Windows NT 5.0 will feature several enhancements to the Distributed Component Object Model (DCOM, formerly Network OLE) that Microsoft introduced with NT 4.0. Several of these enhancements­particularly those that Microsoft will integrate with other major NT 5.0 services­were topics at Microsoft's recent Server Professional Developer Conference. (For more information on DCOM and Network OLE, see "NT 4.0's Distributed Component Object Model," September 1996 and "Windows NT 4.0," April 1996.)

Perhaps the most important change to DCOM will be its Class Store, which is built on the new Active Directory and contains centralized information about enterprise components. In addition to the expected system objects such as files and directories, the Active Directory will maintain activation and binding information (for initialization and linking) for component objects Winsock, Remote Procedure Calls (RPCs), and DCOM use. When the system requests an object that is not registered locally, the operating system will

Perhaps the most important change to DCOM will be its Class Store, which is built on the new Active Directory and contains centralized information about enterprise components.

search the Class Store for configuration information (such as a "RemoteServerName"), actual server code (EXEs, DLLs, OCXs, etc.), type libraries, and install packages (such as CAB files and Setup programs). This centralized approach to enterprise components will simplify application management and distribution­particularly for distributed applications. Today, NT 4.0 DCOM works over any standard RPC transport protocol, including TCP/IP, SPX, Named Pipes, NetBIOS over NetBEUI, NetBIOS over TCP, NetBIOS over IPX, Datagrams (IPX), and Datagrams (UDP).

DCOM in NT 5.0 will work over additional pluggable transports. Microsoft will ship HTTP drivers for RPC. This addition will make tunneling DCOM over HTTP possible. This configuration will let DCOM work through existing firewalls and integrate with routers, network filters, and so on. The NT 5.0 timeframe will coincide with the availability of Microsoft's Falcon technology for message queuing and delivery: DCOM will take advantage of Falcon's reliable asynchronous capabilities to let applications easily make non-blocking calls (in which the application doesn't need to wait for the server to complete an operation before continuing), both to and from servers, across low-bandwidth, high-latency networks.

Distributed applications require security. NT 4.0 DCOM works locally with NT security and remotely with MS-RPC security, which is compatible with the industry standard distributed computing environment (DCE)/RPC security. DCOM in NT 5.0 will work with any Security Support Provider Interface (SSPI)-pluggable security provider to provide automatic security package negotiation and delegation-level impersonation (in which an intermediate task makes a request to a server on behalf of a client). Microsoft will provide built-in support for NT's new Kerberos and public key security systems. Kerberos security is password-based and often called shared secret or secret key: NT's Kerberos security is based on MIT Kerberos V5 RFC 1510 and uses a system of security tickets that the system scopes, time-limits, and issues for a specific client-server interaction. Kerberos offers several improvements over current NT security, including stronger authentication, mutual authentication, third-party delegation, and extensions for public key-based authentication. NT's public key extensions are based on the X.509 v3 Public Key Certificate specification and grant access to resources for requesters that do not have Kerberos credentials: NT maps certificates that a trusted authority issues onto familiar NT security groups. For instance, this capability will allow someone outside an organization to access specific resources the same way a local user does. Internally, NT 5.0 uses CryptoAPI (CAPI) 2.0 for encryption, and certificates are stored in the Active Directory. NT 5.0 maps certificates to user IDs and manages multiple credentials for each user.

Developers in particular will appreciate the new DCOM facility (accelerated into Service Pack 2) to host DLL-based servers in proxy, or surrogate, processes; previously, you could implement only EXE-based servers remotely. This improved flexibility in physical implementation will let distributed applications scale more easily. Finally, new features of DCOM will integrate with NT's new clustering technology for increased reliability and perfor-mance and will make developing and deploying long-lived, fault-tolerant DCOM servers possible. (For more on NT's clustering technology, see Mark Smith, "Closing In on Clusters," August 1996.)

Windows NT 5.0

Microsoft * 206-882-8080

Web: http://www.microsoft.com