using the script mib for policy based configuration
play

Using the Script MIB for Policy-based Configuration Management T. - PowerPoint PPT Presentation

Feb 02, 2023 •201 likes •448 views

Using the Script MIB for Policy-based Configuration Management Page 1 Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner, P. Martinez, J. Sch onw alder, F. Strau J. Quittek Computer

  1. Using the Script MIB for Policy-based Configuration Management Page 1 Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner, P. Martinez, J. Sch¨ onw¨ alder, F. Strauß J. Quittek Computer Science Department Network Laboratories Technical University Braunschweig NEC Europe Ltd. M¨ uhlenpfordtstr. 23 Adenauerplatz 6 38106 Braunschweig 69115 Heidelberg Germany Germany { schoenw,strauss } @ibr.cs.tu-bs.de { brunner,quittek } @ccrle.nec.de jasmin-team@ibr.cs.tu-bs.de F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  2. Using the Script MIB for Policy-based Configuration Management Page 2 Outline 1. IETF Management-by-Delegation Architecture • The Script MIB • Jasmin : A Script MIB Implementation 2. IETF Policy Framework 3. Script MIB-based Policy Management • Policies as Programs • Policies as Objects 4. Conclusion F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  3. Using the Script MIB for Policy-based Configuration Management Page 3 The Traditional Manager/Agent Architecture Manager Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  4. Using the Script MIB for Policy-based Configuration Management Page 4 The IETF Management by Delegation (MbD) Architecture (I) Higher−Level Manager Monitoring & Control (SNMP) Distributed Manager (Executing Scripts) Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  5. Using the Script MIB for Policy-based Configuration Management Page 5 The IETF Management by Delegation (MbD) Architecture (II) Higher−Level Manager Script Upload Monitoring & Control Script Repository (SNMP) Script Download Distributed Manager (SNMP, FTP, HTTP, ...) (Executing Scripts) Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  6. Using the Script MIB for Policy-based Configuration Management Page 6 What the IETF Script MIB Specifies Higher−Level Manager Script Upload Monitoring & Control Script Repository (SNMP) Script Download Distributed Manager (SNMP, FTP, HTTP, ...) (Executing Scripts) Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  7. Using the Script MIB for Policy-based Configuration Management Page 7 The IETF DISMAN Script MIB • Designed and standardized by the IETF Distributed Management (DISMAN) Working Group • First Proposed Standard: RFC 2592, May 1999 • Updated Proposed Standard: RFC 3165, August 2001 • Supported functions: – Information on supported script languages and extensions – Transfer of scripts to a distributed manager – Control execution of management scripts – Retrieve results from management scripts • Security based on: – SNMPv3 security (USM and VACM) – Script runtime engine security models (sandbox) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  8. Using the Script MIB for Policy-based Configuration Management Page 8 The Jasmin Project • Joint project (1998 – 2001): – Technical University of Braunschweig – Network Laboratories, NEC Europe Ltd. • Goals of the project: – Evaluate and enhance the Script MIB Standard – Provide a proto-type implementation – Study use-cases and develop supporting tools • Primary outcome of the project: – a flexible open source Script MIB agent implementation – supporting various runtime engines (currently Java, Tcl, Perl) via the Script MIB Extensibility Protocol (SMX), RFC 3179 • In 2000 demand for policy-based configuration management increased → How could the Script MIB support this? F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  9. Using the Script MIB for Policy-based Configuration Management Page 9 Policy-based Configuration Management • Motivation: – Traditional management of individual device-specific configurations is ∗ complex and error-prone (different vendors means different ways) ∗ too static (state configuration, no behavior configuration) – The general policies behind those configurations are often simple • Consequence: – Let the administrator configure just those policies – PBMS supports automated enforcement of the policies F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  10. Using the Script MIB for Policy-based Configuration Management Page 10 General Concept of Policies • A Policy is represented by a number of Rules • Each rule consists of a Condition and an Action • The evaluation of a rule is triggered by an Event on < event(s) > if < condition > do < action(s) > Approaches to express policies: • Specific policy definition language, e.g. PONDER • Traditional programming language & language extension for policies • Policy Core Information Model (PCIM) An infrastructure is required: • Policies must be distributed over the network • Policies must be interpreted • Managed devices must be configurable F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  11. Using the Script MIB for Policy-based Configuration Management Page 11 The IETF Policy-based Management Framework Policy Management Application Policy Upload Monitoring & Control Policy Repository Policy Download Policy Decision Point (PDP) Configuration & Monitoring (HTTP, CLI, COPS−PR, SNMP, ...) Policy Enforcement Point (PEP) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  12. Using the Script MIB for Policy-based Configuration Management Page 12 The IETF Policy-based Management Framework Policy Management Application Policy Upload Monitoring & Control Policy Repository Policy Download Policy Decision Point (PDP) Configuration & Monitoring (HTTP, CLI, COPS−PR, SNMP, ...) Policy Enforcement Déjà vu? Point (PEP) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  13. Using the Script MIB for Policy-based Configuration Management Page 13 Management-by-Delegation vs. Policy-based Management Higher−Level Policy Management Manager Application Policy Upload Script Upload Monitoring & Control Monitoring & Control Script Repository Policy Repository (SNMP) Script Download Policy Download Distributed Manager Policy Decision (SNMP, FTP, HTTP, ...) (Executing Scripts) Point (PDP) Configuration & Monitoring Configuration & Monitoring (SNMP, ...) (HTTP, CLI, COPS−PR, SNMP, ...) Management Agent Policy Enforcement (Managed Objects) Point (PEP) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  14. Using the Script MIB for Policy-based Configuration Management Page 14 Architecture of the Jasmin Policy-based Management System Policy Manager / Higher−Level Manager Policy / Script Repository Policy Management Application Policy DB for agent to construct communication policies Script MIB Policy Web Server Access Library Class Library SNMP HTTP or FTP Script SNMP, MIB COPS−PR, Script MIB Runtime Engine Network SSH+CLI, Agent etc. Elements Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  15. Using the Script MIB for Policy-based Configuration Management Page 15 Architecture of the Jasmin Policy-based Management System Policy Manager / Higher−Level Manager Policy / Script Repository Policy Management Application Policy DB for agent to construct communication policies Script MIB Policy Web Server Access Library Class Library SNMP HTTP or FTP Script SNMP, MIB COPS−PR, Script MIB Runtime Engine ? Network SSH+CLI, Agent etc. Elements Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  16. Using the Script MIB for Policy-based Configuration Management Page 16 Different Levels of PDP Distribution Policy Policy Policy Manager Manager Manager PDP P P P P P PDP PDP D D D D D P P P P P P P P P P P P P P P P P P P P E E E E E E E E E E E E E E E P P P P P P P P P P P P P P P (a) centralized (b) weakly distributed (c) strongly distributed F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  17. Using the Script MIB for Policy-based Configuration Management Page 17 Architecture of the Jasmin Policy-based Management System Policy Manager / Higher−Level Manager Policy / Script Repository Policy Management Application Policy DB for agent to construct communication policies Script MIB Policy Web Server Access Library Class Library SNMP HTTP or FTP Script SNMP, MIB COPS−PR, Script MIB Runtime Engine Network SSH+CLI, Agent etc. Elements Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau

The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 1 The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau Institute of Operating Systems and Computer Networks Technical

213 views • 18 slides
Negotiator Negotiator Policy Policy and and Configuration Configuration Greg Thain HTCondor

Negotiator Negotiator Policy Policy and and Configuration Configuration Greg Thain HTCondor

Negotiator Negotiator Policy Policy and and Configuration Configuration Greg Thain HTCondor Week 2018 Agenda Understand role of negotiator Learn how priorities work Learn how quotas work Encourage thought about possible

1.03k views • 78 slides
Configuration management Configuration management Configuration management Configuration

Configuration management Configuration management Configuration management Configuration

Configuration management Configuration management Configuration management Configuration management Configuration management Field of management that focuses on establishing and maintaining consistency of a systems attributes

647 views • 6 slides
Class Unity scripts Rotate cube script Counter + collision script Sound script

Class Unity scripts Rotate cube script Counter + collision script Sound script

Class Unity scripts Rotate cube script Counter + collision script Sound script Materials script / mouse button input Add Force script Key and Button input script Particle script / button input Instantiate

603 views • 14 slides
Augeas a configuration API Raphal Pinson Configuration Management Sitewide configuration

Augeas a configuration API Raphal Pinson Configuration Management Sitewide configuration

Augeas a configuration API Raphal Pinson Configuration Management Sitewide configuration Local configuration Editing of Configuration Data (1) Keyhole approaches (2) Greenfield approaches (3) Templating Missing pieces Handle

831 views • 61 slides
Script Sacred Heart Primary School Can of kids video presentation SAFETY SCRIPT Hannah

Script Sacred Heart Primary School Can of kids video presentation SAFETY SCRIPT Hannah

Script Sacred Heart Primary School Can of kids video presentation SAFETY SCRIPT Hannah So everyone, based on the research that we gathered at our discussion day, do kids feel safe in their community? Austin Yes, they do, but they also

350 views • 10 slides
Agent based auto-configuration of OSPF networks Visa Holopainen visa.holopainen@tkk.fi

Agent based auto-configuration of OSPF networks Visa Holopainen visa.holopainen@tkk.fi

Agent based auto-configuration of OSPF networks Visa Holopainen visa.holopainen@tkk.fi S-38.4030 Postgraduate 04/12/2007 Course on Networking Technology Problem About 30% - 50% of network outages are caused by configuration error (The

241 views • 22 slides
Andromeda: XSS Accurate and Scalable Security Attackers evil script Analysis of Web

Andromeda: XSS Accurate and Scalable Security Attackers evil script Analysis of Web

Andromeda: XSS Accurate and Scalable Security Attackers evil script Analysis of Web Applications Web Application &lt;SCRIPT&gt;...&lt;/SCRIPT&gt; Attackers evil script executed using victims credentials Omer Tripp Marco

410 views • 6 slides
A script is a .COD file that resides within your database structure, typically within your

A script is a .COD file that resides within your database structure, typically within your

A script is a .COD file that resides within your database structure, typically within your Scripts folder? A script can do many things, but to summarize it. A script makes mass changes to ITM files. These changes could

398 views • 23 slides
ANNEX D The Script of the Presentations by the Chinese Delegation at the ARF Security Policy

ANNEX D The Script of the Presentations by the Chinese Delegation at the ARF Security Policy

ANNEX D The Script of the Presentations by the Chinese Delegation at the ARF Security Policy Conference 2014 8 th June, 2014 1. On Regional and International Security Situation It is indeed a pleasure for the Chinese delegation to come to the

469 views • 7 slides
EPiServer och Configuration Management EPiServer och Configuration Management Configuration

EPiServer och Configuration Management EPiServer och Configuration Management Configuration

EPiServer och Configuration Management EPiServer och Configuration Management Configuration Management in general Tools we use SCM Structure of folder and project Web.config Tips about Project Files and Assembly references 2 CM Tools used

347 views • 20 slides
DHCP Based Configuration of Mobile Node from Home Network Hui. Deng [China Mobile] Basic Idea

DHCP Based Configuration of Mobile Node from Home Network Hui. Deng [China Mobile] Basic Idea

DHCP Based Configuration of Mobile Node from Home Network Hui. Deng [China Mobile] Basic Idea providing the host configuration parameters needed for network service from home network based on DHCPINFORM. Mobile IP specification could

441 views • 21 slides
Script Supervisor Introduction About Me I trained on About Time with a script supervisor

Script Supervisor Introduction About Me I trained on About Time with a script supervisor

Script Supervisor Introduction About Me I trained on About Time with a script supervisor called Zoe Morgan Had no previous FILM/TV experience Contacted the Line Producer to ask if I could do some work experience In at the deep

1.58k views • 23 slides
BBB AMBASSADOR PRESENTATION SCRIPT *You are not required to read the provided script verbatim.

BBB AMBASSADOR PRESENTATION SCRIPT *You are not required to read the provided script verbatim.

BBB AMBASSADOR PRESENTATION SCRIPT *You are not required to read the provided script verbatim. Have your teacher/supervisor tally the total number of your peers in the audience. SLIDE 1 - AMBASSADOR INTRODUCTION Share who you are and why

280 views • 9 slides
Script for 10 Things PIs Need to Know video module View Script 1 You got a grant! 2

Script for 10 Things PIs Need to Know video module View Script 1 You got a grant! 2

Script for 10 Things PIs Need to Know video module View Script 1 You got a grant! 2 [animation money bag appears] [SFX: bag of coins hitting the ground] 3 Now what? 4 here are the top 10 things PIs need to know 5 Lets get

161 views • 3 slides
What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specific programming language . Typical operations

802 views • 15 slides
Outline cluster management &amp; infrastructure management: installation and configuration

Outline cluster management &amp; infrastructure management: installation and configuration

Outline cluster management &amp; infrastructure management: installation and configuration monitoring maintenance xCAT we use xCAT for both node deployment and configuration management http://xcat.sf.net 100% free,

543 views • 18 slides
CS615 - Aspects of System Administration Configuration Management Department of Computer Science

CS615 - Aspects of System Administration Configuration Management Department of Computer Science

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Configuration Management Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens-tech.edu

1.19k views • 52 slides
Configuration management with Ansible and Git Paul Waring (paul@xk7.net, @pwaring) March 16, 2016

Configuration management with Ansible and Git Paul Waring (paul@xk7.net, @pwaring) March 16, 2016

Configuration management with Ansible and Git Paul Waring (paul@xk7.net, @pwaring) March 16, 2016 Topics Configuration management Version control Firewall Apache Git Hooks Bringing it all together Live demo

618 views • 23 slides
CS314 Software Engineering Configuration Management Dave Matthews Configuration Management

CS314 Software Engineering Configuration Management Dave Matthews Configuration Management

1/17/18 CS314 Software Engineering Configuration Management Dave Matthews Configuration Management Management of an evolving system in a controlled way. Version control tracks component changes as they happen. System Building

236 views • 8 slides
LibreOffice configuration management tools, approaches &amp; best practices Thorsten Behrens -

LibreOffice configuration management tools, approaches &amp; best practices Thorsten Behrens -

LibreOffice configuration management tools, approaches &amp; best practices Thorsten Behrens - tbehrens@suse.com LibreOffice Hacker at SUSE What, Why, How Customize LibreOffice repeatably Makes your life easier, happier &amp; more secure

823 views • 18 slides
Configuration Management What is CM? CM processes in practice CM and organizational

Configuration Management What is CM? CM processes in practice CM and organizational

Prof. Yoram Reich, Faculty of Engineering, Tel Aviv University, 6/15/2006, [CM overview.doc] Configuration Management What is CM? CM processes in practice CM and organizational context CM technology Configurations

541 views • 17 slides
Configurations: Do you prove yours ? Continuous configuration, observability, compliance Pass the

Configurations: Do you prove yours ? Continuous configuration, observability, compliance Pass the

Pass The SALT 2019 Configurations: Do you prove yours ? Continuous configuration, observability, compliance Pass the SALT 2019 Alexandre BRIANCEAU alexandre@rudder.io @abrianceau How are the servers doing? Pass The SALT 2019 No error nor

292 views • 16 slides
Managing Prometheus in a Security-focused Environment Linux Monitoring at HUK-COBURG PromCon 2019

Managing Prometheus in a Security-focused Environment Linux Monitoring at HUK-COBURG PromCon 2019

Managing Prometheus in a Security-focused Environment Linux Monitoring at HUK-COBURG PromCon 2019 | Christian Hoffmann Conways Law? 11/2019 Christian Hoffmann | Managing Prometheus in a Security-focused Environment 2 Introduction $ cat

605 views • 26 slides

More recommend