多种业务环境中策略管理框架的研究
|
摘要
业务环境是商业组织开展业务活动的计算机网络环境,是由众多支持不同技术、不同品牌型号的网络设备组成的。若采用传统的网络管理系统来管理这种复杂的业务环境,网络管理员需要逐一的配置网络设备、掌握大量相关的技术、学习网络设备的配置等,耗费大量的时间、人力和物力。不仅如此,传统的网络管理软件难以快速地、一致地配置网络和及时地、动态地改变网络行为,更无法满足业务环境繁复的业务需求。
本文采用了基于策略的网络管理(Policy-Policy-Based Network Management)技术来解决设备异构型网络和业务需求结合所产生的上述业务环境管理难题。本文首先从IETF定义的策略管理框架标准着手,论述了该框架的四个组件,策略管理工具、策略存储库、策略决策点和策略执行点的功能以及它们之间的通信协议。接着分析了企业内联网、企业外联网、互联网接入提供商、应用服务提供商四种具有广泛代表性的典型业务环境的业务需求,网络技术、网络设备以及网络拓扑结构等特点,从而抽取出高级、中级和低级三种策略,再对被管设备、业务需求、策略进行建模,然后将IETF的策略管理框架和具体的业务环境相结合,完成了四种业务环境PBNM系统的策略管理框架设计。
最后本文将企业内联网业务环境的对象模型映射到企业内联网PBNML系统的LDAP目录服务器中,接着根据前面设计的企业内联网PBNM系统的策略管理框架,编码实现了企业内联网PBNM系统。
Business environment is a type of computer network which consists of many kinds of network device that support different network technologies and by which business organizations operate theire business activities. To manage such a complex business environment, the traditional network management system meets many problems. For example, network administrator must acquire network technologies, learn device configuring and have to configurate devices one by one, which spend much time, manpower, and money. The traditional network management system can't configrate network quickly and consistently and change behavior of network dynamicly and in time. The effect of the traditional network management system can't meet the business requirements of business environments finally.
This paper makes use of policy-based network management (PBNM) technology to resolve the business environments management problems by which are brought on by the combination between device-heterogeneous network and buseness requirements. At first, this paper introduces the IETF policy framework standard. Describe four basic components, that is, policy management tool (PMT), policy repository, policy decision point (PDP), policy enforcement point (PEP) and policy protocols which are used for communication between the components. Secondly analyse the business requirements, network tehnologies, network devices and network topologies of four classic organizations-enterprise intranet, enterprise extranet, internet service provider (ISP) and application service provider (ASP), and then from these characteristics abstract high-level policy, middle-level policy and low-level policy, and contract managed object models, policy models and other models of four business environments. Thirdly consider the context of four business environments, design the policy frameworks for PBNM system four business environments based on IETF policy framework.
Finally, map object models to light directory access protocol (LDAP) directory system. Then, implement a PBNM system based on the policy framework for enterprise intranet.
本文采用了基于策略的网络管理(Policy-Policy-Based Network Management)技术来解决设备异构型网络和业务需求结合所产生的上述业务环境管理难题。本文首先从IETF定义的策略管理框架标准着手,论述了该框架的四个组件,策略管理工具、策略存储库、策略决策点和策略执行点的功能以及它们之间的通信协议。接着分析了企业内联网、企业外联网、互联网接入提供商、应用服务提供商四种具有广泛代表性的典型业务环境的业务需求,网络技术、网络设备以及网络拓扑结构等特点,从而抽取出高级、中级和低级三种策略,再对被管设备、业务需求、策略进行建模,然后将IETF的策略管理框架和具体的业务环境相结合,完成了四种业务环境PBNM系统的策略管理框架设计。
最后本文将企业内联网业务环境的对象模型映射到企业内联网PBNML系统的LDAP目录服务器中,接着根据前面设计的企业内联网PBNM系统的策略管理框架,编码实现了企业内联网PBNM系统。
Business environment is a type of computer network which consists of many kinds of network device that support different network technologies and by which business organizations operate theire business activities. To manage such a complex business environment, the traditional network management system meets many problems. For example, network administrator must acquire network technologies, learn device configuring and have to configurate devices one by one, which spend much time, manpower, and money. The traditional network management system can't configrate network quickly and consistently and change behavior of network dynamicly and in time. The effect of the traditional network management system can't meet the business requirements of business environments finally.
This paper makes use of policy-based network management (PBNM) technology to resolve the business environments management problems by which are brought on by the combination between device-heterogeneous network and buseness requirements. At first, this paper introduces the IETF policy framework standard. Describe four basic components, that is, policy management tool (PMT), policy repository, policy decision point (PDP), policy enforcement point (PEP) and policy protocols which are used for communication between the components. Secondly analyse the business requirements, network tehnologies, network devices and network topologies of four classic organizations-enterprise intranet, enterprise extranet, internet service provider (ISP) and application service provider (ASP), and then from these characteristics abstract high-level policy, middle-level policy and low-level policy, and contract managed object models, policy models and other models of four business environments. Thirdly consider the context of four business environments, design the policy frameworks for PBNM system four business environments based on IETF policy framework.
Finally, map object models to light directory access protocol (LDAP) directory system. Then, implement a PBNM system based on the policy framework for enterprise intranet.
引文
1. Moms S. Sloman. Policy Driven Management for Distributed Systems. Journal of Network and Systems Management. 1994. Vol.2, No. 4
2. Nigel Sheridan-Smith. A Distributed Policy-based Network Management (PBNM) system for Enriched Experience Networks. University of Technology, Sydney Faculty of Engineering. Doctoral Paper. 2003
3. J. Hodges, R. Morgan. Lightweight Directory Access Protocol (v3): Technical Specification. IETF RFC 3377. September 2002
4. D. Durham, J. Boyle, R. Cohen. The COPS (Common Open Policy Service) Protocol. IETF RFC 2748. January 2000
5. John Strassner. Directory Enabled Networks. New Riders. 1999
6. Common Information Model (CIM) Specification Version 2.2. DMTF. June 14, 1999
7. B. Moore, E. Ellesson, J. Strassner. Policy Core Information Model. IETF RFC 3060. February 2001
8. Damianou, N.Dulay, N.Lupu. The Ponder Policy Specification Language. Second IEEE
9. Lobo. J, Bhatia. R Naqvi. S. A Policy Description Language. Proc of the 16~(th) National Conference of Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence. California USA. AAAI press. 1999.
10. F. Barrere, A. Benzekri, F. Grasset, R. Laborde. A Multi-Domain Security Policy Distribution Architecture for Dynamic IP Based VPN Management. Third IEEE International Workshop on Policies for Distributed Systems and Networks. 2002
11. M. Devarakonda, J. Gelb, A. Saha, J. Strickland. A Policy-Based Storage Management Framework. Third IEEE International Workshop on Policies for Distributed Systems and Networks. 2002
12. L. Lymberopoulos, E. Lupu、 M. Sloman. An Adaptive Policy Based Management Framework for Differentiated Services Networks. Third IEEE International Workshop on Policies for Distributed Systems and Networks. 2002
13. Lisandro Zambencdetti Granville, Leandro Vaguetti. A PBNM System for Integrated QoS and Multicast Management. Fourth IEEE International Workshop on Policies for Distributed Systems and Networks.2003
14. Positif Project, www.positif.org
15. Dinesh C. Venna. Policy-Based Networking Architecture and Algorithms. New Riders Publishing. November, 2000
16. John Strassner. Policy-Based Network Management-Solution for the Next Generation. Morgan Kaufmann Publisher. 2004
17. J. Strassner, B. Moore, R. Moats, E. Ellesson. Policy Core Lightweight Directory Access Protocol (LDAP) Schema. IETF RFC 3703. 2001
18. K. Kompella, J. Lang. Procedures for Modifying the Resource ReSerVation Protocol (RSVP). IETF RFC 3926. October 2004
19. Allan Heydon, Mark W. Maimone, J. D. Tygar, Jeannette M. Wing and Amy Moormann Zaremski. Visual Specification of Security. IEEE Transactions on Software Engineering. 1990. VOL.16. NO. 10
20. Andreas Pilz. "Policy-Maker", a Toolkit for Policy-Based Security Management. Institute for Data Processing, TU Munchen. 2003
21. Vladimir Tosic. Policy-Based Management Overview. Carleton University Department of Systems and Computer Engineering. 2003
22. John E.Dobson, John A.McDennid. A Framework for Expressing Models of Security Policy. IEEE. 1989
23. R. Yavatkar, D. Pendarakis, R. Guerin, A Framework for Policy-Based Admission Control. IETF RFC 2753. 2000
24. A. Westerinen, J. Schnizlein, J. Strassner, Tenninology for Policy-Based Management. IETF RFC 3198. 2001
25. William Stallings. SNMP, SNMPv2, SNMP3, and RMON 1 and 2. Addison Wesley. ISBN 0201485346. 1999
26. J. Bums, A. Cheng, P. Gurung. Automatic Management of Network Security Policy. IEEE. 2001.
27. International Workshop on Policies for Distributed Systems and Networks. 2001.
28. Yi Zhang, Xiaoli Liu, and Weinong Wang. Policy Lifecycle Model for Systems Management. IT Professional. March 2005. Vol. 7, No. 2
29. Andrea Westerinen, Julie Schott. Implementation of the CIM Policy Model Using Ponder. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. 2004
30. N. Dulay, E. Lupu, M. Sloman. A Policy Deployment Model for the Ponder Language. IEEE/IFIP International Symposium on Integrated Network Management. May 2001
31. Nicodemos Damianou, Arosha K Bandara, Morris Sloman. A Survey of Policy Specification Approaches. Imperial College of Science Technology and Medicine. 2002
32. Jonathan D. Moffett, Morris S. Sloman. Policy Hierarchies for Distributed Systems Management. IEEE JSAC Special Issue on Network Management. Dec 1993. Vol 11, No. 9
33. Jonathan D. Moffett, Morris S. Sloman. The Representation of Policies As System Objects. Conference on Organizational Computer Systems. Nov 1991. Vol 12, No.2
34. Emil C.Lupu, Morris Sloman. Towards A Role Based Framework for Distributed System Management Journal of Network and Systems Management. 1997. Vo 15, No. 1
35. K.moody. Meta-Policies for Distributed Role-Based Access Control Systems. University of Cambridge Computer Laboratory
36. N.Dunlop, J.Indulska, K.Raymod. Dynamic Conflict Detection in Policy-Based Management Systems. CRC for Enterprise Distributed Systems Technology. 2003.
37. J. Lobo, R. Bhatia, S. Naqvi. A Policy Description Language. Proc of the 16th National Conference of Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence. 1999.
38. Marriott, D.A. Policy Service for Distributed Systems. Ph.D. Thesis, Department of Computing, Imperial College, London, U. K.
39.杨维永.基于策略的网络安全系统.计算机与现代化.2003年,第四期
40.宋丽华,陈鸣.策略网管研究中的若干问题.解放军理工大学学报.2002年,第13卷第6期
41.张少俊,李建华,郑明璐.基于策略的网络管理.计算机工程.2003年9月,第29卷第26期
42.李金平,高东杰.基于策略的网络管理系统软件平台的研究及实现.计算机工程与应用.2002年12月
43.林闯,单志广,任丰原.计算机网络的服务质量管理.清华大学出版社.2004
2. Nigel Sheridan-Smith. A Distributed Policy-based Network Management (PBNM) system for Enriched Experience Networks. University of Technology, Sydney Faculty of Engineering. Doctoral Paper. 2003
3. J. Hodges, R. Morgan. Lightweight Directory Access Protocol (v3): Technical Specification. IETF RFC 3377. September 2002
4. D. Durham, J. Boyle, R. Cohen. The COPS (Common Open Policy Service) Protocol. IETF RFC 2748. January 2000
5. John Strassner. Directory Enabled Networks. New Riders. 1999
6. Common Information Model (CIM) Specification Version 2.2. DMTF. June 14, 1999
7. B. Moore, E. Ellesson, J. Strassner. Policy Core Information Model. IETF RFC 3060. February 2001
8. Damianou, N.Dulay, N.Lupu. The Ponder Policy Specification Language. Second IEEE
9. Lobo. J, Bhatia. R Naqvi. S. A Policy Description Language. Proc of the 16~(th) National Conference of Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence. California USA. AAAI press. 1999.
10. F. Barrere, A. Benzekri, F. Grasset, R. Laborde. A Multi-Domain Security Policy Distribution Architecture for Dynamic IP Based VPN Management. Third IEEE International Workshop on Policies for Distributed Systems and Networks. 2002
11. M. Devarakonda, J. Gelb, A. Saha, J. Strickland. A Policy-Based Storage Management Framework. Third IEEE International Workshop on Policies for Distributed Systems and Networks. 2002
12. L. Lymberopoulos, E. Lupu、 M. Sloman. An Adaptive Policy Based Management Framework for Differentiated Services Networks. Third IEEE International Workshop on Policies for Distributed Systems and Networks. 2002
13. Lisandro Zambencdetti Granville, Leandro Vaguetti. A PBNM System for Integrated QoS and Multicast Management. Fourth IEEE International Workshop on Policies for Distributed Systems and Networks.2003
14. Positif Project, www.positif.org
15. Dinesh C. Venna. Policy-Based Networking Architecture and Algorithms. New Riders Publishing. November, 2000
16. John Strassner. Policy-Based Network Management-Solution for the Next Generation. Morgan Kaufmann Publisher. 2004
17. J. Strassner, B. Moore, R. Moats, E. Ellesson. Policy Core Lightweight Directory Access Protocol (LDAP) Schema. IETF RFC 3703. 2001
18. K. Kompella, J. Lang. Procedures for Modifying the Resource ReSerVation Protocol (RSVP). IETF RFC 3926. October 2004
19. Allan Heydon, Mark W. Maimone, J. D. Tygar, Jeannette M. Wing and Amy Moormann Zaremski. Visual Specification of Security. IEEE Transactions on Software Engineering. 1990. VOL.16. NO. 10
20. Andreas Pilz. "Policy-Maker", a Toolkit for Policy-Based Security Management. Institute for Data Processing, TU Munchen. 2003
21. Vladimir Tosic. Policy-Based Management Overview. Carleton University Department of Systems and Computer Engineering. 2003
22. John E.Dobson, John A.McDennid. A Framework for Expressing Models of Security Policy. IEEE. 1989
23. R. Yavatkar, D. Pendarakis, R. Guerin, A Framework for Policy-Based Admission Control. IETF RFC 2753. 2000
24. A. Westerinen, J. Schnizlein, J. Strassner, Tenninology for Policy-Based Management. IETF RFC 3198. 2001
25. William Stallings. SNMP, SNMPv2, SNMP3, and RMON 1 and 2. Addison Wesley. ISBN 0201485346. 1999
26. J. Bums, A. Cheng, P. Gurung. Automatic Management of Network Security Policy. IEEE. 2001.
27. International Workshop on Policies for Distributed Systems and Networks. 2001.
28. Yi Zhang, Xiaoli Liu, and Weinong Wang. Policy Lifecycle Model for Systems Management. IT Professional. March 2005. Vol. 7, No. 2
29. Andrea Westerinen, Julie Schott. Implementation of the CIM Policy Model Using Ponder. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. 2004
30. N. Dulay, E. Lupu, M. Sloman. A Policy Deployment Model for the Ponder Language. IEEE/IFIP International Symposium on Integrated Network Management. May 2001
31. Nicodemos Damianou, Arosha K Bandara, Morris Sloman. A Survey of Policy Specification Approaches. Imperial College of Science Technology and Medicine. 2002
32. Jonathan D. Moffett, Morris S. Sloman. Policy Hierarchies for Distributed Systems Management. IEEE JSAC Special Issue on Network Management. Dec 1993. Vol 11, No. 9
33. Jonathan D. Moffett, Morris S. Sloman. The Representation of Policies As System Objects. Conference on Organizational Computer Systems. Nov 1991. Vol 12, No.2
34. Emil C.Lupu, Morris Sloman. Towards A Role Based Framework for Distributed System Management Journal of Network and Systems Management. 1997. Vo 15, No. 1
35. K.moody. Meta-Policies for Distributed Role-Based Access Control Systems. University of Cambridge Computer Laboratory
36. N.Dunlop, J.Indulska, K.Raymod. Dynamic Conflict Detection in Policy-Based Management Systems. CRC for Enterprise Distributed Systems Technology. 2003.
37. J. Lobo, R. Bhatia, S. Naqvi. A Policy Description Language. Proc of the 16th National Conference of Artificial Intelligence and 11th Conference on Innovative Applications of Artificial Intelligence. 1999.
38. Marriott, D.A. Policy Service for Distributed Systems. Ph.D. Thesis, Department of Computing, Imperial College, London, U. K.
39.杨维永.基于策略的网络安全系统.计算机与现代化.2003年,第四期
40.宋丽华,陈鸣.策略网管研究中的若干问题.解放军理工大学学报.2002年,第13卷第6期
41.张少俊,李建华,郑明璐.基于策略的网络管理.计算机工程.2003年9月,第29卷第26期
42.李金平,高东杰.基于策略的网络管理系统软件平台的研究及实现.计算机工程与应用.2002年12月
43.林闯,单志广,任丰原.计算机网络的服务质量管理.清华大学出版社.2004
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |