15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of...
-
Upload
mavis-haynes -
Category
Documents
-
view
215 -
download
0
Transcript of 15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of...
15/06/1999 HP OVUA Workshop - Bologna - Italy 1
An Integrated Environmentfor the Management of
Network Resources and Services
Paolo Bellavista, Antonio Corradi, Rebecca Montanari{pbellavista, acorradi, rmontanari}@deis.unibo.it
University of Bologna - Italy
Cesare Stefanelli [email protected]
University of Ferrara - Italy
Software & Docs available at http://www-lia.deis.unibo.it/Research/SOMA/
15/06/1999 HP OVUA Workshop - Bologna - Italy 2
Novel Management Solutions (1)
Traditional management tools are based on the Client/Server model (SNMP, CMIP)
Good design examples, but C/S shows its limits under certain conditions(e.g. micro-management problem)
Novel Management solutions:
• CORBA as integration technology with legacy management components
• TMN & TINA as solution frameworks at the architecture level
• Code Mobility: Management by DelegationActive Networks
Intelligent NetworksMobile Agents
15/06/1999 HP OVUA Workshop - Bologna - Italy 3
Modern Management Environments should be:
• flexible, to dynamically introduce new protocols and services
•adaptive, to tune systems behaviour without suspending service provision
•capable of supporting service design, deployment and control together with managing more traditional network resources
• interoperable, to integrate with legacy systems and services (CORBA)
•secure, to permit differentiated security levels for service provision in untrusted environments
Following these guidelines, we have designed MESIS (Management Environment for Secure and Interoperable Services)
Novel Management Solutions (2)
15/06/1999 HP OVUA Workshop - Bologna - Italy 4
Other DPE CORBA DPE
MESIS DPE LLF
Comm
unica
tion
(ACF)
Iden
tifica
tion
(AId
F)
Mig
ratio
n (
AMF)
MESIS DPE ULF
Inter
oper
abili
ty
(A
IF)
Secur
ity (
ASF)
Namin
g (
ANF)
NCCELayer
ServiceLayer
DPELayer
MESIS Services
RemoteMonitoring
RemoteConfiguration
Video onDemand
The MESIS Architecture for Management Applications
15/06/1999 HP OVUA Workshop - Bologna - Italy 5
MESIS is built on top of the SOMA Mobile Agent DPE
Mobile Agent Technology:
Mobile Agents are programs that act on behalf of a principal and can autonomously migrate at runtime and continue their operations on the new host
Our Goal:
to provide an integrated programming framework for the design of distributed services in global, open and untrusted environments
15/06/1999 HP OVUA Workshop - Bologna - Italy 6
The MESIS Organization: Locality Abstractions
Other DPE
Place2
DefaultPlace
Place3
Place1Domain A
Other DPE
Place1
DefaultPlace
Place2
Place3
Domain B
Place2
DefaultPlace
Place3
Place1Domain CPlace4
15/06/1999 HP OVUA Workshop - Bologna - Italy 7
• Agent Identification Facility:dynamically assigns GUIDs to any system entity
• Agent Migration Facility:permits reallocation of network resources and service components
(native protocol, CORBA IIOP, MASIF)
• Agent Communication Facility:- local comm. by shared objects (blackboards, tuple spaces)- remote comm. by message exchange
• Agent Naming Facility:permits to trace and search any system entity (by accommodating different naming systems: DNS, Directory Service, ...)
• Agent Interoperability Facility
• Agent Security Facility
MESIS Facilities
dealt in the following...
15/06/1999 HP OVUA Workshop - Bologna - Italy 8
Why Security and Interoperability in MESIS?
• Untrusted environments call for Security at any system layer- Mechanisms (authentication, authorization and access control,
secrecy, integrity)- Policies (enforced at domain/place locality)- Infrastructures (for certificate administration)
• Open and heterogeneous environments require Interoperability- with other DPE layers via CORBA- with other MA DPE implementations via OMG MASIF
• Interoperability-related Security Issues - CORBA Security Services, SECIOP
15/06/1999 HP OVUA Workshop - Bologna - Italy 9
MESIS Interoperability via CORBA and MASIF compliance (1)
1
2
3
MESIS as CORBA client
MESIS as CORBA server
MASIF interoperability
23
1
MA DPE CORBA DPE
CORBA Bridge
MASIF
MASIFBridge
CORBAServer
CORBAClient
MESIS DPE
MESIS Service Layer
RemoteMonitoring
Video onDemand
RemoteConfiguration
15/06/1999 HP OVUA Workshop - Bologna - Italy 10
CORBA ORB
CMIPlegacy
systems
SNMPlegacy
systems
CMIP gateway SNMP gateway
CORBA-basedManagement
System
Systems ManagementCommon Facilities
PlaceMASIF Place
MESIS
MASIFPlace
Place
Place
Place
Security Services
MESIS Interoperability via CORBA and MASIF compliance (2)
MASIF-compliantManag. System
Place
15/06/1999 HP OVUA Workshop - Bologna - Italy 11
Place
Local Resources
Authorization (Place Policy)Place Authentication
Integrity
Secrecy
MA
MA
MA
MA
Authentication
Secrecy
Integrity
Default Place
Authorization (Domain Policy)
Domain
Untrusted Environment
Trusted Environment
MESIS Security:Mechanisms, Policies and Infrastructures
• IAIK Cryptographic Mechanisms
• JDK1.2 Security Policies
• Entrust PKI
Flexibility
for application designers in the selection of the proper security level
15/06/1999 HP OVUA Workshop - Bologna - Italy 12
We are using the MESIS environment for managing resources and services in the areas of:
• Network and Systems Management
• Multimedia Distribution Management
• Personal Communications Support & Management for Mobile Computing Services
We have already implemented….
Management Tools & Network Services in MESIS
15/06/1999 HP OVUA Workshop - Bologna - Italy 13
Network and Systems Management: Remote Installation
Place3
DefaultPlace
Place2
SOMADomainA
Administered Region
DefaultPlace
Place2
SOMADomainC
MASIFPlace
Place1
MASIF-compliantRegionD
Place3
DefaultPlace
Place2
Place1
SOMADomainB
Place1
InstallService
Place1
Place2
Place3
InstallService
15/06/1999 HP OVUA Workshop - Bologna - Italy 14
Java Virtual Machine
Heterogeneous Distributed System
SOMAServices
MobilitySupportModule
Naming Security Interoperability
Identification Migration Communication
VHE QoSAdaptation
QoSMonitoring
ResourceDiscovery
InformationRetrieval
MultimediaDistribution
DevirusService
SessionMobility
Applications
PCS for Mobile Computing: the Mobility Support Module
15/06/1999 HP OVUA Workshop - Bologna - Italy 15
Place1
HomePlaceDomain A
MobilePlace 1
Creation of a Mobile Place Agents delivered to a Mobile Place
Place1
HomePlaceDomain A
MobilePlace 1
Place1
DefaultPlace
Domain B
MobilePlace 1
Place2
Agent A
Agent B
Agent A reaches immediately the mobile place.
Agent B tries to reach the mobile place that has already moved; the agent is tunneled via the home place .
12
1
3
PCS for Mobile Computing: Terminal MobilityMobile Place Abstraction
15/06/1999 HP OVUA Workshop - Bologna - Italy 16
Conclusions and Current Work
The MESIS environment is demonstrating:• to be extremely flexible in the management of existing components and services• to allow rapid prototyping of new services
We currently work on
From the point of view of the support:• Full integration with the Entrust PKI• Full compliance with CORBA Security Services and SECIOP• User Authentication via JavaCard and JavaButton
From the point of view of the implementation of new services:• QoS-aware Multimedia Stream Management• Intelligent Information Retrieval for Distributed Virtual Museums
Software & Docs about MESIS and SOMA are available on the Web: http://www-lia.deis.unibo.it/Research/SOMA/