Distributed Systems - System Models

1

Distributed Systems

System Models

Distributed Systems ccsejc, November 2003 2

Purpose of Models

Models help us understand predict control / construct / explore


Good Models

A model consists of attributes and rules rules can be expressed as

mathematical and logical formulas

A model yields insight helps recognize unsolvable problems helps avoid slow or expensive

solutions


Distributed System Models

Architectural Models placement of parts relationship of parts

Fundamental Models formal description of system

properties common in all architectural models


Architectural Model

Service Layers Platform

operating system, hardware supplies system programming interface

Middleware masks heterogeneity supplies application programming

interface provides services (e.g., naming, security,

transactions, event notification, etc.)


Service Layers

Applications, services

Computer and network hardware

Platform

Operating system

Middleware


Architectural Model

System Architectures Client/Server Model Multiple Servers Proxy Servers and Caches Peer Processes


Client/Server Model

Server

Client

Client

invocation

result

Serverinvocation

result

Process:Key:

Computer:


Client/Server Model

Remains the most widely usedServices may be provided by multiple serversPartitioned or replicated service-related objects


Client/Server Model

Partition provides increased performance increased availability increased fault-tolerance

But requires replica coordination / consistency preservation


Multiple Servers

Server

Server

Server

Service

Client

Client


Proxy Servers and Caches

Cache a close store of recently used data considerably increase performance in

many applications but requires cache coherence

protocols

Proxy Server a shared cache of resources most commonly used for web access


Proxy Server

Client

Proxy

Web

server

Web

server

serverClient


Peer Processes

Peer Processes processes that play similar roles no absolute distinction between

client/server may still assume client/server roles

from time to time Whiteboard Architecture

Group Communication / Multicast


Peer Processes

Coordination

Application

code

Coordination

Application

code

Coordination

Application

code


Client-Server Model Variations

Mobile CodeMobile AgentsNetwork ComputersThin ClientsMobile Devices and Spontaneous Networking


Mobile Codes

Code will be executed on the client machine instead of the server machineApplets are well-known and widely used example of mobile code


Web Applets

a) client request results in the downloading of applet code

Web server

ClientWeb serverApplet

Applet code

Client

b) client interacts with the applet


Server Push Model

Server initiates dialogue“pushes” information to the clientClient needs application that listens for server pushes


Mobile Agents

A running program that travels between computers in a networkCarries out tasks on someone’s behalfAdvantages local access everywhere reduction in communication cost

Potential security threat


Network Computers

All files are stored remotely in file serversMinimum software installed locally; most are downloaded from serversAny local disk used mainly as cache


Thin Clients

Refers to software layer that supports window-based user interface on a computer that is local to user while executing applications on remote computerDoes not run own codePrograms are run by a powerful compute server


Thin Client

ThinClient

ApplicationProcess

Network computer or PCCompute server

network


Spontaneous Networking

Describes the form of distribution that integrates mobile devices and other devices into a given networkTerm used to encompass applications that involve the connection of both mobile and non-mobile devices to networks in an informal manner



Key Features easy connection to a local network easy integration with local services

Security Problems limited connectivity security and privacy



Discovery Services – accepts and store details of services that are available on the network and respond to queries from clients Registration Service Lookup Service


Spontaneous Networking (hotel)

Internet

gateway

PDA

service

Music service

serviceDiscovery

Alarm

Camera

Guestsdevices

LaptopTV/PC

Hotel wirelessnetwork


Interfaces and Objects

Server processes and objects export interfaces define services

Several objects may be encapsulated by server process pass reference to clients clients can use remote invocation


Design Requirements

Performance IssuesQuality of ServiceUse of Caching and ReplicationDependability Issues


Performance Issues

Responsiveness (Availability) server load / performance communication / middleware / OS

delays implies

few software layers small quantities transferred between

client/server


Performance Issues

Throughput rate at which computational work is done

Balancing Computational Load may reduce stress on heavily loaded

servers task / process migration

complex operation and incurs huge overhead feasible only for long-running task


Quality of Service

Non-Functional Requirements Reliability Security Adaptability Performance


Quality of Service

QoS often refers to timeliness Predictability and sufficient efficiency Deadlines Hard Real-Time

e.g., reacting to sensor in nuclear plants Soft Real-Time

e.g., multimedia streams


Use of Caching & Replication

Cache Coherence / Consistency


Dependability Issues

Fault-Tolerance Replication in space / time

Security


Fundamental Models

Communicating Processes (message passing) fundamental property of distributed

system


Fundamental Models

Interaction Model limitation of delays, differing notions

of time

Failure Model fault classification and tolerance

Security possible attacks, attack-resistant

design


Interaction Model

Distributed Algorithm describes behavior and state of

processes in a distributed system definition of steps to be taken by the

involved processes, including transmission of messages

Execution speed is hard to predictState is hard to define due to failures


Interaction Model

Performance of Communication Channels Latency

Receipt Time – Send Time Bandwidth

possibly shared Jitter

variations in delivery time


Interaction Model

Computer Clocks and Timing Events Clock synchronization

local clocks differ due to clock drift rate Logical clocks Outside reference source (e.g., GPS)

Clock Drift Rate – refers to the relative amount that a computer clock differs from a perfect reference clock


Interaction Model

Two Variants Synchronous Distributed Systems Asynchronous Distributed Systems


Interaction Model

Synchronous Systems time to execute each step of process

has lower and upper bounds each message transmitted is received

within a bounded time each process has a local clock whose

drift rate from real time has bound Problem: assumptions often not

precise


Interaction Model

Asynchronous Systems No bounds on execution speed,

message delays, clock drift rates Example: Internet


Interaction Model

Event Ordering System execution can be described

as a series of events Issues:

time stamping events perfect synchronization impossible in a

loosely-coupled system logical time – ordering without clock

synchronization


Real-Time Ordering of Events

send

receive

send

receive

m1 m2

2

1

3

4X

Y

Z

Physical time

Am3

receive receive

send

receive receive receivet1 t2 t3

receive

receive

m2

m1


Failure Model

Processes and communication links may failDifferent ways of failing Omission failures Arbitrary failures Timing failures


Processes and Channels

process p process q

Communication channel

send

Outgoing message buffer Incoming message buffer

receivem


Omission Failures

Process Omission Failure crash (fail-silent) – requires timeout fail-stop

Communication Omission Failure failure to deliver a message network transmission error or lack of

buffer space send-omission / receive-omission /

channel-omission


Arbitrary Failures

also called Byzantine failuresworst possible failureexhibit malicious behaviorin process: omits intended processing steps; takes unintended stepson communication medium: message corruption; spawning / multiple delivery


Timing Failures

applicable in synchronous distributed systems limits on execution time, delivery

time, clock drift rates

missed deadline most critical in real-time systems


Omission & Arbitrary FailuresClass of failure Affects Description

Fail-stop Process Process halts and remains halted. Other processes maydetect this state.

Crash Process Process halts and remains halted. Other processes maynot be able to detect this state.

Omission Channel A message inserted in an outgoing message buffer neverarrives at the other end’s incoming message buffer.

Send-omission Process A process completes a send, but the message is not putin its outgoing message buffer.

Receive-omission Process A message is put in a process’s incoming messagebuffer, but that process does not receive it.

Arbitrary(Byzantine)

Process orchannel

Process/channel exhibits arbitrary behaviour: it maysend/transmit arbitrary messages at arbitrary times,commit omissions; a process may stop or take anincorrect step.


Timing Failures

Class of Failure Affects Description

Clock Process Process’s local clock exceeds the bounds on itsrate of drift from real time.

Performance Process Process exceeds the bounds on the intervalbetween two steps.

Performance Channel A message’s transmission takes longer than thestated bound.


Reliable Communication

Validity any message in outgoing message

buffer is eventually delivered to incoming message buffer

Integrity message received is identical to one

sent; no messages are delivered twice


Security Model

There is a need to secure Processes Channels Encapsulated Objects (resources,

etc.)


Protecting Objects

verify identity of client, check access rightsverify identity of server for response

Network

invocation

resultClient

Server

Principal (user) Principal (server)

ObjectAccess rights


Securing Processes

Problems open network exposed interfaces


The Enemy

is able to send any message to any process read or copy any message between a

pair of processes

Communication channel

Copy of m

Process p Process qm

The enemym’


Threats to Processes

False Identities not difficult to forge source address of

a message server must know identities of clients

to decide whether to reject requests clients need to validate server

responses


Threats to Comm. Channels

EavesdroppingMessage AlteringMessage InjectionCopy and Replay of MessagesSolution:Secure Channels


Defeating Threats

Cryptography hiding a message’s contents

Authentication proof of identity usually involves encryption as well

Secure Channels based on both cryptography and

authentication


Secure Channels

Principal A

Secure channelProcess p Process q

Principal B


Other Possible Threats

Denial of Service enemy interferes with activities of

authorized users by making excessive and pointless invocations that result to resource overload

Mobile Code process receives and executes

program code from elsewhere


Summary

Architectural Model Middleware Client/Server

Model Design

Requirements Quality of Service

Fundamental Model Interaction Model Failure Model Security Model

Distributed Systems - System Models

Documents

Transcript of Distributed Systems - System Models