1.3 Overview

  • Article

The Windows Management Instrumentation (WMI) Remote Protocol is used to communicate management data conforming to Common Information Model (CIM), as specified in [DMTF-DSP0004]. The Windows Management Instrumentation Remote Protocol uses CIM as the conceptual model for representing enterprise management information that can be managed by an administrator. However WMI is not fully compliant with [DMTF-DSP0004]. The exceptions are documented where applicable in the WMI Remote Protocol.

The Windows Management Instrumentation Remote Protocol is implemented as a three-tier architecture, as illustrated in the following figure.

Windows Management Instrumentation Remote Protocol architecture

Figure 1: Windows Management Instrumentation Remote Protocol architecture

At layer 3, the Providers are designed to interact locally with WMI Management Data Sources. Providers implement abstract interface as specified in section 3.1.4.17. Windows Management Instrumentation Remote Protocol management data sources are designed to interact locally with manageable entities. Layer 2 supports the core of the Windows Management Instrumentation Remote Protocol service and is called the CIM Object Manager (CIMOM). CIMOM interacts with CIM database for storing or accessing CIM class and CIM instances that are static CIM object; CIM providers for storing or accessing CIM class and CIM instances that are dynamic from the [DMTF-DSP0004]. WMI DCOM Client Interfaces in Layer 1 and WMI DCOM Server Interfaces in Layer 2 implement the Distributed Component Object Model interfaces (as specified in [MS-DCOM]]) that are used by the Windows Management Instrumentation Remote Protocol to communicate over the network between Windows Management Instrumentation Remote Protocol clients and servers. This layer is the only layer that communicates over the network. Network communication is achieved by using the Distributed Component Object Model (DCOM) Remote Protocol and a set of Windows Management Instrumentation Remote Protocol DCOM interfaces, as specified in section 3.1.4.

Clients can be local or remote from the server

Figure 2: Clients can be local or remote from the server

Windows Management Instrumentation Remote Protocol clients can be local or remote from the server, as illustrated in the preceding figure. In either case, the same set of Windows Management Instrumentation Remote Protocol interfaces is used.

The communication works the same way between clients and server; all interactions between clients and server are made through the DCOM Remote Protocol locally or remotely. Therefore, clients are always acting in a message submission mode through the DCOM Remote Protocol to leverage the Windows Management Instrumentation Remote Protocol interfaces that are implemented on the server side.

The client can call the server in one of the following ways:

  • Synchronous calls

  • Semisynchronous calls

  • Asynchronous calls

The server APIs for synchronous and semisynchronous APIs are the same, but the call is executed synchronously if the flags do not contain WBEM_FLAG_RETURN_IMMEDIATELY. If the flag WBEM_FLAG_RETURN_IMMEDIATELY is specified, the call is executed semisynchronously. Examples of such APIs include IWbemServices::GetObject (section 3.1.4.3.4), IWbemServices::PutClass (section 3.1.4.3.6), and so on.

The IWbemServices methods that end with Async are asynchronous counterparts for their synchronous APIs. Example of async APIs are IWbemServices::GetObjectAsync (section 3.1.4.3.5), IWbemServices::PutClassAsync (section 3.1.4.3.7), and so on

The management information that is exchanged between clients and server (and server and clients) is transmitted over the network by the Windows Management Instrumentation Remote Protocol as a custom-marshaled payload, as specified in [MS-DCOM] section 2.2.18.6.

The Windows Management Instrumentation Remote Protocol serializes the management information that is transmitted, as specified in [MS-WMIO]. Before reading this Windows Management Instrumentation Remote Protocol document, acquire a working knowledge of the concepts, structures, and communication protocols as specified in [MS-DCOM], [DMTF-DSP0004], and [MS-WMIO]. Namespace security is controlled by using security descriptors, as specified in [MS-DTYP].