DCE Spheres: How to administer large cells.
For the Energy Sciences Network, Distributed Computing Coordinating Committee
V 1.0, May 17, 1996
An administration unit inside of DCE is the cell. Unfortunately, the cell is not structured efficiently to support distributed administration. One solution is to carve the cell into administration units called spheres. A sphere allows for distributed administration, cost effective hardware deployment, scaleablility, and containment of security breaches. Spheres are part of the DCE architecture for the Stanford cell. A sphere architecture is layered on top of the standard DCE. This proposal enhances the university sphere environment to the level of quality required for the laboratories.
Stanford Ron Burback firstname.lastname@example.org Stanford Jie Wang email@example.com PNNL Tom Harper firstname.lastname@example.org PNNL Troy Thompson SLAC Les Cottrell email@example.com SLAC Andy Hanushevsky abh@SLAC.Stanford.EDU Transarc Brian Herhusky firstname.lastname@example.org
DESCRIPTION OF PROPOSED WORK
The Open Software Foundation (OSF) Distributed Computing Environment (DCE) defines the concept of a cell. The cell is the basic unit of system management consisting of the hardware to materialize the services of the cell and the definition of the cell administration group. This architecture does not scale well for large cells. In a large cell where the total number of principals, hosts, and applications may total over 10,000, you will need many cell administrators. Some of these cell administrators will manage the hardware but a much large number will manage day-to-day activities of changing passwords, creating accounts, configuring clients, and adding new applications. Current problems with large cells include:
One solution is to divide the name space of a cell into many smaller name spaces.
There are six different name spaces in a cell. They are the application, the host, the principal, the group, the organization, and the file system name spaces. A sphere is a sub portion of each of these name spaces. A new administration group, called the sphere administrations, manage each one of these spaces. A sphere administrator can only alter things in his sphere. This is accomplished by ACLs. Now if a user needs a routine administration task to be accomplished he contacts his local sphere administrator. The sphere administrator does not run the hardware of the cell. This task is still accomplished by the cell administrator. The cell administrator is not overwhelmed by thousands of user request. An individual principal may belong to many spheres without having to change the DCE identity. The cell administrator acts as backup to the sphere administrators.
Spheres solve the following problems.
Stanford University will provide for the laboratories a collection of TCL scripts written on top of DCEcp that create the concept of the spheres and cook book their management. A document describing the process will also be provided. Early testing by SLAC, as a sphere to the Stanford cell, will be encouraged. PNNL will influence the design of spheres to include their needs.
This works leverages the existing work already underway at Stanford University.
The following are provided as budgetary estimates.
$250,000 -Stanford, travel and development. $25,000 -PNNL for travel and sphere testing. $25,000 -SLAC for sphere testing.
The material contained herein is submitted for informational purposes and is not binding. Binding commitments can only be made by the submission of a formal contract which sets forth a specific Statement of Work, estimated cost and contract documents, and which is signed by a Contracting Officer.