DCE Spheres: How to administer large cells.

For the Energy Sciences Network, Distributed Computing Coordinating Committee

V 1.0, May 17, 1996


An administration unit inside of DCE is the cell. Unfortunately, the cell is not structured efficiently to support distributed administration. One solution is to carve the cell into administration units called spheres. A sphere allows for distributed administration, cost effective hardware deployment, scaleablility, and containment of security breaches. Spheres are part of the DCE architecture for the Stanford cell. A sphere architecture is layered on top of the standard DCE. This proposal enhances the university sphere environment to the level of quality required for the laboratories.


	Stanford	Ron Burback 	burback@stanford.edu
	Stanford Jie Wang	jiewang@leland.stanford.edu

	PNNL 		Tom Harper	ta_harper@pnl.gov
	PNNL		Troy Thompson
	SLAC 		Les Cottrell	cottrell@slac.stanford.edu
	SLAC		Andy Hanushevsky	abh@SLAC.Stanford.EDU
	Transarc 	Brian Herhusky	herhusky@leland.stanford.edu



The Open Software Foundation (OSF) Distributed Computing Environment (DCE) defines the concept of a cell. The cell is the basic unit of system management consisting of the hardware to materialize the services of the cell and the definition of the cell administration group. This architecture does not scale well for large cells. In a large cell where the total number of principals, hosts, and applications may total over 10,000, you will need many cell administrators. Some of these cell administrators will manage the hardware but a much large number will manage day-to-day activities of changing passwords, creating accounts, configuring clients, and adding new applications. Current problems with large cells include:

One solution is to divide the name space of a cell into many smaller name spaces.

There are six different name spaces in a cell. They are the application, the host, the principal, the group, the organization, and the file system name spaces. A sphere is a sub portion of each of these name spaces. A new administration group, called the sphere administrations, manage each one of these spaces. A sphere administrator can only alter things in his sphere. This is accomplished by ACLs. Now if a user needs a routine administration task to be accomplished he contacts his local sphere administrator. The sphere administrator does not run the hardware of the cell. This task is still accomplished by the cell administrator. The cell administrator is not overwhelmed by thousands of user request. An individual principal may belong to many spheres without having to change the DCE identity. The cell administrator acts as backup to the sphere administrators.

Spheres solve the following problems.


Stanford University will provide for the laboratories a collection of TCL scripts written on top of DCEcp that create the concept of the spheres and cook book their management. A document describing the process will also be provided. Early testing by SLAC, as a sphere to the Stanford cell, will be encouraged. PNNL will influence the design of spheres to include their needs.


This works leverages the existing work already underway at Stanford University.


The following are provided as budgetary estimates.

$250,000 -Stanford, travel and development. $25,000 -PNNL for travel and sphere testing. $25,000 -SLAC for sphere testing.

Total $300,000.

Legal Disclaimer

The material contained herein is submitted for informational purposes and is not binding. Binding commitments can only be made by the submission of a formal contract which sets forth a specific Statement of Work, estimated cost and contract documents, and which is signed by a Contracting Officer.