OSF DCE Administration Guide--Introduction

Client and Server Considerations

• The DCE control program (dcecp) for the management and maintenance of the

Security software. Optionally, also the sec_admin program. See Section 3.3 for

descriptions of these programs.

Keep the following considerations in mind when you are planning for Security servers:

• The node that runs the master Security server must be highly available and physically

secure. Consider placing the master Security server machine in a locked room and

keeping a log to record who accesses the machine.

• Be sure to move the master Security server before removing the node from the

network or shutting down the node for an extended period of time. Modiﬁcations are

made to the master Security server and propagated to slaves throughout your cell. If

the master Security server is unavailable, no updates can be made.

• A cell can have only one master Security server. If you plan to make one cell out of

several existing cells with independent master Security servers, you must ﬁrst merge

their registries.

• If the host that contains the master Security server goes down, hosts that have slave

servers can still provide registry information, so consider having a number of slaves

in your network. Use factors such as the number of machines in your cell, the

reliability of the machines that run Security servers, and your cell’s available

resources to determine how many slave Security servers you need to have.

For further information about planning for the Security Service, see Chapter 38 of the .

3.2.4 Audit Server Processes

An Audit server provides the other DCE services with access to the DCE auditing

facilities. An Audit server runs the auditd daemon. When auditing is available in a

DCE cell, each machine must run the daemon.

3.2.5 CDSand GDA Server Processes

A CDS server stores and maintains object names within a cell and handles requests to

create, modify, and look up data. One of the CDS server machines in a cell must be

conﬁgured as a GDA server as well. There must be a GDA server (the gdad daemon) in

a cell in order for the cell to communicate with other cells.

The following processes run on a CDS server machine:

• The CDS daemon, cdsd, is the CDS server process.

• The cdsadv on a DCE client machine, receives server advertisements to ﬁnd out what

servers are available. On a CDS server machine, it also sends server advertisements.

• The DCE control program (dcecp) for the management and maintenance of the CDS

software. In addition, the cdscp program for controlling and displaying information

about CDS clerks and servers. See Section 3.3 for descriptions of these programs.

124244 Tandem Computers Incorporated 3−7