Policy-Based Management for Enterprise and Carrier IP Networking

Total Page:16

File Type:pdf, Size:1020Kb

Policy-Based Management for Enterprise and Carrier IP Networking UDC 621.395.74:681.32 Policy-based Management for Enterprise and Carrier IP Networking VTakeo Hamada VPeter Czezowski VTakafumi Chujo (Manuscript received September 15, 2000) Policy-Based Management (PBM) will play a key role as a management technology for end-to-end IP-nized integration of enterprise networks and telecommunication net- works. In this paper, we examine PBM and its requirements for managing the new telecommunication network service environment, and propose a scalable new PBM architecture based on relevant research at Fujitsu Laboratories of America. A new development in PBM, called active policy, is illustrated. We expect that the active policy will bring new insights on the integration of PBM and intelligent agent systems, benefiting service management and customer care in the new network service environment. 1. Introduction ferent views of network design and its operation, The Internet has given rise to explosive resulting in different approaches toward network growth of communication demand. The Internet management. Predictable dominance of the In- traffic doubling period of 90 days, also known as ternet in the data traffic and network service Gilder’s law,1) is a clear indication of its huge im- spheres, however, has put the two paradigms in a pact on our society for years to come. In last 5 collision course, and it seems clear that a new years, a new generation of equipment vendors and network management paradigm must be born out carriers has emerged, responding to insatiable of this cultural collision. We at Fujitsu Laborato- bandwidth demand of the Internet users. The ries of America have been engaged in research to Internet has brought a new paradigm of commu- bring forth the vision of the new network man- nication and networked services, and it has also agement paradigm into reality. In particular, we brought a set of new IP-based technologies, new believe that Policy-Based Management (PBM) is technical standards, and new business styles. at the center of this new paradigm. Telecommunication is, in contrast to the In- ternet, a much more mature technology. Since 2. Network management for the new Graham Bell’s invention in 1876, the basic ser- network service paradigm vice paradigm of PSTN (Public Switch Telephone Encounter between the two paradigms has Network) has changed little: a network optimized been one of the driving forces behind several im- for human voice communication. Over the long portant technical developments in late 1990s; years, the telecommunication has served as one Voice over IP, and NGN (Next Generation Net- of the most important pieces of social infrastruc- work), to name a few. The same is true for network ture, responding to the high demand on its management, whose aim is to achieve high reli- reliability and universal availability. ability and accountability of network operations The two network paradigms are based on dif- and services through the use of NMS (Network 128 FUJITSU Sci. Tech. J.,36,2,pp.128-139(December 2000) T. Hamada et al.: Policy-based Management for Enterprise and Carrier IP Networking Management System). In the early stages of the Task Force) standards, along with the telecommu- Internet, there was fairly clear separation between nication management framework, notably TMN the Internet and the telecommunication, both in (Telecommunication Management Network) stan- terms of technologies and management responsi- dards from ITU-T. The challenge of the new bilities. The majority of traffic was still voice, and paradigm is to cast the two existing management the telecommunication network provided WAN in- frameworks into a new, unified framework, capa- frastructure, upon which the Internet was built ble of end-to-end management of both data and as an overlay. multimedia traffic. With the growth of the Internet, the volume of data traffic surpassed that of voice traffic, and 3. Policy-Based Management it has become common to build an all IP-based Policy-Based Management (PBM) has at- backbone network, which is overlaid directly on tracted significant attention both from the SONET or WDM (Wavelength Division Multiplex- industry and the academic research community ing). The Internet is quickly becoming an essential in recent years, as it has been recognized that PBM public network infrastructure, replacing some of can effectively provide a good means to solve the the roles of the telecommunication network. In puzzle of integrated IP/telecom management. other words, these two networking paradigms – Early works on PBM include Sloman3) and others Internet and telecommunication network – will in early 1990s. Inspired by DEN (Directory En- merge into a new telecommunication infrastructure. abled Network)4) initiative by Cisco and Microsoft, Moridera et al.2) suggests that the future tele- works on PBM followed in IETF Policy WG and communication service environment will look like DMTF, forming a strong technical trend in the IP a virtual network server, which consists of a set of networking community. Although the center of application specific servers running on IP-based PBM activities is in IP networking, PBM can be application protocols interconnected by a high- applied to wide range of control and management speed all optical network. The virtual server issues both in IP networks and telecommunica- provides access to actual servers and service/net- work management support (Figure 1). In this new paradigm, network/service management it- Stream media Virtual server self is a service, provided by a set of specialized E-commerce Publication servers. Though it resembles the Internet, this Application new telecommunication must provide the good server characteristics as found in today’s telecommuni- cation network, i.e. high reliability and universal availability. Photonic core network Virtual Network management is one of the key tech- router nologies needed to fulfill the above requirements. In other words, a new paradigm for network man- agement is also needed, in order to address the Load Edge node Protocol Gateway balancing conversion requirements arising both from the Internet side Access Access Access and the telecommunication side of the new tele- Access server communication infrastructure. In particular, the new network management paradigm will incor- porate the Internet management framework Figure 1 New network service environment. consisting of related IETF (Internet Engineering FUJITSU Sci. Tech. J.,36, 2,(December 2000) 129 T. Hamada et al.: Policy-based Management for Enterprise and Carrier IP Networking tion networks. requests a policy decision made by the PDP. In Figure 2 illustrates the IETF standard PBM IETF, protocols for the standard reference model architecture.5) The figure illustrates realization have been standardized: LDAP (Light-weight Di- of the standard architecture in typical IP man- rectory Access Protocol) for the communication agement environment as offered by Fujitsu between the policy-repository (LDAP server) and SystemWalker. The architecture is designed in PDP, and COPS (Common Open Policy Service) such a way that high-level management knowl- for the communication between PDP and PEP. edge is captured by policy rules, which are stored A major motivation for developing IETF stan- in a policy repository, known also as directory serv- dard PBM has been to give remedy to SNMP er. In general, the policy rules have the following (Simple Network Management Protocol)-based form. management framework, whose usage has been limited primarily to monitoring. In a historical IF policy_activation_codition THEN policy_action perspective, this is a result of rapid deployment and technical maturity of IP network, to which IP The policy activation condition describes the management technology needed time to catch up. condition when the following policy action is to be We think the following technical characteristics activated. For example, monitoring events, which of PBM are particularly noteworthy from the report network state, node state, or traffic type at standpoint of the integrated IP/telecom network ingress router, can trigger a policy action result- management. ing in provisioning of the network resources. Once Built-in network intelligence: through its these policies are defined and deployed at the information model and policy rules, PBM provides policy-server (PDP, Policy-Decision Point), they are richer context for more intelligent operation and further translated and downloaded to correspond- management for increasingly complex IP network ing network devices (PEP, Policy-Enforcement than what is available in IP networks today. In a Point) to put the policies in effect. This interac- crude sense, each policy rule can be seen as a frag- tion between PDP and PEP works in the opposite ment of a distributed intelligent information direction also. For example, a piece of policy is system, of which expert knowledge is solely fo- uploaded from PEP to PDP, so that the PEP cused on IP network operation and management. The above feature has been emphasized as one of the advantages of PBM, in particular in Management applications Policy the original DEN proposal. From our point of view management tool (optional) of the integrated IP/telecom network manage- (LDAP) Policy server Directory Policy ment, we believe that the following three features server(RDB) repository will be important for the future development of (LDAP) Policy decision PBM. Status Dynamic point (PDP) monitoring control Integration of control and management: Access (COPS) the same information
Recommended publications
  • An Adaptive Policy Based Framework for Network Management
    Department of Computing Imperial College London University of London An Adaptive Policy Based Framework for Network Management Leonidas A. Lymberopoulos A thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy in the Faculty of Engineering of the University of London, and for the Diploma of the Imperial College London London, October 2004 Στους γονείς µου, Αντρέα και Γεωργία To my parents, Andreas and Georgia Abstract Policy-based management has emerged as a promising solution for the management of large-scale and heterogeneous networks. This approach has been adopted in several network management areas, such as in the areas of Quality of Service (QoS) and security management. However, although policy-based management has been the subject of considerable research, proposed solutions are often restricted to static condition-action rules where conditions determine when actions should be performed on the managed entities. The static policy configurations require manual intervention to cater for configuration changes and to enable policy deployment. However, changes in the system such as QoS violations, network failures or denial of service attacks in a secured network may require adaptation of existing policies to new circumstances. Thus, policies themselves need to be managed and adapted. Policies define management strategies for network devices, access control systems or internet services. However, little work has been done on validating whether the policies will lead to a feasible implementation for the specific environment to which they apply. Validation requires checking that the policy is consistent with the functional or resource constraints within the target environment. For example, one can check whether the policies assume functionality or specific operations, which do not exist in target devices, or bandwidth in excess of the capacity of data links.
    [Show full text]
  • Architecture of Network Management Tools for Heterogeneous System
    (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 3, 2009 Architecture of Network Management Tools for Heterogeneous System Rosilah Hassan, Rozilawati Razali, Shima Mohseni, Ola Mohamad and Zahian Ismail Department of Computer Science, Faculty of Information Science and Technology Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia . Human: where human manager defines the policy and organization approaches. Abstract— Managing heterogeneous network systems is Methodology: defines the architectural a difficult task because each of these networks has its own curious management system. These networks framework and the functions to be usually are constructed on independent management performed. protocols which are not compatible with each other. Instrumentation: the actual operational This results in the coexistence of many management aspects that establish the procedures, systems with different managing functions and services methods and algorithms for data collection, across enterprises. Incompatibility of different processing and reporting, and analysis of management systems makes management of whole problems, their repair, prediction or system a very complex and often complicated job. forecasting of service levels and probable Ideally, it is necessary to implement centralized meta- level management across distributed heterogeneous improvements to enhance performance. systems and their underlying supporting network systems where the information flow and guidance is S&NM aims to provide network
    [Show full text]
  • Monitoring Windows with Powershell
    Monitoring Windows Systems with PowerShell SL1 version 8.14.0 Table of Contents Introduction 4 Monitoring Windows Devices in the ScienceLogic Platform 5 What is SNMP? 5 What is PowerShell? 5 PowerPacks 6 Configuring Windows Systems for Monitoring with SNMP 7 Configuring SNMP for Windows Server 2016 and Windows Server 2012 8 Configuring Ping Responses 8 Installing the SNMP Service 9 Configuring the SNMP Service 14 Configuring the Firewall to Allow SNMP Requests 19 Configuring Device Classes for Windows Server 2016 and Windows 10 19 Manually Align the Device Class 20 Edit the Registry Key 20 Configuring SNMP for Windows Server 2008 21 Configuring Ping Responses 21 Installing the SNMP Service 22 Configuring the SNMP Service 25 Configuring the Firewall to Allow SNMP Requests 30 Configuring Windows Servers for Monitoring with PowerShell 31 Prerequisites 32 Configuring PowerShell 32 Step 1: Configuring the User Account for the ScienceLogic Platform 33 Option 1: Creating an Active Directory Account with Administrator Access 33 Option 2: Creating a Local User Account with Administrator Access 34 Option 3: Creating a Non-Administrator User Account 34 Optional: Configuring the User Account for Remote PowerShell Access to Microsoft Exchange Server 36 Optional: Configuring the User Account for Remote PowerShell Access to Hyper-V Servers 36 Creating a User Group and Adding a User in Active Directory 36 Setting the Session Configuration Parameters and Group Permissions 37 Creating a PowerShell Credential 38 Optional: Configuring the User Account for
    [Show full text]
  • Network Management
    Chapter 12: Network Management Jian Ren and Tongtong Li, Michigan State University Introduction 2 Network Scanners . 25 OSI Network Management Model . .3 Packet Filters . 26 Network Management Layers . .4 Wireless Network Management 26 ISO Network Management Functions 6 Cellular Networks . 27 Configuration Management . .6 Location Management for Cellular Fault Management . .6 Networks . 28 Security Management . .7 Accounting Management . .7 Policy-based Network Management 29 What Is a Policy? . 30 Performance Management . .7 Benefits of PBNM . 31 Network Management Protocols 7 Architecture of a PBNM System . 31 SNMP/SNMPv1 . .8 Conclusion 32 SNMPv2 . 13 SNMPv3 . 15 Glossary 33 Remote Network Monitoring (RMON) 23 Acknowledgements 34 Network Management Tools 24 Network Monitors . 25 Acronyms 37 Abstract: The continuous growth in scale and diversity of computer networks and network components has made network management one of the most challenging issues facing network administrators. It has become impossible to carry out network management functions without the support of automated tools and applications. In this chapter, the major network management issues, including network management requirements, functions, techniques, security, some well- known network management protocols and tools, will be discussed. Location management for the wireless cellular networks will also be briefly described. Finally, policy-based network management, which is a promising direction for the next generation of network management, will be briefly described. Keywords:
    [Show full text]
  • System Management Architecture for Server Hardware Whitepaper 31 Version 2.0.0 32 Publication Date: 2007-08-25 33 DSP2001 34 Status: Informational
    1 2 3 System Management Architecture for Server Hardware White Paper 4 5 Version 2.0.0 6 Status: Informational 7 Publication Date: 2007-08-25 8 DSP2001 9 Copyright © 2007 Distributed Management Task Force, Inc. (DMTF). All rights reserved. 10 DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems 11 management and interoperability. Members and non-members may reproduce DMTF specifications and documents 12 for uses consistent with this purpose, provided that correct attribution is given. As DMTF specifications may be 13 revised from time to time, the particular version and release date should always be noted. 14 Implementation of certain elements of this standard or proposed standard may be subject to third party patent rights, 15 including provisional patent rights (herein "patent rights"). DMTF makes no representations to users of the standard 16 as to the existence of such rights, and is not responsible to recognize, disclose, or identify any or all such third party 17 patent right, owners or claimants, nor for any incomplete or inaccurate identification or disclosure of such rights, 18 owners or claimants. DMTF shall have no liability to any party, in any manner or circumstance, under any legal 19 theory whatsoever, for failure to recognize, disclose, or identify any such third party patent rights, or for such party’s 20 reliance on the standard or incorporation thereof in its product, protocols or testing procedures. DMTF shall have no 21 liability to any party implementing such standard, whether such implementation is foreseeable or not, nor to any 22 patent owner or claimant, and shall have no liability or responsibility for costs or losses incurred if a standard is 23 withdrawn or modified after publication, and shall be indemnified and held harmless by any party implementing the 24 standard from any and all claims of infringement by a patent owner for such implementations.
    [Show full text]
  • Network Management Network Management
    You are at: ALA.org » PLA » Professional Tools » PLA Tech Notes » Network Management Network Management By Richard W. Boss Many libraries began automating in the 1970s; however, it was not until the early 1990s that there was an explosion in the deployment of networks. Initially, the networks were limited to staff workstations and patron access catalogs accessing an integrated library system, but with the growth of the Internet, including remote access to library servers from outside libraries and access out from libraries to electronic resources, the management of networks became quite complex. While library staff and patrons will usually report network problems after they occur, a library should seek to identify potential problems before they affect users on the network. Network management software does that not only by sending out reactive alerts as soon as a problem has been detected, but also by providing warnings about potential network problems before they affect staff and patrons. Network Management Software Components There are five components of network management. The first four--which deal with performance, faults, accounting, and configuration issues--can often be purchased as part of a bundled suite of products. The fifth--security management--usually is not bundled with the others. Performance management has as its objective the measurement of various aspects of network performance so that performance can be maintained at a planned level. The measures may include network throughput, user response times, and line utilization. It is not only necessary to measure, but to analyze the measurements to determine normal or baseline levels so that remedial action may be taken when performance is not acceptable.
    [Show full text]
  • Network Management: State of the Art
    Network Management: State of the Art Raouf Boutaba and Jin Xiao Department of Computer Science University of Waterloo, CANADA Email: {rboutaba.j2xiao}@bbcr.uwaterloo.ca Abstract: This paper examines the state-of-the-art enabling technologies for network management, including policy-based network management, distributed object computing, Web-based network management, Java-based network management, code mobility, intelligent agents, active networks, and economic theories. For each of them, we discuss the underlying concept, analyze the benefits and drawbacks, and discuss the applicability to network management. In doing so, we illustrate the common trend in network management design: moving towards distributed intelligence. 1 INTRODUCTION Nearly a decade ago, the classic agent-manager centralized paradigm was the pervasive network management architecture, exemplified in the OS! reference model, the Simple Network Management Protocol (SNMP) management framework, and the Telecommunications Management Network (TMN) management framework [15]. With the increasing size, management complexity, and service requirement of today's networks, such management paradigm is no longer adequate, and should be replaced with distributed management paradigms. This trend is clearly discussed in [29]. With the myriads of enabling technologies surfaced in the last few years, all of which offering various degrees of network management distribution and benefits, it is unclear what, when, and where are these technologies most applicable? And what would the future of network management be? By examining these state-of-the-art enabling technologies, this paper attempts to shed some light on their benefits, drawbacks, and postulate on their future prospects in network management. Despite their diversity, the paper will illustrate a recurring trend in their design concept: pushing towards distributed intelligence.
    [Show full text]
  • Storage Network Management Cummings I–X 001–105 3/2/04 12:55 PM Page I
    SNIA TECHNICAL T UTORIAL Storage Network Management Cummings_i–x_001–105 3/2/04 12:55 PM Page i SNIA TECHNICAL T UTORIAL Storage Network Management Cummings_i–x_001–105 3/2/04 12:55 PM Page ii The SNIA Technical Tutorial booklet series provides introductions to storage technology topics for users of storage networks. The content is prepared by teams of SNIA technical experts and is open to review by the entire SNIA membership. Each booklet corresponds with tutorials delivered by instructors at Storage Networking World and other conferences. To learn more about SNIA Technical Tutorials, email [email protected]. Cummings_i–x_001–105 3/2/04 12:55 PM Page iii SNIA TECHNICAL T UTORIAL Storage Network Management Roger Cummings SAN Technologist, VERITAS Software Cummings_i–x_001–105 3/2/04 12:55 PM Page iv Copyright © 2004 Storage Networking Industry Association (SNIA). All rights reserved. The SNIA logo is a trademark of SNIA. This publication—photography, illustration, and text—is protected by copyright and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recordings, or likewise. To obtain permission(s) to use material from this work, please submit a written request to SNIA, Permissions Department, 301 Rockrimmon Blvd, South, Colorado Springs, CO 80919. For information regarding permissions, call (719) 884-8903. Photography, illustration, and text incorporated into SNIA printed publications are copy- right protected by SNIA or other owners and/or representatives. Downloading, screen cap- turing or copying these items in any manner for any use other than personally viewing the original document in its entirety is prohibited.
    [Show full text]
  • Design of a WBEM-Based Management System for Ubiquitous Computing Servers
    Design of a WBEM-based Management System for Ubiquitous Computing Servers So-Jung Lee1, Mi-Jung Choi1, Sun-Mi Yoo1, James W. Hong1 Hee-Nam Cho2, Chang-Won Ahn2, Sung-In Jung2 1Dept. of Computer Science and Engineering, POSTECH 2Digital Home Research Division, ETRI {annie, mjchoi, sunny81, jwkhong}@postech.ac.kr, {hncho, ahn, sijung}@etri.re.kr Abstract As the Internet evolves and wireless network technologies develop, people’s need to get a network service at anytime from anywhere is growing, and the age of ubiquitous computing is coming in earnest. A ubiquitous computing server receives and processes lots of information from various sensors in a ubiquitous computing environment and plays a role in providing various useful services. In this paper, we analyze the requirements for managing the ubiquitous computing servers based on WBEM technologies which are being standardized in DMTF. We present the design of our management system, which satisfies the requirements. We also examine and compare available WBEM implementations by performing benchmarking testing. Based on the benchmarking results, we present our choice of WBEM implementation, which is being used for implementing our ubiquitous computing server management system. 1. Introduction As the Internet continues to grow and the wired/wireless network evolves, users want to get various services at anytime and anywhere by connecting to the network. The idea used to realize this service is ubiquitous computing. Ubiquitous computing is a new paradigm for distributed interactive systems, which moves computers into the background of people's attention while using them to support their activities and interactions in the workplace and beyond.
    [Show full text]
  • Using WMI to Enhance Network Visibility and Streamline Operational Management
    Using WMI to Enhance Network Visibility and Streamline Operational Management Solution Brief CONTENTS TABLE OF CONTENTS 1. Introduction 4 2. Windows Management Instrumentation (WMI) Technology Explained 4 3. Five Reasons To Integrate Antimalware Security With Network Audit And Systems Management 5 4. Bitdefender’s Network Auditing Explained 7 5. Collecting Network Auditing Data 8 6. Bitdefender’s Network Tasks Explained 13 7. Conclusions 20 Appendix: Description Of Network Task Templates 21 2 SOLUTION BRIEF ON USING WMI 1. INTRODUCTION Many IT departments are expected to maintain business operations effectively, but often with limited resources, leaving little time to implement proactive processes and procedures to minimize their exposure to threats. Small and Medium Businesses (SMB’s) are even further restricted by strict budget requirements and IT tasks are often fulfilled by someone in a dual role with little in-depth knowledge. With so many business and IT requirements to be met, overstretched IT staff find it hard to implement and maintain both security solutions and manage the network. The solution to this problem is to assist IT staff in simplifying and automating repetitive manual tasks, helping to improve the overall security of the network and aid in compliance reporting. As a company grows, the addition of new employees, systems, and office applications also increases the complexity of an organization’s network. The addition of each new desktop, laptop or server must be managed by existing IT staff, reducing the ability to maintain control and complicates efforts to visualize what is really happening in the network. To be proactive, and to work smarter, IT departments must ensure they have simple and effective tools that can help automate repetitive and manual IT tasks, in addition to providing better visibility of the devices and applications needed to maintain their business.
    [Show full text]
  • Dell Command | Monitor Version 9.1.1 User's Guide Notes, Cautions, and Warnings
    Dell Command | Monitor Version 9.1.1 User's Guide Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2008 - 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. 2016 - 04 Rev. A00 Contents 1 Introduction........................................................................................................... 5 Dell Command | Monitor overview...................................................................................................... 5 Dell Command | Monitor architecture................................................................................................. 6 What's new in this release.....................................................................................................................6 Features..................................................................................................................................................7 CIM 2.17 schema support................................................................................................................7
    [Show full text]