Distributed COM
Introduction       DCOM (= Distributed COM) makes it possible to create COM objects on a remote computer. This can be useful if it is not desired to activate Venice on the client computer that needs access to COM objects. Another reason to use DCOM is for security issues. For instance, it is not desirable to give the Internet Server access to the server hosting the Venice database via share names. With the use of DCOM, this can be prevented. DCOM communicates via RPC (= Remote Procedure Calls) between the client and the server. When the client requests the creation of a COM object, the object is created on the remote server which has access to Venice locally and can have all the necessary rights, even if the client computer has no file permission rights on the server! Note that DCOM is not an ideal solution for an environment with high (network) latency since you incur the latency time twice for each Venice SDK call. In such cases an alternative approach is to write your own host application to group several Venice SDK interface calls and expose this as a higher level interface with fewer calls over the network. This may or may not involve the use of DCOM. This same basic concept is also applicable if you need features beyond those that DCOM provides, such as accessing the SDK from 2 computers that are not in the same network domain (DCOM does not work for cross-domain access)     Setting up DCOM       On the domain controller       All domain users who will be using DCOM must be made a member of the security group 'Distributed COM Users'. Create a new domain user (e.g. ClSdkUser) and make him member of the 'Distributed COM Users'.     On the Venice server       Registration of the Exact C-Logic SDK    Install Venice on the server This will register the SDK automatically.   If you want to use the Exact C-Logic SDK on the console of this server with automatic logon   Log on in Windows as the user who will create COM objects Choose 'Exact C-Logic' - 'Configuration' – 'Development Kit' Select 'Allow automatic logon' and enter a Venice logon name Choose the language     Create the Exact C-Logic SDK COM+ application   Start the program 'Component Services' (DCOMCNFG.EXE) In the tree, expand 'Component Services' - 'Computers' – 'My Computer' Select 'COM+ Applications' Right click and choose 'New' – 'Application' In the 'Application Install Wizard'...   Choose 'Next' Choose 'Create an empty application' Enter the name 'ClSdk Remote Server' and choose 'Server application' and click 'Next' On the 'Application Identity' page, choose 'Local Service' and click 'Next' On the 'Add Applications Roles' and 'Add Users to Roles' pages click 'Next', then 'Finish' In the tree, select the newly created application (ClSdk Remote Server) Right click and choose 'Properties' On the Properties dialog...   On the 'Security' tab, clear the check box 'Enforce access checks for this application' Choose 'Connect' in the combo box 'Authentication Level for Calls' Choose 'Identify' in the combo box 'Impersonation Level' If the server is accessed by other computers than an internet server, select the 'Identity' tab. Check 'This User' and enter the name and password of the newly created SDK user (e.g. ClSdkUser). Click OK In the tree again, expand the newly created application and highlight 'Components' Right click and choose 'New' – 'Component' On the wizard page...   Click 'Next' Choose 'Install new component(s)' Choose ClSdk.tlb and  ClSdk.dll which are located in <Venice System>\Bin On the following page, all interfaces are listed. Click 'Next', then 'Finish'     Create the Exact C-Logic SDK application proxy   In the tree of the Component Services, select the application 'ClSdk Remote Server' Right click and choose 'Export' In the 'Application Export Wizard'...   Click 'Next' Enter the full path and filename of the proxy (msi-file), preferably '<Venice System>\SDK\ClSdkProxy.msi' Select the 'Application proxy' radio button Click 'Next' (this can take a while) and 'Finish'     Edit and Import registry file   If automatic logon is required, edit 'ClSdkLM.reg' which is located in <Venice System>\SDK and change the user name Import the registry file in the registry by double clicking it     Check NTFS permissions Check in Windows Explorer that the COM+ Identity (LOCAL SERVICE or the ClSdk user) has the following NTFS permissions:   'Read & Execute' rights in C:\Pvsw (the database engine directory) and subdirectories 'Modify' rights in <Venice Root> and its subdirectories     On the client computers       Prepare the Exact C-Logic SDK directory   Create a directory for the Exact C-Logic SDK Copy the content from <Venice System>\SDK on the server to this directory If you exported the application proxy 'ClSdkProxy.msi' to another directory than <Venice System>\SDK on the server in a previous step, do not forget to copy that file too.     Install the application proxy   Start 'Component Services' (DCOMCNFG.EXE) In the tree Expand 'Component Services' - 'Computers' – 'My Computer' Select 'COM+ Applications' Right click and choose 'New' – 'Application' On the wizard page...   Click 'Next' and choose 'Install pre-built application(s)' Locate 'ClSdkProxy.msi', select it and click 'Open' On the 'Select Application Files' page click 'Next' On the 'Application Installation Options' page choose 'Specific directory' Select the local directory (on the client) where 'ClSdkProxy.msi' is located and click 'Next' Click 'Finish' In the tree, under 'COM+ applications', select 'ClSdk Remote Server' Right click and choose 'Properties' On the 'Properties' dialog...   Select the 'Activation' tab Verify that the 'Remote Server Name' is the name of the Venice server Exit the properties dialog     If the client computer is an internet server...   If the server will create Exact C-Logic SDK COM objects from ASP-pages, you must change the anonymous user in IIS (Internet Information Server)'. IIS uses by default the user IUSR_<Computer Name> (e.g. IUSR_INETSERVER) for anonymous access. Since this user is a local user (not a domain user), he cannot access a COM+ application on another server. Therefore, the special DCOM user (e.g. ClSdkUser) must be used for anonymous access on pages creating COM objects. Start 'Computer Management' that can be found under 'Administrative Tools' In the tree, expand 'Services and Applications' - 'Internet Information Server' - 'Web Sites' Create a new web site or a new directory that will contain the ASP-pages that use the Exact C-Logic SDK Right click on the site or directory and choose 'Properties' Select the 'Directory Security' tab Click 'Edit' On the 'Authentication Methods' dialog...   Select 'Anonymous access' Enter the name of the special Exact C-Logic SDK domain user you created in a previous step (e.g. ClSdkUser) and his password Click 'OK'     On the IE clients       Following is important only if 'Anonymous access' is not permitted in the IIS... Start Internet Explorer Choose 'Tools' – 'Internet Options' Select the 'Security' tab Select 'Local intranet' Choose 'Custom Level' Locate 'User Authentication' at the bottom of the tree Select any setting except 'Anonymous logon'
Exact C-Logic Development Kit