Distributed Object-Based Systems Chapter 9

Overview of CORBA The global architecture of CORBA.

Object Model The general organization of a CORBA system.

Corba Services Overview of CORBA services. ServiceDescription CollectionFacilities for grouping objects into lists, queue, sets, etc. QueryFacilities for querying collections of objects in a declarative manner ConcurrencyFacilities to allow concurrent access to shared objects TransactionFlat and nested transactions on method calls over multiple objects EventFacilities for asynchronous communication through events NotificationAdvanced facilities for event-based asynchronous communication ExternalizationFacilities for marshaling and unmarshaling of objects Life cycleFacilities for creation, deletion, copying, and moving of objects LicensingFacilities for attaching a license to an object NamingFacilities for systemwide name of objects PropertyFacilities for associating (attribute, value) pairs with objects TradingFacilities to publish and find the services on object has to offer PersistenceFacilities for persistently storing objects RelationshipFacilities for expressing relationships between objects SecurityMechanisms for secure channels, authorization, and auditing TimeProvides the current time within specified error margins

Object Invocation Models Invocation models supported in CORBA. Request typeFailure semanticsDescription SynchronousAt-most-onceCaller blocks until a response is returned or an exception is raised One-wayBest effort deliveryCaller continues immediately without waiting for any response from the server Deferred synchronous At-most-onceCaller continues immediately and can later block until response is delivered

Event and Notification Services (1) The logical organization of suppliers and consumers of events, following the push-style model.

Event and Notification Services (2) The pull-style model for event delivery in CORBA.

Messaging (1) CORBA's callback model for asynchronous method invocation.

Messaging (2) CORBA'S polling model for asynchronous method invocation.

Interoperability GIOP message types. Message typeOriginatorDescription RequestClientContains an invocation request ReplyServerContains the response to an invocation LocateRequestClientContains a request on the exact location of an object LocateReplyServerContains location information on an object CancelRequestClientIndicates client no longer expects a reply CloseConnectionBothIndication that connection will be closed MessageErrorBothContains information on an error FragmentBothPart (fragment) of a larger message

Clients Logical placement of interceptors in CORBA.

Portable Object Adaptor (1) Mapping of CORBA object identifiers to servants. a)The POA supports multiple servants. b)The POA supports a single servant.

Portable Object Adaptor (2) Changing a C++ object into a CORBA object. My_servant *my_object;// Declare a reference to a C++ object CORBA::Objectid_var oid;// Declare a CORBA identifier my_object = new MyServant;// Create a new C++ object oid = poa ->activate_object (my_object); // Register C++ object as CORBA OBJECT

Agents CORBA's overall model of agents, agent systems, and regions.

Object References (1) The organization of an IOR with specific information for IIOP.

Object References (2) Indirect binding in CORBA.

Caching and Replication The (simplified) organization of a DCS.

Object Groups A possible organization of an IOGR for an object group having a primary and backups.

An Example Architecture An example architecture of a fault-tolerant CORBA system.

Security (1) The general organization for secure object invocation in CORBA.

Security (2) The role of security interceptors in CORBA.

Overview of DCOM The general organization of ActiveX, OLE, and COM.

Object Model The difference between language-defined and binary interfaces.

Tape Library and Registry The overall architecture of DCOM.

DCOM Services Overview of DCOM services in comparison to CORBA services. CORBA ServiceDCOM/COM+ ServiceWindows 2000 Service CollectionActiveX Data Objects- QueryNone- ConcurrencyThread concurrency- TransactionCOM+ Automatic TransactionsDistributed Transaction Coordinator EventCOM+ Events- NotificationCOM+ Events- ExternalizationMarshaling utilities- Life cycleClass factories, JIT activation- LicensingSpecial class factories- NamingMonikersActive Directory PropertyNoneActive Directory TradingNoneActive Directory PersistenceStructured storageDatabase access RelationshipNoneDatabase access SecurityAuthorizationSSL, Kerberos TimeNone

Events Event processing in DCOM.

Clients Passing an object reference in DCOM with custom marshaling.

Monikers (1) Binding to a DCOM object by means of file moniker. StepPerformerDescription 1ClientCalls BindMoniker at moniker 2Moniker Looks up associated CLSID and instructs SCM to create object 3SCMLoads class object 4Class object Creates object and returns interface pointer to moniker 5MonikerInstructs object to load previously stored state 6ObjectLoads its state from file 7MonikerReturns interface pointer of object to client

Monikers (2) DCOM-defined moniker types. Moniker typeDescription File monikerReference to an object constructed from a file URL monikerReference to an object constructed from a URL Class monikerReference to a class object Composite monikerReference to a composition of monikers Item monikerReference to a moniker in a composition Pointer monikerReference to an object in a remote process

Active Directory The general organization of Active Directory.

Fault Tolerance Transaction attribute values for DCOM objects. Attribute valueDescription REQUIRES_NEWA new transaction is always started at each invocation REQUIREDA new transaction is started if not already done so SUPPORTEDJoin a transaction only if caller is already part of one NOT_SUPPORTEDNever join a transaction DISABLEDNever join a transaction, even if told to do so

Declarative Security (1) Authentication levels in DCOM. Authentication levelDescription NONENo authentication is required CONNECTAuthenticate client when first connected to server CALLAuthenticate client at each invocation PACKETAuthenticate all data packets PACKET_INTEGRITYAuthenticate data packets and do integrity check PACKET_PRIVACYAuthenticate, integrity-check, and encrypt data packets

Declarative Security (2) Impersonation levels in DCOM. Impersonation levelDescription ANONYMOUSThe client is completely anonymous to the server IDENTIFY The server knows the client and can do access control checks IMPERSONATEThe server can invoke local objects on behalf of the client DELEGATEThe server can invoke remote objects on behalf of the client

Programmatic Security a)Default authentication services supported in DCOM. b)Default authorization services supported in DCOM. ServiceDescription NONENo authentication DCE_PRIVATEDCE authentication based on shared keys DCE_PUBLICDEC authentication based on public keys WINNTWindows NT security GSS_KERBEROSKerberos authentication (a) ServiceDescription NONENo authorization NAMEAuthorization based on the client's identity DCEAuthorization using DEC Privilege Attribute Certificates (PACs) (b)

Globe Object Model (1) The organization of a Globe distributed shared object.

Globe Object Model (2) The general organization of a local object for distributed shared objects in Globe.

Globe Object Model (3) Interfaces implemented by the semantics subobject of a GlobeDoc object. Document Interface MethodDescription AddElementAdd an element to the current set of elements DeleteElementRemove an element from the Web document AllElementsReturn a list of the elements currently in the document SetRootSet the root element GetRootReturn a reference to the root element Content Interface MethodDescription GetCotentReturn the content of an element as an array of bytes PutContentReplace the content of an element with a given array of bytes PutAllContentReplace the content of an entire document

Globe Object Model (4) Interfaces implemented by the semantics subobject of a GlobeDoc Object. Property Interface MethodDescription GetPropertiesReturn the list of (attribute, value)-pairs of an element SetPropertiesProvide a list of (attribute, value)-pairs for an element Lock Interface MethodDescription CheckOutElementsCheck out a series of elements that require modification CheckInElementsCheck in a series of modified elements GetCheckedElementsGet a list of elements that are currently checked out

Process-to-Object Binding Binding a process to an object in Globe.

Globe Services Overview of possible Globe implementations of typical distributes-systems services. ServicePossible Implementation in GlobeAvailable CollectionSeparate object that holds references to other objectsNo ConcurrencyEach object implements its own concurrency control strategyNo TransactionSeparate object representing a transaction managerNo Event/NotificationSeparate object per group of events (as in DCOM)No ExternalizationEach object implements its own marshaling routinesYes Life cycleSeparate class objects combined with per-object implementationsYes LicensingImplemented by each object separatelyNo NamingSeparate service, implemented by a collection of naming objectsYes Property/TradingSeparate service, implemented by a collection of directory objectsNo PersistenceImplemented on a per-object basisYes SecurityImplemented per object, combined with (local) security servicesYes ReplicationImplemented on a per-object basisYes Fault toleranceImplemented per object combined with fault-tolerant servicesYes

Communication Invoking an object in Globe that uses active replication.

Globe Server Operations on a Globe object server. MethodDescription BindLets the server bind to a given object, unless it is already bound AddBindingLets the server bind to an object, even if it is already bound CreateLRLets the server create a local object for a new distributed object RemoveLRLets the server remove a local object of a given object UnbindDSOLets the server remove all local objects of a given object ListAllReturns a list of all local objects ListDSOReturns a list of all local objects for a given objects StatLRGet the status of a specific local object

Object References and Contact Addresses (1) The representation of a protocol layer in a stacked contact address. FieldDescription Protocol identifierA constant representing a (known) protocol Protocol addressA protocol-specific address Implementation handleReference to a file in a class repository

Object References and Contact Addresses (2) The representation of an instance contact address. FieldDescription Implementation handleReference to a file in a class repository Initialization stringString that is used to initialize an implementation

Globe Naming Service Iterative DNS-based name resolution in Globe.

Replication (1) The interface of the replication subobject as made available to the control subobject. MethodDescription StartIndicate that a new method invocation has been locally requested SendPass the marshaled invocation request to the replication subobject InvokedIndicate that the invocation on the semantics object has completed

Replication (2) The behavior of the control subobject as a finite state machine.

Examples of Replication in Globe (1) State transitions and actions for active replication. Read method StateAction to takeMethod callNext state STARTNoneStartINVOKE Invoke local methodInvokedRETURN Return results to callerNoneSTART Modify method StateAction to takeMethod callNext state STARTNoneStartSEND Pass marshaled invocationsSendINVOKE invoke local methodInvokedRETURN Return results to callerNoneSTART

Examples of Replication in Globe (2) State transitions and actions with primary-backup replication. Read method StateAction to takeMethod callNext state STARTNoneStartINVOKE Invoke local methodInvokedRETURN Return results to callerNoneSTART Modify method at backup replica StateAction to takeMethod callNext state STARTNoneStartSEND Pass marshaled invocationSendRETURN Return results to callerNoneSTART Modify method at primary replica StateAction to takeMethod callNext state STARTnoneStartINVOKE invoke local methodInvokedRETURN Return results to callerNoneSTART

Security (1) The position of a security subobject in a Globe local object.

Security (2) Using Kerberos to establish secure distributed shared objects.

Summary (1) Comparison of CORBA, DCOM, and Globe. IssueCORBADCOMGlobe Design goalsInteroperabilityFunctionalityScalability Object modelRemote objects Distributed objects ServicesMany of its ownFrom environmentFew InterfacesIDL basedBinary Sync. communicationYes Async. communicationYes No CallbacksYes No EventsYes No MessagingYes No Object serverFlexible (POA)Hard-codedObject dependent Directory serviceYes No Trading serviceyesNo Continued …

Summary (2) Comparison of CORBA, DCOM, and Globe. IssueCORBADCOMGlobe Naming serviceYes Location serviceNo Yes Object referenceObject's locationInterface pointerTrue identifier SynchronizationTransactions Only intra-object Replication supportSeparate serverNoneSeparate subobject TransactionsYes No Fault toleranceBy replicationBy transactionsBy replication Recovery supportYesBy transactionsNo SecurityVarious mechanisms More work needed