Policy-based Management for ALAN-Enabled Networks Policy 2002 - - PowerPoint PPT Presentation

policy based management for alan enabled networks
SMART_READER_LITE
LIVE PREVIEW

Policy-based Management for ALAN-Enabled Networks Policy 2002 - - PowerPoint PPT Presentation

Jan 11, 2024 569 likes •771 views

Policy-based Management for ALAN-Enabled Networks Policy 2002 Ognjen Prnjat, Ioannis Liabotis, Tope Olukemi, Lionel Sacks University College London, Dept. of Electronic and Electrical Eng. http://www.ee.ucl.ac.uk/ACSE/ Mike Fisher, Paul McKee

slide-1
SLIDE 1

Policy-based Management for ALAN-Enabled Networks

Policy 2002

Ognjen Prnjat, Ioannis Liabotis, Tope Olukemi, Lionel Sacks University College London, Dept. of Electronic and Electrical Eng. http://www.ee.ucl.ac.uk/ACSE/ Mike Fisher, Paul McKee BTexact Technologies Ken Carlberg, Gregorio Martinez University College London, Department of Computer Science

slide-2
SLIDE 2

Policy 2002

ANDROID

  • Active Network DistRibuted Open

Infrastructure Development

  • EC funded - IST; 2 years
  • BT, UCL, Netcelo, 6Wind, MediaSec,

NTUA, UPM

  • Policy-based, event driven management of

ALAN enabled networks

slide-3
SLIDE 3

Policy 2002

Target networking architecture

active server active router router proxylet IP network user

slide-4
SLIDE 4

Policy 2002

Management principles

  • Policies

– Specifying actions to be taken when events occur

  • Events

– Unidirectional messages communicating system changes

  • Components needed

– Policy/event handling at active nodes – Management information distribution (MID) – Persistent information storage – Specific management components

slide-5
SLIDE 5

Policy 2002

Policy schema

  • XML schema
  • Aims to embrace specific features common

to all policies and events

  • Flexibility
  • Platform-neutral
slide-6
SLIDE 6

Policy 2002

Policy schema

  • Creator

– establishes origin of a policy (for multiple points of control)

  • Info

– not directly related to the policy rules – globally UI; modality; creation, start and expiry time

  • Sender

– identifies the forwarding path the policy has taken

  • Subject

– entities in the system which are expected to respond to a policy

  • Trigger

– relates an event (UI) to the policies that are supposed to handle it – trigerless policies can exist - executed straight away

  • Action

– behaviour that should result from triggering the policy – contains an optional condition expression and a set of strings specifying actions to be taken on particular target components

slide-7
SLIDE 7

Policy 2002

Event schema

  • Event-id

– globally unique string; same for same type of events

  • Time
  • Time-to-live

– for how long event is relevant

  • Source
  • Sequence

– integer incremented with each event produced from a source

  • Information
  • Data

– open-content model containing XML

slide-8
SLIDE 8

Policy 2002

Policy control

  • Management distribution and storage
  • IP VPNs
  • Resource and security management on active

servers

  • Current scenario: multicast conferencing groups

established by Reflector proxylets. RM and SM.

  • Future: IP VPNs established through

collaboration of VPN Manager with Reflector

  • proxylets. RM and SM.
slide-9
SLIDE 9

Policy 2002

MID

  • Management Information Distribtion
  • Each site runs 1 MID server
  • Internally events wrapped in XML notification
  • MID policy controlled

– policy linking each event type to a destination

  • Event filters
slide-10
SLIDE 10

Policy 2002

VPN management

  • VPN Manager

– centralises access control of users to the VPN through policies – sends events to routers to configure VPN

  • Policies defined via use-case and event analysis
slide-11
SLIDE 11

Resource and security management on active servers

  • RM and SM components
  • Control access to the active server and its resources
  • XML enabled

– receiving and interpreting policies and events – generating events

  • Resource and security management policies

– defined and categorised based on use-cases and the events – given as combinations of events, conditions and actions Policy 2002

slide-12
SLIDE 12

RM and SM

  • Resource management:

– Resources: CPU, storage, network interface – Monitoring and estimation – Allocation and reallocation

  • Security management:

– Deployer authentication – Proxylet authentication – Proxylet access control

Policy 2002

slide-13
SLIDE 13

Example

<?xml version = "1.0" encoding = "UTF-8"?> <policy> <creator> <authority> <admin-domain>AS</admin-domain> <role>AS Operator</role> </authority> <identity>ASOperator1</identity> <reply_address>ASOP@as1.org</reply_address> </creator> <info> <policy-id>Policy1</policy-id> <modality>obligation</modality> </info> <subject> <domain> <role>Resource-Manager</role> </domain> </subject>

Policy 2002

slide-14
SLIDE 14

<trigger> <event-id>eLdPrx</event-id> </trigger> <actions> <condition> <operand>Total-CPU-Usage</operand> <operator>LessThan</operator> <operand>60%</operand> </condition> <action> <target> <domain> <role>EEP-Controller</role> </domain> </target> <data> <method>aLdPrx</method> </data> </action> </actions> </policy>

Policy 2002

Example

slide-15
SLIDE 15

Demonstration

  • Multimedia

(whiteboard, video) conference between partner sites

  • Established through

Reflector/TAG proxylets + pseudo- manager Policy 2002

Internet

  • AS +

Reflector

  • AS + TAG
  • Host +

NTE/VIC

6Wind BT UCL-CS UCL-EE NTUA MediaSec

6-Bone LEARnet

slide-16
SLIDE 16

Demonstration

Policy 2002

Active Server

GUI Policy Store

R-let

Proxylet 1…N FunnelWeb Security Manager

libresource (JNI) LibGTop OS

Data Store Monitoring Station

RMI Status/Requests Measurements XML Event

MonitorAPI RMI Load

slide-17
SLIDE 17

Policy 2002

Demonstration

slide-18
SLIDE 18

Conclusions

  • ANDROID management architecture
  • ALAN enabled networks
  • Wide range of functionality policy-managed
  • Trials in progress

Policy 2002