The Evolution of NT-DCOM in NT 5.0

Windows NT 5.0 will feature several enhancements tothe Distributed Component Object Model (DCOM, formerly Network OLE) thatMicrosoft introduced with NT 4.0. Several of these enhancements­particularlythose that Microsoft will integrate with other major NT 5.0 services­weretopics at Microsoft's recent Server Professional Developer Conference. (For moreinformation on DCOM and Network OLE, see "NT 4.0's Distributed ComponentObject Model," September 1996 and "Windows NT 4.0," April 1996.)

Perhaps the most important change to DCOM will be its Class Store, which isbuilt on the new Active Directory and contains centralized information aboutenterprise components. In addition to the expected system objects such as filesand directories, the Active Directory will maintain activation and bindinginformation (for initialization and linking) for component objects Winsock,Remote Procedure Calls (RPCs), and DCOM use. When the system requests an objectthat is not registered locally, the operating system will

search the Class Store for configuration information (such as a "RemoteServerName"),actual server code (EXEs, DLLs, OCXs, etc.), type libraries, and installpackages (such as CAB files and Setup programs). This centralized approach toenterprise components will simplify application management and distribution­particularlyfor distributed applications. Today, NT 4.0 DCOM works over any standard RPCtransport protocol, including TCP/IP, SPX, Named Pipes, NetBIOS over NetBEUI,NetBIOS over TCP, NetBIOS over IPX, Datagrams (IPX), and Datagrams (UDP).

DCOM in NT 5.0 will work over additional pluggable transports. Microsoftwill ship HTTP drivers for RPC. This addition will make tunneling DCOM over HTTPpossible. This configuration will let DCOM work through existing firewalls andintegrate with routers, network filters, and so on. The NT 5.0 timeframe willcoincide with the availability of Microsoft's Falcon technology for messagequeuing and delivery: DCOM will take advantage of Falcon's reliable asynchronous capabilities to let applications easily make non-blocking calls (inwhich the application doesn't need to wait for the server to complete anoperation before continuing), both to and from servers, across low-bandwidth,high-latency networks.

Distributed applications require security. NT 4.0 DCOM works locally withNT security and remotely with MS-RPC security, which is compatible with theindustry standard distributed computing environment (DCE)/RPC security. DCOM inNT 5.0 will work with any Security Support Provider Interface (SSPI)-pluggablesecurity provider to provide automatic security package negotiation anddelegation-level impersonation (in which an intermediate task makes a request toa server on behalf of a client). Microsoft will provide built-in support forNT's new Kerberos and public key security systems. Kerberos security ispassword-based and often called shared secret or secret key:NT's Kerberos security is based on MIT Kerberos V5 RFC 1510 and uses a system ofsecurity tickets that the system scopes, time-limits, and issues for a specificclient-server interaction. Kerberos offers several improvements over current NTsecurity, including stronger authentication, mutual authentication, third-partydelegation, and extensions for public key-based authentication. NT's public keyextensions are based on the X.509 v3 Public Key Certificate specification andgrant access to resources for requesters that do not have Kerberos credentials:NT maps certificates that a trusted authority issues onto familiar NTsecurity groups. For instance, this capability will allow someone outside anorganization to access specific resources the same way a local user does.Internally, NT 5.0 uses CryptoAPI (CAPI) 2.0 for encryption, and certificatesare stored in the Active Directory. NT 5.0 maps certificates to user IDs andmanages multiple credentials for each user.

Developers in particular will appreciate the new DCOM facility (acceleratedinto Service Pack 2) to host DLL-based servers in proxy, or surrogate,processes; previously, you could implement only EXE-based servers remotely. Thisimproved flexibility in physical implementation will let distributedapplications scale more easily. Finally, new features of DCOM will integratewith NT's new clustering technology for increased reliability and perfor-manceand will make developing and deploying long-lived, fault-tolerant DCOM serverspossible. (For more on NT's clustering technology, see Mark Smith, "ClosingIn on Clusters," August 1996.)

Windows NT 5.0

Microsoft * 206-882-8080

Web: http://www.microsoft.com