DOCSLIB.ORG

An Adaptive Policy Based Framework for Network Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Adaptive Policy Based Framework for Network Management Department of Computing Imperial College London University of London An Adaptive Policy Based Framework for Network Management Leonidas A. Lymberopoulos A thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy in the Faculty of Engineering of the University of London, and for the Diploma of the Imperial College London London, October 2004 Στους γονείς µου, Αντρέα και Γεωργία To my parents, Andreas and Georgia Abstract Policy-based management has emerged as a promising solution for the management of large-scale and heterogeneous networks. This approach has been adopted in several network management areas, such as in the areas of Quality of Service (QoS) and security management. However, although policy-based management has been the subject of considerable research, proposed solutions are often restricted to static condition-action rules where conditions determine when actions should be performed on the managed entities. The static policy configurations require manual intervention to cater for configuration changes and to enable policy deployment. However, changes in the system such as QoS violations, network failures or denial of service attacks in a secured network may require adaptation of existing policies to new circumstances. Thus, policies themselves need to be managed and adapted. Policies define management strategies for network devices, access control systems or internet services. However, little work has been done on validating whether the policies will lead to a feasible implementation for the specific environment to which they apply. Validation requires checking that the policy is consistent with the functional or resource constraints within the target environment. For example, one can check whether the policies assume functionality or specific operations, which do not exist in target devices, or bandwidth in excess of the capacity of data links. Where possible, static checking should be done prior to policy deployment in order to detect invalid policies at design time, but there are some policies, related to resource allocation, that depend on the current state of the system, and require constraints, specified within the policy rules themselves, that must be checked dynamically at execution time. This thesis introduces a novel framework to address the problems identified above. Our framework supports automated policy deployment and dynamic adaptation of policy in response to changes within the managed environment. It implements a flexible architecture where policy adaptation is specified and enforced by other policies, specified in the same Ponder policy notation. Policy adaptation includes both dynamically changing policy parameters and selecting which policies should be selected from a set of predefined ones to be enforced within the network. Furthermore, using the Common Information Model (CIM) as the modelling framework for managed entities, we provide solutions for validating policies with respect to the capabilities of the target network environment. 3 Acknowledgements First of all, I would like to thank my supervisor, Professor Morris Sloman for his constant support during my PhD studies. This thesis would certainly not have been completed without him. His technical guidance, helpful critique and belief in me, have been an endless source of motivation and support throughout my studies. I also feel gratitude to Morris for arranging my financial support and for his honest patience and tolerance. I also thank Dr. Emil Lupu for his precious guidance and critical observations. Our edifying discussions have helped me develop several research skills. Many thanks to my colleagues and academics at Imperial, Dr. Naranker Dulay, Dr. Dan Chalmers, Krish Krishnakumar and Arosha Bandara for providing a friendly and productive atmosphere. As for all the other members of Imperial College whom I may have forgotten to mention, thank you. I also thank my friends in London for making me feel at home: my best friend George Stephanopoulos, George Mournos, Yiannis Georgiadis, Nikos Damianou and Tyrone Grandison. Finally, I thank my parents Andreas and Georgia, to whom this thesis is dedicated, for their endless support during my stay in London. They gave me courage and the strength to never give up. I also thank my sister, Anna, and Alexandra for her encouragement and support. The work carried out in this thesis was partly funded by: • The UK Engineering and Physical Sciences Research Council (EPSRC) as part of the PONDS and the PolyNet (GR/R31409/01) research projects. • Cisco Systems as part of the Language Based Policy Specification, Analysis and Deployment for Large-scale Systems (Polyander) Project (http://www- dse.doc.ic.ac.uk/Projects/polyander/) 4 Contents Abstract.............................................................................................................................. 3 Acknowledgements ........................................................................................................... 4 Contents ............................................................................................................................. 5 List of Figures.................................................................................................................... 7 List of Tables ..................................................................................................................... 9 List of Abbreviations ...................................................................................................... 10 Publications ..................................................................................................................... 11 1. Introduction.................................................................................................................12 1.1. Motivation ....................................................................................................... 13 1.2. Requirements................................................................................................... 16 1.3. Contribution..................................................................................................... 16 1.4. Structure .......................................................................................................... 18 2. Background and Related Work................................................................................. 19 2.1 Ponder Policy framework ....................................................................................... 19 2.2 Differentiated Services ........................................................................................... 23 2.2.1 Differentiated Services Architecture............................................................... 24 2.2.2 Management Protocols for Differentiated Services ........................................ 26 2.2.3 Differentiated Services support on Linux ....................................................... 28 2.3 Policy Based Network Management ..................................................................... 30 2.3.1 IETF Policy Workgroup.................................................................................. 30 2.3.2 Commercial Products ...................................................................................... 32 2.3.3 Other network management policy approaches .............................................. 34 2.3.4 Policy based frameworks for other management areas ................................. 38 2.4 Service Level Specification and Service Management .......................................... 40 2.5 QoS Adaptation ...................................................................................................... 43 2.6 Policy Adaptation ................................................................................................... 45 2.7 Policy Validation .................................................................................................... 47 3. Policy Based Configuration of Differentiated Services Networks .......................... 50 3.1 Policy Specification for Differentiated Services .................................................... 50 3.1.1 Policy rules for managing a set of devices...................................................... 53 3.1.2 Policy rules for implementing DiffServ Per Hop Behaviours......................... 54 3.2 Implementation of Policy Enforcement for DiffServ Routers................................ 57 3.3 Usage Example of Policy Enforcement for Linux Routers .................................... 63 3.4 Discussion............................................................................................................... 69 4. Policy Adaptation within the Ponder Framework ................................................... 71 4.1 Run-Time Modification of Policy Parameters........................................................ 72 4.2 Adaptation by Dynamically Selecting and Enabling Policies from a Set of Policies ...................................................................................................................................... 73 5 4.3 Enforcement architecture........................................................................................ 75 4.4 Adaptive Management of Differentiated Services Networks................................. 76 4.5 Implementation of a Prototype Adaptive Management System ............................. 82 4.6 Discussion..............................................................................................................
Load more

Recommended publications
  • Architecture of Network Management Tools for Heterogeneous System
    (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 3, 2009 Architecture of Network Management Tools for Heterogeneous System Rosilah Hassan, Rozilawati Razali, Shima Mohseni, Ola Mohamad and Zahian Ismail Department of Computer Science, Faculty of Information Science and Technology Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia . Human: where human manager defines the policy and organization approaches. Abstract— Managing heterogeneous network systems is Methodology: defines the architectural a difficult task because each of these networks has its own curious management system. These networks framework and the functions to be usually are constructed on independent management performed. protocols which are not compatible with each other. Instrumentation: the actual operational This results in the coexistence of many management aspects that establish the procedures, systems with different managing functions and services methods and algorithms for data collection, across enterprises. Incompatibility of different processing and reporting, and analysis of management systems makes management of whole problems, their repair, prediction or system a very complex and often complicated job. forecasting of service levels and probable Ideally, it is necessary to implement centralized meta- level management across distributed heterogeneous improvements to enhance performance. systems and their underlying supporting network systems where the information flow and guidance is S&NM aims to provide network
    [Show full text]
  • Monitoring Windows with Powershell
    Monitoring Windows Systems with PowerShell SL1 version 8.14.0 Table of Contents Introduction 4 Monitoring Windows Devices in the ScienceLogic Platform 5 What is SNMP? 5 What is PowerShell? 5 PowerPacks 6 Configuring Windows Systems for Monitoring with SNMP 7 Configuring SNMP for Windows Server 2016 and Windows Server 2012 8 Configuring Ping Responses 8 Installing the SNMP Service 9 Configuring the SNMP Service 14 Configuring the Firewall to Allow SNMP Requests 19 Configuring Device Classes for Windows Server 2016 and Windows 10 19 Manually Align the Device Class 20 Edit the Registry Key 20 Configuring SNMP for Windows Server 2008 21 Configuring Ping Responses 21 Installing the SNMP Service 22 Configuring the SNMP Service 25 Configuring the Firewall to Allow SNMP Requests 30 Configuring Windows Servers for Monitoring with PowerShell 31 Prerequisites 32 Configuring PowerShell 32 Step 1: Configuring the User Account for the ScienceLogic Platform 33 Option 1: Creating an Active Directory Account with Administrator Access 33 Option 2: Creating a Local User Account with Administrator Access 34 Option 3: Creating a Non-Administrator User Account 34 Optional: Configuring the User Account for Remote PowerShell Access to Microsoft Exchange Server 36 Optional: Configuring the User Account for Remote PowerShell Access to Hyper-V Servers 36 Creating a User Group and Adding a User in Active Directory 36 Setting the Session Configuration Parameters and Group Permissions 37 Creating a PowerShell Credential 38 Optional: Configuring the User Account for
    [Show full text]
  • Network Management
    Chapter 12: Network Management Jian Ren and Tongtong Li, Michigan State University Introduction 2 Network Scanners . 25 OSI Network Management Model . .3 Packet Filters . 26 Network Management Layers . .4 Wireless Network Management 26 ISO Network Management Functions 6 Cellular Networks . 27 Configuration Management . .6 Location Management for Cellular Fault Management . .6 Networks . 28 Security Management . .7 Accounting Management . .7 Policy-based Network Management 29 What Is a Policy? . 30 Performance Management . .7 Benefits of PBNM . 31 Network Management Protocols 7 Architecture of a PBNM System . 31 SNMP/SNMPv1 . .8 Conclusion 32 SNMPv2 . 13 SNMPv3 . 15 Glossary 33 Remote Network Monitoring (RMON) 23 Acknowledgements 34 Network Management Tools 24 Network Monitors . 25 Acronyms 37 Abstract: The continuous growth in scale and diversity of computer networks and network components has made network management one of the most challenging issues facing network administrators. It has become impossible to carry out network management functions without the support of automated tools and applications. In this chapter, the major network management issues, including network management requirements, functions, techniques, security, some well- known network management protocols and tools, will be discussed. Location management for the wireless cellular networks will also be briefly described. Finally, policy-based network management, which is a promising direction for the next generation of network management, will be briefly described. Keywords:
    [Show full text]
  • System Management Architecture for Server Hardware Whitepaper 31 Version 2.0.0 32 Publication Date: 2007-08-25 33 DSP2001 34 Status: Informational
    1 2 3 System Management Architecture for Server Hardware White Paper 4 5 Version 2.0.0 6 Status: Informational 7 Publication Date: 2007-08-25 8 DSP2001 9 Copyright © 2007 Distributed Management Task Force, Inc. (DMTF). All rights reserved. 10 DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems 11 management and interoperability. Members and non-members may reproduce DMTF specifications and documents 12 for uses consistent with this purpose, provided that correct attribution is given. As DMTF specifications may be 13 revised from time to time, the particular version and release date should always be noted. 14 Implementation of certain elements of this standard or proposed standard may be subject to third party patent rights, 15 including provisional patent rights (herein "patent rights"). DMTF makes no representations to users of the standard 16 as to the existence of such rights, and is not responsible to recognize, disclose, or identify any or all such third party 17 patent right, owners or claimants, nor for any incomplete or inaccurate identification or disclosure of such rights, 18 owners or claimants. DMTF shall have no liability to any party, in any manner or circumstance, under any legal 19 theory whatsoever, for failure to recognize, disclose, or identify any such third party patent rights, or for such party’s 20 reliance on the standard or incorporation thereof in its product, protocols or testing procedures. DMTF shall have no 21 liability to any party implementing such standard, whether such implementation is foreseeable or not, nor to any 22 patent owner or claimant, and shall have no liability or responsibility for costs or losses incurred if a standard is 23 withdrawn or modified after publication, and shall be indemnified and held harmless by any party implementing the 24 standard from any and all claims of infringement by a patent owner for such implementations.
    [Show full text]
  • Network Management Network Management
    You are at: ALA.org » PLA » Professional Tools » PLA Tech Notes » Network Management Network Management By Richard W. Boss Many libraries began automating in the 1970s; however, it was not until the early 1990s that there was an explosion in the deployment of networks. Initially, the networks were limited to staff workstations and patron access catalogs accessing an integrated library system, but with the growth of the Internet, including remote access to library servers from outside libraries and access out from libraries to electronic resources, the management of networks became quite complex. While library staff and patrons will usually report network problems after they occur, a library should seek to identify potential problems before they affect users on the network. Network management software does that not only by sending out reactive alerts as soon as a problem has been detected, but also by providing warnings about potential network problems before they affect staff and patrons. Network Management Software Components There are five components of network management. The first four--which deal with performance, faults, accounting, and configuration issues--can often be purchased as part of a bundled suite of products. The fifth--security management--usually is not bundled with the others. Performance management has as its objective the measurement of various aspects of network performance so that performance can be maintained at a planned level. The measures may include network throughput, user response times, and line utilization. It is not only necessary to measure, but to analyze the measurements to determine normal or baseline levels so that remedial action may be taken when performance is not acceptable.
    [Show full text]
  • Network Management: State of the Art
    Network Management: State of the Art Raouf Boutaba and Jin Xiao Department of Computer Science University of Waterloo, CANADA Email: {rboutaba.j2xiao}@bbcr.uwaterloo.ca Abstract: This paper examines the state-of-the-art enabling technologies for network management, including policy-based network management, distributed object computing, Web-based network management, Java-based network management, code mobility, intelligent agents, active networks, and economic theories. For each of them, we discuss the underlying concept, analyze the benefits and drawbacks, and discuss the applicability to network management. In doing so, we illustrate the common trend in network management design: moving towards distributed intelligence. 1 INTRODUCTION Nearly a decade ago, the classic agent-manager centralized paradigm was the pervasive network management architecture, exemplified in the OS! reference model, the Simple Network Management Protocol (SNMP) management framework, and the Telecommunications Management Network (TMN) management framework [15]. With the increasing size, management complexity, and service requirement of today's networks, such management paradigm is no longer adequate, and should be replaced with distributed management paradigms. This trend is clearly discussed in [29]. With the myriads of enabling technologies surfaced in the last few years, all of which offering various degrees of network management distribution and benefits, it is unclear what, when, and where are these technologies most applicable? And what would the future of network management be? By examining these state-of-the-art enabling technologies, this paper attempts to shed some light on their benefits, drawbacks, and postulate on their future prospects in network management. Despite their diversity, the paper will illustrate a recurring trend in their design concept: pushing towards distributed intelligence.
    [Show full text]
  • Storage Network Management Cummings I–X 001–105 3/2/04 12:55 PM Page I
    SNIA TECHNICAL T UTORIAL Storage Network Management Cummings_i–x_001–105 3/2/04 12:55 PM Page i SNIA TECHNICAL T UTORIAL Storage Network Management Cummings_i–x_001–105 3/2/04 12:55 PM Page ii The SNIA Technical Tutorial booklet series provides introductions to storage technology topics for users of storage networks. The content is prepared by teams of SNIA technical experts and is open to review by the entire SNIA membership. Each booklet corresponds with tutorials delivered by instructors at Storage Networking World and other conferences. To learn more about SNIA Technical Tutorials, email [email protected]. Cummings_i–x_001–105 3/2/04 12:55 PM Page iii SNIA TECHNICAL T UTORIAL Storage Network Management Roger Cummings SAN Technologist, VERITAS Software Cummings_i–x_001–105 3/2/04 12:55 PM Page iv Copyright © 2004 Storage Networking Industry Association (SNIA). All rights reserved. The SNIA logo is a trademark of SNIA. This publication—photography, illustration, and text—is protected by copyright and permission should be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recordings, or likewise. To obtain permission(s) to use material from this work, please submit a written request to SNIA, Permissions Department, 301 Rockrimmon Blvd, South, Colorado Springs, CO 80919. For information regarding permissions, call (719) 884-8903. Photography, illustration, and text incorporated into SNIA printed publications are copy- right protected by SNIA or other owners and/or representatives. Downloading, screen cap- turing or copying these items in any manner for any use other than personally viewing the original document in its entirety is prohibited.
    [Show full text]
  • Design of a WBEM-Based Management System for Ubiquitous Computing Servers
    Design of a WBEM-based Management System for Ubiquitous Computing Servers So-Jung Lee1, Mi-Jung Choi1, Sun-Mi Yoo1, James W. Hong1 Hee-Nam Cho2, Chang-Won Ahn2, Sung-In Jung2 1Dept. of Computer Science and Engineering, POSTECH 2Digital Home Research Division, ETRI {annie, mjchoi, sunny81, jwkhong}@postech.ac.kr, {hncho, ahn, sijung}@etri.re.kr Abstract As the Internet evolves and wireless network technologies develop, people’s need to get a network service at anytime from anywhere is growing, and the age of ubiquitous computing is coming in earnest. A ubiquitous computing server receives and processes lots of information from various sensors in a ubiquitous computing environment and plays a role in providing various useful services. In this paper, we analyze the requirements for managing the ubiquitous computing servers based on WBEM technologies which are being standardized in DMTF. We present the design of our management system, which satisfies the requirements. We also examine and compare available WBEM implementations by performing benchmarking testing. Based on the benchmarking results, we present our choice of WBEM implementation, which is being used for implementing our ubiquitous computing server management system. 1. Introduction As the Internet continues to grow and the wired/wireless network evolves, users want to get various services at anytime and anywhere by connecting to the network. The idea used to realize this service is ubiquitous computing. Ubiquitous computing is a new paradigm for distributed interactive systems, which moves computers into the background of people's attention while using them to support their activities and interactions in the workplace and beyond.
    [Show full text]
  • Using WMI to Enhance Network Visibility and Streamline Operational Management
    Using WMI to Enhance Network Visibility and Streamline Operational Management Solution Brief CONTENTS TABLE OF CONTENTS 1. Introduction 4 2. Windows Management Instrumentation (WMI) Technology Explained 4 3. Five Reasons To Integrate Antimalware Security With Network Audit And Systems Management 5 4. Bitdefender’s Network Auditing Explained 7 5. Collecting Network Auditing Data 8 6. Bitdefender’s Network Tasks Explained 13 7. Conclusions 20 Appendix: Description Of Network Task Templates 21 2 SOLUTION BRIEF ON USING WMI 1. INTRODUCTION Many IT departments are expected to maintain business operations effectively, but often with limited resources, leaving little time to implement proactive processes and procedures to minimize their exposure to threats. Small and Medium Businesses (SMB’s) are even further restricted by strict budget requirements and IT tasks are often fulfilled by someone in a dual role with little in-depth knowledge. With so many business and IT requirements to be met, overstretched IT staff find it hard to implement and maintain both security solutions and manage the network. The solution to this problem is to assist IT staff in simplifying and automating repetitive manual tasks, helping to improve the overall security of the network and aid in compliance reporting. As a company grows, the addition of new employees, systems, and office applications also increases the complexity of an organization’s network. The addition of each new desktop, laptop or server must be managed by existing IT staff, reducing the ability to maintain control and complicates efforts to visualize what is really happening in the network. To be proactive, and to work smarter, IT departments must ensure they have simple and effective tools that can help automate repetitive and manual IT tasks, in addition to providing better visibility of the devices and applications needed to maintain their business.
    [Show full text]
  • Dell Command | Monitor Version 9.1.1 User's Guide Notes, Cautions, and Warnings
    Dell Command | Monitor Version 9.1.1 User's Guide Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2008 - 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. 2016 - 04 Rev. A00 Contents 1 Introduction........................................................................................................... 5 Dell Command | Monitor overview...................................................................................................... 5 Dell Command | Monitor architecture................................................................................................. 6 What's new in this release.....................................................................................................................6 Features..................................................................................................................................................7 CIM 2.17 schema support................................................................................................................7
    [Show full text]
  • Policy-Based Management for Enterprise and Carrier IP Networking
    UDC 621.395.74:681.32 Policy-based Management for Enterprise and Carrier IP Networking VTakeo Hamada VPeter Czezowski VTakafumi Chujo (Manuscript received September 15, 2000) Policy-Based Management (PBM) will play a key role as a management technology for end-to-end IP-nized integration of enterprise networks and telecommunication net- works. In this paper, we examine PBM and its requirements for managing the new telecommunication network service environment, and propose a scalable new PBM architecture based on relevant research at Fujitsu Laboratories of America. A new development in PBM, called active policy, is illustrated. We expect that the active policy will bring new insights on the integration of PBM and intelligent agent systems, benefiting service management and customer care in the new network service environment. 1. Introduction ferent views of network design and its operation, The Internet has given rise to explosive resulting in different approaches toward network growth of communication demand. The Internet management. Predictable dominance of the In- traffic doubling period of 90 days, also known as ternet in the data traffic and network service Gilder’s law,1) is a clear indication of its huge im- spheres, however, has put the two paradigms in a pact on our society for years to come. In last 5 collision course, and it seems clear that a new years, a new generation of equipment vendors and network management paradigm must be born out carriers has emerged, responding to insatiable of this cultural collision. We at Fujitsu Laborato- bandwidth demand of the Internet users. The ries of America have been engaged in research to Internet has brought a new paradigm of commu- bring forth the vision of the new network man- nication and networked services, and it has also agement paradigm into reality.
    [Show full text]