Windows NT 5.0 will feature several enhancements to
the Distributed Component Object Model (DCOM, formerly Network OLE) that
Microsoft introduced with NT 4.0. Several of these enhancementsparticularly
those that Microsoft will integrate with other major NT 5.0 serviceswere
topics at Microsoft's recent Server Professional Developer Conference. (For more
information on DCOM and Network OLE, see "NT 4.0's Distributed Component
Object Model," September 1996 and "Windows NT 4.0," April 1996.)
Perhaps the most important change to DCOM will be its Class Store, which is
built on the new Active Directory and contains centralized information about
enterprise components. In addition to the expected system objects such as files
and directories, the Active Directory will maintain activation and binding
information (for initialization and linking) for component objects Winsock,
Remote Procedure Calls (RPCs), and DCOM use. When the system requests an object
that is not registered locally, the operating system will
| Perhaps the most important change
to DCOM will be its Class Store, which is built on the new Active Directory
and contains centralized information about enterprise components. |
search the Class Store for configuration information (such as a "RemoteServerName"),
actual server code (EXEs, DLLs, OCXs, etc.), type libraries, and install
packages (such as CAB files and Setup programs). This centralized approach to
enterprise components will simplify application management and distributionparticularly
for distributed applications. Today, NT 4.0 DCOM works over any standard RPC
transport protocol, including TCP/IP, SPX, Named Pipes, NetBIOS over NetBEUI,
NetBIOS over TCP, NetBIOS over IPX, Datagrams (IPX), and Datagrams (UDP).
DCOM in NT 5.0 will work over additional pluggable transports. Microsoft
will ship HTTP drivers for RPC. This addition will make tunneling DCOM over HTTP
possible. This configuration will let DCOM work through existing firewalls and
integrate with routers, network filters, and so on. The NT 5.0 timeframe will
coincide with the availability of Microsoft's Falcon technology for message
queuing and delivery: DCOM will take advantage of Falcon's reliable asynchronous capabilities to let applications easily make non-blocking calls (in
which the application doesn't need to wait for the server to complete an
operation before continuing), both to and from servers, across low-bandwidth,
high-latency networks.
Distributed applications require security. NT 4.0 DCOM works locally with
NT security and remotely with MS-RPC security, which is compatible with the
industry standard distributed computing environment (DCE)/RPC security. DCOM in
NT 5.0 will work with any Security Support Provider Interface (SSPI)-pluggable
security provider to provide automatic security package negotiation and
delegation-level impersonation (in which an intermediate task makes a request to
a server on behalf of a client). Microsoft will provide built-in support for
NT's new Kerberos and public key security systems. Kerberos security is
password-based and often called shared secret or secret key:
NT's Kerberos security is based on MIT Kerberos V5 RFC 1510 and uses a system of
security tickets that the system scopes, time-limits, and issues for a specific
client-server interaction. Kerberos offers several improvements over current NT
security, including stronger authentication, mutual authentication, third-party
delegation, and extensions for public key-based authentication. NT's public key
extensions are based on the X.509 v3 Public Key Certificate specification and
grant access to resources for requesters that do not have Kerberos credentials:
NT maps certificates that a trusted authority issues onto familiar NT
security groups. For instance, this capability will allow someone outside an
organization to access specific resources the same way a local user does.
Internally, NT 5.0 uses CryptoAPI (CAPI) 2.0 for encryption, and certificates
are stored in the Active Directory. NT 5.0 maps certificates to user IDs and
manages multiple credentials for each user.
Developers in particular will appreciate the new DCOM facility (accelerated
into Service Pack 2) to host DLL-based servers in proxy, or surrogate,
processes; previously, you could implement only EXE-based servers remotely. This
improved flexibility in physical implementation will let distributed
applications scale more easily. Finally, new features of DCOM will integrate
with NT's new clustering technology for increased reliability and perfor-mance
and will make developing and deploying long-lived, fault-tolerant DCOM servers
possible. (For more on NT's clustering technology, see Mark Smith, "Closing
In on Clusters," August 1996.)
Windows NT 5.0
Microsoft * 206-882-8080
Web: http://www.microsoft.com