The most notable application of FEI involved the processing and delivery
of images for the Mars Pathfinder Mission. Using event-driven file transfers,
FEI delivered images to the Fight Mission Team at near real-time speeds;
about 3 seconds for some applications. It was also used to distribute images
and data to Web sites for immediate viewing by the press and the public.
The immediacy of file delivery by a small team at JPL was part of the mission's
dramatic impact.
This document offers an overview of the product and covers the following
topics:
FEI file manipulation functions include get, add, replace,
delete, and rename. File locking is incorporated into the system so a client
can't get a file while it's being added, replaced or deleted and a file
can't be replaced or deleted while another client is getting the file.
Files can be transferred by supplying individual file names or by using
regular expressions in file names to transfer a set of files. For example,
to get all the files whose names begin with "file", the regular expression
"file*" is supplied. A date and time can also be supplied to get files
since a particular time. This is useful to transfer only newly arrived
files.
Subscribing to a file type registers an application
to receive newly added or replaced files of that type. For example, if
we were subscribing to the "Mars Pathfinder Rover Image" file type, each
time an image was received from the Rover, all subscribers immediately
get a copy of it. Client applications can automatically store, process
or display the files as they arrive.
If a subscription session fails because of client, server or network problems,
the "restart" parameter can be included when the processes is restarted.
The subscription session then synchronizes the subscription stream so all
files in the stream of delivered to the client, include the files entered
into the system while the client was unable to receive new files.
FEI uses Kerberos security servers to authenticate users
when connecting to server. Access control lists are used to define a user's
ability to access files of a particular type.
Optionally, a capability.
This limits access to newly arrived files. The release date can be updated
by the FEI administrator to make newer files available over time.
Database Support
>Each FEI domain is supported by a database management
system. FEI configuration parameters, access control lists and file information
are stored in the database. Management of the system is handled by standard
SQL statements. Also, meta-data about files in the system can be related
to information about files stored in the FEI tables. In this way, a client
can query for a set of files based on complex query criteria, not just
file name.
Data Integrity
Actions on files are atomic; they execute completely
or not at all. They are also isolated; the transaction executes
as if it we running alone, with no other transactions. This prevents a
client from reading a file while it's still being written, and prevents
an update or deletion of a file that is being read.
Performance & Scalability
Both FEI servers and clients are multithreaded. This
means that a program can do other things while files are being transferred.
File actions are queued to the system. The result of a transaction can
be examined after other useful work is performed by a client application.
Also, since threads are used in the server, new processes are not started
to service each client. This speeds transactions.
FEI servers can take advantage of multiple CPU within a machine to speed
processing.
Load Balancing
Because files are organized by file types that are location-transparent,
different file types can be placed on different machines at any time to
balance the systems load. Client applications are unaware of the physical
location of processing for any particular type of file.
Processing Streams
Processing steps carried out by different client applications
can be linked into processing streams. Each client subscribes to the type
of file added to the system by the last client process. At any step, users
can subscribe to a generated product in the stream. Using subscriptions
"restart" capability, components of the stream can be stopped and restarted
without effecting the processing streams state. FEI comes with a framework
of classes to implement this type of processing. Application programmers
use the framework to create particular processing steps.
Documentation
FEI is documented in a set of HTML pages covering such
topics as system overview, installation, using command line utilities,
and building applications with the C++ API - including working example
code
Architecture
FEI uses a client/server architecture. The server environment
is called an FEI domain, and it includes three types of servers:
-
One or more FEI servers that manage files within the domain and
transmit files to and from client applications.
-
A database management system that handles the persistent data used
by the FEI domain. Currently we support Sybase's RDBMS, but the FEI server
design is modular so another relational or object-oriented database could
be used.
-
A Kerberos security server used for client authentication. (Actually
there are two Kerberos servers, a ticket granting server and an authentication
server; but, for the purpose of this discussion, we lump the two together
and refer to a Kerberos security server.)
Client applications communicate with FEI servers over a TCP/IP network
through the FEI Application Program Interface or API written in
C++. We use the API to create a set of standard command line applications
that communicate with FEI servers. The API comes with a set of documentation
and example programs so that it can be used to integrate FEI services into
other applications.
A Java interfaces is also planned. The focus here is building GUI applications
that have FEI services as a component. We expect this interface to be available
by the end of 1998.
The diagram below shows the components of an FEI server domain with
a client application connected to it. FEI components are red, client components
blue, database management system components orange and security components
green.
For simplicity, the diagram shows a single FEI server. However, an FEI
domain can have several servers, each managing a different set of file
types. Since client access to servers is address-transparent, the domain
has a unified logical appearance.
The domain's database contains FEI configuration information, user access
control lists, and file information. The database can also be used directly
by client applications to access meta-data about files. Project meta-data
and FEI file information can be related within the database by joining
tables.
Here is an outline of the typical set of events that comprise an FEI
session.
-
A Kerberos ticket is obtained from the Kerberos server using an independent
utility called feiInit. (For those people who have worked in a Kerberized
environment before, feiInit is actually a renamed copy of the Kerberos
utility kinit. We use our own copy because systems often contain
multiple copies of this utility and we want to make sure the correct version
is used with FEI.)
Once you have a Kerberos ticket, you can make any number
of connections to FEI without further authentication efforts. (Kerberos
tickets have an expiration time. After that time you need to get a new
ticket. However there are options that can be used by applications that
must be started automatically over a long time period.)
-
Once you have a Kerberos ticket, a client application makes a connection
to an FEI file type.
-
Both the FEI client API and the target FEI server access the Kerberos server
to authenticate the connection.
-
The FEI Domain File local to the client application is used to make
the connection. The file contains the information that maps file type names
to server connection information.
-
Once connected, the FEI server used the authenticated name and the supplied
file type to determine the clients access capabilities and the location
of files of that type.
All of the steps above occur very quickly and are accomplished with
a single connection command in the API.
-
The client is able to issue file transfer or file manipulation commands.
FEI connections are often long-term, lasting weeks or months. Once authenticated
and connected, the client continues to access the file type until a disconnect
is issued or until a system failure. (After a system failure, a client
can automatically restart and continue. This is true for subscriptions
as well. The "restart" options supplied to the subscription command resynchronized
the event driven stream that delivers files of a given type.)
-
The client can use a direct database connection to query for file names
based user specified search criteria. The list of files returned is then
supplied to FEI to get the files.
-
Both the client and the FEI server are multithreaded. Thread management
complexity is hidden on the client side, so developers to not have to concern
themselves with it.
An Example Application
An Automated Remote Sending Example
This example shows two cooperating sites using FEI.
In the following diagram, the "blue" site collects and processes remote
sensing data of the earth. Images are created and stored in FEI. Image
data is deposited in a database management system. At the "pink" site,
located in Japan, images are selected based on an area of interest, represented
by a database query over a geographic region. The image processing at this
site entails comparing newly arrived images with a historical archive.
This hypothetical application produces a spectral histogram from the new
image an compares it with information from the historical database. If
significant changes are found, the new image is sent to a government agency
for review. The change may indicate a potential change in the agricultural
output for a region. Since acting on this type of information may have
economic consequences, the images are transferred in an encrypted state.
Here's how FEI is used in such a system.
-
Packets received from a satellite are added to FEI, the gray server in
the upper diagram.
-
A demon process associated with the file type used to add the file is executed
automatically when an image arrives. This produces the image that is then
saved as a different file type in FEI. As part of the image processing
procedure, a record is added to a database table. The record contains the
name of the image file along with coordinates of it's covering geographic
area.
-
The Batch Exchange processing the the lower diagram, subscribes
to the image file type using a special form of subscription called live
list. This mode does not send the image, but only the file name for
the image. The Batch Exchange process uses the name to query the "blue"
site's database. If the image falls within an area of interest, the Batch
Exchange process gets the image and adds it to its own FEI server.
-
The demon process at the "pink" site, automatically makes the image comparison
described above using its historical database.
-
If it finds significant changes in the area of coverage, it sends the image
on to a subscribing government agency where the image is given a closer
look. The image is encrypted automatically encrypted during this transfer.
(The request to encrypt a file is a subscriber option.) Sending the image
on to the government agency does require that the image be stored in FEI
again, so a special type of subscription called conference is used.
This routes the image without saving a copy of it. (It's called conference
because it was originally intended for sharing images among users who where
in a distributed conference setting.)
This example shows several types of subscription in use to fully automate
a flow of data between two sites. The flow of data includes data processing,
data storage and the use of coordinated database information to solve a
problem.
A Space Flight Mission Example
This example shows a distributed image processing example
typical of the configurations used by Space Flight Missions, although simplified
to make the example manageable.
Here we have three sites, "blue" in the United States, "pink" in Japan,
and "green" somewhere in the world.
The "blue" site performs the following tasks:
-
Data packets are received from NASA's Deep Space Network and added to an
FEI server. These raw files are immediately shared with a subscribing site
in Japan, and are also acted upon by a demon process associated with the
file type used by the adder.
-
The demon produces a Level 1 product and adds it back into FEI using a
different server. Two servers are used to balance the load between near
real-time processing and science team access.
-
A copy of of the Level 1 file is sent to the FEI server in Japan. (Peer-to-peer
exchange if a feature of FEI Version 3 due late in 1998.)
The Japanese site is responsible for products for a
particular instrument. (The diagram shows only one processing stream, but
we could imagine that several would be in place, each being delivered to
its own remote location using subscription.
The Japanese site processes instrument data and makes it available to science
team members through direct subscription and to the world in general though
further processing adds meta-data to a database and to a Web server,
or a collection of Web servers.
The rest of the world accesses data from the Web sites.
Looking at the over all process flow we can make another few points:
-
All of the flow uses event driver subscription connections. Initially adding
a file, will cause that file to flow through the entire system.
-
Since a single mechanism, subscription, is used, we have a sense of confidence
in the make-up of the system. If subscription works, then the system as
a whole should work.
-
Upon failure of a component, subscription with restart, will resynchronize
the flow of files through the system. While a component is down, the FEI
file systems act as a buffering queue of work that will again begin to
flow once the component is brought back on line.
-
While it's not shown in the diagram, content error conditions can be handled
by this system. That is, if a file is rejected for some reason, a process
can send it to another file type and a demon can be used to send an alert
message. An analyst can then "get" the file from FEI, determine the cause
of the failure, fix it, and "replace" it in FEI at the proper position
using a file type name. The fixed file will then flow through the system
like any other file.
-
This system could be extended to include an archive site. Nothing special
is required. The archive could either subscribe to a file type for finished
products or it could query the instrument database in Japan for the names
of files ready for archiving. This is one example of how an event-driven,
component based system can be extended.
Supported Platforms
FEI software comes in two parts, FEI/server and FEI/client. The current availability of the software is shown in the following table. Further ports will be made based on customer demand.
Platform | Client API Support | FEI Server Domain
|
---|
SUN Solaris 2.6 or later | fully | yes
|
SGI Irix 6.5 | fully | no
|
i686 Red Hat Linux 5.2 or later | fully | no
|
Alpha Digital Unix 4.0 | nearly fully | no
|
Alpha Red Hat Linux 5.2 | partially | no
|
Microsoft Windows NT 4.0/2000 | planned | no
|
- Fully Supported: All of the advertised features are supported, continually tested, and used daily.
- Nearly Fully Supported: Some advertised features still need to be ported (i.e. encryption and crc), and partially tested.
- Partially Supported: Has been ported sometime in the past, but infrequently tested. In general, it will only be built and tested upon project request.
- Planned Support: Pending.
The FEI client package is delivered as a tar file on Unix systems and
as an installation package on Windows NT. Installation is fairly simple.
Our experience shows that it takes about one hour to install an FEI client
and to run an initial end-to-end test of the system. Installations can
be done in stand-alone environments where each machine is given an FEI
client or in a network environment where the resources are shared by a
group of machines.