DCE Program Group Minutes
San Diego Meeting, April 1998
By Eliot M. Solomon,
DCE Program Group Chair

• Maximizing Delivered Value
• Providing more complete business solutions
• Reducing the "total cost of ownership" of DCE
• Focusing on Enterprise Computing, and particularly high-availability and mission-critical computing
• Providing secure and reliable linkages between the core of the enterprise and Internet and intranet environments

Dave Lounsbury updated us on JADE II, which provides an easily downloadable DCE secure runtime written in pure Java. It can easily put DCE in places it has never been before. Vendors and others have shown interest in JADE II, but no firm commitments have been made to funding the JADE II work at the Research Institute. Dave asked the Program Group to make sure that vendors know their (the customers') priorities for DCE and the Internet. Dave described a demonstration in which a prototype version of JADE II was loaded into a variety of browsers and Network Computers. In response to a question, Dave indicated that the size of the JADE II client downloaded was slightly more than 300Kbytes.

We heard from representatives of two vertical industries that are working with the DCE Program. Gerry Gebel gave a presentation about the Securities Industry Middleware Council. Barry Howard of Lawrence Livermore National Lab talked about the National Labs, which are organizing a "vertical industry" council to work with the DCE Forum. He identified these issues as important to the labs:

• security issues, including PKI, trust, and other similar issues
• LDAP usage and integration
• the increasing importance of Windows NT as an end-user environment presence

Trust and interoperable security are very important to Livermore. Interoperability with non-DCE security services is critical to the mission of the Labs. Apparent divergence in standards are of particular concern to Livermore. The most immediate examples include GSS API and various kerberos implementations, also identified as critical by Forum members from Oak Ridge National Lab and Sandia National Lab.

Eliot Solomon described the presentation he made to the Architecture Board relating the DCE Program to the IT DialTone architecture. In it, DCE is aligned with the IT DialTone concept of an "Application Environment." DCE would become a application environment optimized for enterprise computing with a substantial component of mission critical or near-mission critical applications.

In the discussion that followed, members suggested descriptions of the characteristics of DCE and its target market. Organizations with applications characterized by large amounts of file access or with repetitive work, whether or not it relies on transaction monitors, would fit the model. Organizations with a need for integrated, enterprise-wide administration and system management would also be included.

• Does the strategy make sense?
• How can your company benefit from this strategy?
• What can your organization do to support this strategy? OR
  What do you need to be able to "pitch" this strategy to your organization?

The overwhelming majority felt the strategy made sense. Some concern was expressed about the IT DialTone initiative. Some participants felt the new strategy was not sufficiently different from the original intent of DCE to be any better accepted. The benefits that the participants anticipated from the strategy related particularly to security, and to secure communications over the Internet. The planned inclusion of Java tools and capabilities in DCE was also seen as a positive step.

Concerns expressed included questions about support and maintenance, and accountability for problem resolution. Several participants felt that they needed more specific information about schedules for the program; some expressed concerns about funding, and the program's long-term stability. A number of participants indicated that improved reliability, availability, and scalability (RAS) in DCE were required before they could make major additional commitments. Improved operation, administration and management (OA&M) capabilities were also identified as an urgent requirement.

In order for the Management PG to help us, they need a better understanding of what DCE experts believe is needed to facilitate managing DCE. We held a discussion on what we mean by managing DCE and identified some areas where management in DCE is needed. These included:

• host configuration management
• access controls
• a high-level management language for scripting, coherent so it works across multiple domains, and even facilitates mergers and sharing of data in organizations
• easier-to-make multiple updates
• common management across vendors
• a simple GUI-based task interface rather than one using the command line
• a better set of interfaces to manage the different parts of DCE
• handling directory services
• handling performance issues. This a continuous issue - what is needed is some solution akin to pinging the health of the critical services in the DCE environment.

These are just ideas, and don't clearly address the basic questions of "What do we want to manage and what are DCE's requirements?" It was decided that a small group of representatives from each Program Group would be identified to make progress in clarifying DCE's requirements and the next steps to be taken. An action was taken to identify both a Primary contact and a set of interested participants from the DCE Program Group by the end of May 1998. If you are interested, please contact Eliot Solomon.

• Digital Equipment Company
  K. V. Sastry, Engineering Manager
  
  K.V. began his presentation with a recap of Digital's current and planned DCE product sets for various platforms, including Digital UNIX, Windows 95, and NT. He then indicated that his group was exploring new technologies, including the following: for Digital UNIX, IA-64 support, enhanced support for TruClusters, additional DFS features, easier management security, and development tools; for NT and Windows 95, slim client, CDS preferencing, and DHCP support. K.V. then described the Digital DCE Toolkit, which was designed to simplify the development and deployment of distributed applications.

• IBM
  Jamil Bissar, Product Manager
  
  Jamil began with some key messages about IBM's direction for DCE, including support for Internet standards (PKI, LDAP, integration with Kerberos authentication), and extensive IBM middleware exploitation allowing for greater leverage of the infrastructure (GSO, Txseries, DFS, Component Broker). He then presented an architectural overview of IBM's eNetwork Security paradigm, a comprehensive, End-to-End security enterprise solution including these and other technologies. Jamil concluded with a detailed schedule of upcoming DCE releases on a wide array of platforms.

• DASCOM
  Neil Readshaw, Product Manager
  
  Neil's presentation, entitled JADE: A Case Study, described the process of building DCE applications for the Internet. Neil first explained the motivations behind integrating Java and DCE, covering topics such as authentication and authorization, interoperability between Java and non-Java environments, preserving investments in existing DCE servers. After explaining the JADE object model, he then described a real-world implementation of the technology via Dascom's IntraVerse NetSEAT product. Neil rounded out the discussion by describing the IntraVerse system architecture, as well as the five major benefits of the JADE approach. The presentation concluded with packaging, product availability, and upcoming event information.

• Gradient
  Brian Breton, Product Manager
  
  Brian started off his presentation with an introduction to Gradient's PC-DCE product family. The discussion then turned to NetCrusader, Gradient's solution for interoperating across security domains. His discussion touched on, among other things, the product's architecture, Internet security, and junction support. Brian then went into some depth about object security, especially as it relates to PC-DCE/OrbixSecurity integration, secure CORBA access, and secure Java access. The presentation concluded with a detailed description of using NetCrusader Commander for graphical management.

• Prepare a "taxonomy" of cross cell trust and authentication models based on real world models of trust, both intra- and inter-enterprise. This will be the basis of a formal requirements specification for cross-cell security.

One of the more provocative suggestions made during the discussion related to the use of Public Key as a mechanism for establishing trust. If a certificate-based login mechanism were used, the trust problem would become identical to the problem of establishing trust in a certificate, at least with respect to authentication services. While this does not solve the problem, it transforms it from a DCE-specific problem to a more general problem.

We were pleased to have an excellent level of participation from our vendors.

• Ron B. Williams of Kaiser Permanente described the IT and business environments at Kaiser. The sorts of "things" that need to be located, the dynamic configuration of the business and its work, and the criticality of the process of tracking items critical to the health and safety of clients were outlined. He identified the implications for the directory and related services.
• Jeff Hodges of Stanford University described Stanford's registy and directory infrastructure to address their need for a highly decentralized enterprise consisting of multiple systems of records. Jeff provided insight into the similarities and differences between registries and directories and how to most effectively use each. He showed how Stanford has combined the two in their overall system.
• Ed Reed of Novell described the approach Novell has taken in their NDS product of focusing on the services which are enabled by the directory. Ed talked extensively about distributed vs. centralized directories, identifying the strengths and use models that each is best suited for.
• Joyce Ethridge of Microsoft described a number of approaches to the implementation of distributed directories. She described the rationale behind the design of Microsoft's Active Directory (AD) product. Trade-offs between aspects of performance, between price and performance, and between technology futures and the imperatives of installed base were considered.
• Ellen Stokes of IBM gave a wrap-up presentation summarizing best practices in the planning and deployment of directories.