LDAP

From Wikipedia, the free encyclopedia

Jump to: navigation, search The Lightweight Directory Access Protocol (LDAP; /ldp/) is an application protocol for reading and editing directories over an I net!ork"#$% & directory in this sense is an organi'ed set of records: for e(ample, a telephone directory is an alpha)etical list of persons and organi'ations !ith an address and phone num)er in each *record*" The latest version of +,& is -ersion ., !hich is specified in a series of Internet /ngineering Task Force (I/TF) 0tandard Track 1e2uests for comments (1F3s) as detailed in 1F3

Protocol overview
& client starts an +,& session )y connecting to an +,& server, called a ,irectory 0ystem &gent (,0&), )y default on T3 port .45" The client then sends an operation re2uest to the server, and the server sends responses in return" With some e(ceptions, the client does not need to !ait for a response )efore sending the ne(t re2uest, and the server may send the responses in any order" The client may re2uest the follo!ing operations:

Start TLS use the LDAPv3 Transport Layer Security (TLS) e tension !or a secure connection "ind authenticate and speci!y LDAP protocol version Search search !or and/or retrieve directory entries #o$pare test i! a na$ed entry contains a %iven attri&ute value Add a ne' entry Delete an entry (odi!y an entry (odi!y Distin%uished )a$e (D)) $ove or rena$e an entry A&andon a&ort a previous re*uest + tended ,peration %eneric operation used to de!ine other operations -n&ind close the connection (not the inverse o! "ind)

In addition the server may send *6nsolicited 7otifications* that are not responses to any re2uest, e"g" )efore it times out a connection"

& common alternate method of securing +,& communication is using an 00+ tunnel" This is denoted in +,& 61+s )y using the 61+ scheme *ldaps*" The default port for +,& over 00+ is 8.8" The use of +,& over 00+ !as common in +,& -ersion 9 (+,& v9) )ut it !as never standardi'ed in any formal specification" This usage has )een deprecated along !ith +,& v9, !hich !as officially retired in 9::."#.% +,& is defined in terms of &07"$, and protocol messages are encoded in the )inary format ;/1" It uses te(tual representations for a num)er of &07"$ fields<types, ho!ever"

[edit] Directory structure

The protocol accesses +,& directories, !hich follo! the $55. edition of the =">:: model:

A directory is a tree o! directory entries. An entry consists o! a set o! attri&utes. An attri&ute has a na$e (an attribute type or attribute description) and one or $ore values. The attri&utes are de!ined in a schema (see &elo'). +ach entry has a uni*ue identi!ier/ its Distinguished Name (D)). This consists o! its Relative Distinguished Name (0D))1 constructed !ro$ so$e attri&ute(s) in the entry1 !ollo'ed &y the parent entry2s D). Thin3 o! the D) as the !ull !ile path and the 0D) as its relative !ilena$e in its parent !older (e.%. i! C:\foo\bar\myfile.txt 'ere the D)1 then myfile.txt 'ould &e the 0D)).

;e a!are that a ,7 may change over the lifetime of the entry, for instance, !hen entries are moved !ithin a tree" To relia)ly and unam)iguously identify entries, a 66I, might )e provided in the set of the entry?s operational attributes" &n entry can look like this !hen represented in +,& ,ata Interchange Format (+,IF) (+,& itself is a )inary protocol):
dn: cn=John Doe,dc=example,dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6 8! telephoneNumber: +1 888 555 1"#" mail: $ohn%example&com manager: cn='arbara Doe,dc=example,dc=com ob$ect(lass: inet)rg*erson ob$ect(lass: organi+ational*erson ob$ect(lass: person ob$ect(lass: top

*dn* is the distinguished name of the entry; it?s not an attri)ute nor part of the entry" *cn@John ,oe* is the entry?s 1,7 (1elative ,istinguished 7ame), and *dc@e(ample,dc@com* is the ,7 of the parent entry, !here *dc* denotes ?,omain 3omponent?" The other lines sho! the attri)utes in

the entry" &ttri)ute names are typically mnemonic strings, like *cn* for common name, *dc* for domain component, *mail* for eAmail address and *sn* for surname" & server holds a su)tree starting from a specific entry, e"g" *dc@e(ample,dc@com* and its children" 0ervers may also hold references to other servers, so an attempt to access *ou@department,dc@e(ample,dc@com* could return a referral or continuation reference to a server !hich holds that part of the directory tree" The client can then contact the other server" 0ome servers also support chaining, !hich means the server contacts the other server and returns the results to the client" +,& rarely defines any ordering: The server may return the values of an attri)ute, the attri)utes in an entry, and the entries found )y a search operation in any order" This follo!s from the formal definitions A an entry is defined as a set of attri)utes, and an attri)ute is a set of values, and sets need not )e ordered"

[edit] Operations
Expand discussion of referral responses to various operations, especially modify, for example here all modifies must be directed from replicas to a master directory. [edit] StartTLS

The 0tartT+0 operation esta)lishes Transport +ayer 0ecurity (the descendant of 00+) on the connection" It can provide data confidentiality (to protect data from )eing o)served )y third parties) and<or data integrity protection (!hich protects the data from tampering)" ,uring T+0 negotiation the server sends its =">:5 certificate to prove its identity" The client may also send a certificate to prove its identity" &fter doing so, the client may then use 0&0+</=T/17&+" ;y using the 0&0+</=T/17&+, the client re2uests the server derive its identity from credentials provided at a lo!er level (such as T+0)" Though technically the server may use any identity information esta)lished at any lo!er level, typically the server !ill use the identity information esta)lished )y T+0" 0ervers also often support the nonAstandard *+,& 0* (*0ecure +,& *, commonly kno!n as *+,& over 00+*) protocol on a separate port, )y default 8.8" +,& 0 differs from +,& in t!o !ays: $) upon connect, the client and server esta)lish T+0 )efore any +,& messages are transferred (!ithout a 0tartT+0 operation) and 9) the +,& 0 connection must )e closed upon T+0 closure" +,& 0 !as used !ith +,& v9, )ecause the 0tartT+0 operation had not yet )een defined" The use of +,& 0 is deprecated, and modern soft!are should only use 0tartT+0"
[edit] Bind (authenticate)

The ;ind operation authenticates the client to the server" 0imple ;ind can send the user?s ,7 and pass!ord in plainte(t, so the connection should )e protected using Transport +ayer 0ecurity (T+0)" The server typically checks the pass!ord against the user ass!ord attri)ute in the named

entry" &nonymous ;ind (!ith empty ,7 and pass!ord) resets the connection to anonymous state" 0&0+ (0imple &uthentication and 0ecurity +ayer) ;ind provides authentication services through a !ide range of mechanisms, e"g" Ber)eros or the client certificate sent !ith T+0" ;ind also sets the +,& protocol version" 7ormally clients should use +,& v., !hich is the default in the protocol )ut not al!ays in +,& li)raries" ;ind had to )e the first operation in a session in +,& v9, )ut is not re2uired in +,& v. (the current +,& version)"
[edit] Search and Compare

The 0earch operation is used to )oth search for and read entries" Its parameters are:
&ase,&4ect The D) (Distin%uished )a$e) o! the entry at 'hich to start the search1 scope 5hat ele$ents &elo' the &ase,&4ect to search. This can &e 'ase)b$ect (search 4ust the na$ed entry1 typically used to read one entry)1 single,evel (entries i$$ediately &elo' the &ase D))1 or -hole.ubtree (the entire su&tree startin% at the &ase D)). !ilter #riteria to use in selectin% ele$ents 'ithin scope. 6or e a$ple1 the !ilter /0/ob$ect(lass=person1/2/givenName=John1/mail=$ohn3111 'ill select 7persons7 (ele$ents o! o&4ect#lass person) 'ho either have the %iven na$e 78ohn7 or an e9$ail address that &e%ins 'ith the strin% 74ohn7. dere!Aliases 5hether and ho' to !ollo' alias entries (entries 'hich re!er to other entries)1 attri&utes 5hich attri&utes to return in result entries. si:eLi$it1 ti$eLi$it (a i$u$ nu$&er o! entries to return1 and $a i$u$ ti$e to allo' search to run. types,nly 0eturn attri&ute types only1 not attri&ute values.

The server returns the matching entries and potentially continuation references" These may )e returned in any order" The final result !ill include the result code" The 3ompare operation takes a ,7, an attri)ute name and an attri)ute value, and checks if the named entry contains that attri)ute !ith that value"
[edit] pdate Data

&dd, ,elete, and Codify ,7 A all re2uire the ,7 of the entry that is to )e changed" Codify takes a list of attri)utes to modify and the modifications to each: ,elete the attri)ute or some values, add ne! values, or replace the current values !ith the ne! ones" &dd operations also can have additional attri)utes and values for those attri)utes" Codify ,7 (move<rename entry) takes the ne! 1,7 (1elative ,istinguished 7ame), optionally the ne! parent?s ,7, and a flag !hich says !hether to delete the value(s) in the entry !hich match the old 1,7" The server may support renaming of entire directory su)trees" &n update operation is atomic: Dther operations !ill see either the ne! entry or the old one" Dn the other hand, +,& does not define transactions of multiple operations: If you read an entry and then modify it, another client may have updated the entry in the mean time" 0ervers may implement e(tensions #E% !hich support this, though"
[edit] !"tended operations

The /(tended Dperation is a generic +,& operation !hich can )e used to define ne! operations" /(amples include the 3ancel and ass!ord Codify"
[edit] #$andon

The &)andon operation re2uests that the server a)ort an operation named )y a message I," The server need not honor the re2uest" 6nfortunately, neither &)andon nor a successfully a)andoned operation send a response" & similar 3ancel e(tended operation has therefore )een defined !hich does send responses, )ut not all implementations support this"
[edit] n$ind

The 6n)ind operation a)andons any outstanding operations and closes the connection" It has no response" The name is of historical origin, and is not the opposite of the ;ind operation"#>% 3lients can a)ort a session )y simply closing the connection, )ut they should use 6n)ind"#8% 6n)ind allo!s the server to gracefully close the connection and free resources that it !ould other!ise keep for some time until discovering the client had a)andoned the connection" It also instructs the server to cancel operations that can )e canceled, and to not send responses for operations that cannot )e canceled"#F%

[edit] LD#P

%Ls

&n +,& 61+ format e(ists !hich clients support in varying degree, and !hich servers return in referrals and continuation references (see 1F3 E>$8):
ldap:44host:port4DN5attributes5scope56ilter5extensions

Cost of the components, !hich are descri)ed )elo!, are optional"

host is the 6;D) or <P address o! the LDAP server to search. port is the net'or3 port o! the LDAP server. DN is the distin%uished na$e to use as the search &ase. attributes is a co$$a9separated list o! attri&utes to retrieve. scope speci!ies the search scope and can &e 7&ase7 (the de!ault)1 7one7 or 7su&7. filter is a search !ilter. 6or e a$ple /ob$ect(lass=31 as de!ined in 06# =>?>. extensions are e tensions to the LDAP -0L !or$at.

For e(ample, *ldap:44ldap&example&com4cn=John7"8Doe,dc=example,dc=com* refers to all user attri)utes in John ,oe?s entry in ldap&example&com, !hile *ldap:444dc=example,dc=com55sub5/givenName=John1* searches for the entry in the default server (note the triple slash, omitting the host, and the dou)le 2uestion mark, omitting the attri)utes)" &s in other 61+s, special characters must )e percentAencoded" There is a similar nonAstandard ldaps: 61+ scheme for +,& over 00+" This should not )e confused !ith +,& !ith T+0, !hich is achieved using the 0tartT+0 operation using the standard ldap: scheme"

[edit] Schema
The contents of the entries in a su)tree are governed )y a schema kno!n as a directory information tree (,IT)" The schema of a ,irectory 0erver defines a set of rules that govern the kinds of information that the server can hold" It has a num)er of elements, including:

Attri&ute Synta esProvide in!or$ation a&out the 3ind o! in!or$ation that can &e stored in an attri&ute. (atchin% 0ulesProvide in!or$ation a&out ho' to $a3e co$parisons a%ainst attri&ute values. (atchin% 0ule -ses<ndicate 'hich attri&ute types $ay &e used in con4unction 'ith a particular $atchin% rule.

Attri&ute TypesDe!ine an ,<D and a set o! na$es that $ay &e used to re!er to a %iven attri&ute1 and associates that attri&ute 'ith a synta and set o! $atchin% rules. ,&4ect #lassesDe!ine na$ed collections o! attri&utes and classi!y the$ into sets o! re*uired and optional attri&utes. )a$e 6or$sDe!ine rules !or the set o! attri&utes that should &e included in the 0D) !or an entry. #ontent 0ulesDe!ine additional constraints a&out the o&4ect classes and attri&utes that $ay &e used in con4unction 'ith an entry. Structure 0uleDe!ine rules that %overn the 3inds o! su&ordinate entries that a %iven entry $ay have.

&ttri)utes are the elements responsi)le for storing information in a directory, and the schema defines the rules for !hich attri)utes may )e used in an entry, the kinds of values that those attri)utes may have, and ho! clients may interact !ith those values" 3lients may learn a)out the schema elements that the server supports )y retrieving an appropriate su)schema su)entry" The schema defines object classes" /ach entry must have an o)Gect3lass attri)ute, containing named classes defined in the schema" The schema definition of the classes of an entry defines !hat kind of o)Gect the entry may represent A e"g" a person, organi'ation or domain" The o)Gect class definitions also define the list of attri)utes that must contain values and the list of attri)utes !hich may contain values" For e(ample, an entry representing a person might )elong to the classes *top* and *person*" Cem)ership in the *person* class !ould re2uire the entry to contain the *sn* and *cn* attri)utes, and allo! the entry also to contain *user ass!ord*, *telephone7um)er*, and other attri)utes" 0ince entries may have multiple D)Gect3lasses values, each entry has a comple( of optional and mandatory attri)ute sets formed from the union of the o)Gect classes it represents" D)Gect3lasses can )e inherited, and a single entry can have multiple D)Gect3lasses values !hich define the availa)le and re2uired attri)utes of the entry itself" & parallel to the schema of an o)Gect3lass is a class definition and an instance in D)GectAoriented programming, representing +,& o)Gect3lass and +,& entry, respectively" ,irectory servers may pu)lish the directory schema controlling an entry at a )ase ,7 given )y the entry?s su)schema0u)entry operational attri)ute" (&n operational attribute descri)es operation of the directory rather than user information and is only returned from a search !hen it is e(plicitly re2uested") 0erver administrators can add additional schema entries in addition to the provided schema elements" & schema for representing individual people !ithin organi'ations is termed a !hite pages schema"

[edit] &ariations
& lot of the server operation is left to the implementor or administrator to decide" &ccordingly, servers may )e set up to support a !ide variety of scenarios" For e(ample, data storage in the server is not specified A the server may use flat files, data)ases, or Gust )e a gate!ay to some other server" &ccess control is not standardi'ed, though there has )een !ork on it and there are commonly used models" 6sers? pass!ords may )e stored in their entries or else!here" The server may refuse to perform operations !hen it !ishes, and impose various limits" Cost parts of +,& are e(tensi)le" /(amples: Dne can define ne! operations" Controls may modify re2uests and responses, e"g" to re2uest sorted search results" 7e! search scopes and ;ind methods can )e defined" &ttri)utes can have options that may modify their semantics"

[edit] Other data models

&s +,& has gained momentum, vendors have provided it as an access protocol to other services" The implementation then recasts the data to mimic the +,& <=">:: model, )ut ho! closely this model is follo!ed varies" For e(ample, there is soft!are to access 0H+ data)ases through +,& , even though +,& does not readily lend itself to this"#4% =">:: servers may support +,& as !ell" 0imilarly, data !hich !ere previously held in other types of data stores are sometimes moved to +,& directories" For e(ample, 6ni( user and group information can )e stored in +,& and accessed via &C and 700 modules" +,& is often used )y other services for authentication"

[edit]

sa'e

[edit] (amin' structure

0ince an LDAP server can return referrals to other servers for re2uests the server itself !ill not<can not serve, a naming structure for +,& entries is needed so one can find a server holding a given ,7" 0ince such a structure already e(ists in the ,omain name system (,70), servers? top level names often mimic ,70 names, as they do in =">::" If an organi'ation has domain name e(ample"org, its top level +,& entry !ill typically have the ,7 dc=example,dc=org (!here dc means domain component)" If the +,& server is also named ldap"e(ample"org, the organi'ation?s top level +,& 61+ )ecomes ldap:44ldap&example&org4dc=example,dc=org" ;elo! the top level, the entry names !ill typically reflect the organi'ation?s internal structure or needs rather than ,70 names"

[edit] Terminolo'y
The +,& terminology one can encounter is rather cum)ersome" 0ome of this is due to misunderstandings, other e(amples are due to its historical origins, others arise !hen used !ith nonA=">:: services that use different terminology" For e(ample, *+,& * is sometimes used to refer to the protocol, other times to the protocol and the data" &n *+,& directory* may )e the data or also the access point" &n *attri)ute* may )e the attri)ute type, or the contents of an attri)ute in a directory, or an attri)ute description (an attri)ute type !ith options)" &n *anonymous* and an *unauthenticated* ;ind are different ;ind methods that )oth produce anonymous authentication state, so )oth terms are )eing used for )oth variants"

Directory service
& directory service is the soft!are system that stores, organi'es and provides access to information in a directory" In soft!are engineering, a directory is a map )et!een names and values" It allo!s the lookup of values given a name, similar to a dictionary" &s a !ord in a dictionary may have multiple definitions, in a directory, a name may )e associated !ith multiple, different pieces of information" +ike!ise, as a !ord may have different parts of speech and different definitions, a name in a directory may have many different types of data" ,irectories may )e very narro! in scope, supporting only a small set of node types and data types, or they may )e very )road, supporting an ar)itrary or e(tensi)le set of types" In a telephone directory, the nodes are names and the data items are telephone num)ers" In the ,70 the nodes are domain names and the data items are I addresses (and alias, mail server names, etc")" In a directory used )y a net!ork operating system, the nodes represent resources that are managed )y the D0, including users, computers, printers and other shared resources" Cany different directory services have )een used since the advent of the Internet )ut this article focuses mainly on those that have descended from the =">:: directory service"

)ntroduction
& simple directory service called a naming service, maps the names of net!ork resources to their respective net!ork addresses" With the name service type of directory, a user doesn?t have to remem)er the physical address of a net!ork resource; providing a name !ill locate the resource" /ach resource on the net!ork is considered an o)Gect on the directory server" Information a)out a particular resource is stored as attri)utes of that o)Gect" Information !ithin o)Gects can )e made secure so that only users !ith the availa)le permissions are a)le to access it" Core sophisticated directories are designed !ith namespaces as 0u)scri)ers, 0ervices, ,evices, /ntitlements, references, 3ontent and so on" This design process is highly related to Identity management" & directory service defines the namespace for the net!ork" & namespace in this conte(t is the term that is used to hold one or more o)Gects as named entries" The directory design process normally has a set of rules that determine ho! net!ork resources are named and identified" The rules specify that the names )e uni2ue and unam)iguous" In =">:: (the directory service standards) and +,& the name is called the distinguished name (,7) and is used to refer to a

collection of attri)utes (relative distinguished names) !hich make up the name of a directory entry" & directory service is a shared information infrastructure for locating, managing, administering, and organi'ing common items and net!ork resources, !hich can include volumes, folders, files, printers, users, groups, devices, telephone num)ers and other o)Gects" & directory service is an important component of a 7D0 (7et!ork Dperating 0ystem)" In the more comple( cases a directory service is the central information repository for a 0ervice ,elivery latform" For e(ample, looking up *computers* using a directory service might yield a list of availa)le computers and information for accessing them" 1eplication and ,istri)ution have very distinct meanings in the design and management of a directory service" The term replication is used to indicate that the same directory namespace (the same o)Gects) are copied to another directory server for redundancy and throughput reasons" The replicated namespace is governed )y the same authority" The term distri)ution is used to indicate that multiple directory servers, that hold different namespaces, are interconnected to form a distri)uted directory service" /ach distinct namespace can )e governed )y different authorities"

[edit] Comparison with relational data$ases

There are a num)er of things that distinguish a traditional directory service from a typical relational data)ase" Df course there are e(ceptions, )ut in general:

directory in!or$ation is read $ore o!ten than it is 'ritten@ this $a3es !eatures related to transactions and roll&ac3 less i$portant. data can &e redundant i! it helps per!or$ance.

,irectory schemas are defined as o)Gect classes, attri)utes, name )indings and kno!ledge (namespaces), !here an o)Gect class has:

(ust 9 attri&utes that each o! its instances $ust have (ay 9 attri&utes that can &e de!ined !or an instance1 &ut can &e o$itted 'ith the a&sence treated so$e'hat li3e )-LL in a relational data&ase Attri&utes are so$eti$es $ulti9valued allo'in% $ultiple na$in% attri&utes at one level such as $achine type and serial nu$&er concatenated or $ultiple phone nu$&ers !or 7'or3 phone7. Attri&utes and o&4ect classes are standardi:ed throu%hout the industry and !or$ally re%istered 'ith the <A)A !or their o&4ect <D. There!ore directory applications see3 to reuse $uch o! the standard classes and attri&utes to $a i$i:e the &ene!it o! e istin% directory server so!t'are. ,&4ect instances are slotted into na$espaces. That is1 each o&4ect class inherits !ro$ its parent o&4ect class (and ulti$ately !ro$ the root o! the hierarchy) addin% attri&utes to the $ust/$ay list.

Directory services are o!ten a central co$ponent in the security desi%n o! an <T syste$ and have a correspondin%ly !ine %ranularity re%ardin% access control/ 'ho $ay operate in 'hich $anner on 'hat in!or$ation. Also see/ A#Ls

Component Object Model

Component Object Model (COM) is a )inaryAinterface standard for soft!are componentry introduced )y Cicrosoft in $55." It is used to ena)le interprocess communication and dynamic o)Gect creation in a large range of programming languages" The term COM is often used in the Cicrosoft soft!are development industry as an um)rella term that encompasses the D+/, D+/ &utomation, &ctive=, 3DCI and ,3DC technologies"

Overview
The essence of 3DC is a languageAneutral !ay of implementing o)Gects that can )e used in environments different from the one in !hich they !ere created, even across machine )oundaries" For !ellAauthored components, 3DC allo!s reuse of o)Gects !ith no kno!ledge of their internal implementation, as it forces component implementers to provide !ellAdefined interfaces that are separate from the implementation" The different allocation semantics of languages are accommodated )y making o)Gects responsi)le for their o!n creation and destruction through referenceAcounting" 3asting )et!een different interfaces of an o)Gect is achieved through the 9uer:;nter6ace/1 function" The preferred method of inheritance !ithin 3DC is the creation of su)Ao)Gects to !hich method calls are delegated" 3DC is an interface technology defined and implemented as standard only on Cicrosoft Windo!s and &pple?s 3ore Foundation $". and later plugAin & I,#$% that in any case implement only a su)set of the !hole 3DC interface"#9% For some applications, 3DC has )een replaced at least to some e(tent )y the Cicrosoft "7/T frame!ork, and support for We) 0ervices through the Windo!s 3ommunication Foundation (W3F)" Jo!ever, 3DC o)Gects can )e used !ith all "7/T languages through "7/T 3DC Interop" 7et!orked ,3DC uses )inary proprietary formats, !hile W3F encourages the use of =C+A)ased 0D& messaging" 3DC is very similar to other component soft!are interface technologies, such as 3D1;& and Java ;eans, although each has its o!n strengths and !eaknesses" The characteristics of 3DC make it most suita)le for the development and deployment of desktop applications#citation needed%, for !hich it !as originally designated"

%elated technolo'ies
3DC !as the maGor soft!are development platform for Windo!s and, as such, influenced development of a num)er of supporting technologies"

[edit] CO*+

In order for Cicrosoft to provide developers !ith support for distri)uted transactions, resource pooling, disconnected applications, event pu)lication and su)scription, )etter memory and processor (thread) management, as !ell as to position Windo!s as an alternative to other enterpriseAlevel operating systems, Cicrosoft introduced a technology called Cicrosoft Transaction 0erver (CT0) on Windo!s 7T E" With Windo!s 9:::, that significant e(tension to 3DC !as incorporated into the operating system (as opposed to the series of e(ternal tools provided )y CT0) and renamed COM+" &t the same time, Cicrosoft deAemphasi'ed ,3DC as a separate entity" 3omponents that made use of 3DCI services !ere handled more directly )y the added layer of 3DCI, in particular )y operating system support for interception" In the first release of CT0, interception !as tacked on A installing an CT0 component !ould modify the Windo!s 1egistry to call the CT0 soft!are, and not the component directly" Windo!s 9::: also revised the 3omponent 0ervices control panel application used to configure 3DCI components" &n advantage of 3DCI !as that it could )e run in *component farms*" Instances of a component, if coded properly, could )e pooled and reused )y ne! calls to its initiali'ing routine !ithout unloading it from memory" 3omponents could also )e distri)uted (called from another machine)" 3DCI and Cicrosoft -isual 0tudio provided tools to make it easy to generate clientAside pro(ies, so although ,3DC !as used to actually make the remote call, it !as easy to do for developers" 3DCI also introduced a su)scri)er<pu)lisher event mechanism called COM+ Events, and provided a ne! !ay of leveraging C0CH (interAapplication asynchronous messaging) !ith components called ueued Components" 3DCI events e(tend the 3DCI programming model to support lateA)ound events or method calls )et!een the pu)lisher or su)scri)er and the event system"
[edit] ,(!T !ain article: .NE" #rame or$

The 3DC platform has largely )een superseded )y the Cicrosoft "7/T initiative, and Cicrosoft no! focuses its marketing efforts on .NET. 3DC !as often used to hook up comple(, high performance code to front end code implemented in -isual ;asic or &0 " To some e(tent, 3DC is no! deprecated in favor of "7/T"#.% 0ince "7/T provides rapid development tools similar to -isual ;asic for )oth Windo!s Forms and We) Forms !ith GustAinAtime compilation, )ackAend code can )e implemented in any "7/T +anguage including 3K, -isual ;asic and 3II<3+I" ,espite this, 3DC remains a via)le technology !ith an important soft!are )ase" &s of 9::5, Cicrosoft has no plans for discontinuing either 3DC or support for 3DC" It is also ideal for

script control of applications such as Dffice or Internet /(plorer since it provides an interface for calling 3DC o)Gect methods from a script rather than re2uiring kno!ing the & I at compile time" The L6I, system used )y 3DC has !ide uses any time a uni2ue I, is needed" 0everal of the services that 3DCI provides have )een largely replaced )y recent releases of "7/T" For e(ample, the 0ystem"Transactions namespace in "7/T provides the Transaction0cope class, !hich provides transaction management !ithout resorting to 3DCI" 0imilarly, 2ueued components can )e replaced )y Windo!s 3ommunication Foundation !ith an C0CH transport" There is limited support for )ack!ard compati)ility" & 3DC o)Gect may )e used in "7/T )y implementing a runtime callable wrapper (13W)"#E% 7/T o)Gects that conform to certain interface restrictions may )e used in 3DC o)Gects )y calling a COM callable wrapper (33W)"#>% From )oth the 3DC and "7/T sides, o)Gects using the other technology appear as native o)Gects" 0ee 3DC Interop" W3F(Windo! 3ommunication Foundation) solves a num)er of 3DC?s remote e(ecution shortcomings, allo!ing o)Gects to )e transparently marshalled )y value across process or machine )oundaries"

[edit] )nternet security

Cicrosoft?s idea of em)edding active content on !e) pages as 3DC<&ctive= components (rather than e"g" Java applets) created a com)ination of pro)lems in the Internet /(plorer !e) )ro!ser that has led to an e(plosion of computer virus, troGan and spy!are infections" These mal!are attacks mostly depend on &ctive= for their activation and propagation to other computers" Cicrosoft recogni'ed the pro)lem !ith &ctive= as far )ack as $558 !hen 3harles Fit'gerald, program manager of Cicrosoft?s Java team said *If you !ant security on the ?7et?, unplug your computer" M We never made the claim up front that &ctive= is intrinsically secure"*#8% &s 3DC and &ctive= components are run as native code on the user?s machine, there are fe!er restrictions on !hat the code can do" Cany of these pro)lems have )een addressed )y the introduction of *&uthenticode* code signing ()ased on digital signatures), and later )y the "7/T platform" &nother security measure is that, )efore an &ctive= control is installed, the user is prompted !hether to allo! the installation or not, ena)ling the user to disallo! the installation of controls from sites that the user does not trust" It is also possi)le to disa)le &ctive= controls altogether, or to allo! only a selected fe!"

[edit] Technical details

3DC programmers )uild their soft!are using 3DCAa!are components" ,ifferent component types are identified )y class I,s (3+0I,s), !hich are Llo)ally 6ni2ue Identifiers (L6I,s)" /ach 3DC component e(poses its functionality through one or more interfaces" The different interfaces supported )y a component are distinguished from each other using interface I,s (II,s), !hich are L6I,s too"

3DC interfaces have )indings in several languages, such as 3, 3II, -isual ;asic, ,elphi, and several of the scripting languages implemented on the Windo!s platform" &ll access to components is done through the methods of the interfaces" This allo!s techni2ues such as interAprocess, or even interAcomputer programming (the latter using the support of ,3DC)"
[edit] )nter-aces

&ll 3DC components must (at the very least) implement the standard ;<n=no-n interface, and thus all 3DC interfaces are derived from ;<n=no-n" The ;<n=no-n interface consists of three methods: >dd?e6/1 and ?elease/1, !hich implement reference counting and controls the lifetime of interfaces; and 9uer:;nter6ace/1, !hich )y specifying an II, allo!s a caller to retrieve references to the different interfaces the component implements" The effect of 9uer:;nter6ace/1 is similar to d:namic@castAB in 3II or casts in Java and 3K" & 3DC component?s interfaces are re2uired to e(hi)it the refle(ive, symmetric, and transitive properties" The refle(ive property refers to the a)ility for the 9uer:;nter6ace/1 call on a given interface !ith the interface?s I, to return the same instance of the interface" The symmetric property re2uires that !hen interface ; is retrieved from interface & via 9uer:;nter6ace/1, interface & is retrieva)le from interface ; as !ell" The transitive property re2uires that if interface ; is o)taina)le from interface & and interface 3 is o)taina)le from interface ;, then interface 3 should )e retrieva)le from interface &" &n interface consists of a pointer to a virtual function ta)le that contains a list of pointers to the functions that implement the functions declared in the interface, in the same order that they are declared in the interface" This techni2ue of passing structures of function pointers is very similar to the one used )y D+/ $": to communicate !ith its system li)raries" 3DC specifies many other standard interfaces used to allo! interAcomponent communication" For e(ample, one such interface is ;.tream, !hich is e(posed )y components that have data stream semantics (e"g" a Cile.tream component used to read or !rite files)" It has the e(pected ?ead and Drite methods to perform stream reads and !rites" &nother standard interface is ;)le)b$ect, !hich is e(posed )y components that e(pect to )e linked or em)edded into a container" ;)le)b$ect contains methods that allo! callers to determine the si'e of the component?s )ounding rectangle, !hether the component supports operations like ?Dpen?, ?0ave? and so on"

[edit] Classes
& class is 3DC?s languageAindependent !ay of defining a class in the o)GectAoriented sense" & class can )e a group of similar o)Gects or a class is simply a representation of a type of o)Gect; it should )e thought of as a )lueprint that descri)es the o)Gect" & coclass supplies concrete implementation(s) of one or more interfaces" In 3DC, such concrete implementations can )e !ritten in any programming language that supports 3DC component development, e"g" ,elphi, 3II, -isual ;asic, etc"

Dne of 3DC?s maGor contri)utions to the !orld of Windo!s development is the a!areness of the concept of separation o! inter!ace !rom implementation" &n e(tension of this fundamental concept is the notion of one inter!ace" multiple implementations" This means that at runtime, an application can choose to instantiate an interface from one of many different concrete implementations"
[edit] )nter-ace De-inition Lan'ua'e and type li$raries

Type li)raries contain metadata that represent 3DC types" Jo!ever, these types must first )e descri)ed using Cicrosoft Interface ,efinition +anguage" This is the common practice in the development of a 3DC component, i"e" to start !ith the definition of types using #DL$ &n I,+ file is !hat 3DC provides that allo!s developers to define o)GectAoriented classes, interfaces, structures, enumerations and other userAdefined types in a language independent manner" 3DC I,+ is similar in appearance to 3<3II declarations !ith the addition of key!ords such as *interface* and *li)rary* for defining interfaces and collections of classes, respectively" I,+ also re2uires the use of )racketed attri)utes )efore declarations to provide additional information, such as the L6I,s of interfaces and the relationships )et!een pointer parameters and length fields" The I,+ file is compiled )y the CI,+ compiler into a pair of forms for consumption from various languages" For 3<3II, the CI,+ compiler generates a compilerAindependent header file containing struct definitions to match the vt)ls of the declared interfaces and a 3 file containing declarations of the interface L6I,s" 3II source code for a pro(y module can also )e generated )y the CI,+ compiler" This pro(y contains method stu)s for converting 3DC calls into 1emote rocedure 3alls, thus ena)ling ,3DC" &n I,+ file may also )e compiled )y the CI,+ compiler into a type li)rary ("T+; file)" The )inary metadata contained !ithin the type li)rary is meant to )e processed )y language compilers and runtime environments (e"g" -;, ,elphi, the "7/T 3+1 etc")" The end result of such T+; processing is that languageAspecific constructs are produced that represent the 3DC class defined in the "T+; (and ultimately that !hich !as defined in the originating I,+ file)"
[edit] CO* as an o$.ect -ramewor/

The fundamental principles of 3DC have their roots in D)GectADriented philosophies" It is a platform for the reali'ation of D)GectADriented ,evelopment and ,eployment" ;ecause 3DC is a runtime frame!ork, types have to )e individually identifia)le and specifia)le at runtime" To achieve this, globally uni%ue identi!iers (&'#Ds) are used" /ach 3DC type is designated its o!n L6I, for identification at runtime (versus compile time)" In order for information on 3DC types to )e accessi)le at )oth compile time and runtime, 3DC uses type li)raries" It is through the effective use of type li)raries that 3DC achieves its capa)ilities as a dynamic frame!ork for the interaction of o)Gects"

3onsider the follo!ing e(ample coclass definition in an I,+ :

coclass (.ome)b$ect E Fde6aultG inter6ace ;.ome;nter6aceH Fde6ault, sourceG dispinter6ace @;I:)b$ectJventsH KH

The a)ove code fragment declares a 3DC class named 30omeD)Gect !hich must implement an interface named I0omeInterface and !hich supports (not implements) the event interface NICyD)Gect/vents" Ignoring the event interface )it, this is conceptually e2uivalent to defining a 3II class like this:
class (.ome)b$ect : public ;.ome;nter6ace E &&& &&& &&& KH

!here I0omeInterface is a 3II pure virtual class" 1eferring once again to the CyD)Gect 3DC class: once a coclass definition for it has )een formali'ed in an I,+, and a Type +i)rary compiled from it, the onus is on the individual language compiler to read and appropriately interpret this Type +i)rary and then produce !hatever code (in the specific compiler?s language) necessary for a developer to implement and ultimately produce the )inary e(ecuta)le code !hich can )e deemed )y 3DC to )e of coclass CyD)Gect" Dnce an implementation of a 3DC coclass is )uilt and is availa)le in the system, ne(t comes the 2uestion of ho! to instantiate it" In languages like 3II, !e can use the 3o3reateInstance() & I in !hich !e specify the 3+0I, (3+0I,N30omeD)Gect) of the coclass as !ell as the interface (specified )y the II, II,NI0omeInterface) from that coclass that !e !ant to use to interact !ith that coclass" 3alling 3o3reateInstance() like this:
(o(reate;nstance/(,.;D@(.ome)b$ect, N<,,, (,.(LM@;N*?)(@.J?NJ?, ;;D@;.ome;nter6ace, /void3310p;.ome;nter6ace1H

is conceptually e2uivalent to the follo!ing 3II code:

;.ome;nter6ace3 p;.ome;nter6ace = ne- (.ome)b$ect/1H

In the second case, the 3DC su)Asystem is used to o)tain a pointer to an o)Gect that implements the I0omeInterface interface and coclass 3+0I,N30omeD)Gect?s particular implementation of this interface is re2uired" In the first case, an instance of a 3II class 30omeD)Gect that implements the interface I0omeInterface is created" & coclass, then, is an o)GectAoriented class in the 3DC !orld" The main feature of the coclass is that it is ($) )inary in nature and conse2uently (9) programming languageAindependent"
[edit] %e'istry !ain article: %indo s Registry

In Windo!s, 3DC classes, interfaces and type li)raries are listed )y L6I,s in the registry, under JB/ON3+&00/0N1DDTP3+0I, for classes and JB/ON3+&00/0N1DDTPInterface for interfaces" The 3DC li)raries use the registry to locate either the correct local li)raries for each 3DC o)Gect or the net!ork location for a remote service" 6nder the key JB31Pclsid, the follo!ing are specified:
OB ;nprocserver#" = ob$ect is to be loaded into a process + *ath to 6ile4ob$ect and readable name PQ(?Rinter6ace: example: ;.L?J>I, ;?*(.L<', ;IJ..>SJC;,LJ? connects to a (,.;D& Tou can speci6: N<IIJLP)D. and *?)MT.L<'/i6 -ebOob$ect1 PQ(?Rt:pelib )ne or more (,.;D can be grouped into t:pe librar:& it contains parameters 6or lin=ing in ()I& Lhe rest o6 the in6o in the ()I parts o6 the ?JS;.L?T, is to give an application4ob$ect a (,.;D&

[edit] %e-erence countin'

The most fundamental 3DC interface of all, I6nkno!n (from !hich all 3DC interfaces must )e derived), supports t!o main concepts: feature e(ploration through the uery#nter!ace method, and o)Gect lifetime management )y including Add(e!)* and (elease)*" 1eference counts and feature e(ploration apply to o)Gects (not to each interface on an o)Gect) and thus must have a centrali'ed implementation" The 3DC specifications re2uire a techni2ue called reference counting to ensure that individual o)Gects remain alive as long as there are clients !hich have ac2uired access to one or more of its interfaces and, conversely, that the same o)Gect is properly disposed of !hen all code that used the o)Gect have finished !ith it and no longer re2uire it" & 3DC o)Gect is responsi)le for freeing its o!n memory once its reference count drops to 'ero" For its implementation, a 3DC D)Gect usually maintains an integer value that is used for reference counting" When &dd1ef() is called via any of o)Gect?s interfaces, this integer value is incremented" When 1elease() is called, this integer is decremented" &dd1ef() and 1elease() are

the only means )y !hich a client of a 3DC o)Gect is a)le to influence its lifetime" The internal integer value remains a private mem)er of the 3DC o)Gect and !ill never )e directly accessi)le" The purpose of &dd1ef() is to indicate to the 3DC o)Gect that an additional reference to itself has )een affected and hence it is necessary to remain alive as long as this reference is still valid" 3onversely, the purpose of 1elease() is to indicate to the 3DC o)Gect that a client (or a part of the client?s code) has no further need for it and hence if this reference count has dropped to 'ero, it may )e time to destroy itself" 3ertain languages (e"g" -isual ;asic) provide automatic reference counting so that 3DC o)Gect developers need not e(plicitly maintain any internal reference counter in their source codes" 6sing 3DC in 3, e(plicit reference counting is needed" In 3II, a coder may !rite the reference counting code or use a smart pointer that !ill manage all the reference counting" The follo!ing is a general guideline calling &dd1ef() and 1elease() to facilitate proper reference counting in 3DC o)Gect:

6unctions ('hether o&4ect $ethods or %lo&al !unctions) that return inter!ace re!erences (via return value or via 7out7 para$eter) should incre$ent the re!erence count o! the underlyin% o&4ect &e!ore returnin%. Aence internally 'ithin the !unction or $ethod1 Add0e!() is called on the inter!ace re!erence (to &e returned). An e a$ple o! this is the ;uery<nter!ace() $ethod o! the <-n3no'n inter!ace. Aence it is i$perative that developers &e a'are that the returned inter!ace re!erence has already &een re!erence count incre$ented and not call Add0e!() on the returned inter!ace re!erence yet another ti$e. 0elease() $ust &e called on an inter!ace re!erence &e!ore that inter!ace2s pointer is over'ritten or %oes out o! scope. <! a copy is $ade on an inter!ace re!erence pointer1 Add0e!() should &e called on that pointer. A!ter all1 in this case1 'e are actually creatin% another re!erence on the underlyin% o&4ect. Add0e!() and 0elease() $ust &e called on the speci!ic inter!ace 'hich is &ein% re!erenced since an o&4ect $ay i$ple$ent per9inter!ace re!erence counts in order to allocate internal resources only !or the inter!aces 'hich are &ein% re!erenced. + tra calls to these !unctions are not sent out to re$ote o&4ects over the 'ire@ a pro y 3eeps only one re!erence on the re$ote o&4ect and $aintains its o'n local re!erence count.

To facilitate and promote 3DC development, Cicrosoft introduced &T+ (&ctive Template +i)rary) for 3II developers" &T+ provides for a higherAlevel 3DC development paradigm" It also shields 3DC client application developers from the need to directly maintain reference counting, )y providing smart pointer o)Gects" Dther li)raries and languages that are 3DCAa!are include the Cicrosoft Foundation 3lasses, the -3 3ompiler 3DC 0upport, -;0cript, -isual ;asic, /3C&0cript (Java0cript) and ;orland ,elphi"

[edit] )nstantiation

3DC standardi'es the instantiation (i"e" creation) process of 3DC o)Gects )y re2uiring the use of Class +actories" In order for a 3DC o)Gect to )e created, t!o associated items must e(ist:

A #lass <D. A #lass 6actory.

/ach 3DC 3lass or CoClass must )e associated !ith a uni2ue 3lass I, (a L6I,)" It must also )e associated !ith its o!n 3lass Factory (that is achieved )y using a centrali'ed registry)" & 3lass Factory is itself a 3DC o)Gect" It is an o)Gect that must e(pose the I3lassFactory or I3lassFactory9 (the latter !ith licensing support) interface" The responsi)ility of such an o)Gect is to create other o)Gects" & class factory o)Gect is usually contained !ithin the same e(ecuta)le code (i"e" the server code) as the 3DC o)Gect itself" When a class factory is called upon to create a target o)Gect, this target o)Gect?s class id must )e provided" This is ho! the class factory kno!s !hich class of o)Gect to instantiate" & single class factory o)Gect may create o)Gects of more than one class" That is, t!o o)Gects of different class ids may )e created )y the same class factory o)Gect" Jo!ever, this is transparent to the 3DC system" ;y delegating the responsi)ility of o)Gect creation into a separate o)Gect, a greater level of a)straction is promoted, and the developer is given greater fle(i)ility" For e(ample, implementation of the ,ingleton and other creation patterns is facilitated" &lso, the calling application is shielded from the 3DC o)Gect?s memory allocation semantics )y the factory o)Gect" In order for client applications to )e a)le to ac2uire class factory o)Gects, 3DC servers must properly e(pose them" & class factory is e(posed differently, depending on the nature of the server code" & server !hich is ,++A)ased must e(port a Dll&etClassObject)* glo)al function" & server !hich is /=/A)ased registers the class factory at runtime via the Co(egisterClassObject)* Windo!s & I function" The follo!ing is a general outline of the se2uence of o)Gect creation via its class factory:
?. The o&4ect2s class !actory is o&tained via the Co0etClassO$.ect() AP< (a standard 5indo's AP<). As part o! the call to #oBet#lass,&4ect()1 the #lass <D o! the o&4ect (to &e created) $ust &e supplied. The !ollo'in% #CC code de$onstrates this/
"& #& U& 5& 6& & 8& ;(lassCactor:3 p;(lassCactor: = N<,,H (oSet(lass)b$ect/(,.;D@.ome)b$ect, (,.(LM@>,,, N<,,, ;;D@;(lassCactor:, /,*N);D310p;(lassCactor:1H

The a&ove code indicates that the #lass 6actory o&4ect o! a #,( o&4ect1 'hich is identi!ied &y the class id #LS<DDSo$e,&4ect1 is re*uired. This class !actory o&4ect is returned &y 'ay o! its <#lass6actory inter!ace. E. The returned class !actory o&4ect is then re*uested to create an instance o! the ori%inally intended #,( o&4ect. The !ollo'in% #CC code de$onstrates this/
18& 11& 1"& 1#& 1U& 15& 16& 1 & 18& 1!& "8& "1& ;.ome)b$ect3 p;.ome)b$ect = N<,,H i6 /p;(lassCactor:1 E p;(lassCactor:OB(reate;nstance /N<,,, ;;D@;.ome)b$ect, /,*N);D310p;.ome)b$ect1H p;(lassCactor:OB?elease/1H K p;(lassCactor: = N<,,H

The a&ove code indicates the use o! the #lass 6actory o&4ect2s Create)nstance() $ethod to create an o&4ect 'hich e poses an inter!ace identi!ied &y the <<DD<So$e,&4ect B-<D. A pointer to the <So$e,&4ect inter!ace o! this o&4ect is returned. Also note that &ecause the class !actory o&4ect is itsel! a #,( o&4ect1 it needs to &e released 'hen it is no lon%er re*uired (i.e. its %elease() $ethod $ust &e called).

The a)ove demonstrates, at the most )asic level, the use of a class factory to instantiate an o)Gect" Jigher level constructs are also availa)le, some of !hich do not even involve direct use of the Windo!s & Is" For e(ample, the CoCreate#nstance)* & I can )e used )y an application to directly create a 3DC o)Gect !ithout ac2uiring the o)Gect?s class factory" Jo!ever, internally, the 3o3reateInstance() & I itself !ill invoke the 3oLet3lassD)Gect() & I to o)tain the o)Gect?s class factory and then use the class factory?s 3reateInstance() method to create the 3DC o)Gect" -;0cript supplies the -ew key!ord as !ell as the CreateObject)* glo)al function for o)Gect instantiation" These language constructs encapsulate the ac2uisition of the class factory o)Gect of the target o)Gect (via the 3oLet3lassD)Gect() & I) follo!ed )y the invocation of the I3lassFactory::3reateInstance() method" Dther languages, e"g" o!er;uilder?s o!er0cript may also provide their o!n highAlevel o)Gect creation constructs" Jo!ever, 3oLet3lassD)Gect() and the I3lassFactory interface remain the most fundamental o)Gect creation techni2ue"
[edit] %e-lection &ee also: reflection 'computer science(

&t the time of the inception of 3DC technologies, the only !ay for a client to find out !hat features an o)Gect !ould offer !as to actually create one instance and call into its HueryInterface method (part of the re2uired I6nkno!n interface)" This !ay of e(ploration )ecame a!k!ard for many applications, including the selection of appropriate components for a certain task, and tools to help a developer understand ho! to use methods provided )y an o)Gect" &s a result, 3DC Type +i)raries !ere introduced, through !hich components can descri)e themselves" & type li)rary contains information such as the 3+0I, of a component, the II,s of the interfaces the component implements, and descriptions of each of the methods of those interfaces" Type li)raries are typically used )y 1apid &pplication ,evelopment (1&,) environments such as -isual ;asic or -isual 0tudio to assist developers of client applications"
[edit] Pro'rammin'

3DC is a )inary standard (also said to )e language agnostic) and may )e developed in any programming language capa)le of understanding and implementing its )inary defined data types and interfaces" 1untime li)raries (in e(treme situations, the programmers) are responsi)le for entering and leaving the 3DC environment, instantiating and reference counting 3DC o)Gects, 2uerying o)Gects for version information, coding to take advantage of advanced o)Gect versions, and coding graceful degradation of function !hen ne!er versions are not availa)le"
[edit] #pplication and networ/ transparency

3DC o)Gects may )e instantiated and referenced from !ithin a process, across process )oundaries !ithin a computer, and across a net!ork, using the ,3DC technology" DutAofAprocess and remote o)Gects may use marshalling to send method calls and return values )ack and forth" The marshalling is invisi)le to the o)Gect and the code using the o)Gect"
[edit] Threadin' in CO*

In 3DC, threading issues are addressed )y a concept kno!n as *apartment models*" Jere the term *apartment* refers to an e(ecution conte(t !herein a single thread or a group of threads is associated !ith one or more COM objects" &partments stipulate the follo!ing general guidelines for participating threads and o)Gects:

+ach #,( o&4ect is associated 'ith one and only one apart$ent. This is decided at the ti$e the o&4ect is created at runti$e. A!ter this initial setup1 the o&4ect re$ains in that apart$ent throu%hout its li!eti$e. A #,( thread (i.e.1 a thread in 'hich #,( o&4ects are created or #,( $ethod calls are $ade) is also associated 'ith an apart$ent. Li3e #,( o&4ects1 the apart$ent 'ith 'hich a thread is associated is also decided at initiali:ation ti$e. +ach #,( thread also re$ains in its desi%nated apart$ent until it ter$inates.

Threads and o&4ects 'hich &elon% to the sa$e apart$ent are said to !ollo' the sa$e thread access rules. (ethod calls 'hich are $ade inside the sa$e apart$ent are per!or$ed directly 'ithout any assistance !ro$ #,(. Threads and o&4ects !ro$ di!!erent apart$ents are said to play &y di!!erent thread access rules. (ethod calls $ade across apart$ents are achieved via $arshallin%. This re*uires the use o! pro ies and stu&s.

There are three types of &partment Codels in the 3DC !orld: ,ingle./hreaded Apartment ),/A*, Multi./hreaded Apartment )M/A*, and -eutral Apartment" /ach apartment represents one mechanism !here)y an o)Gect?s internal state may )e synchroni'ed across multiple threads" The 0ingleAThreaded &partment (0T&) model is a very commonly used model" Jere, a 3DC o)Gect stands in a position similar to a desktop application?s user interface" In an 0T& model, a single thread is dedicated to drive an o)Gect?s methods, i"e" a single thread is al!ays used to e(ecute the methods of the o)Gect" In such an arrangement, method calls from threads outside of the apartment are marshalled and automatically 2ueued )y the system (via a standard Windo!s message 2ueue)" Thus, there is no !orry a)out race conditions or lack of synchronicity )ecause each method call of an o)Gect is al!ays e(ecuted to completion )efore another is invoked" If the 3DC o)Gect?s methods perform their o!n synchroni'ation, multiple threads dedicated to calling methods on the 3DC o)Gect are permitted" This is termed the Cultiple Threaded &partment (CT&)" 3alls to an CT& o)Gect from a thread in an 0T& are also marshaled" & process can consist of multiple 3DC o)Gects, some of !hich may use 0T& and others of !hich may use CT&" The Thread 7eutral &partment allo!s different threads, none of !hich is necessarily dedicated to calling methods on the o)Gect, to make such calls" The only provision is that all methods on the o)Gect must )e serially reentrant"
*essa'e pumpin'

When an 0T& is initiali'ed it creates a hidden !indo! that is used for interAapartment and interAprocess message routing" This !indo! must have its message 2ueue regularly pumped" This construct is kno!n as a message pump" Dn earlier versions of Windo!s, failure to do so could cause systemA!ide deadlocks" This pro)lem is especially nasty )ecause some Windo!s & Is initiali'e 3DC as part of their implementation, !hich causes a leak of implementation details"
[edit] %e-erence countin'

1eference counting !ithin 3DC may cause pro)lems if t!o or more o)Gects are circularly referenced" The design of an application must take this into account so that o)Gects are not left orphaned"

D)Gects may also )e left !ith active reference counts if the 3DC *event sink* model is used" 0ince the o)Gect that fires the event needs a reference to the o)Gect reacting to the event, the o)Gect?s reference count !ill never reach 'ero" 1eference cycles are typically )roken using either outAofA)and termination or split identities" In the out of )and termination techni2ue, an o)Gect e(poses a method !hich, !hen called, forces it to drop its references to other o)Gects, there)y )reaking the cycle" In the split identity techni2ue, a single implementation e(poses t!o separate 3DC o)Gects (also kno!n as identities)" This creates a !eak reference )et!een the 3DC o)Gects, preventing a reference cycle"
[edit] DLL hell !ain article: D)) hell

;ecause 3DC components are usually implemented in ,++ files and registration allo!s only single version of a ,++ they are su)Gect of *,++ hell* effect" 1egistrationAfree 3DC capa)ility eliminates the pro)lem"

[edit] %e'1ree CO*

(eg+ree COM (or (egistration.+ree COM) is a technology introduced !ith Windo!s = that allo!s 3omponent D)Gect Codel (3DC) components to store activation metadata and 3+0I, ((lass ;D) for the component !ithout using the registry" Instead, the metadata and 3+0I,s of the classes implemented in the component are declared in an assem)ly manifest (descri)ed using =C+), stored either as a resource in the e(ecuta)le or as a separate file installed !ith the component"#F% This allo!s multiple versions of the same component to )e installed in different directories, descri)ed )y their o!n manifests, as !ell as =3D O deployment"#4% This techni2ue cannot )e used for /=/ 3DC servers or systemA!ide components such as C,&3, C0=C+, ,irect= or Internet /(plorer" ,uring application loading, the Windo!s loader searches for the manifest"#5% If it is present, the loader adds information from it to the activation conte(t #4% When the 3DC class factory tries to instantiate a class, the activation conte(t is first checked to see if an implementation for the 3+0I, can )e found" Dnly if the lookup fails is the registry scanned Distributed Component Object Model (DCOM) is a proprietary Cicrosoft technology for communication among soft!are components distri)uted across net!orked computers" ,3DC, !hich originally !as called *7et!ork D+/*, e(tends Cicrosoft?s 3DC, and provides the communication su)strate under Cicrosoft?s 3DCI application server infrastructure" It has )een deprecated in favor of the Cicrosoft "7/T Frame!ork" The addition of the *,* to 3DC !as due to e(tensive use of ,3/<1 3 (,istri)uted 3omputing /nvironment<1emote rocedure 3alls) Q more specifically Cicrosoft?s enhanced version, kno!n as C01 3" In terms of the e(tensions it added to 3DC, ,3DC had to solve the pro)lems of

Carshalling Q seriali'ing and deseriali'ing the arguments and return values of method calls *over the !ire*" ,istri)uted gar)age collection Q ensuring that references held )y clients of interfaces are released !hen, for e(ample, the client process crashed, or the net!ork connection !as lost"

Dne of the key factors in solving these pro)lems is the use of ,3/<1 3 as the underlying 1 3 mechanism )ehind ,3DC" ,3/<1 3 has strictly defined rules regarding marshalling and !ho is responsi)le for freeing memory" ,3DC !as a maGor competitor to 3D1;&" roponents of )oth of these technologies sa! them as one day )ecoming the model for code and serviceAreuse over the Internet" Jo!ever, the difficulties involved in getting either of these technologies to !ork over Internet fire!alls, and on unkno!n and insecure machines, meant that normal JTT re2uests in com)ination !ith !e) )ro!sers !on out over )oth of them" Cicrosoft, at one point, attempted and failed to head this off )y adding an e(tra http transport to ,3/<1 3 called ncacn_http (7et!ork 3omputing &rchitecture, 3onnectionA)ased, over JTT )" This !as later resurrected to support a Cicrosoft /(change 9::. connection over JTT "

#lternative versions and implementations

The Dpen Lroup has a ,3DC implementation called COMsource" Its source code is availa)le, along !ith full and complete documentation, sufficient to use and also implement an interopera)le version of ,3DC" &ccording to that documentation, 3DCsource comes directly from the Windo!s 7T E": source code, and even includes the source code for a Windo!s 7T 1egistry 0ervice" The Wine Team is also implementing ,3DC for )inary interopera)ility purposes; they are not currently interested in the net!orking side of ,3DC, !hich is provided )y C01 3" They are restricted to implementing 7,1 (7et!ork ,ata 1epresentation) through Cicrosoft?s & I#citation needed% , )ut are committed to making it as compati)le as possi)le !ith C01 3" Tangram3DC is a separate proGect from Wine, focusing on implementing ,3DC on +inu(A)ased smartphones" The 0am)a Team is also implementing ,3DC for overAtheA!ire interopera)ility purposes: unlike the Wine Team, they are not currently interested in )inaryAinteropera)ility, as the 0am)a C01 3 implementation is far from )inaryAinteropera)le !ith Cicrosoft?s C01 3" ;et!een the t!o proGects, 0am)a and Wine, tackling interopera)ility from different angles, a fully interopera)le implementation of ,3DC should )e achieva)le, eventually" GAInterop is an open source (+L +) implementation of C01 3 purely in Java, supporting ,3DC client applications in Java on any platform communicating !ith ,3DC servers"

JAIntegra for 3DC is a mature commercial pure Java implementation of the ,3DC !ire protocol allo!ing access to 3DC components from Java clients, and Java o)Gects from 3DC clients" /ntire= ,3DC is a commercial implementation )y 0oft!are &L for &0<E::, ;09:::<D0,, Windo!s, 6ni( (&I=, J A6=, +inu(, 0olaris), '<D0, and '<-C",3DC

[edit] Procedure
To access ,3DC settings on a computer running Windo!s 9:::, Windo!s = and earlier, click ,tart R (un, and type *dcomcn!g*" (3lick -O for any !arning screens that appear") To access ,3DC settings on a computer running Windo!s -ista or later, click ,tart, type *dcomcn!g*, rightAclick *dcomcn!g$e0e* in the list, and click *1un as administrator*" This opens the ,istri)uted 3DC 3onfiguration roperties dialog"

Active1
From Wikipedia, the free encyclopedia

Jump to: navigation, search Active1 is a frame!ork for defining reusa)le soft!are components in a programming language independent !ay" 0oft!are applications can then )e composed from one or more of these components in order to provide their functionality

#ctive2 controls
&ctive = controls, small program )uilding )locks, can serve to create distri)uted applications !orking over the Internet through !e) )ro!sers" /(amples include customi'ed applications for gathering data, vie!ing certain kinds of files, and displaying animation" &ctive = controls are compara)le !ith Java applets: programmers designed )oth of these mechanisms to allo! !e) )ro!sers to do!nload and e(ecute them" They also differ:

8ava applets can run on nearly any plat!or$1 'hile ActiveF co$ponents o!!icially operate only 'ith (icroso!t2s <nternet + plorer 'e& &ro'ser and the (icroso!t 5indo's operatin% syste$.GHI(al'are1 e.%. co$puter viruses and spy'are1 can &e accidentally installed !ro$ $alicious 'e&sites usin% ActiveF controls (drive9&y do'nloads).

rogrammers can !rite &ctive= controls in any language !hich supports 3DC component development, including the follo!ing languages<environments:

#CC either directly or 'ith the help o! li&raries such as ATL or (6#G3I "orland Delphi

Jisual "asic .)+T 6ra$e'or3 (#K/J".)+T)

3ommon e(amples of &ctive= controls include command )uttons, list )o(es, dialog )o(es, and the Internet /(plorer )ro!ser"#citation needed%

Exchange 2010 System Requirements

Applies to: Exchange Server 2010 SP1 Topic Last Modified: 2011-02-11 Before you install Microsoft Exchange Server 2010, we recommend that you review this topic to ensure that your network, hardware, software, clients, and other elements meet the re uirements for Exchange 2010! "n addition, make sure you understand the coexistence scenarios that are supported for Exchange 2010 and earlier versions of Exchange! Supported #oexistence Scenarios $he following ta%le lists the scenarios in which coexistence %etween Exchange 2010 and earlier versions of Exchange are supported! Coexistence of Exchange 2010 and earlier versions of Exchange Server Exchange version Exchange 2000 Server Exchange Server 200' Exchange 200( Mixed Exchange 200( and Exchange Server 200' organi)ation Exchange 2000 Server *ou can+t upgrade an existing Exchange 2000 organi)ation directly to Exchange 2010! *ou must first upgrade the Exchange 2000 organi)ation to either an Exchange 200' or Exchange 200( organi)ation, and then you can upgrade the Exchange 200' or Exchange 200( organi)ation to Exchange 2010! ,e recommend that you upgrade your organi)ation from Exchange 2000 to Exchange 200', and then upgrade from Exchange 200' to Exchange 2010! -or more information a%out upgrading from Exchange 2000, see .lanning an /pgrade from Exchange 2000 and /pgrading to Exchange 200(! &etwork and 0irectory Servers $he following ta%le lists the re uirements for the network and the directory servers in your Exchange 2010 organi)ation! Network and directory server requirements for Exchange 2010 Exchange organization coexistence &ot supported Supported Supported Supported

Com onent Schema master

!equirement By default, the schema master runs on the first ,indows Server 200' or

,indows Server 2001 or ,indows Server 2001 22 domain controller installed in a forest! $he schema master must %e running any of the following3

9lo%al catalog server

,indows Server 200' Standard Edition with Service .ack 1 4S.15 or later 4'26%it or 786%it5 ,indows Server 200' Enterprise Edition with S.1 or later 4'26%it or 786%it5 ,indows Server 2001 Standard or Enterprise 4'26%it or 786%it5

,indows Server 2001 22 Standard or Enterprise

"n each :ctive 0irectory site where you plan to install Exchange 2010, you must have at least one glo%al catalog server for each domain running any of the following3

,indows Server 200' Standard Edition with S.1 or later 4'26%it or 786%it5 ,indows Server 200' Enterprise Edition with S.1 or later 4'26%it or 786%it5 ,indows Server 2001 Standard or Enterprise 4'26%it or 786%it5 ,indows Server 2001 22 Standard or Enterprise

-or more information a%out glo%al catalog servers, see ,hat is the 9lo%al #atalog! 0omain controller "n each :ctive 0irectory site where you plan to install Exchange 2010, you must have at least one writea%le domain controller running any of the following3

:ctive 0irectory forest ".v7 Support

,indows Server 200' Standard Edition with S.1 or later 4'26%it or 786%it5 ,indows Server 200' Enterprise Edition with S.1 or later 4'26%it or 786%it5 ,indows Server 2001 Standard or Enterprise 4'26%it or 786%it5 ,indows Server 2001 22 Standard or Enterprise ,indows Server 2001 0atacenter

,indows Server 2001 22 0atacenter

:ctive 0irectory must %e at ,indows Server 200' forest functionality mode or higher! ".v7 is supported only when ".v8 is also used; a pure ".v7 environment isn+t supported! /sing ".v7 addresses and ". address ranges is supported only when %oth ".v7 and ".v8 are ena%led on that computer, and the network supports %oth ". address versions! "f Exchange 2010 is deployed in this configuration, all server roles can send data to and receive data from devices, servers, and clients that use ".v7 addresses! Exchange 2010 support is similar to support for Exchange Server 200(! -or more

information, see /nderstanding ".v7 Support in Exchange 2010! 0irectory Server :rchitecture $he use of 786%it :ctive 0irectory domain controllers increases directory service performance for Exchange 2010! -or more information a%out Exchange 2010, the Mail%ox server role and :ctive 0irectory ratios, see the <:ctive 0irectory Server and Mail%ox Server 2atios< section in /nderstanding Server 2ole 2atios and Exchange .erformance!

Note" "n multi6domain environments, on ,indows Server 2001 domain controllers that have the :ctive 0irectory language locale set to =apanese, your servers may not receive some attri%utes that are stored on an o%>ect during in%ound replication! -or more information, see Microsoft ?nowledge Base article @8@11@, : ,indows Server 2001 domain controller that is configured with the =apanese language locale may not apply updates to attri%utes on an o%>ect during in%ound replication! "nstalling Exchange 2010 on 0irectory Servers -or security and performance reasons, we recommend that you install Exchange 2010 only on mem%er servers and not on :ctive 0irectory directory servers! Aowever, you can+t run 0#.romo on a computer running Exchange 2010! :fter Exchange 2010 is installed, changing its role from a mem%er server to a directory server, or vice versa, isn+t supported! Aardware $he recommended hardware re uirements for Exchange 2010 servers vary depending on a num%er of factors including the server roles that are installed and the anticipated load that will %e placed on the servers! -or information a%out minimum, maximum, and recommended hardware configurations for Exchange 2010 servers, see .erformance and Scala%ility! #ardware requirements for Exchange 2010

Com onent .rocessor

!equirement

Notes "t+s supported to install the Exchange management tools on a computer that has a 786%it processor! -or more information, see "nstall the Exchange 2010 Management $ools and .repare :ctive 0irectory and 0omains!

x78 architecture6%ased computer with "ntel processor that supports "ntel 78 architecture 4formerly known as "ntel EM78$5

:M0 processor that supports the :M078 platform

Memory

"ntel "tanium ":78 processors not supported

Baries depending on Exchange features -or detailed information a%out memory re uirements for that are installed Exchange 2010, see /nderstanding Memory #onfigurations and Exchange .erformance! $he page file si)e minimum and $he recommended page file si)e also accounts for the maximum must %e set to physical 2:M memory that+s needed to collect information if the plus 10 MB operating system stops unexpectedly! Cn 786%it operating systems, memory can %e written as a dump file

.aging file si)e

to the paging file! $his file must reside on the %oot volume of the server! -or more information a%out the configuration options that are availa%le for memory dump data, see ?nowledge Base article 2D878@, Cverview of memory dump file options for ,indows Bista, ,indows Server 2001 22, ,indows Server 2001, ,indows Server 200', ,indows E., and ,indows 2000! 0isk space

:t least 1!2 9B on the drive on which you install Exchange

$he minimum space re uirements detailed here don+t account for disk su%system re uirements for ade uate performance!

:n additional D00 MB of availa%le disk space for each /nified Messaging 4/M5 language pack that you plan to install

200 MB of availa%le disk space on the system drive

: hard disk that stores the message ueue data%ase on an Edge $ransport server or Au% $ransport server with at least D00 MB of free space

0rive

0B062CM drive, local or network accessi%le 100 x 700 pixels or higher

&one!

Screen resolution -ile format

&one!

0isk partitions formatted as &$-S file &one! systems, which applies to the following partitions3

System partition .artitions that store Exchange %inary files

.artitions containing transaction log files

.artitions containing data%ase files

.artitions containing other Exchange files

-or more information a%out planning your hardware for Exchange 2010, see the following topics3

/nderstanding .rocessor #onfigurations and Exchange .erformance /nderstanding Memory #onfigurations and Exchange .erformance /nderstanding Server 2ole 2atios and Exchange .erformance

Cperating System $he following ta%le lists the supported operating systems for Exchange 2010! Su orted o erating systems for Exchange 2010

Com onent Cperating system on a computer that has a 786%it processor

!equirement Cne of the following3

786%it edition of ,indows Server 2001 Standard with Service .ack 2 4S.25 786%it edition of ,indows Server 2001 Enterprise with S.2

786%it edition of ,indows Server 2001 22 Standard with S.1

786%it edition of ,indows Server 2001 22 Enterprise with S.1

Cperating system for installing the Exchange management tools on a computer that has a 786%it processor

,indows Server 2001 0atacenter

,indows Server 2001 22 0atacenter

Cne of the following3

,indows Bista with S.2 for management tools only installation 786%it edition of ,indows Server 2001 Standard with S.2

786%it edition of ,indows Server 2001 Enterprise with S.2

786%it edition of ,indows Server 2001 22 Standard

786%it edition of ,indows Server 2001 22

Enterprise

$m ortant"

786%it edition of ,indows (

$he release6to6manufacturing 42$M5 version of Exchange 2010 doesnLt support %eing run on computers with the /nited States -ederal "nformation .rocessing Standards 4-".S5 compliant settings ena%led! "f you have -".S ena%led on computers running ,indows Server 2001 S.2 or ,indows Server 2001 22, Exchange 2010 2$M will not function correctly! -or more information, see ?nowledge Base article 1111'', $he effects of ena%ling the <System cryptography3 /se -".S compliant algorithms for encryption, hashing, and signing< security setting in ,indows E. and in later versions of ,indows! Support for Cutlook and Entourage Exchange 2010 supports the following versions of Microsoft Cffice Cutlook and Microsoft Entourage for Mac3

Cutlook 2010 Cutlook 200( Cutlook 200' Entourage 2001 for Mac, ,e% Services Edition

"f you have clients running Cutlook 200', %e aware of the following when you upgrade your organi)ation to Exchange 20103

Cn clients running Cutlook 200', you may notice that folder updates don+t occur automatically in a timely manner! $his situation occurs %ecause /ser 0atagram .rotocol 4/0.5 notifications aren+t supported in Exchange 2010! -or more information a%out resolving this issue, see ?nowledge Base article 200@@82, "n Cutlook 200', e6mail messages take a long time to send and receive when you use an Exchange 2010 mail%ox! Aowever, Cutlook 200( and Cutlook 2010 are automatically compati%le with this change!

Exchange 2010 2$M3 #lients running Cutlook 200' donLt use 2.# encryption, which 2.# #lient :ccess re uires %y default! *ou will either need to turn off the 2.# encryption re uirement or configure Cutlook 200' to use 2.# encryption! Aowever, Cutlook 200( and later versions are automatically compati%le with the change to 2.# #lient :ccess %ecause they support 2.# encryption %y default! -or more information, see /nderstanding 2.# #lient :ccess!

Exchange 2010 S.13 "n Exchange 2010 S.1, the 2.# encryption re uirement is disa%led %y default! :ny new #lient :ccess Servers 4#:S5 deployed in the organi)ation will not re uire encryption! Aowever, any #:S servers deployed prior to Exchange 2010 S.1, or upgraded to Exchange 2010 S.1, will retain the existing 2.# encryption re uirement setting!

-or more information see, #oncern3 "s having Cutlook 200' clients going to prevent me from deploying Exchange 2010F! Aardware Birtuali)ation Microsoft supports Exchange 2010 in production on hardware virtuali)ation software only when all the following conditions are true3

$he hardware virtuali)ation software is running3 ,indows Server 2001 with Ayper6B technology ,indows Server 2001 22 with Ayper6B technology Microsoft Ayper6B Server 2001 Microsoft Ayper6B Server 2001 22 :ny third6party hypervisor that has %een validated under the ,indows Server Birtuali)ation Balidation .rogram!

$he Exchange guest virtual machine3 "s running Microsoft Exchange 2010! "s deployed on the ,indows Server 2001 with S.2 or ,indows Server 2001 22 operating system! 0oesn+t have the /nified Messaging server role installed! :ll Exchange 2010 server roles, except for the /nified Messaging server role, are supported in a virtuali)ation environment! $his is due to the real6time response re uirements associated with voice communications with the /nified Messaging server role!

Meets all the re uirements set forth previously in this topic!

Note" ,hen you install Exchange 2010 in a Ayper6B environment, you may get the following error3 <Au% $ransport Server role installation failed!< -or virtuali)ed :ctive 0irectory servers, it is recommended that you disa%le the time sync integration component, and then set the time to a relia%le external time provider %efore you install the Au% $ransport role! $his recommendation is especially important if your host is >oined to the domain the virtual machine is hosting!

$he storage used %y the Exchange guest machine for storage of Exchange data 4for example, mail%ox data%ases or Au% transport ueues5 can %e virtual storage of a fixed si)e 4for example, fixed virtual hard disks 4BA0s5 in a Ayper6B environment5, S#S" pass6through storage, or "nternet S#S" 4iS#S"5 storage! .ass6through storage is storage that+s configured at the host level and dedicated to one guest machine! :ll storage used %y an Exchange guest machine for storage of Exchange data must %e %lock6level storage %ecause Exchange 2010 doesn+t support the use of network attached storage 4&:S5 volumes! :lso, &:S storage that+s presented to the guest as %lock6level storage via the hypervisor isn+t supported! $he following virtual disk re uirements apply for volumes used to store Exchange data3

Birtual disks that dynamically expand aren+t supported %y Exchange! Birtual disks that use differencing or delta mechanisms 4such as Ayper6B+s differencing BA0s or snapshots5 aren+t supported!

Note" "n a Ayper6B environment, each fixed BA0 must %e less than 2,080 9B! -or supported third6party hypervisors, check with the manufacturer to see if any disk si)e limitations exist!

Cnly management software 4for example, antivirus software, %ackup software, or virtual machine management software5 can %e deployed on the physical root machine! &o other server6%ased applications 4for example, Exchange, SGH Server, :ctive 0irectory, or S:.5 should %e installed on the root machine! $he root machine should %e dedicated to running guest virtual machines!

Microsoft doesn+t support com%ining Exchange high availa%ility solutions 4data%ase availa%ility groups 40:9s55 with hypervisor6%ased clustering, high availa%ility, or migration solutions that will move or automatically failover mail%ox servers that are mem%ers of a 0:9 %etween clustered root servers! 0:9s are supported in hardware virtuali)ation environments provided that the virtuali)ation environment doesn+t employ clustered root servers, or the clustered root servers have %een configured to never failover or automatically move mail%ox servers that are mem%ers of a 0:9 to another root server!

Some hypervisors include features for taking snapshots of virtual machines! Birtual machine snapshots capture the state of a virtual machine while it+s running! $his feature ena%les you to take multiple snapshots of a virtual machine and then revert the virtual machine to any of the previous states %y applying a snapshot to the virtual machine! Aowever, virtual machine snapshots aren+t application aware, and using them can have unintended and unexpected conse uences for a server application that maintains state data, such as Exchange! :s a result, making virtual machine snapshots of an Exchange guest virtual machine isn+t supported!

Many hardware virtuali)ation products allow you to specify the num%er of virtual processors that should %e allocated to each guest virtual machine! $he virtual processors located in the guest virtual machine share a fixed num%er of logical processors in the physical system! Exchange supports a virtual processor6to6logical processor ratio no greater than 231! -or example, a dual processor system using uad core processors contains a total of 1 logical processors in the host system! Cn a system with this configuration, don+t allocate more than a total of 17 virtual processors to all guest virtual machines com%ined!

,hen calculating the total num%er of virtual processors re uired %y the root machine, you must also account for %oth "IC and operating system re uirements! "n most cases, the e uivalent num%er of virtual processors re uired in the root operating system for a system hosting Exchange virtual machines is 2! $his value should %e used as a %aseline for the root operating system virtual processor when calculating the overall ratio of physical cores to virtual processors! "f performance monitoring of the root operating system indicates you+re consuming more processor utili)ation than the e uivalent of 2 processors, you should reduce the count of virtual processors assigned to guest virtual machines accordingly and verify that the overall virtual processor6to6physical core ratio is no greater than 231!

$he operating system for an Exchange guest machine must use a disk that has a si)e e ual to at least 1D 9B plus the si)e of the virtual memory that+s allocated to the guest machine! $his re uirement is necessary to account for the operating system and paging file disk re uirements! -or example, if the guest machine is allocated 17 9B of memory, the minimum disk space needed for the guest operating system disk is '1 9B! "n addition, it+s possi%le that guest virtual machines may %e prevented from directly communicating with

fi%re channel or S#S" host %us adapters 4AB:s5 installed in the root machine! "n this event, you must configure the adapters in the root machine+s operating system and present the H/&s to guest virtual machines as either a virtual disk or a pass6through disk! 2oot Machine Storage 2e uirements Each root machine has minimum disk space re uirements that must %e met3

2oot machines in some hardware virtuali)ation applications may re uire storage space for an operating system and its components! -or example, when running ,indows Server 2001 with Ayper6B, you will need a minimum of 10 9B to meet the ,indows Server 2001 22 System 2e uirements for the operating system! :dditional storage space will also %e re uired to support the operating system+s paging file, management software, and crash recovery 4dump5 files!

Some hypervisors maintain files on the root machine that are uni ue to each guest virtual machine! -or example, in a Ayper6B environment, a temporary memory storage file 4B"& file5 is created and maintained for each guest machine! $he si)e of each B"& file is e ual to the amount of memory allocated to the guest machine! "n addition, other files may also %e created and maintained on the host machine for each guest machine!

Exchange Server Storage 2e uirements $he following are the re uirements for storage connected to a virtuali)ed Exchange server3

Each Exchange guest machine must %e allocated sufficient storage space on the root machine for the fixed disk that contains the guest+s operating system, any temporary memory storage files in use, and related virtual machine files that are hosted on the host machine! "n addition, for each Exchange guest machine, you must also allocate sufficient storage for the message ueues on the Au% $ransport and Edge $ransport servers and sufficient storage for the data%ases and log files on Mail%ox servers!

Storage used %y Exchange should %e hosted in disk spindles that are separate from the storage that+s hosting the guest virtual machine+s operating system!

#onfiguring iS#S" storage to use an iS#S" initiator inside an Exchange guest virtual machine is supported! Aowever, there will %e reduced performance in this configuration if the network stack inside a virtual machine isn+t full6featured 4for example, not all virtual network stacks support >um%o frames5!

Exchange Server Memory 2e uirements and 2ecommendations Some hypervisors have the a%ility to oversu%scri%e or dynamically ad>ust the amount of memory availa%le to a specific guest machine %ased on the perceived utili)ation of memory in the guest machine as compared to the needs of other guest machines managed %y the same hypervisor! $his technology makes sense for workloads in which memory is needed for %rief periods of time and then can %e surrendered for other uses! Aowever, it doesn+t make sense for workloads that are designed to use memory on an ongoing %asis! Exchange, like many server applications with optimi)ations for performance that involve caching of data in memory, is suscepti%le to poor system performance and an unaccepta%le client experience if it doesn+t have full control over the memory allocated to the physical or virtual machine on which it is running! Many of the performance gains in recent versions of Exchange, especially those related to reduction in "IC, are %ased on highly efficient usage of large amounts of memory! ,hen that memory is no longer availa%le, the expected performance of the system can+t %e achieved! -or this reason, memory oversu%scription or dynamic ad>ustment of virtual machine memory should %e disa%led for production Exchange servers! Memory should %e si)ed for guest machines using the same methods as physical deployments! *ou can find details a%out memory si)ing for Exchange 2010 server roles in /nderstanding Memory #onfigurations and Exchange

.erformance! -or additional guidance, see the M:pplication #onsiderationsN section of a white paper written %y the Microsoft Ayper6B team, availa%le for download at "mplementing and #onfiguring 0ynamic Memory!

0#CM J #CM K <Secure< &etworking $ransactions! #om is used for 0esktop :pplications4not distri%uted5! 0com is used for distri%uted environment! 0com includes following6L 1!2emoting 2!,e% Service '!,cf