Home -> Toolkit -> Docs -> 2.0 -> Mds

MDS 2.1 New Features

The MDS 2.1 release contains the following new and enhanced features:

• High performance GIIS and GRIS
  -  Memory-based caching backends for GRIS and GIIS
  -  Efficient GRIS resource information providers
• Revised resource representation model
  -  New MDS schema files
  -  New GRIS information providers
• Support for GSI authentication and access control
• Integrated GRIS/GIIS server
• Newer versions of OpenLDAP and OpenSSL
• Support for the new Globus Toolkit 2.0 packaging model

High-performance GRIS And GIIS

The GIIS and GRIS services are implemented natively in the slapd server using plug-in modules. This allows in-RAM caching of data and low overhead processing of queries. This shortens GRIS query latency and reduces query overhead for cache hits. More significantly, it eliminates the need to fork additional processes to handle GIIS queries, resulting in a dramatic reduction in server resource consumption.

Memory-based Caching Backends for GRIS and GIIS

Performance concerns make caching data within the GIIS desirable, and this capability is provided as part of the basic GIIS framework. However, access control issues complicate caching. The GIIS can fetch and cache any data available to anonymous clients. Because the GIIS can also bind using a trusted server credential, each GRIS may export some data that it trusts the GIIS to handle properly. In the absence of delegation, GIIS is unable to transfer data from GRIS to client if the data is restricted by the GRIS to only be visible to that client. In future releases, we will be able to return the name of the information provider directly to the client in the form of a LDAP URL using the referral mechanisms defined as part of the standard LDAP protocol.

Due to the nature of LDAP, a GIIS encourages the user to perform multiple queries. In essence, a GIIS takes a "drill-down" approach by implementing a number of queries that return small amounts of data with an increasingly focused scope.

To support faster GIIS caching, MDS 2.1 now uses memory-based caching via a C program. Earlier functional prototype used file-based caching via a shell script, which was significantly slower.

Efficient GRIS Resource Information Providers

MDS 2.1 includes rewritten GRIS system probe utilities to further improve performance. The probes have been decomposed to separate low and high frequency data probes and eliminate many unnecessary probes. Additionally, the probes have been tuned in platform-specific ways to reduce overhead and latency. Core probes currently exist for Linux, Solaris, and Irix.

Revised Resource Representation Model

This includes new MDS schema files and new GRIS information providers.

New MDS Schema Files

There are significant changes to the LDAP schemas provided by MDS 2.1. A mixed schema environment is not supported. That is, you cannot use schemas from previous releases with schemas from this release. Schema structure names are now different to prevent conflicts. Their names are derived from their object class. While the names are different, many of the attributes have similar meaning to prior versions. However, the new structured model provides a better representation for composite/hierarchical resources.

Refer to MDS Schemas for a complete listing of current MDS schema object classes, attribute types, and their definitions.

The document RFC 2252 (ftp://ftp.isi.edu/in-notes/rfc2252.txt) discusses LDAP attribute syntax in detail, and describes how users can create their own schemas.

New GRIS Information Providers

When the GRIS handling a resource status query suffers a cache miss, it dispatches an information provider to probe the necessary information. This means that the information providers may be on the critical path defining the query latency a client observes. To optimize this path, providers are specialized at install time for the specific platform on which MDS is being installed.

Each external provider tool generates output representing MDS data objects. Output data is in LDIF format and must match the schema distributed with the providers. Details of the default MDS GRIS provider schema are documented separately in MDS Schemas.

The MDS release supports the information providers described in MDS Core GRIS Providers.

You can also create your own information providers, as described in MDS GRIS Specification Document: Creating New Information Providers (PDF).

Support For GSI Authentication And Access Control

In MDS 2.1, client and server can mutually authenticate using public key technology. Access can be restricted to trees of data or categories of information such as object classes and attribute types. A particular name or everything below it can be accessed to return information on a set of results such as CPU load.

Authorization can be static, "self," or dynamic.

Static authorization is based on class, attribute, or object name rules.

"Self" authorization is based on a semi-dynamic rule, and requires an "owner" attribute on objects. Authorization is also possible for a group, based on LDAP distinguished names.

Dynamic authorization is based on per-object access rule attributes.  That is, the object contains the access rule within itself. Dynamic authorization uses directory-based group lists. LDAP dynamic authorization is being worked on in the LDAP community. Refer to the LDAPzone for more information.

Integrated GRIS/GIIS Server

The GRIS and GIIS backends now share a common slapd server instance. Benefits include simplified install/admin, simplified configuration files, and a lighter load imposed by MDS. Note that both the GRIS and all GIIS(s) on a server will use the IANA-assigned GRIS port 2135 by default.

Change In OpenLDAP Version

MDS uses OpenLDAP as a standard transport protocol, which implements LDAP Version 3. The LDAP Version 3 protocol is more robust, higher performance, and provides more stable performance with threads.

The OpenLDAP server defines an extensible server framework in which specialized backends can be plugged into a standard protocol interpreter. The interpreter handles all authentication, data formatting, query interpretation, results filtering, network connection management, and dispatch to the appropriate backend. This flexible design allows MDS to use the OpenLDAP server without modification.

MDS 2.1 ships with OpenLDAP Version 2.0.14. See www.openldap.org for the contents of this and prior OpenLDAP releases.

Support For The New Globus Toolkit 2.0 Packaging Model

MDS 2.1 is installed as part of the Globus Toolkit 2.0. This permits incremental installation and deployment, so that MDS can be released at different frequencies than the other Globus components.  Refer to the Toolkit Installation Instructions and Release Notes for details.