonName Main server CommonName Main server Host_Name star Host_Name zephyr Host_Address 192.31.231.42 Host_Address 192.31.231.66 Two directory entries having Host_Name as RDN. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 LDAP API The LDAP API references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. An RDN is an attribute with an associated value in the form attribute=value; normally expressed in a UTF-8 string format. The following table lists typical RDN attribute types. Es. CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 LDAP Example #include <winldap.h> ULONG CallValue; LDAP *ld = ldap_init(NULL,LDAP_PORT); CallValue = ldap_connect(ld,NULL); if(CallValue!=LDAP_SUCCESS) { return 0; } Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 // Specify the distinguished name for the entry. char *entry_dn = "cn=Jeff Smith,CN=Users"; // Attributes include Name, Class, First name, Last name, Title, and Telephone number LDAPMod Name, OClass, FName, LName, Title, Phone; char *cn_values[] = { "Jeff Smith", NULL }; Name.mod_op = LDAP_MOD_ADD; Name.mod_type = "cn"; Name.mod_values = cn_values;. char *oc_values[] = { "user", NULL }; OClass.mod_op = LDAP_MOD_ADD; OClass.mod_type = "objectClass"; OClass.mod_values = oc_values;. char *gn_values[] = { "Jeff", NULL }; … Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 // Build the array of attributes. LDAPMod *NewEntry[7]; NewEntry[0] NewEntry[1] NewEntry[2] NewEntry[3] NewEntry[4] NewEntry[5] NewEntry[6] = = = = = = = &Name; &OClass &FName; &LName; &Title; &Phone; NULL; // Add the entry. CallValue = ldap_add( ld, entry_dn, NewEntry); // Pass CallValue to ldap_result to verify the // status of the asynchronous operation. CallValue = ldap_unbind(ld); Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Key Features of Active Directory • Some directory services are integrated with an operating system, and others are applications such as e-mail directories. • Operating system directory services, such as AD, provide user, computer, and shared resource management. • A namespace that is integrated with the Internet's Domain Name System (DNS). • A new directory service central to the Windows 2000 Server operating system, runs only on domain controllers. http://www.ischool.washington.edu/mcdonald/courses/imt546_au04/pres-12.11/ActiveDirectoryFinal.ppt Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Active Directory utilizes a distributed architecture Active Directory, in addition to providing a place to store data and services to make that data available, also protects network objects from unauthorized access and replicates information about objects across the entire network so that information about objects is not lost if one domain controller fails. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Active Directory Network identity services each perform specific tasks and also frequently interact. Managing interactions becomes challenging when multiple internal organizations administer the various services, which may be duplicated in numerous locations throughout the network and use different data stores. • The global catalog is the mechanism that tracks all of the objects managed across the network, across all domains within the organization. • Elements of the catalog are replicated across all of the domain controllers within all domains across the org. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Global Catalog -Service Discovery • For Active Directory to function properly, DNS servers must support Service Location (SRV) resource records. • SRV resource records map the name of a service to the name of a server offering that service. • Active Directory clients and domain controllers use SRV resource records to determine the IP addresses of domain controllers. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Domain authority Active Directory replicates its administration information across domain controllers throughout the “forest” utilizing a “multi-master” approach. Multi-master replication among peer domain controllers is impractical for some types changes, so only one domain controller, called the operations master, accepts requests for such changes. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Authentication • Each domain controller has information for the entire forest to support authentication and access control. • This provides the ability for local domain controllers (the “tree”) to provide a quick local lookup of authority. • Not just users but every object authenticating to Active Directory must reference the global catalog server, including every computer that boots up Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Mapping to Distributed Hash Tables (1) Figure 5-24. (a) A general description of a resource. (b) Its representation as an AVTree (Attribute/Value tree). Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Mapping to Distributed Hash Tables (2) Figure 5-25. (a) The resource description of a query. (b) Its representation as an AVTree. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Semantic Overlay Networks Figure 5-26. Maintaining a semantic overlay through gossiping. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Riferimenti • http://www.ischool.washington.edu/mcdonald/courses/imt5 46_au04/pres-12.11/ActiveDirectoryFinal.ppt Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5