The State of DCE Administration

Because DCE is such a rich, inclusive technology, it can be a challenge to manage. Cell administrators are responsible for an imposing number of multifaceted tasks:

Initial cell configuration, which includes installing the software, configuring the CDS and Security servers, specifying security policy attributes, populating the security registry, setting up the CDS namespace directories and populating them with object entries, registering services, setting access controls, configuring the client hosts, and configuring DTS servers and clients.
Cell maintenance, which includes adding and removing services, hosts, and users; maintaining the security registry and the CDS namespaces; maintaining the RPC endpoint map; monitoring status and performance; and managing DTS.

Ironically, the chief impediment to successful cell administration is the OSF DCE administration package. The package is a toolset comprised of 13 distinct, intimidating command-line interfaces. Because the interfaces were developed by different companies and evolved over time in response to specific, isolated problems, they are not integrated very well and using them is not exactly an intuitive experience.

The interfaces support over 100 subordinate commands. Most of the commands are potentially complex, requiring a precise series of option specifications. Some specifications are long alphanumeric strings, such as interface IDs and network addresses. The margin for error is slim.

The following are examples of typical commands. The examples show that even minor tasks involve complicated command specifications.

Displaying an object's CDS attributes:
->cdacp show object /.../mycell/root/testobj
Displaying a list of the objects that have a specific attribute value:
->cdscp show object /.../mycell/root/obj_\* with CDS_ClassVersion = 1.0
Displaying the access control permissions defined for a specific user:
->acl_edit $MASK_TEST_OBJ -m user:uucp:rw -l | grep mask_obj
Adding a principal to the security registry:
->rgy_edit -p >>add flintstone -g none -o none -mp passwd -pw yabadabado -m 'This space for rent' >>exit
Adding an element to an RPC profile in the CDS namespace:
->rpccp add_element -i d5c89800-6dae-11c9-a1c1-08002b10,0.1 -m nstest/profile2 -a 'element1' -p 1 nstest/profile

Many tasks, such as configuring and starting a DTS server, require administrators to enter an exacting series of commands. Because the command set is so atomized, identifying the relevant commands and determining their correct sequence can be difficult.

To complicate cell administration further, some commands, such as those involved in configuring a host as a client member of the cell, must be issued separately on each host. Administrators must physically visit each host or log in to each host remotely.

[Prev] [Next] [TOC]

Last updated and validated Tue 30 Jan 96 by nita@halsoft.com