1 / 17

POWER Prototype : Towards Integrated Policy-based Management

POWER Prototype : Towards Integrated Policy-based Management. Mi-Joung Choi mjchoi@postech.ac.kr DP&NM. ( 1 ). Contents. Introduction Issues and Design objectives Prerequisite concepts Architecture

andie
Download Presentation

POWER Prototype : Towards Integrated Policy-based Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. POWER Prototype : TowardsIntegrated Policy-based Management Mi-Joung Choi mjchoi@postech.ac.kr DP&NM (1)

  2. Contents • Introduction • Issues and Design objectives • Prerequisite concepts • Architecture • PTL, ISM, PWE, GUI, Deployable policies database, Device mapper, Expert policy writer, Policy deployer • Implementation • Summary & Future work • References

  3. Introduction • A policy-based management system is useful • Only discussed in the literature, but not realized • POlicy Wizard Engine forRefinement • an integrated policy authoring environment developed as a realization of the policy concepts • POWER prototype : demonstrate a way towards making policy-based management system a reality in practice • Find a solution for the problem of transforming an abstract policy to implementable configuration

  4. Issues and Design objectives • Issues • Have deep understanding of both the business level policy and domain specific knowledge such as security or network QoS • Construct a policy by using accurate syntax in addition to having precise semantics • Design objectives • The business-driven policy maker should be shielded from the need to have deep domain-specific technical knowledge • Using the same system, a business level(abstract) policy can be expressed as easily as the device level(configuration) policy

  5. Prerequisite Concepts • Policy : the constraints and preferences on the state of a system • Refinement consists of two aspects • refinement of policy context by making constraints more specific • refinement of objects used in the policy • Identifying the user category : Expert & Consultant • Expert : the person with deep domain specific knowledge • Consultant : the person with deep knowledge of business • ISM (Information and System Model) • All policy related information is modeled and stored • Models objects and their relationships - hierarchical inheritance or associations

  6. Managed System Architecture Expert Policy Writer Graphical User Interface Policy Wizard Engine Policy Template Library Information & System Model Deployable Policy Policy Deployer Device Mapper

  7. Policy Template Library (PTL) • Store a generic policy description that provide information about its refinement to the Policy Wizard Engine • A collection of policy template created by the expert • Components • Policy Statement : the description of the policy • Policy Context : the description of contextual constraints within which the policy will operate • Informational components : provide extra information to the policy user • Procedural components : embedded process instruction used to drive the “refinement flow” (Ex) People can carry out some operation on specific information.  Engineers cam add entry in a database that belongs to the department.

  8. Object belongs to User Organization Information employee retiree department project file Web-page Association : “user belongs to department” Information and System Model • Implemented using Common Information Model (CIM) • Implemented as a set of Prolog statements < Example of object hierarchy and object associations >

  9. Policy Wizard Engine (PWE) • The heart of the Policy Authoring Environment • Combination of : • A Prolog inference engine • An interpreter that manipulates a policy template according to the embedded information, provide support to the GUI • A module that interacts with the ISM using a defined API • A module that deals with “deployable policies”

  10. PWE - cont’d • Refinement process of PWE • Load policy template from the library • Select a relevant template through the use of a GUI • Interpret the embedded information in the template • Guide the consultant the refinement process • An abstract policy, objects can be made more specific through the selection of its subclass • Legitimate additional constraints can be included as contextual information • Save the policy either for further refinement or for it to be used in deployment

  11. Deployable Policies Database • Deployable only when, through the use of the ISM, a set of real world system objects can be found and for which configuration specified • The system stores those policies in order to perform two activities: • to be uploaded by the “Policy Deployer” and be deployed • to be available to the consultant or other system modules for further manipulations • Have hooks to the real world by referring to entities described in the “Information System Model”

  12. Device Mapper • Transforms the information stored in the refinement policy into configuration details • Using the information contained in the ISM to convert from a policy description in the form of a policy statement and context containing variables into a series of a system specific function calls (Ex) Access control configuration : represent the relationships between users, operations and resource objects that are to be secured

  13. Other Components • GUI : Hides the low-level policy details, Presents an easy and simplified way to a consultant to access system functionality • Expert Policy Writer : For the experts to need a good authoring environment in order to create policy templates • Policy deployer : Policy Distributor

  14. Implementation : Prototype • Create by hand • a set of policy templates which are accessible by the PWE • an information base to represent the data in the ISM containing hierarchies of classes of objects and associations of objects • Provide following functions to the consultant via the GUI : • Select policy template set using either keyword combinations or policy categories • Refine through object subclass selection suggested by the PWE • Refine the context suggested by the PWE • Construct another policy from template or ask the system to “deploy” • Output in the form of a configuration file (Deployable Policies)

  15. Summary &future work • Integrate policy refinement with policy-based configuration generation • Objectives - “multi-use view” using the separation of responsibility for “expert” and “consultant” and enabling easy policy authoring, - the exploitation of prevailing modeling paradigm to enable policy refinement • Implement the missing components in the architecture • Additional functionality in the PTL & PWE • Additional modules to the architecture • consistency and conflict analysis • meta-policies management

  16. Policies LDAP Policy Directory Policy Management Tools Policy Server Policy Server Policy Policy Policy Policy Current PBMS Graphical User Interface

  17. References • M. Casassa Mont, A. Baldwin, G. Goh, “POWER Prototype : Towards Integrated Policy-Based Management ,” NOMS 2000 Review, 1999. • M. Sloman, “Policy Driven Management for Distributed Systems,” Journal of Network and Systems Management, Plenum Press. Vol.2 No.4, 1994, pp333-60.

More Related