Browse Prior Art Database

DFS As An Internet File System

IP.com Disclosure Number: IPCOM000123091D
Original Publication Date: 1998-May-01
Included in the Prior Art Database: 2005-Apr-04
Document File: 4 page(s) / 124K

Publishing Venue

IBM

Related People

Brown, C: AUTHOR [+3]

Abstract

Distributed File System (DFS) is IBM's premiere file system for use in distributed environments. However, it requires that the customer deploy a complete Distributed Computing Environment (DCE), that is a Cell Directory Services (CDS) server and a DCE security server along with the DFS. These servers are not typically in the customer's environment and are required to be purchased. The invention here articulates how we can deploy DFS using components that will be typically found in the customer's environment and thereby streamline costs (not buying extra pieces) and administration (not deploying extra and different directory and security servers).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

DFS As An Internet File System

   Distributed File System (DFS) is IBM's premiere file system
for use in distributed environments.  However, it requires that the
customer deploy a complete Distributed Computing Environment (DCE),
that is a Cell Directory Services (CDS) server and a DCE security
server along with the DFS.  These servers are not typically in the
customer's environment and are required to be purchased.  The
invention here articulates how we can deploy DFS using components
that will be typically found in the customer's environment and
thereby streamline costs (not buying extra pieces) and
administration (not deploying extra and different directory and
security servers).

   The key to the solution is the replacement of the DCE cell
directory server and the DCE security with internet technologies
that the customer will have in his environment.  CDS is replaced
with Lightweight Directory Access Protocol (LDAP) directory server.
DCE security server is replaced with public key components Secure
Sockets Layer (SSL) and administration related to the maintenance/use
of public key certificates.

   The DFS uses the Name Space Interface (NSI) to interact
with the CDS today.  As part of work that is currently happening via
an Open Group Pre-Structured Technology (PST), NSI is being extended
to interact with LDAP directory service (i.e., emit LDAP protocol).
There is also a module in DFS that uses the internal (unpublished)
CDS Programming Interface (CDSPI) that needs to be modified to call
the NSI.  Given this, DFS then has no dependencies on Cell Directory
Services and can use any directory service reachable via the NSI
interface, and in this case, the LDAP directory will be used--and
this type of directory is expected to be in the customer's
environment given its current acceptance in the industry.  Figure 1
shows the proposed changes to DFS's use of directory services.

   Security is divided into 2 parts: authentication and
authorization.  The proposal removes the need for the DCE security
server.

   Authentication is via Secure Sockets Layer (SSL) using a
x.509v3 public key certificate.  This is done at a layer lower than
DCE.  The SSL provides client/server mutual authentication.  It also
provides an encrypted connection over which the DFS data will
flow--and this is something that is not possible in the DFS
currently.  This has the advantage of now being able to flow
sensitive DFS data in the inte...