OSF DCE Application Development Guide--Core Components

DCE Host Services

manage them. This also allows for scalability because it is impractical to manage a large

system by logging into all its hosts.

The features of dced are greatly enhanced when used remotely. Of course, an

administrator can use dced to locally manage a host’s services, but dced’s real power is

in remotely managing system and application server conﬁgurations, key tables, server

startup, login conﬁgurations, and cell information.

Security becomes a major issue when it comes to remote services. With the power of

dced’s services and dcecp, it is important that only authorized principals can use them.

The dced program controls access to its various objects by using ACLs. Server keys are

security-sensitive data that must be seldom transmitted over the network. All key table

data is encrypted when it is transmitted for secure remote key table management.

Finally, the remote capabilities of dced give you real-time status of processes and

services in DCE.

2.3 Managing a Host’s Endpoint Map

Each DCE host has an endpoint map that contains a mapping of servers to endpoints.

Each endpoint map server entry is associated with an array of services (interfaces)

provided by the server, and each service is associated with an array of objects supported

by the service.

When a typical server calls the dce_server_register() routine, the RPC runtime

generates the endpoints on which the server will listen for calls and then uses dced’s

endpoint mapper service of the local host to register the endpoints. Later, when a typical

client makes a remote procedure call, its RPC runtime uses the server host’s endpoint

mapper service to ﬁnd the server. When the typical server shuts down, it calls the

dce_server_unregister( ) routine to remove its endpoints from the endpoint map so that

clients do not later try to bind to it.

Applications can also use the lower-level rpc_ep_register( ) and associated RPC

routines. Since the endpoint map is essential for RPCs to work, endpoints are fully

described in Chapter 12 and the endpoint map structure is described with respect to

routing of RPCs in Chapter 16.

The endpoint map is for the most part maintained automatically by dced. For example, it

periodically removes ‘‘stale’’ endpoints so that the RPC runtime will not try to complete

a binding for a client to a server that is no longer running. However, administrative

applications may ﬁnd it necessary to peruse a remote endpoint map and even remove

speciﬁc endpoints from a local host’s endpoint map.

To read the elements of a remote endpoint map, applications use a loop with the set of

routines rpc_mgmt_ep_elt_inq_begin( ), rpc_mgmt_ep_elt_inq_next( ), and

rpc_mgmt_ep_elt_inq_done( ). The inquiry can return all elements until the list is

exausted, or the inquiry can be restricted to return elements for the following:

• Elements matching an interface identiﬁer (UUID and version number)

• Elements matching an object UUID

124245 Tandem Computers Incorporated 2−3