15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of...

15/06/1999 HP OVUA Workshop - Bologna - Italy 1

An Integrated Environmentfor the Management of

Network Resources and Services

Paolo Bellavista, Antonio Corradi, Rebecca Montanari{pbellavista, acorradi, rmontanari}@deis.unibo.it

University of Bologna - Italy

Cesare Stefanelli [email protected]

University of Ferrara - Italy

Software & Docs available at http://www-lia.deis.unibo.it/Research/SOMA/


Novel Management Solutions (1)

Traditional management tools are based on the Client/Server model (SNMP, CMIP)

Good design examples, but C/S shows its limits under certain conditions(e.g. micro-management problem)

Novel Management solutions:

• CORBA as integration technology with legacy management components

• TMN & TINA as solution frameworks at the architecture level

• Code Mobility: Management by DelegationActive Networks

Intelligent NetworksMobile Agents


Modern Management Environments should be:

• flexible, to dynamically introduce new protocols and services

•adaptive, to tune systems behaviour without suspending service provision

•capable of supporting service design, deployment and control together with managing more traditional network resources

• interoperable, to integrate with legacy systems and services (CORBA)

•secure, to permit differentiated security levels for service provision in untrusted environments

Following these guidelines, we have designed MESIS (Management Environment for Secure and Interoperable Services)

Novel Management Solutions (2)


Other DPE CORBA DPE

MESIS DPE LLF

Comm

unica

tion

(ACF)

Iden

tifica

tion

(AId

F)

Mig

ratio

n (

AMF)

MESIS DPE ULF

Inter

oper

abili

ty

(A

IF)

Secur

ity (

ASF)

Namin

g (

ANF)

NCCELayer

ServiceLayer

DPELayer

MESIS Services

RemoteMonitoring

RemoteConfiguration

Video onDemand

The MESIS Architecture for Management Applications


MESIS is built on top of the SOMA Mobile Agent DPE

Mobile Agent Technology:

Mobile Agents are programs that act on behalf of a principal and can autonomously migrate at runtime and continue their operations on the new host

Our Goal:

to provide an integrated programming framework for the design of distributed services in global, open and untrusted environments


The MESIS Organization: Locality Abstractions

Other DPE

Place2

DefaultPlace

Place3

Place1Domain A

Other DPE

Place1

DefaultPlace

Place2

Place3

Domain B

Place2

DefaultPlace

Place3

Place1Domain CPlace4


• Agent Identification Facility:dynamically assigns GUIDs to any system entity

• Agent Migration Facility:permits reallocation of network resources and service components

(native protocol, CORBA IIOP, MASIF)

• Agent Communication Facility:- local comm. by shared objects (blackboards, tuple spaces)- remote comm. by message exchange

• Agent Naming Facility:permits to trace and search any system entity (by accommodating different naming systems: DNS, Directory Service, ...)

• Agent Interoperability Facility

• Agent Security Facility

MESIS Facilities

dealt in the following...


Why Security and Interoperability in MESIS?

• Untrusted environments call for Security at any system layer- Mechanisms (authentication, authorization and access control,

secrecy, integrity)- Policies (enforced at domain/place locality)- Infrastructures (for certificate administration)

• Open and heterogeneous environments require Interoperability- with other DPE layers via CORBA- with other MA DPE implementations via OMG MASIF

• Interoperability-related Security Issues - CORBA Security Services, SECIOP


MESIS Interoperability via CORBA and MASIF compliance (1)

1

2

3

MESIS as CORBA client

MESIS as CORBA server

MASIF interoperability

23

1

MA DPE CORBA DPE

CORBA Bridge

MASIF

MASIFBridge

CORBAServer

CORBAClient

MESIS DPE

MESIS Service Layer

RemoteMonitoring

Video onDemand

RemoteConfiguration


CORBA ORB

CMIPlegacy

systems

SNMPlegacy

systems

CMIP gateway SNMP gateway

CORBA-basedManagement

System

Systems ManagementCommon Facilities

PlaceMASIF Place

MESIS

MASIFPlace

Place

Place

Place

Security Services

MESIS Interoperability via CORBA and MASIF compliance (2)

MASIF-compliantManag. System

Place


Place

Local Resources

Authorization (Place Policy)Place Authentication

Integrity

Secrecy

MA

MA

MA

MA

Authentication

Secrecy

Integrity

Default Place

Authorization (Domain Policy)

Domain

Untrusted Environment

Trusted Environment

MESIS Security:Mechanisms, Policies and Infrastructures

• IAIK Cryptographic Mechanisms

• JDK1.2 Security Policies

• Entrust PKI

Flexibility

for application designers in the selection of the proper security level


We are using the MESIS environment for managing resources and services in the areas of:

• Network and Systems Management

• Multimedia Distribution Management

• Personal Communications Support & Management for Mobile Computing Services

We have already implemented….

Management Tools & Network Services in MESIS


Network and Systems Management: Remote Installation

Place3

DefaultPlace

Place2

SOMADomainA

Administered Region

DefaultPlace

Place2

SOMADomainC

MASIFPlace

Place1

MASIF-compliantRegionD

Place3

DefaultPlace

Place2

Place1

SOMADomainB

Place1

InstallService

Place1

Place2

Place3

InstallService


Java Virtual Machine

Heterogeneous Distributed System

SOMAServices

MobilitySupportModule

Naming Security Interoperability

Identification Migration Communication

VHE QoSAdaptation

QoSMonitoring

ResourceDiscovery

InformationRetrieval

MultimediaDistribution

DevirusService

SessionMobility

Applications

PCS for Mobile Computing: the Mobility Support Module


Place1

HomePlaceDomain A

MobilePlace 1

Creation of a Mobile Place Agents delivered to a Mobile Place

Place1

HomePlaceDomain A

MobilePlace 1

Place1

DefaultPlace

Domain B

MobilePlace 1

Place2

Agent A

Agent B

Agent A reaches immediately the mobile place.

Agent B tries to reach the mobile place that has already moved; the agent is tunneled via the home place .

12

1

3

PCS for Mobile Computing: Terminal MobilityMobile Place Abstraction


Conclusions and Current Work

The MESIS environment is demonstrating:• to be extremely flexible in the management of existing components and services• to allow rapid prototyping of new services

We currently work on

From the point of view of the support:• Full integration with the Entrust PKI• Full compliance with CORBA Security Services and SECIOP• User Authentication via JavaCard and JavaButton

From the point of view of the implementation of new services:• QoS-aware Multimedia Stream Management• Intelligent Information Retrieval for Distributed Virtual Museums

Software & Docs about MESIS and SOMA are available on the Web: http://www-lia.deis.unibo.it/Research/SOMA/

15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of...

Documents

Transcript of 15/06/1999HP OVUA Workshop - Bologna - Italy1 An Integrated Environment for the Management of...