What is DCOM?

DCOM is different from COM in that it allows for creating objects distributed around  a network, and a protocol for invoking that object's methods, & secures the access to the object. The DCOM provides a wrapper around the COM, so it is a backward compatible extension. The DCOM uses Remote Procedural Calls (RPC) using Open Software Foundation's Distributed Computing Environment.

These RPC are implemented on  TCP/IP and named pipes. The protocol which are actually  used are  registered just before to use, as opposed to being registered at the initialization time. The main  reason for this is that if a protocol is not being used, it can't  be loaded.

In order to inform an object that the client is still not dead, periodic pinging is used. Therefore, when the client has died and no ping has been received (to refresh it) before the expired  time, the server object will perform some clean up tasks (including decrementing its reference count).

As  RPC across a network are typically slow (compared to same machine processes residing ), DCOM sends multiple requests in the same call. For e.g., in COM, the program performs a QueryInterface, that is one interface at a time. In DCOM, multiple QueryInterfaces are all clustered into one call.

This clustering optimization trick is also used when creating an instance of the object and serializing it with the data.As these two operations usually occur together, the DCOM allows one method which will perform both operations in one call without waiting for an acknowledgment from the first task before performing the second one.

Similarly, when a client pings its server object, he can do it in one call.  If there are multiple clients sending pings to multiple servers, then an optimization is made where the multiple pings going to the same object are consolidated into just one ping. This is to cut down on the use of bandwidth used only for pinging.

The client has the control to set the computer that will be responsible for the lifetime of the object. this means, these objects are not created just somewhere  the system resources and access privileges allow for it.

Call security is implemented in all 4  ways: authentication (to prevent false clients from impersonating the true client), authorisation (to insure that the  client only does what it is authorized to do), data integrity (to insure that data was not tampered with it during transit) and data privacy (to insure that only designated sources can read it). The security issues are handled as they are on the operating systems. The client gives the server various access privileges to access memory or disk space.