Upload
kat5t
View
159
Download
2
Tags:
Embed Size (px)
Citation preview
1
Distributed Systems
System Models
Distributed Systems ccsejc, November 2003 2
Purpose of Models
Models help us understand predict control / construct / explore
Distributed Systems ccsejc, November 2003 3
Good Models
A model consists of attributes and rules rules can be expressed as
mathematical and logical formulas
A model yields insight helps recognize unsolvable problems helps avoid slow or expensive
solutions
Distributed Systems ccsejc, November 2003 4
Distributed System Models
Architectural Models placement of parts relationship of parts
Fundamental Models formal description of system
properties common in all architectural models
Distributed Systems ccsejc, November 2003 5
Architectural Model
Service Layers Platform
operating system, hardware supplies system programming interface
Middleware masks heterogeneity supplies application programming
interface provides services (e.g., naming, security,
transactions, event notification, etc.)
Distributed Systems ccsejc, November 2003 6
Service Layers
Applications, services
Computer and network hardware
Platform
Operating system
Middleware
Distributed Systems ccsejc, November 2003 7
Architectural Model
System Architectures Client/Server Model Multiple Servers Proxy Servers and Caches Peer Processes
Distributed Systems ccsejc, November 2003 8
Client/Server Model
Server
Client
Client
invocation
result
Serverinvocation
result
Process:Key:
Computer:
Distributed Systems ccsejc, November 2003 9
Client/Server Model
Remains the most widely usedServices may be provided by multiple serversPartitioned or replicated service-related objects
Distributed Systems ccsejc, November 2003 10
Client/Server Model
Partition provides increased performance increased availability increased fault-tolerance
But requires replica coordination / consistency preservation
Distributed Systems ccsejc, November 2003 11
Multiple Servers
Server
Server
Server
Service
Client
Client
Distributed Systems ccsejc, November 2003 12
Proxy Servers and Caches
Cache a close store of recently used data considerably increase performance in
many applications but requires cache coherence
protocols
Proxy Server a shared cache of resources most commonly used for web access
Distributed Systems ccsejc, November 2003 13
Proxy Server
Client
Proxy
Web
server
Web
server
serverClient
Distributed Systems ccsejc, November 2003 14
Peer Processes
Peer Processes processes that play similar roles no absolute distinction between
client/server may still assume client/server roles
from time to time Whiteboard Architecture
Group Communication / Multicast
Distributed Systems ccsejc, November 2003 15
Peer Processes
Coordination
Application
code
Coordination
Application
code
Coordination
Application
code
Distributed Systems ccsejc, November 2003 16
Client-Server Model Variations
Mobile CodeMobile AgentsNetwork ComputersThin ClientsMobile Devices and Spontaneous Networking
Distributed Systems ccsejc, November 2003 17
Mobile Codes
Code will be executed on the client machine instead of the server machineApplets are well-known and widely used example of mobile code
Distributed Systems ccsejc, November 2003 18
Web Applets
a) client request results in the downloading of applet code
Web server
ClientWeb serverApplet
Applet code
Client
b) client interacts with the applet
Distributed Systems ccsejc, November 2003 19
Server Push Model
Server initiates dialogue“pushes” information to the clientClient needs application that listens for server pushes
Distributed Systems ccsejc, November 2003 20
Mobile Agents
A running program that travels between computers in a networkCarries out tasks on someone’s behalfAdvantages local access everywhere reduction in communication cost
Potential security threat
Distributed Systems ccsejc, November 2003 21
Network Computers
All files are stored remotely in file serversMinimum software installed locally; most are downloaded from serversAny local disk used mainly as cache
Distributed Systems ccsejc, November 2003 22
Thin Clients
Refers to software layer that supports window-based user interface on a computer that is local to user while executing applications on remote computerDoes not run own codePrograms are run by a powerful compute server
Distributed Systems ccsejc, November 2003 23
Thin Client
ThinClient
ApplicationProcess
Network computer or PCCompute server
network
Distributed Systems ccsejc, November 2003 24
Spontaneous Networking
Describes the form of distribution that integrates mobile devices and other devices into a given networkTerm used to encompass applications that involve the connection of both mobile and non-mobile devices to networks in an informal manner
Distributed Systems ccsejc, November 2003 25
Spontaneous Networking
Key Features easy connection to a local network easy integration with local services
Security Problems limited connectivity security and privacy
Distributed Systems ccsejc, November 2003 26
Spontaneous Networking
Discovery Services – accepts and store details of services that are available on the network and respond to queries from clients Registration Service Lookup Service
Distributed Systems ccsejc, November 2003 27
Spontaneous Networking (hotel)
Internet
gateway
PDA
service
Music service
serviceDiscovery
Alarm
Camera
Guestsdevices
LaptopTV/PC
Hotel wirelessnetwork
Distributed Systems ccsejc, November 2003 28
Interfaces and Objects
Server processes and objects export interfaces define services
Several objects may be encapsulated by server process pass reference to clients clients can use remote invocation
Distributed Systems ccsejc, November 2003 29
Design Requirements
Performance IssuesQuality of ServiceUse of Caching and ReplicationDependability Issues
Distributed Systems ccsejc, November 2003 30
Performance Issues
Responsiveness (Availability) server load / performance communication / middleware / OS
delays implies
few software layers small quantities transferred between
client/server
Distributed Systems ccsejc, November 2003 31
Performance Issues
Throughput rate at which computational work is done
Balancing Computational Load may reduce stress on heavily loaded
servers task / process migration
complex operation and incurs huge overhead feasible only for long-running task
Distributed Systems ccsejc, November 2003 32
Quality of Service
Non-Functional Requirements Reliability Security Adaptability Performance
Distributed Systems ccsejc, November 2003 33
Quality of Service
QoS often refers to timeliness Predictability and sufficient efficiency Deadlines Hard Real-Time
e.g., reacting to sensor in nuclear plants Soft Real-Time
e.g., multimedia streams
Distributed Systems ccsejc, November 2003 34
Use of Caching & Replication
Cache Coherence / Consistency
Distributed Systems ccsejc, November 2003 35
Dependability Issues
Fault-Tolerance Replication in space / time
Security
Distributed Systems ccsejc, November 2003 36
Fundamental Models
Communicating Processes (message passing) fundamental property of distributed
system
Distributed Systems ccsejc, November 2003 37
Fundamental Models
Interaction Model limitation of delays, differing notions
of time
Failure Model fault classification and tolerance
Security possible attacks, attack-resistant
design
Distributed Systems ccsejc, November 2003 38
Interaction Model
Distributed Algorithm describes behavior and state of
processes in a distributed system definition of steps to be taken by the
involved processes, including transmission of messages
Execution speed is hard to predictState is hard to define due to failures
Distributed Systems ccsejc, November 2003 39
Interaction Model
Performance of Communication Channels Latency
Receipt Time – Send Time Bandwidth
possibly shared Jitter
variations in delivery time
Distributed Systems ccsejc, November 2003 40
Interaction Model
Computer Clocks and Timing Events Clock synchronization
local clocks differ due to clock drift rate Logical clocks Outside reference source (e.g., GPS)
Clock Drift Rate – refers to the relative amount that a computer clock differs from a perfect reference clock
Distributed Systems ccsejc, November 2003 41
Interaction Model
Two Variants Synchronous Distributed Systems Asynchronous Distributed Systems
Distributed Systems ccsejc, November 2003 42
Interaction Model
Synchronous Systems time to execute each step of process
has lower and upper bounds each message transmitted is received
within a bounded time each process has a local clock whose
drift rate from real time has bound Problem: assumptions often not
precise
Distributed Systems ccsejc, November 2003 43
Interaction Model
Asynchronous Systems No bounds on execution speed,
message delays, clock drift rates Example: Internet
Distributed Systems ccsejc, November 2003 44
Interaction Model
Event Ordering System execution can be described
as a series of events Issues:
time stamping events perfect synchronization impossible in a
loosely-coupled system logical time – ordering without clock
synchronization
Distributed Systems ccsejc, November 2003 45
Real-Time Ordering of Events
send
receive
send
receive
m1 m2
2
1
3
4X
Y
Z
Physical time
Am3
receive receive
send
receive receive receivet1 t2 t3
receive
receive
m2
m1
Distributed Systems ccsejc, November 2003 46
Failure Model
Processes and communication links may failDifferent ways of failing Omission failures Arbitrary failures Timing failures
Distributed Systems ccsejc, November 2003 47
Processes and Channels
process p process q
Communication channel
send
Outgoing message buffer Incoming message buffer
receivem
Distributed Systems ccsejc, November 2003 48
Omission Failures
Process Omission Failure crash (fail-silent) – requires timeout fail-stop
Communication Omission Failure failure to deliver a message network transmission error or lack of
buffer space send-omission / receive-omission /
channel-omission
Distributed Systems ccsejc, November 2003 49
Arbitrary Failures
also called Byzantine failuresworst possible failureexhibit malicious behaviorin process: omits intended processing steps; takes unintended stepson communication medium: message corruption; spawning / multiple delivery
Distributed Systems ccsejc, November 2003 50
Timing Failures
applicable in synchronous distributed systems limits on execution time, delivery
time, clock drift rates
missed deadline most critical in real-time systems
Distributed Systems ccsejc, November 2003 51
Omission & Arbitrary FailuresClass of failure Affects Description
Fail-stop Process Process halts and remains halted. Other processes maydetect this state.
Crash Process Process halts and remains halted. Other processes maynot be able to detect this state.
Omission Channel A message inserted in an outgoing message buffer neverarrives at the other end’s incoming message buffer.
Send-omission Process A process completes a send, but the message is not putin its outgoing message buffer.
Receive-omission Process A message is put in a process’s incoming messagebuffer, but that process does not receive it.
Arbitrary(Byzantine)
Process orchannel
Process/channel exhibits arbitrary behaviour: it maysend/transmit arbitrary messages at arbitrary times,commit omissions; a process may stop or take anincorrect step.
Distributed Systems ccsejc, November 2003 52
Timing Failures
Class of Failure Affects Description
Clock Process Process’s local clock exceeds the bounds on itsrate of drift from real time.
Performance Process Process exceeds the bounds on the intervalbetween two steps.
Performance Channel A message’s transmission takes longer than thestated bound.
Distributed Systems ccsejc, November 2003 53
Reliable Communication
Validity any message in outgoing message
buffer is eventually delivered to incoming message buffer
Integrity message received is identical to one
sent; no messages are delivered twice
Distributed Systems ccsejc, November 2003 54
Security Model
There is a need to secure Processes Channels Encapsulated Objects (resources,
etc.)
Distributed Systems ccsejc, November 2003 55
Protecting Objects
verify identity of client, check access rightsverify identity of server for response
Network
invocation
resultClient
Server
Principal (user) Principal (server)
ObjectAccess rights
Distributed Systems ccsejc, November 2003 56
Securing Processes
Problems open network exposed interfaces
Distributed Systems ccsejc, November 2003 57
The Enemy
is able to send any message to any process read or copy any message between a
pair of processes
Communication channel
Copy of m
Process p Process qm
The enemym’
Distributed Systems ccsejc, November 2003 58
Threats to Processes
False Identities not difficult to forge source address of
a message server must know identities of clients
to decide whether to reject requests clients need to validate server
responses
Distributed Systems ccsejc, November 2003 59
Threats to Comm. Channels
EavesdroppingMessage AlteringMessage InjectionCopy and Replay of MessagesSolution:Secure Channels
Distributed Systems ccsejc, November 2003 60
Defeating Threats
Cryptography hiding a message’s contents
Authentication proof of identity usually involves encryption as well
Secure Channels based on both cryptography and
authentication
Distributed Systems ccsejc, November 2003 61
Secure Channels
Principal A
Secure channelProcess p Process q
Principal B
Distributed Systems ccsejc, November 2003 62
Other Possible Threats
Denial of Service enemy interferes with activities of
authorized users by making excessive and pointless invocations that result to resource overload
Mobile Code process receives and executes
program code from elsewhere
Distributed Systems ccsejc, November 2003 63
Summary
Architectural Model Middleware Client/Server
Model Design
Requirements Quality of Service
Fundamental Model Interaction Model Failure Model Security Model