Chapter Two Distributed System Models
Objectives • To Learn the deferent models of Distributed System.
Recap • Definition of DS • Examples of DS • DS Advantages • Challenges of the design • Heterogeneity • Openness • Security • Scalability • Failure handling • Concurrency • Transparency
System Models • Architectural model • Client-server model • Multiple servers model • Proxy servers model • Peer Process model • Fundamental model • Interaction model • Failure model • Security model
System Models • Architectural models Are concerned with the placement of its parts (components) and the relationships between them • Fundamental model Are concerned with a more formal description of the properties that are common in all of architecture model
Introduction • Why do we need model? • Each model is intended to provide an abstract, simplified but consistent description of a relevant aspect of distributed system design • Architecture model • defines the way in which the components of systems interact with one another and the way in which they are mapped onto the underlying network of computers • Client/Server vs. Peer to Peer • variants of C/S • partition of data or replication as cooperating servers • caching of data by proxy servers and clients • use of mobile code and mobile agents • requirement to add and remove mobile devices in a convenient manner
Introduction …continued • Fundamental model • concerned with a more formal description of the properties that are common in all of the architectural models • The interaction model deals with performance and with the difficulty of setting time limits in a distributed system • The failure model attempts to give a precise specification of the faults that can be exhibited by processes and communication channels • The security model discusses the possible threats to processes and communication channels
Software layer • Software and hardware service layers in distributed systems • Platform • The lowest-level hardware and software layers, e.g., Intel x86/Windows, SPARC/SunOS, PowerPC/MacOS • Middleware • A layer of software, mask heterogeneity, provide a convenient programming model to application programmers • Examples: RPC, RMI, CORBA, DCOM, Isis(group communication system)
System architectures • What is system architecture? • The division of responsibilities between system components (applications, server and other processes) and the placement of the components on computers in the network • Main distributed system architectures • 1. Client-Server model • Be Historically the most important and remain the most widely employed • Servers may in turn be clients of other servers • 2. Services provided by multiple servers • Partition the set of service objects on different servers, e.g. workflow system • Maintain replicated service objects on several hosts, e.g. Sun NIS • 3. Proxy servers and caches • A cache is a store of recently used data objects that is closer than the objects themselves • E.g., web page cache at web browser or web proxy server
Example of client Server Architecture Model (WEB) Browsers are clients of DNS and web servers (HTTP). Some intranets are configured to interpose a Proxy server. Proxy servers fulfil several purposes – when they are located at the same site as the client, they reduce network delays and network traffic. When they are at the same site as the server, they form a security checkpoint and they can reduce load on the server. Try it for EMAIL
proxy server model • proxy server’s main function is to receive a request from client web browser, perform that request and return the results to the browser • proxy server: a shared cache of resources • Cache: a close store of recently used data • Considerably increases performance in many applications • Requires cache coherence protocol • Caching documents means keeping a local copy of internet documents, so that the server doesn’t need to request them over and over again.
proxy server model Distinguish between buffering and caching. • Buffering: a technique for storing data transmitted from a sending process to a receiving process in local memory or secondary (disk) storage until the receiving process is ready to consume it. For example, when reading data from a file or transmitting messages through a network, it is beneficial to handle it in large blocks. • Caching: a technique for optimizing access to remote data objects by holding a copy of them in local memory or secondary (disk) storage. Accesses to parts of the remote object are translated into accesses to the corresponding parts of the local copy. Unlike buffering, the local copy may be retained as long as there is local memory available to hold it. A cache management algorithm and a release strategy are needed to manage the use of the memory allocated to the cache. (If we interpret the word ‘remote’ in the sense of ‘further from the processor’, then this definition is valid not only for client caches in distributed systems but also for disk block caches in operating systems and processor caches in cpu chips.)
Advantageof proxy servers • All external access can be forced to go throuth the proxy, which therefore creates a single access and control point. A proxy server will have to run on a fast machine in order to be able to process all the request quickly. • Requests for certain sites can be restricted or banned. Thus, provides a safer internet environment. • Only the IP address of the proxy will be known to outsiders, thereby preventing attacks from knowing all the IP address of internal machines.
Thinclients • In a thin client network, the majority of application processing is carried out at the server rather than by the individual client.Here, clients act as terminals that provide access to application and data held on servers. Applications are held centrally, with clients accessing them across the network. • This may only process keyboard input and screen output while leaving all application processing to the server. This setup generally requires no hard drive for the terminals, CDROM drive and even a floppy drive. Though, terminals here are unusable if disconnected from the network.
Thinclients • The thin client approach involves much more than simply replacing PCs with terminals: it represents a server based approach to networking, software architectures and application deployment. • As with any network environment, maintaining a thin client network requires careful planning and a high level of technical expertise.
Thinclients and compute servers Compute server Network computer or PC Application network Thin Process Client Thin clients- a software that supports a window based user interface on a computer that is local to the user while execution application programs on a remote computer. (diskless)
ThinClient Technologies • Microsoft Windows Terminal Services • ➢ Citrix Metaframe • ➢ National Semiconductor • ➢ NeoWare Thin Client Appliances • ➢ Wyse Technology • ➢ Sun Ray Appliance • ➢ Novell Netware • ➢ Netilla Service Platform • ➢ Laplink 2000 • ➢ Tarantella • ➢ PC Anywhere • ➢ AT&T VNC • ➢ NetTerminal • ➢ Netboot • ➢ Netstation • ➢ Linux Terminal Server Project
Benefits • Lower total cost of ownership • Easy software installation, upgrade, uninstallation and maintenance • Centralized support, control access and administration • Fewer security risk • Leverages existing infrastracture • Lower energy consumption • Access of software applications anywhere
Fundamental model • Interaction model • Composed of process that communicate with one another by sending message • Failure model • Reliability and performance of process and networks • Security model • Security of resources
variationsof the interaction model • Two variations of the interaction model • Synchronous DS • Most of multimedia and real time applications • Video conferences and E-learning • Asynchronous DS • Not a time constraint applications • Text based applications • Text based applications: FTP, Email, news etc
FailureModel • Classified type of errors or failures • 3 types of failures • Omission failures • Process omission failures • Communication omission failure • Arbitrary failures • Timing failures
Variationson client-server model • Mobile code • Mobile agent (can have serious security problems) • Network Computers • Thin client
Variations on the client-server model • Reasons of variation • The use of mobile code and mobile agents • Users need for low-cost computers with limited hardware resources • The requirement to add and remove mobile devices in a convenient manner • Several variations: • 1. Mobile code • good interactive response, e.g., applet • 2. Mobile agent • A running program that travels from one computer to another in a network carrying out a task on someone’s behalf, e.g., agilet[IBM], worm[Xerox PARC] • 3. Network Computers • Download its operating system and any application software from a remote file server • All the application data and code is stored by a file server, so users may migrate
Variations on the client-server model … continued • 4. Thin client • A software layer that supports a window-based user interface on a computer that is local to the user while executing application programs on a remote computer • Drawback : high latencies • Implementation: X-11, VNC[AT&T 1998] • 5. Spontaneous networking • The form of distribution that integrates mobile devices and other devices into a given network • Key features: easy connection to a local network, easy integration with local services • Key design issues • Convenient connection and integration • Limited connectivity: mobile device move around continuously, disconnection • Security and privacy • Discovery Services: registration service, lookup service
Variationson client-server model • Give some examples of faults in hardware and software that can/cannot be tolerated by the use of redundancy in a distributed system. To what extent does the use of redundancy in the appropriate cases make a system fault-tolerant? Solution • • Hardware faults - processors, disks, network connections can use redundancy e.g. run process on multiple computers, write to two disks, have two separate routes in the network available. • • Software bugs, crashes. Redundancy is no good with bugs because they will be replicated. Replicated processes help with crashes which may be due to bugs in unrelated parts of the system. Retransmitted messages help with lost messages.
Music service Alarm gateway service Internet Hotel wireless network Discovery service Camera TV/PC Guests Laptop PDA devices Spontaneousnetworking in a hotel • Features of Spontaneous networking: • Easy connection to a local network- wireless link, devices is transparently reconfigure to obtain connectivity • Easy integration of with local services- devices discover automatically what services are provided there (discovery service)
Omissionand arbitrary failures Class of failure Affects Description Fail-stop Process Process halts and remains halted. Other processes may detect this state. Crash Process Process halts and remains halted. Other processes may not be able to detect this state. Omission Channel A message inserted in an outgoing message buffer never arrives at the other end’s incoming message buffer. Send-omission Process A process completes a send, but the message is not put in its outgoing message buffer. Receive-omission Process A message is put in a process’s incoming message buffer, but that process does not receive it. Arbitrary Process or Process/channel exhibits arbitrary behaviour: it may (Byzantine) send/transmit arbitrary messages at arbitrary times, commit omissions; a process may stop or take an channel incorrect step. • 2. Arbitrary (Byzantine) failures • the worst possible failure semantics • Arbitrarily omit intended processing steps or take unintended processing steps. E.g., return a wrong value in response to an invocation • Arbitrary failures in process is hard to be detected, Arbitrary failures in communication channel exist but rare, by recognize and reject the faulty msgs
Class of Failure Affects Description Clock Process Process’s local clock exceeds the bounds on its rate of drift from real time. Performance Process Process exceeds the bounds on the interval between two steps. Performance Channel A message’s transmission takes longer than the stated bound. Timingfailures
Masking failures • Reliable Communication? • Validity: any message in the outgoing message buffer is eventually delivered to the incoming message buffer • Integrity: the message received is identical to one sent, and no duplicate message
Objectsand principals • Principal: the authority that is associated with each invocation and each result. • Authentication • Access rights: rules that specify who is allowed to perform the operations of an object
Security model • A DS can be secured by securing processes, channels & object • Process security • Channel security • Mobile code security • Denial of Service attack (a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. ) • Security threats can be defeated by • Authentication and authorization • Cryptography
m Copy of The enemy m’ p m Process q Process Communication channel Theenemy • Threats to processes • To servers: invocate with a false identity, e.g. cheating a mail server • To clients: receive false result, e.g. stealing account password • Threats to communication channels • Copy, alter or inject messages • Save and replay, e.g., retransfer money from one account to another • Denial of service: excessive and pointless invocation on services or message transmissions in a network, resulting in overloading of physical resources (network bandwidth, server processing capacity) • Mobile code: malicious mobile program, e.g. Trojan horse attachment
Securechannels • Defeating security threats • Cryptography and shared secrets • Identify each other by the shared secrets that are only known by themselves. Cryptography is the base. • Authentication – proving the identities supplied by their senders • Secure channels • Each process knows reliably the identities of the principal on whose behalf the other process is executing • Ensure the privacy and integrity of the data transmitted across it • Each message includes physical or logical time stamp B Principal A Principal p Process Secure channel Process q
Summary • Distributed System Models • Architectural model • Client-server model • Multiple servers model • Proxy servers model • Peer Process model • Fundamental model • Interaction model • Failure model • Security model