面向异构目录服务簇的HVVDS系统体系结构研究与实现
|
摘要
随着Internet/Intranet的迅猛发展,目录系统作为一种有效的资源管理工具,应用越来越广泛。目前,大型的现代企事业、政府机关和研究机构纷纷在局域网构建本地目录服务系统,管理内部的数据资源,实现高效的信息检索和共享。与此同时,LDAP协议作为目录规范的标准应运而生了,随即也产生了许多遵守LDAP协议规范的目录服务产品,这也为各个公司维护自己的目录服务带来了方便。但是,目录系统可能来自不同的厂商,各个系统遵循不同的目录格式和命名空间,这样就在Internet上形成了大量的异构目录服务器,这些异构的平台之间无法通信,形成了目录信息“孤岛”效应,无法满足新的应用需求。
随着应用的发展,目录服务不仅仅限于公司或者企业内部,为了实现信息的共享和信息的整体价值,迫切需要将“孤岛”采取一定策略整合起来,进行统一查询和管理。在分布式目录服务策略上,现在也有一些研究和实现。例如,在LDAP V3中就支持推荐策略实现目录服务器之间的互连。这种策略主要是通过服务器推荐,在本地查找不到就根据知识推荐连接到另一台目录服务器上查询。但是,在目录服务器较多的情况下,效率低下,并且造成网络流量大幅度增加。因此,将这些独立或部分独立的服务器形成可统一访问,统一管理,统一资源调度的具有可伸缩性的系统,管理好这些目录服务群体,使得这些目录服务能够充分高效地被受众访问到,这都已经成为亟待解决的问题。本文就是在这样的背景下研究的。
在研究方法上,首先分析了LDAP协议族,因为大部分目录服务都提供LDAP API的接口,于是将研究模型建立在LDAP协议基础上;然后探究分布式系统结构原理;确定研究实现的目标为:为用户提供统一的访问接口,屏蔽下层异构的目录服务环境,系统漏检率低,查询效率高。经过实践和分析比较,提出采用虚拟视图目录的策略,构造了HVVDS系统模型。
本文提出HVVDS系统模型的基础是上海市科学技术发展基金项目的网络多媒体平台项目中的分布式目录平台。
HVVDS创新之处在于,构造了层次型目录服务系统,底层为异构目录服务簇,中间层为同化映射层,最上层为全局目录服务器层。中间层实现同化映射功能,将下层的目录服务簇的目录经过抽取、加工、映射到上层的全局目录服务器。全局目录服务器的内容为所有异构目录服务簇的目录信息的映射。因此,用户可以通过全局目录服务器导航来访问目标信息所在的异构目录服务器。首先,这种策略使异构目录服务器具有可访问性;其次,相比于目前采用的LDAP推荐策略来说,HVVDS采用的查询机制使得查询效率大幅度提高,而且查询效率与异构目录服务簇的规模无关。因为要构造全局目录服务器,所以HVVDS模型需要有硬件
摘要
上的开销,但是,HVVDS的同化映射策略使得全局目录服务器无需将下层异构服务器的海量
信息大规模拷贝,而是形成一个规范的精选集合,自动映射到服务器端,数据量大大减少,
性能得到了优化。最后,为了提高系统的可扩展性,本文也提出了全局目录服务器的分布化
的策略。
作者研究的重点为构造HvvDS系统模型,解决异构目录服务簇的目录同化映射问
题,在全局目录服务器端整合成规范的目录树,包括:转换它们的工作模式、名字空间、
唯一标识,对象、属性、语法和数据结构;进而,提出了搜索和操作的算法,使其搜索
效率有较大提高;并且,为了实现系统的可扩展性,建议构造树状LDAP服务器互连结
构,实现同构目录分布化;为了提高系统的性能,还分析了同步、复制和缓存等问题。
作者构造了HVVDS实现模型来解决以上问题,模型主要分析三个层面:虚拟视图
层、异构同化层和异构目录访问层,每一层又由不同的模块组成,分析了模块功能和模
块之间的通信过程,这为实现异构目录系统资源共享提供了参考模型。
为了证明HVVDS模型的可行性,作者设计了一个原型系统,为用户和管理员提供了目
录访问和管理的平台;构造了面向宽带网络多媒体信息的全局目录管理服务器,实现了异构
目录服务器的有效互连:并且系统实现了与应用程序通信的功能。系统运行结果证明,HVVDS
是一种普遍适用的模型,文章在最后比较了HVVDS模型和目前分布式LDAP服务器互连采
用的推荐策略查询的时间复杂度,得出如果在大量LDAP服务器之间进行互操作,搜索效
率会大大提高的结论,但是同时也会带来硬件上的开销。
本文的主要贡献是:
分析目前采用的目录服务器互连策略的局限性,指出构造虚拟视图目录系统的可能性和
必要性;在研究分布式系统原理基础上,指出这种模型的具体需求要素。
提出了HVVDS的系统模型,分析其系统结构和关键技术,重点研究了异构目录同化映射
的策略和其相关的搜索同步算法;提出了构造树型全局LDAP服务群,实现全局服务器端
的目录分布化。并且按照该系统模型,设计了实现模型,分析了各模块功能和通信过程。
在此基础上开发实现了网络多媒体平台的分布式目录管理系统的原型应用。
最后对HVVDS性能在时间复杂度和空间开销上进行计算、分析和比较,证明采用
HvvDs模型,搜索效率明显提高;在硬件支持的情况一F,具有很好的可扩展性;在空
间开销上有了较人的
With the rapid development of the Internet/ Intranet, the directory system, as a kind of effective tool of the resource management, is used more and more widely. Now, for the management of the inner data resource, many large enterprises, government, academic institutions have set up local directory service system based on intranet so as to realize the efficient information query and share. At the same time, LDAP (Light Directory Access Protocol) as the norm of directory criterion is established. Lots of directory products are emerged, and They make it easy for the company to manage resources by runnning their own directory service. But every directory system may come from the different factory, follow the different directory information tree format and be assigned different namespace. So there are lots of heterogeneous directory servers, which can't communicate with each other, and can't live up with the new application need.
As the development of application, there are more and more demands on interconnection across the heterogenous LDAP servers, and system is needed to achieve the whole value of information islands. In the distributed directory service field, there are also some researches. For example, LDAP V3 supports referral strategy to realize interconnection across directory servers. By the referral strategy, if the local server can't find the entry, user will forward to another server according to the knowledge. But, searching accross lots of directory servers from one by one, its efficiency is lowly and results in a large waste of bandwidth.
Therefore, a global directory system view is needed in order to be access efficiently, which is provided by a global system that integrates heterogenous information of LDAP servers. Above mentioned is our investigative background. On the research method, firstly, the LDAP protocols is analyzed and be set as foundation. Secondly, distributed system construction principle is investigated and the main goal of research is to make it easy for user to access remote resource,and to share them with other users in a controlled way and to lower miss rate and higher search efficiency in a economic way. The paper puts forward a new approch to solve the problem, which is Hierarchical Virtual View Directory Service, and construct the HVVDS system model.
HVVDS system model in paper is based on the network multi-media platform project supported by Shanghai science and technique development fund. The innovation of the HVVDS system lies in constructing a hierarchical directory system to manage directory servers. The lowest layer is heterogeneous directory server group. The mid layer is assimilating and mapping layer, and the top layer is global LDAP directory server tree. The mid layer forms the local DIT by global DIT rule, and maps it into global DIT, so global directory server can guide user to gain the entry queried
without considering the scale of local directory server group.
The HVVDS model demands contain expense on the hardware, but its mapping layer optimizes system capability and reduces cost, which doesn't need to copy information to global directory server on large-scale from local directory servers . Finally, the paper also proposed distributed strategy of global directory information.
The investigative point of author is assimilating and mapping, which include forming a norm DIT in global server and converting its work mode, name space, distinguish name, object classes, attributes and data structure. Then searching arithmetic is proposed. Synchronization, replica and cache are analyzed in order to improve the system performance.
HVVDS implementation model is proposed to resolve the above problems, and model is divided into three layers, which includes virtual view layer, mapping layer and local LDAP access layer. Every layer is composed of several modules, and the paper analyzes the module founction and communications across modules. A prototype system is designed to proof the feasibility of the HVVDS model, which provides a management platform of network multim
随着应用的发展,目录服务不仅仅限于公司或者企业内部,为了实现信息的共享和信息的整体价值,迫切需要将“孤岛”采取一定策略整合起来,进行统一查询和管理。在分布式目录服务策略上,现在也有一些研究和实现。例如,在LDAP V3中就支持推荐策略实现目录服务器之间的互连。这种策略主要是通过服务器推荐,在本地查找不到就根据知识推荐连接到另一台目录服务器上查询。但是,在目录服务器较多的情况下,效率低下,并且造成网络流量大幅度增加。因此,将这些独立或部分独立的服务器形成可统一访问,统一管理,统一资源调度的具有可伸缩性的系统,管理好这些目录服务群体,使得这些目录服务能够充分高效地被受众访问到,这都已经成为亟待解决的问题。本文就是在这样的背景下研究的。
在研究方法上,首先分析了LDAP协议族,因为大部分目录服务都提供LDAP API的接口,于是将研究模型建立在LDAP协议基础上;然后探究分布式系统结构原理;确定研究实现的目标为:为用户提供统一的访问接口,屏蔽下层异构的目录服务环境,系统漏检率低,查询效率高。经过实践和分析比较,提出采用虚拟视图目录的策略,构造了HVVDS系统模型。
本文提出HVVDS系统模型的基础是上海市科学技术发展基金项目的网络多媒体平台项目中的分布式目录平台。
HVVDS创新之处在于,构造了层次型目录服务系统,底层为异构目录服务簇,中间层为同化映射层,最上层为全局目录服务器层。中间层实现同化映射功能,将下层的目录服务簇的目录经过抽取、加工、映射到上层的全局目录服务器。全局目录服务器的内容为所有异构目录服务簇的目录信息的映射。因此,用户可以通过全局目录服务器导航来访问目标信息所在的异构目录服务器。首先,这种策略使异构目录服务器具有可访问性;其次,相比于目前采用的LDAP推荐策略来说,HVVDS采用的查询机制使得查询效率大幅度提高,而且查询效率与异构目录服务簇的规模无关。因为要构造全局目录服务器,所以HVVDS模型需要有硬件
摘要
上的开销,但是,HVVDS的同化映射策略使得全局目录服务器无需将下层异构服务器的海量
信息大规模拷贝,而是形成一个规范的精选集合,自动映射到服务器端,数据量大大减少,
性能得到了优化。最后,为了提高系统的可扩展性,本文也提出了全局目录服务器的分布化
的策略。
作者研究的重点为构造HvvDS系统模型,解决异构目录服务簇的目录同化映射问
题,在全局目录服务器端整合成规范的目录树,包括:转换它们的工作模式、名字空间、
唯一标识,对象、属性、语法和数据结构;进而,提出了搜索和操作的算法,使其搜索
效率有较大提高;并且,为了实现系统的可扩展性,建议构造树状LDAP服务器互连结
构,实现同构目录分布化;为了提高系统的性能,还分析了同步、复制和缓存等问题。
作者构造了HVVDS实现模型来解决以上问题,模型主要分析三个层面:虚拟视图
层、异构同化层和异构目录访问层,每一层又由不同的模块组成,分析了模块功能和模
块之间的通信过程,这为实现异构目录系统资源共享提供了参考模型。
为了证明HVVDS模型的可行性,作者设计了一个原型系统,为用户和管理员提供了目
录访问和管理的平台;构造了面向宽带网络多媒体信息的全局目录管理服务器,实现了异构
目录服务器的有效互连:并且系统实现了与应用程序通信的功能。系统运行结果证明,HVVDS
是一种普遍适用的模型,文章在最后比较了HVVDS模型和目前分布式LDAP服务器互连采
用的推荐策略查询的时间复杂度,得出如果在大量LDAP服务器之间进行互操作,搜索效
率会大大提高的结论,但是同时也会带来硬件上的开销。
本文的主要贡献是:
分析目前采用的目录服务器互连策略的局限性,指出构造虚拟视图目录系统的可能性和
必要性;在研究分布式系统原理基础上,指出这种模型的具体需求要素。
提出了HVVDS的系统模型,分析其系统结构和关键技术,重点研究了异构目录同化映射
的策略和其相关的搜索同步算法;提出了构造树型全局LDAP服务群,实现全局服务器端
的目录分布化。并且按照该系统模型,设计了实现模型,分析了各模块功能和通信过程。
在此基础上开发实现了网络多媒体平台的分布式目录管理系统的原型应用。
最后对HVVDS性能在时间复杂度和空间开销上进行计算、分析和比较,证明采用
HvvDs模型,搜索效率明显提高;在硬件支持的情况一F,具有很好的可扩展性;在空
间开销上有了较人的
With the rapid development of the Internet/ Intranet, the directory system, as a kind of effective tool of the resource management, is used more and more widely. Now, for the management of the inner data resource, many large enterprises, government, academic institutions have set up local directory service system based on intranet so as to realize the efficient information query and share. At the same time, LDAP (Light Directory Access Protocol) as the norm of directory criterion is established. Lots of directory products are emerged, and They make it easy for the company to manage resources by runnning their own directory service. But every directory system may come from the different factory, follow the different directory information tree format and be assigned different namespace. So there are lots of heterogeneous directory servers, which can't communicate with each other, and can't live up with the new application need.
As the development of application, there are more and more demands on interconnection across the heterogenous LDAP servers, and system is needed to achieve the whole value of information islands. In the distributed directory service field, there are also some researches. For example, LDAP V3 supports referral strategy to realize interconnection across directory servers. By the referral strategy, if the local server can't find the entry, user will forward to another server according to the knowledge. But, searching accross lots of directory servers from one by one, its efficiency is lowly and results in a large waste of bandwidth.
Therefore, a global directory system view is needed in order to be access efficiently, which is provided by a global system that integrates heterogenous information of LDAP servers. Above mentioned is our investigative background. On the research method, firstly, the LDAP protocols is analyzed and be set as foundation. Secondly, distributed system construction principle is investigated and the main goal of research is to make it easy for user to access remote resource,and to share them with other users in a controlled way and to lower miss rate and higher search efficiency in a economic way. The paper puts forward a new approch to solve the problem, which is Hierarchical Virtual View Directory Service, and construct the HVVDS system model.
HVVDS system model in paper is based on the network multi-media platform project supported by Shanghai science and technique development fund. The innovation of the HVVDS system lies in constructing a hierarchical directory system to manage directory servers. The lowest layer is heterogeneous directory server group. The mid layer is assimilating and mapping layer, and the top layer is global LDAP directory server tree. The mid layer forms the local DIT by global DIT rule, and maps it into global DIT, so global directory server can guide user to gain the entry queried
without considering the scale of local directory server group.
The HVVDS model demands contain expense on the hardware, but its mapping layer optimizes system capability and reduces cost, which doesn't need to copy information to global directory server on large-scale from local directory servers . Finally, the paper also proposed distributed strategy of global directory information.
The investigative point of author is assimilating and mapping, which include forming a norm DIT in global server and converting its work mode, name space, distinguish name, object classes, attributes and data structure. Then searching arithmetic is proposed. Synchronization, replica and cache are analyzed in order to improve the system performance.
HVVDS implementation model is proposed to resolve the above problems, and model is divided into three layers, which includes virtual view layer, mapping layer and local LDAP access layer. Every layer is composed of several modules, and the paper analyzes the module founction and communications across modules. A prototype system is designed to proof the feasibility of the HVVDS model, which provides a management platform of network multim
引文
[1] Harri Levanen,Bemard Freund,Hani Mansi. Using LDAP for Directory Integration
[2] Dilip Kandlur, Xin Wang. Measurement and Analysis of LDAP Performance
[3] A.V.Maheswara Rao. LDAP Schema Design-case study
[4] http://www.openldap.org. Describes about OpenSource LDAP (OpenLDAP)
[5] Berkeley DB Reference Guide. Sleepcat Software
[6] http://www.openldap.org.OpenLDAP2.1 Administrator Guide, 2002.9
[7] 刘晓韬,目录服务中LDAP的基本模型.中国计算机用户.2003.10
[8] Craig Zacker. LDAP and the Future of Directory Services
[9] Tim Howes. "The String Representation of Standard Attribute Syntaxes", RFC 1778,March 1995
[10] S. Kille. "A String Representation of Distinguished Names", RFC 1779
[11] T. Howes, M.Smith. "The LDAP Application Program Interface", RFC 1823
[12] Tim Howes. "An LDAP URL Format", RFC 1959, June 1996
[13] T.Howes. "A String Representation of LDAP Search Filters", RFC 1960
[14] M. Wahl. "Lightweight Directory Access Protocol (v3)", RFC 2251
[15] M. Wahl. "Attribute Syntax Definitions", RFC 2252, December 1997
[16] M. Wahl. "UTF-8 String Representation of Distinguished Names", RFC 2253
[17] T. Howes."The String Representation of LDAP Search Filters", RFC 2254
[18] T. Howes."The LDAP URL Format", RFC 2255, December 1997
[19] Sun Microsystems,Inc. Java Naming and Directory Interface Application Programming Interface (JNDI API)
[20] Sun Microsystems, Inc. Java Naming and Directory Interface Service Provider Interface(JNDI SPI)
[21] Netscape Communications Corporation."Netscape Directory SDK 4.0 for Java Programmer's Guide".http://docs.sun.com/source/816-6402-10/preface.htm.
[22] Rob Weltman, Tony Dahbura. LDAP PROGRAMMING WITH JAVATM
[23] George Coulouris, Jean Dollimore, Tim Kinberg Distributed Systems Concepts and Design
[24] Doug Tidwell. Accessing LDAP Data with XML IBM Corporation
[25] Laura Haas, Eileen Lin. "IBM Federated Database Technology". Mar. 2002 http://www-900.ibm.com/developerWorks/cn/dmdd/library/techarticles/0203haas/0203haas_eng.shtml.
[26] 郭力戎,金炜东.LDAPv3的实现分析.计算机应用研究
[27] 陈意云.《形式语言学基础》中国科学技术出版社
[28] 陶滔,李赫男.ADSI技术在Internet上的应用.计算机应用研究,2001.12
[29] 郭军.基于LDAP v3的目录服务系统中推荐设计与实现.微型计算机系统,2000.8
[30] 赵志大,白鹏.目录服务协议分析、比较与实现.计算机工程与应用,2001.3
[31] 王志文.轻型目录访问协议在网络管理中的应用研究.西安大学学报,2001.12
[32] 韩华.一种基于分布式LDAP的分布对象名字服务机制.高技术通信,2002.10
[33] 张军.轻度目录访问协议的分析.计算机应用
[34] 轻量目录访问协议分析应用技术,2002.9
[35] 张慧宇,袁卫忠.LDAP研究及其在CA中的应用.计算机应用研究,2002.10
[36] 杨燕,顾君忠.联邦式LDAP目录服务系统的研究与实现.计算机应用,2004.6
[37] 贺樑.数字信息发布空间ESR/C子空间有序模型及实现框架研究.博士论文
[38] Andrew S.Tanenbaum.计算机网络(第三版)清华大学出版社
[39] Matin Bond,Dan Haywood.21天学通J2EE.人民邮电出版社
[40] ANDREWS.TANENBAUM. DISTRIBUTED SYSTEMS PRINCIPLES AND PARADIGMS Vrije Universiteit Amsterdam,The Netherlands
[41] 飞天科技.Java Web服务应用开发详解.电子工业出版
[2] Dilip Kandlur, Xin Wang. Measurement and Analysis of LDAP Performance
[3] A.V.Maheswara Rao. LDAP Schema Design-case study
[4] http://www.openldap.org. Describes about OpenSource LDAP (OpenLDAP)
[5] Berkeley DB Reference Guide. Sleepcat Software
[6] http://www.openldap.org.OpenLDAP2.1 Administrator Guide, 2002.9
[7] 刘晓韬,目录服务中LDAP的基本模型.中国计算机用户.2003.10
[8] Craig Zacker. LDAP and the Future of Directory Services
[9] Tim Howes. "The String Representation of Standard Attribute Syntaxes", RFC 1778,March 1995
[10] S. Kille. "A String Representation of Distinguished Names", RFC 1779
[11] T. Howes, M.Smith. "The LDAP Application Program Interface", RFC 1823
[12] Tim Howes. "An LDAP URL Format", RFC 1959, June 1996
[13] T.Howes. "A String Representation of LDAP Search Filters", RFC 1960
[14] M. Wahl. "Lightweight Directory Access Protocol (v3)", RFC 2251
[15] M. Wahl. "Attribute Syntax Definitions", RFC 2252, December 1997
[16] M. Wahl. "UTF-8 String Representation of Distinguished Names", RFC 2253
[17] T. Howes."The String Representation of LDAP Search Filters", RFC 2254
[18] T. Howes."The LDAP URL Format", RFC 2255, December 1997
[19] Sun Microsystems,Inc. Java Naming and Directory Interface Application Programming Interface (JNDI API)
[20] Sun Microsystems, Inc. Java Naming and Directory Interface Service Provider Interface(JNDI SPI)
[21] Netscape Communications Corporation."Netscape Directory SDK 4.0 for Java Programmer's Guide".http://docs.sun.com/source/816-6402-10/preface.htm.
[22] Rob Weltman, Tony Dahbura. LDAP PROGRAMMING WITH JAVATM
[23] George Coulouris, Jean Dollimore, Tim Kinberg Distributed Systems Concepts and Design
[24] Doug Tidwell. Accessing LDAP Data with XML IBM Corporation
[25] Laura Haas, Eileen Lin. "IBM Federated Database Technology". Mar. 2002 http://www-900.ibm.com/developerWorks/cn/dmdd/library/techarticles/0203haas/0203haas_eng.shtml.
[26] 郭力戎,金炜东.LDAPv3的实现分析.计算机应用研究
[27] 陈意云.《形式语言学基础》中国科学技术出版社
[28] 陶滔,李赫男.ADSI技术在Internet上的应用.计算机应用研究,2001.12
[29] 郭军.基于LDAP v3的目录服务系统中推荐设计与实现.微型计算机系统,2000.8
[30] 赵志大,白鹏.目录服务协议分析、比较与实现.计算机工程与应用,2001.3
[31] 王志文.轻型目录访问协议在网络管理中的应用研究.西安大学学报,2001.12
[32] 韩华.一种基于分布式LDAP的分布对象名字服务机制.高技术通信,2002.10
[33] 张军.轻度目录访问协议的分析.计算机应用
[34] 轻量目录访问协议分析应用技术,2002.9
[35] 张慧宇,袁卫忠.LDAP研究及其在CA中的应用.计算机应用研究,2002.10
[36] 杨燕,顾君忠.联邦式LDAP目录服务系统的研究与实现.计算机应用,2004.6
[37] 贺樑.数字信息发布空间ESR/C子空间有序模型及实现框架研究.博士论文
[38] Andrew S.Tanenbaum.计算机网络(第三版)清华大学出版社
[39] Matin Bond,Dan Haywood.21天学通J2EE.人民邮电出版社
[40] ANDREWS.TANENBAUM. DISTRIBUTED SYSTEMS PRINCIPLES AND PARADIGMS Vrije Universiteit Amsterdam,The Netherlands
[41] 飞天科技.Java Web服务应用开发详解.电子工业出版