CTO Office - Standards & System Management Architecture 1
Rick LandauCTO Office, Standards & System Management ArchitectureSept 2007
Understanding Web Services
CTO Office - Standards & System Management Architecture 2
What is a Web Service
Many early-generation examples in the market Realistic definition
– Is addressed at some URI on the web
– Uses XML to represent data
– Includes an XML schema to describe a valid data structure
– Uses SOAP to structure messages
– Uses WSDL to describe interfaces, if necessary
CTO Office - Standards & System Management Architecture 3
Whoa! Terminology?
WS = Web Service URI = Universal Resource Identifier XML = eXtensible Markup Language SOAP = Simple Object Access Protocol WSDL = Web Service Description Language SNMP = Simple Network Management Protocol MIB = Management Information Base RFC = Request For Comments IETF = Internet Engineering Task Force DMTF = Distributed Management Task Force CIM = Common Information Model SEP = Somebody Else's Problem
CTO Office - Standards & System Management Architecture 4
Why Is a Web Service Important?
– High points (details later) – It is the latest thing
– It will replace SNMP in time
– Improved communications reliability
– Improved communications privacy
– It is based on public standards that are easily upgraded– IETF RFCs take years to upgrade, hence private MIBs
– The protocol is very extensible using the collection of WS-* protocols– SNMP private MIBs extend only the data
– Example: no transaction control extensions to SNMP
CTO Office - Standards & System Management Architecture 5
Web Service Message
Entirely in XML– Addresses (specified by WS-Addressing)
– Headers, options (specified by WS-Management and others)
– Operations (specified by WS-Management and others)
– Payload data (specified by WS-Management, WS-CIM, and others)
– Uses SOAP to provide a little structure
CTO Office - Standards & System Management Architecture 6
SOAP Envelope
<soap:envelope>
<soap:header> . . .
</soap:header>
<soap:body>
. . .
</soap:body>
</soap:envelope>
message header
message body
message envelope
CTO Office - Standards & System Management Architecture 7
SOAP Message Header
Info that it is (generally) okay to expose– To address
– From address (and ReplyTo and FaultTo addresses)
– Managed Resource identifier
– Action
– Message unique identifier
– Other important headers and options
May be left unencrypted so it can be inspected by firewalls
CTO Office - Standards & System Management Architecture 8
SOAP Message Body
The meat of the message, the content of the exchange– Particular verbs, options
– Property names and data values
Generally NOT okay to expose The body may be encrypted even if the header is not
CTO Office - Standards & System Management Architecture 9
Interaction with aWeb Service
a web service
CTO Office - Standards & System Management Architecture 10
Access layer
Orchestration layer
Resource management layer
Aggregation layer
Logical mapping layer
Platform layer
Where It Fits in Dell Unified Manageability Architecture
Access layer(Interface Service)
Orchestration layer
Resource management layer
Aggregation layer(Repository/Database)
Logical mapping layer(Providers)
Platform layer(HW / FW / SW)
Interactive
Program
matic
Access InterfacesRemotely accessible Existing and emerging standards
Aggregation InterfaceLocal interfaces predominantly “defacto” standards
Logical InterfaceCMPI is the only open standard
Platform InterfaceSmall compact and typically low cost
Managed NodeArchitecture
CTO Office - Standards & System Management Architecture 11
Why Care?
Easier to implement– Plain text, XML
More secure– Plain text header for filtering, firewalls
– Specifies only from, to, managed resource, and action
– Contents may be encrypted– Properties and values
– Security protocols may be layered onto base
CTO Office - Standards & System Management Architecture 12
Why Care (cont'd)?
Can mix and match protocol components to meet special needs– Pieced together from "composable" protocols
– Optional add-in features, separate specs, orthogonal
– If you need more function, just add new headers and messages
– E.g., atomic transactions
CTO Office - Standards & System Management Architecture 13
WS-Managementvs SNMP
Aspect SNMP WS-Management
Introduced 1990 2004; DMTF version 2006
Reliability UDP connectionless protocol, timeout on packet losses, retry
HTTP(S)/TCP connection-oriented, retransmits
Security v1, v2: plain-text password
v3: encrypted (but not widely implemented)
HTTPS server authentication to client; encrypted client authentication to server
Privacy v1, v2: no encryption HTTPS, certificate-based
Public Standards many IETF RFCs for protocols and management data
DMTF specs for WS-Management protocol and CIM-based management data
Extensibility of data Many private MIBs. IETF RFCs take years to update
DMTF produces an updated CIM version every quarter
Extensibility of protocol v1: 1990v2: 1996v3: 2002
Dozens of WS-* protocol extensions from W3C, WS-I, OASIS, et al.
CTO Office - Standards & System Management Architecture 14
Conclusion: Monitoring vs Management SNMP
– Good for monitoring, not good for management– Okay on devices that support SNMPv3 or special
authentication mechanisms
WS – Good for monitoring and for management
– Secure and private communications
CTO Office - Standards & System Management Architecture 15
WS-Management
WS protocol (suite) Originally from Microsoft, Intel, CA, BMC, Dell, et al. Being worked on in DMTF WG, in a subgroup of WIP
– WIP = WBEM Infrastructure & Protocols WG of DMTF
Not CIM-based per se– Could use any data model
– Everyone wants to use CIM (Common Information Model from DMTF)
– Current specs use WS-Man on CIM-based data
CTO Office - Standards & System Management Architecture 16
WS-Management Components Protocol
– WS-Addressing (endpoint references to resources)
– SOAP (envelope structure)
– WS-Transfer (get, put)
– WS-Enumeration (enumerate, pull)
– WS-Eventing (subscribe, unsubscribe)
Data definition and use– WS-Management CIM Binding
– WS-CIM XML representation of CIM Schema
CTO Office - Standards & System Management Architecture 17
WS-Man Heavily Adopted New transport protocol for DMTF CIM data Required by DASH (DMWG), SMASH (SMWG) Being implemented in out-of-band management
controller chips, NICs, graphics chipsets, etc. Implemented in Windows to access WMI data Implementations being developed in Linux for
OpenWBEM and OpenPegasus CIMOMs Will be in every desktop, laptop, server, and OS
– And peripheral devices soon after
CTO Office - Standards & System Management Architecture 18
Whoa! More Acronyms
DASH = Desktop and Mobile Architecture for System Hardware (DMTF initiative)
SMASH = Systems Management Architecture for Server Hardware (DMTF initiative)
DMWG = Desktop & Mobile Working Group (of DMTF) SMWG = Server Management Working Group (of
DMTF) CIMOM = CIM Object Manager WMI = Windows Management Interface
CTO Office - Standards & System Management Architecture 19
Questions?
CTO Office - Standards & System Management Architecture 20
Backup
CTO Office - Standards & System Management Architecture 21
Compare: Reliability
SNMP uses UDP– Connectionless, packets can get lost
– Application manually times out & retries
Web services usually use HTTP/HTTPS on TCP– Connection oriented, TCP transmits reliably
CTO Office - Standards & System Management Architecture 22
Compare: Authentication SNMP
– v1 and v2 passwords (community names) transmitted in plaintext, subject to snooping
– v3 encrypted but not (yet) widely implemented
– Special sequences often invented: challenge-response, specific to device
WS– If HTTPS, server authenticates to client with certificate
– Wide variety of client authentication schemes defined: Basic, Digest, Mutual, spnego-Kerberos
CTO Office - Standards & System Management Architecture 23
Compare: Privacy
SNMP – v1 and v2 transmitted in plaintext
– v3 encrypted but not (yet) widely implemented
WS– Usually transmitted on HTTP/HTTPS
– On HTTPS, message encrypted with SSL/TLS
– On HTTP, the message body can be encrypted separately– Everything but the address and the operation (Get, Put,
Enumerate, Subscribe, etc.)
CTO Office - Standards & System Management Architecture 24
Compare: Use on Corporate Networks SNMP
– SNMP often forbidden on corporate networks, blocked by routers and firewalls
– Sometimes limited to read-only– Monitoring only, no configuration management
WS– HTTP/HTTPS always permitted on corporate networks,
usually passes firewalls
CTO Office - Standards & System Management Architecture 25
Compare: Ease of Learning SNMP
– Binary, heavily encoded (ASN.1 Binary Encoding Rules)
WS– Encoded in XML plaintext
– Protocol described by XML schema
CTO Office - Standards & System Management Architecture 26
Compare: Organization of Data SNMP
– Database called Management Information Base (MIB)
– Most data in rectangular tables– row=instance, column=property
– Data identified by long, hierarchical number strings– Object IDentifiers (OIDs)
– The system contact person string is 1.3.6.1.2.1.1.4.0
– 1(iso).3(org).6(dod).1(internet).2(management).1(mib-2).1(system).4(sysContact).0(scalar)
WS
– Data named as XML elements or attributes– <CIM_ComputerSystem>.<PrimaryOwnerContact> is the system
contact person string
CTO Office - Standards & System Management Architecture 27
Compare: Extensibility of Data SNMP
– Many companies define private MIBs as extensions of public data
– Private data tends to stay private
– IETF approval cycle for MIBs and revisions is years long
WS– Many companies define private classes and profiles as
extensions of the public data
– Companies try to standardize any data worth sharing
– DMTF updates the CIM Schema version quarterly
CTO Office - Standards & System Management Architecture 28
Compare: Extensibility of Protocol SNMP
– Average time between protocol versions = 6 years
WS– Web service protocols extended by adding new elements
to the XML
– Dozens of such extensions defined– WS-Transfer, WS-Enumeration, WS-Eventing, all used by
WS-Management
– WS-Security, WS-Policy, WS-Transaction, etc.
CTO Office - Standards & System Management Architecture 29
Compare: Asynchronous Notification SNMP
– SNMP "traps" sent over UDP (not reliable)
– List of IP addresses to send to
– No filtering: everyone gets everything
– Subscription mechanism out-of-band
WS (WS-Management specific)– Client subscribes to stream of event notices
– Event notices sent over TCP
– Several modes of delivery, including requiring ACK
CTO Office - Standards & System Management Architecture 30
WS Composed Protocols
WS-Addressing (endpoint references) SOAP (envelope structure) WS-Transfer (get, put) WS-Enumeration (enumerate, pull) WS-Eventing (subscribe, unsubscribe) WS-Security (authenticate) Etc.
CTO Office - Standards & System Management Architecture 31
WS-Man Operations
Protocol operation specifies request and response Target: resource instance
– Create, Delete– Get, Put (properties of an instance)
Target: collection of instances– Enumerate (get handle), Release (handle)– Pull (instances)
Target: event streams– Subscribe, GetStatus, Renew, Unsubscribe– Pull (collections of events)
– Normal mode is push from service to client
– Ack– Etc.
CTO Office - Standards & System Management Architecture 32
WS-Man Example Message
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsman="http://schemas.xmlsoap.org/ws/2005/02/management">
<env:Header>
<wsa:To>http://<IP address of server>:<port>/wsman?ResourceURI=(http://schemas.dmtf.org/wsman/2005/02/cimv2.9/CIM_ComputerSystem) </wsa:To>
<wsa:ReplyTo> <wsa:Address env:mustUnderstand="true"> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous </wsa:Address> </wsa:ReplyTo>
<wsa:Action env:mustUnderstand="true"> http://schemas.xmlsoap.org/ws/2004/09/transfer/Get </wsa:Action>
<wsman:MaxEnvelopeSize env:mustUnderstand="true"> 51200 </wsman:MaxEnvelopeSize>
<wsa:MessageID>uuid:20CBF75C-008E-4C68-AA14-F3EB9D94E617</wsa:MessageID>
<wsman:SelectorSet>
<wsman:Selector Name="CreationClassName"> ComputerSystem </wsman:Selector>
<wsman:Selector Name="Name"> IPMI%20Controller%2032 </wsman:Selector>
</wsman:SelectorSet>
<wsman:OperationTimeout>PT60.000S</wsman:OperationTimeout>
</env:Header>
<env:Body></env:Body></env:Envelope>
CTO Office - Standards & System Management Architecture 33
Process of Discovery
Find a node (S.E.P.) Find WS-Man service(s) on that node (S.E.P.)
– Sticky point recently, general problem– One system may have multiple agents, OR
– Multiple nodes with agents need to be correlated
Read catalog to get resource classes (ResourceURIs) Enumerate resource instances of resource classes
(Selectors) Get or Put to a resource instance
CTO Office - Standards & System Management Architecture 34
Discovery of Multiple MAPs
Top Related