using the script mib for policy based configuration
play

Using the Script MIB for Policy-based Configuration Management T. - PowerPoint PPT Presentation

Feb 02, 2023 •201 likes •448 views

Using the Script MIB for Policy-based Configuration Management Page 1 Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner, P. Martinez, J. Sch onw alder, F. Strau J. Quittek Computer

  1. Using the Script MIB for Policy-based Configuration Management Page 1 Using the Script MIB for Policy-based Configuration Management T. Klie, S. Mertens, M. Brunner, P. Martinez, J. Sch¨ onw¨ alder, F. Strauß J. Quittek Computer Science Department Network Laboratories Technical University Braunschweig NEC Europe Ltd. M¨ uhlenpfordtstr. 23 Adenauerplatz 6 38106 Braunschweig 69115 Heidelberg Germany Germany { schoenw,strauss } @ibr.cs.tu-bs.de { brunner,quittek } @ccrle.nec.de jasmin-team@ibr.cs.tu-bs.de F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  2. Using the Script MIB for Policy-based Configuration Management Page 2 Outline 1. IETF Management-by-Delegation Architecture • The Script MIB • Jasmin : A Script MIB Implementation 2. IETF Policy Framework 3. Script MIB-based Policy Management • Policies as Programs • Policies as Objects 4. Conclusion F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  3. Using the Script MIB for Policy-based Configuration Management Page 3 The Traditional Manager/Agent Architecture Manager Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  4. Using the Script MIB for Policy-based Configuration Management Page 4 The IETF Management by Delegation (MbD) Architecture (I) Higher−Level Manager Monitoring & Control (SNMP) Distributed Manager (Executing Scripts) Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  5. Using the Script MIB for Policy-based Configuration Management Page 5 The IETF Management by Delegation (MbD) Architecture (II) Higher−Level Manager Script Upload Monitoring & Control Script Repository (SNMP) Script Download Distributed Manager (SNMP, FTP, HTTP, ...) (Executing Scripts) Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  6. Using the Script MIB for Policy-based Configuration Management Page 6 What the IETF Script MIB Specifies Higher−Level Manager Script Upload Monitoring & Control Script Repository (SNMP) Script Download Distributed Manager (SNMP, FTP, HTTP, ...) (Executing Scripts) Configuration & Monitoring (SNMP, ...) Management Agent (Managed Objects) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  7. Using the Script MIB for Policy-based Configuration Management Page 7 The IETF DISMAN Script MIB • Designed and standardized by the IETF Distributed Management (DISMAN) Working Group • First Proposed Standard: RFC 2592, May 1999 • Updated Proposed Standard: RFC 3165, August 2001 • Supported functions: – Information on supported script languages and extensions – Transfer of scripts to a distributed manager – Control execution of management scripts – Retrieve results from management scripts • Security based on: – SNMPv3 security (USM and VACM) – Script runtime engine security models (sandbox) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  8. Using the Script MIB for Policy-based Configuration Management Page 8 The Jasmin Project • Joint project (1998 – 2001): – Technical University of Braunschweig – Network Laboratories, NEC Europe Ltd. • Goals of the project: – Evaluate and enhance the Script MIB Standard – Provide a proto-type implementation – Study use-cases and develop supporting tools • Primary outcome of the project: – a flexible open source Script MIB agent implementation – supporting various runtime engines (currently Java, Tcl, Perl) via the Script MIB Extensibility Protocol (SMX), RFC 3179 • In 2000 demand for policy-based configuration management increased → How could the Script MIB support this? F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  9. Using the Script MIB for Policy-based Configuration Management Page 9 Policy-based Configuration Management • Motivation: – Traditional management of individual device-specific configurations is ∗ complex and error-prone (different vendors means different ways) ∗ too static (state configuration, no behavior configuration) – The general policies behind those configurations are often simple • Consequence: – Let the administrator configure just those policies – PBMS supports automated enforcement of the policies F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  10. Using the Script MIB for Policy-based Configuration Management Page 10 General Concept of Policies • A Policy is represented by a number of Rules • Each rule consists of a Condition and an Action • The evaluation of a rule is triggered by an Event on < event(s) > if < condition > do < action(s) > Approaches to express policies: • Specific policy definition language, e.g. PONDER • Traditional programming language & language extension for policies • Policy Core Information Model (PCIM) An infrastructure is required: • Policies must be distributed over the network • Policies must be interpreted • Managed devices must be configurable F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  11. Using the Script MIB for Policy-based Configuration Management Page 11 The IETF Policy-based Management Framework Policy Management Application Policy Upload Monitoring & Control Policy Repository Policy Download Policy Decision Point (PDP) Configuration & Monitoring (HTTP, CLI, COPS−PR, SNMP, ...) Policy Enforcement Point (PEP) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  12. Using the Script MIB for Policy-based Configuration Management Page 12 The IETF Policy-based Management Framework Policy Management Application Policy Upload Monitoring & Control Policy Repository Policy Download Policy Decision Point (PDP) Configuration & Monitoring (HTTP, CLI, COPS−PR, SNMP, ...) Policy Enforcement Déjà vu? Point (PEP) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  13. Using the Script MIB for Policy-based Configuration Management Page 13 Management-by-Delegation vs. Policy-based Management Higher−Level Policy Management Manager Application Policy Upload Script Upload Monitoring & Control Monitoring & Control Script Repository Policy Repository (SNMP) Script Download Policy Download Distributed Manager Policy Decision (SNMP, FTP, HTTP, ...) (Executing Scripts) Point (PDP) Configuration & Monitoring Configuration & Monitoring (SNMP, ...) (HTTP, CLI, COPS−PR, SNMP, ...) Management Agent Policy Enforcement (Managed Objects) Point (PEP) F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  14. Using the Script MIB for Policy-based Configuration Management Page 14 Architecture of the Jasmin Policy-based Management System Policy Manager / Higher−Level Manager Policy / Script Repository Policy Management Application Policy DB for agent to construct communication policies Script MIB Policy Web Server Access Library Class Library SNMP HTTP or FTP Script SNMP, MIB COPS−PR, Script MIB Runtime Engine Network SSH+CLI, Agent etc. Elements Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  15. Using the Script MIB for Policy-based Configuration Management Page 15 Architecture of the Jasmin Policy-based Management System Policy Manager / Higher−Level Manager Policy / Script Repository Policy Management Application Policy DB for agent to construct communication policies Script MIB Policy Web Server Access Library Class Library SNMP HTTP or FTP Script SNMP, MIB COPS−PR, Script MIB Runtime Engine ? Network SSH+CLI, Agent etc. Elements Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  16. Using the Script MIB for Policy-based Configuration Management Page 16 Different Levels of PDP Distribution Policy Policy Policy Manager Manager Manager PDP P P P P P PDP PDP D D D D D P P P P P P P P P P P P P P P P P P P P E E E E E E E E E E E E E E E P P P P P P P P P P P P P P P (a) centralized (b) weakly distributed (c) strongly distributed F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

  17. Using the Script MIB for Policy-based Configuration Management Page 17 Architecture of the Jasmin Policy-based Management System Policy Manager / Higher−Level Manager Policy / Script Repository Policy Management Application Policy DB for agent to construct communication policies Script MIB Policy Web Server Access Library Class Library SNMP HTTP or FTP Script SNMP, MIB COPS−PR, Script MIB Runtime Engine Network SSH+CLI, Agent etc. Elements Policy Decision Point / Distributed Manager Policy Enforcement Points / Agents F. Strauß, TU Braunschweig NOMS’2002 Florence, 17-Apr-2002

Recommend

The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau

The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau

The Jasmin Script MIB Implementation and its Use for Policy-based Management Page 1 The Jasmin Script MIB Implementation and its Use for Policy-based Management Frank Strau Institute of Operating Systems and Computer Networks Technical

213 views • 18 slides
Negotiator Negotiator Policy Policy and and Configuration Configuration Greg Thain HTCondor

Negotiator Negotiator Policy Policy and and Configuration Configuration Greg Thain HTCondor

Negotiator Negotiator Policy Policy and and Configuration Configuration Greg Thain HTCondor Week 2018 Agenda Understand role of negotiator Learn how priorities work Learn how quotas work Encourage thought about possible

1.03k views • 78 slides
Configuration management Configuration management Configuration management Configuration

Configuration management Configuration management Configuration management Configuration

Configuration management Configuration management Configuration management Configuration management Configuration management Field of management that focuses on establishing and maintaining consistency of a systems attributes

647 views • 6 slides
Class Unity scripts Rotate cube script Counter + collision script Sound script

Class Unity scripts Rotate cube script Counter + collision script Sound script

Class Unity scripts Rotate cube script Counter + collision script Sound script Materials script / mouse button input Add Force script Key and Button input script Particle script / button input Instantiate

603 views • 14 slides
Augeas a configuration API Raphal Pinson Configuration Management Sitewide configuration

Augeas a configuration API Raphal Pinson Configuration Management Sitewide configuration

Augeas a configuration API Raphal Pinson Configuration Management Sitewide configuration Local configuration Editing of Configuration Data (1) Keyhole approaches (2) Greenfield approaches (3) Templating Missing pieces Handle

831 views • 61 slides
Script Sacred Heart Primary School Can of kids video presentation SAFETY SCRIPT Hannah

Script Sacred Heart Primary School Can of kids video presentation SAFETY SCRIPT Hannah

Script Sacred Heart Primary School Can of kids video presentation SAFETY SCRIPT Hannah So everyone, based on the research that we gathered at our discussion day, do kids feel safe in their community? Austin Yes, they do, but they also

350 views • 10 slides
Agent based auto-configuration of OSPF networks Visa Holopainen visa.holopainen@tkk.fi

Agent based auto-configuration of OSPF networks Visa Holopainen visa.holopainen@tkk.fi

Agent based auto-configuration of OSPF networks Visa Holopainen visa.holopainen@tkk.fi S-38.4030 Postgraduate 04/12/2007 Course on Networking Technology Problem About 30% - 50% of network outages are caused by configuration error (The

241 views • 22 slides
Andromeda: XSS Accurate and Scalable Security Attackers evil script Analysis of Web

Andromeda: XSS Accurate and Scalable Security Attackers evil script Analysis of Web

Andromeda: XSS Accurate and Scalable Security Attackers evil script Analysis of Web Applications Web Application &lt;SCRIPT&gt;...&lt;/SCRIPT&gt; Attackers evil script executed using victims credentials Omer Tripp Marco

410 views • 6 slides
A script is a .COD file that resides within your database structure, typically within your

A script is a .COD file that resides within your database structure, typically within your

A script is a .COD file that resides within your database structure, typically within your Scripts folder? A script can do many things, but to summarize it. A script makes mass changes to ITM files. These changes could

398 views • 23 slides
ANNEX D The Script of the Presentations by the Chinese Delegation at the ARF Security Policy

ANNEX D The Script of the Presentations by the Chinese Delegation at the ARF Security Policy

ANNEX D The Script of the Presentations by the Chinese Delegation at the ARF Security Policy Conference 2014 8 th June, 2014 1. On Regional and International Security Situation It is indeed a pleasure for the Chinese delegation to come to the

469 views • 7 slides
EPiServer och Configuration Management EPiServer och Configuration Management Configuration

EPiServer och Configuration Management EPiServer och Configuration Management Configuration

EPiServer och Configuration Management EPiServer och Configuration Management Configuration Management in general Tools we use SCM Structure of folder and project Web.config Tips about Project Files and Assembly references 2 CM Tools used

347 views • 20 slides
DHCP Based Configuration of Mobile Node from Home Network Hui. Deng [China Mobile] Basic Idea

DHCP Based Configuration of Mobile Node from Home Network Hui. Deng [China Mobile] Basic Idea

DHCP Based Configuration of Mobile Node from Home Network Hui. Deng [China Mobile] Basic Idea providing the host configuration parameters needed for network service from home network based on DHCPINFORM. Mobile IP specification could

441 views • 21 slides
Script Supervisor Introduction About Me I trained on About Time with a script supervisor

Script Supervisor Introduction About Me I trained on About Time with a script supervisor

Script Supervisor Introduction About Me I trained on About Time with a script supervisor called Zoe Morgan Had no previous FILM/TV experience Contacted the Line Producer to ask if I could do some work experience In at the deep

1.58k views • 23 slides
BBB AMBASSADOR PRESENTATION SCRIPT *You are not required to read the provided script verbatim.

BBB AMBASSADOR PRESENTATION SCRIPT *You are not required to read the provided script verbatim.

BBB AMBASSADOR PRESENTATION SCRIPT *You are not required to read the provided script verbatim. Have your teacher/supervisor tally the total number of your peers in the audience. SLIDE 1 - AMBASSADOR INTRODUCTION Share who you are and why

280 views • 9 slides
Script for 10 Things PIs Need to Know video module View Script 1 You got a grant! 2

Script for 10 Things PIs Need to Know video module View Script 1 You got a grant! 2

Script for 10 Things PIs Need to Know video module View Script 1 You got a grant! 2 [animation money bag appears] [SFX: bag of coins hitting the ground] 3 Now what? 4 here are the top 10 things PIs need to know 5 Lets get

161 views • 3 slides
What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command

What is Bash Shell Scripting? A shell script is a script written for the shell, or command line interpreter, of an operating system. The shell is often considered a simple domain-specific programming language . Typical operations

802 views • 15 slides
EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and

EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and

Overview Our Approach Evaluations Conclusion EXTERIOR: Using A Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery Yangchun Fu , Zhiqiang Lin Department of Computer Science The University of Texas at Dallas

559 views • 39 slides
Ensemble Classifier based Approach for Code-Mixed Cross-Script Question Classification Team :

Ensemble Classifier based Approach for Code-Mixed Cross-Script Question Classification Team :

Ensemble Classifier based Approach for Code-Mixed Cross-Script Question Classification Team : IINTU Debjyoti Bhattacharjee Paheli Bhattacharya Scho hool ol of of Com omput puter er Scienc nce e and Dept ptar artmen tment of of Com

385 views • 22 slides
Configuration Space II Sung-Eui Yoon ( ) Course URL:

Configuration Space II Sung-Eui Yoon ( ) Course URL:

Configuration Space II Sung-Eui Yoon ( ) Course URL: http://sglab.kaist.ac.kr/~sungeui/MPA Class Objectives Configuration space Definitions and examples Obstacles Paths Metrics 2 Configuration Space

618 views • 30 slides
An Introduction to Php for Web API Principle of server side script WEB Client WEB SERVER html

An Introduction to Php for Web API Principle of server side script WEB Client WEB SERVER html

An Introduction to Php for Web API Principle of server side script WEB Client WEB SERVER html document SCRIPT HTTP SCRIPT Script engine Pages are generated by a program A html document at the server side includes the code to be

741 views • 72 slides
101 PRESENTATION SCRIPT Speaking Notes from Living Well Now: Practice this script at least 5 times

101 PRESENTATION SCRIPT Speaking Notes from Living Well Now: Practice this script at least 5 times

101 PRESENTATION SCRIPT Speaking Notes from Living Well Now: Practice this script at least 5 times to make it sound like YOU! Add your stories and testimonials from others-2 stories per product at most. (Compliant descriptions can be found in the

300 views • 13 slides
SUSE Cloud 8 CLM Overview Input Model and Configuration Processor Configuration Processing Flow

SUSE Cloud 8 CLM Overview Input Model and Configuration Processor Configuration Processing Flow

SUSE Cloud 8 CLM Overview Input Model and Configuration Processor Configuration Processing Flow Key Build Artifacts Ansible Playbooks Ardana release Configuration file templates Generated Customer Examples Service Edit Definitions

108 views • 10 slides
LATIN-NASTALIQUE SCRIPT CLASSIFICATION SYSTEM Presenter: Muhammad Usman Ghani Latin script is

LATIN-NASTALIQUE SCRIPT CLASSIFICATION SYSTEM Presenter: Muhammad Usman Ghani Latin script is

LATIN-NASTALIQUE SCRIPT CLASSIFICATION SYSTEM Presenter: Muhammad Usman Ghani Latin script is also used for terminology illustration or other purposes in Urdu books and Magazines. The script detection system isolates Nastalique and Latin

342 views • 12 slides
Configuration 2 What system configuration does zsim simulate? Type and number of cores,

Configuration 2 What system configuration does zsim simulate? Type and number of cores,

MICRO 2015 Waikiki, Hawaii 5 Dec 2015 ZS IM T UTORIAL Configuration and Stats Configuration 2 What system configuration does zsim simulate? Type and number of cores, caches, how different components are connected to each other.

560 views • 22 slides

More recommend