Transcript Week 12
ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management 1 Last Week Network Security • Describe the most important security threats faced by distributed data processing • Compare conventional and public-key encryption • Discuss the application of encryption to network security • Discuss the use of IPSec to create a virtual private network 2 Topic 18 – Network Management Learning Objectives • Describe the key requirements that a network management system should satisfy • Describe an overview of the architecture and key elements of a network management system. • Describe SNMP and the difference between versions 1,2 and 3 3 ISO management Functional Areas • • • • • Fault management Accounting management Configuration and name management Performance management Security management 4 Fault Management • A fault is an abnormal condition that requires management attention (or action) to repair • A fault is usually indicated by failure to operate correctly or by excessive errors • Examples: communication link is physically cut; no signals can get through • Users expect quick and reliable resolution 5 Responding to Faults • When faults occur, it is critical to quickly: – Determine exactly where the fault is – Isolate the rest of the network from the failure so that it can continue to function without interference – Reconfigure or modify the network to minimize the effect of removing the failed component(s) – Repair or replace the failed components to restore the network to its initial state 6 User Requirements for Fault Management • Tolerant of occasional outages, but expect speedy resolution • Requires rapid and reliable fault detection and diagnostic management functions • Impact and duration of faults can be minimized with redundancy • Good communication with users about outages and faults is critical 7 Accounting Management Overview: • Internal charging for the use of network services. • Also used for monitoring the use of and planning network services. User Requirements: • What information is to be recorded where? • Privacy considerations. 8 Configuration Management • Concerned with: – initializing a network and gracefully shutting down part or all of the network – maintaining, adding, and updating the relationships among components and the status of components themselves during network operation • Operations on certain components should be able to be performed unattended • Network manager needs the capability to change the connectivity of network components • Users should be notified of configuration changes 9 Performance Management • What is the level of capacity utilization? • Is there excessive traffic? • Has throughput been reduced to unacceptable levels? • Are there bottlenecks? • Is response time increasing? Network managers need performance statistics to help them plan, manage, and maintain large networks 10 Security Management • Concerned with – generating, distributing, and storing encryption keys – monitoring and controlling access to networks – access to all or part of the network management information – collection, storage, and examination of audit records and security logs • Provides facilities for protection of network resources and user information • Network security facilities should be available for authorized users only 11 Network Management Systems • Collection of tools for network monitoring and control, integrated in these ways: – A single user-friendly operator interface for performing most or all network management tasks – A minimal amount of separate equipment • Consists of incremental hardware and software additions implemented among existing network components • Designed to view the entire network as a unified architecture, and provide regular feedback of status information to the network control center 12 Network Management System Architecture 13 Components of the NMS • Nodes run the Network Management Entity (NME) software • Network control host or manager runs the Network Management Application (NMA) • Other nodes are considered agents 14 Network Management Entity • Collection of software contained in each network node, devoted to the network management task • Performs the following tasks: – Collect statistics on communications and networkrelated activities. – Store statistics locally – Respond to commands from the network control center – Send messages to network control center when local conditions undergo a significant change 15 Simple Network Management Protocol (SNMP) • Originally developed for use as a network management tool for networks and internetworks operating TCP/IP. • A collection of specifications that include the protocol itself, the definition of a database, and associated concepts. • Network Management Model – – – – Management station Agent Management information base Network management protocol 16 17 Simple Network Management Protocol (SNMP) • Management station: a standalone device: – a set of management applications: data analysis, faulty recovery and so on – A user interface: monitor and control the network – A database: network management – Translate the network manger’s requirements into actual monitoring and control of remote elements in the network • • • Agent: key platforms( hosts, bridges, routers) +agent software Management information base (MIB): a collection of objects, which are data variables that represent the aspects of the managed agent. Network Management protocol: for linking the management station and agents 18 SNMPv1 Configuration 19 Role of SNMPv1 20 SNMPv2 • Released in 1992, revised in 1996 • Addressed functional deficiencies in SNMP • Accommodates decentralized network management • Improves efficiency of data transfer 21 Elements of SNMPv2 • Each "player" in the network management system maintains local database of network management information (MIB) • Standard defines information structure and allowable data types (SMI) • At least one system must be responsible for network management; others act as agents • Information exchanged using simple request/respond protocol, usually running over UDP 22 Structure of Management Information (SMI) • Defines framework within which a MIB can be defined and constructed – data types that can be stored – formal technique for defining objects and tables of objects – scheme for associating a unique identifier with each actual object in a system • Emphasis on simplicity and extensibility 23 SNMPv3 • Released in 1998, addressed security deficiencies in SNMP and SNMPv2 • Does not provide a complete SNMP capability; defines an overall SNMP architecture and a set of security capabilities for use with SNMPv2 24 Review • Key requirements that a network management system should satisfy • The architecture and key elements of a network management system. • SNMP and the difference between versions 1,2 and 3 25