Case of C/S
• Client/Server Security
• Client/Server on the Internet
• Distribute DBMS
• Distributed Programming
• Distributed Object-Oriented Computing
• Distribute File system
• Data Replication
Client/Server Security (1)
• What are the security services?
– Authentication
• Is the client (or server) who it claims to be?
• Passwords are the starting point for authentication
• Guards against client spoofing attacks
• example: telnet and ftp – /etc/passwd
– /etc/group
– Authorization
• What services is the client authorized to access?
• Example: anonymous ftp
– based on Access Control Lists: similar UNIX file systems
Client/Server Security (2)
– Data Integrity
• How does the client (server) know that the message was not modified?
– Refers to write protection
• Data privacy
– Defense to ensure data integrity
• Data modification due to hardware failure – easily detected based on CRC
– Privacy
• How do you prevent hackers from reading your messages?
• Start with encryption
» Data Encryption Standard
» Pretty Good Privacy: public key
Client/Server on the Internet
• Internet is the World’s largest client.server system – The Internet is more than just UNIX systems
– all you need is TCP/IP
• Security on the Internet
– Many Internet applications offer security mechanisms – A Firewall can secure an entire Internet site
• Router node includes Firewall Software
• Client/Server applications on the Internet
– ftp, archie, gopher, telnet, WWW
Implementation: WWW
• WWW is a multimedia client/server system
• WWW did not require a standard body
• WWW software is free, but you can pay if you want to
• Server Side
– Server sites must provide a server program, config files, a home page, and the data to be served.
– Home page offer pictures, motion, and sound
• Client Side
– needs a browsers
• get all the data before displaying anything
Distributed DBMS (1)
• Distributed database system can integrate the desktop and the data center
• What is distributed in a distributed DBMS?
– Database access us at a higher level than file access, but the advantages if distribution are the same
– The actual data storage and DB queries ae performed by servers – The clients make the requests and process and present the responses
• Reasons of the Client/Server Model
– Most large DBs need to be accessed by multiple users
– Information returned by DBs often needs to be integrated into other applications
• PC need to integrated DB information into desktop applications
• DDBMS have all the client/server requirements.
• RPC are a good implementation mechanism
Distributed DBMS (2)
• DBMS server for C/S
– Servers use the local file system or access the disk directly – Servers can also access remote files
– Servers can be replicated
• Role of DBMS
– Relational DBMSs are the most popular
• BLOB (Binary Larage Object)
• OOBMS, ORDBMS
– The client and server both know the DB schema – SQL is the standard access languages
– Clients can use IPCs or RPCs to talk to a remote DBMS server
Distributed DBMS (3)
• DBMS Server HW and SW
– DB servers run on a wide range of systems, including PCs – Servers will exploit advances in system performance and scale – Distribution of management tasks
• DB Facelifting
– Facelifting upadtes tired applications with shiny new GUIs – Facelifting is simple but is not complete integration
• Integration into Client Application
– How can client applications build in transpenet vendor-independent DB access
• location transparency
• OPI (Open Programming Interface)
• ODBC (Open Database Connectivity)
Distributed DBMS (4)
• The Role of ODBC
– ODBC allows client integration and DBMS vendors provide drivers.
• ODBC requires a client driver for every DB server type – But, you need a separate driver for each server type
– Spreadsheet integration as an ODBC example
• many PC applications are now integrated with ODBC
• exampel: MS Excel integrates ODBC
– Client application uses ODBC to access the DB
• Transactions
– DBMS applications require transactional integrity – Distribute Transaction Processing
• Encina, Tuxedo, X/Open
• defines application, transaction managers, resource managers, and commu nication managers
Distributed DBMS (5)
• Distributed Framework Requirement
– ODBC uses the services of an underlying framework for naming and sec urity
• ODBC/SQL inherit the features of the underlying framework.
• TCP/IP and Netware’s SPX/IPX are common communication mechai
nsms
Distributed Programming (1)
• Categorizing Procedure Calls – Local procedure call (LPC)
– Inter-process communication messages (IPC) – Remote procedure call (RPC)
– Local procedures are linked together in the same address space – IPCs within a system or between network nodes
• Normally the processes run asynchronously
Distributed Programming (2)
• Local Programming vs. Distributed Programming – Programs are organized into procedures
– RPC programming is intentionally similar to LPC programming
• Three level procedure modules – Main module
– User Interface module – FindPrimes module
• What are the differences between local and remote procedures?
– The remote procedures will run as separate processes in separate address
space
Distributed Programming (3)
• Flow Control
– The middleware works hard in a RPC-based application – Local procedures are linked at build or run-time
– In distributed program, the client must locate and bind to the server
• a caller (the client) finds the called procedure (the server) : binding
Distributed Programming (4)
• Passing Parameters and Returning Values
– Costs of Passing Parameters and Returning Values
• Local procedures can use addresses in the common memory: via stack
• Remote procedures need all the data directly
– the client and server must pass parameters and return values via network – Passing Pointers
• In an LPC, the caller can pass a pointer as a parameter
• In an RPC, the caller cannot pass a pointer to the remote procedure – the entire array must be passed to the server
– Data Representations
• The client and server may represent data differently
• In generic representation, all passed data must be converted to a standard format
• In receiver make-it-right, the receiver of the passed data must convert the data
Distributed Programming (5)
• Errors and exceptions
– Client should be prepared to deal with procedure failures
• N-version, Recovery Block
• Exception routine, Compensating routine
• Holding State
– Client must know whether a server is stateless or stateful – stateless: at least once
• Correct operation requires one or more server executions
• Error recovery is easier with stateless procedures – stateful: at most one
• The server RPC run-time must ensure that the procedure is performed exactly one time or not at all
• The run-time SW ensures that stateful procedures are not executed twice – ONC supports stateless procedures; DCE supports both type
Distributed Programming (6)
• Distributed Application
– Data transmission and RPC overhead are expensive
– Computation time frequently increases faster than the amount of data – Get rid of global variables
– Data shipping and Function shipping
• You can move the data to the function or the function to the data
• RPC and IPC
– RPCs are layered on IPCs
• RPC API
• IPC API
• Transport Layer API
– IPCs are still appropriate for many applications
– RPCs distribute the familar procedure programming model
• Programming with an RPC Package – exampel: CORBA
