Models of Network Administration

Download Report

Transcript Models of Network Administration 

Models of Network
Administration
Week 5
Understanding the system
as a whole
 Requires ability to see relationships and
dependencies between distinct parts
 The idea of a “causal web”
 Complex system may have multiple operating
modes – adaptive behaviour
Models for Management
 IETF
and ISO (TMN) have defined
models for management of systems
 These don’t always scale well



(SNMP RFC1155)
Focus on managing devices
Require a Human controller
Micro-manage the system
 Best model are those which automate functions
and regulate interactions of components
Information Models
 Represent the data used by an organisation
eg
database of Personnel, Assets and Services
 Uses a Directory service (eg X.500)




Structured: hierarchical, object-oriented
Common schema: allows interoperability
Access Control: per record
Optimised for read-only use. Not updated during use
 Specific vs General search

“White pages” vs “Yellow pages”
Network Directory X.500
 ISO 9594 (1988)
 Uses ASN.1 to define format of protocols
 Access method (DAP) defined in ISO terms
 LDAPv3 (RFC 2251–2256)
 Now replacing or being integrating into
vendor solutions eg NDS and MS ActiveDirectory
Lightweight Directory Access Protocol (LDAP)
 Contains Name-Value(s) pairs (“attributes”)
 Attributes have rules



(sub-attributes)
controlling
Method of value matching during search
Order of value matching during search
Whether attribute is mandatory or optional
 Attributes identified by Distinguished Name
Relative Distinguished Name (RDN)
 RDN is a Name-Value pair eg cn=“Chris Freeman”
 DN is a concatenation of RDNs in hierarchy
(DN)
or
Hierarchical Directory Services
 Well suited to distributed environment; allows
delegation of parts to separate hosts
 Directory tree may be partitioned into sub-trees
with no overlap
 Cooperating groups with can then manage their
own data locally and share with others
 May allow Availability and Redundancy through
replication of data and service
Hierarchical Directory Services
Querying Directory Services
 Usually built-in to application software
 Unix system call: GetHostByName( )
 Uses “nsswitch” to select one of several directory
services
 See also “Pluggable Authentication Modules”
(PAM)
 Original UNIX methods based on /etc files
 Later used NIS (aka “YellowPages” or yp)
 Non-hierarchical, lacked security
 Replaces by NIS+
Other Directory Services
 OpenLDAP
 Versatile, common platform
 Difficult syntax and sensitive to network LoS
 Novell Directory Service (NDS)
 Consistent distributed physical organisation of
devices and software objects
 Directly implements the information model
 Microsoft Active Directory
 Replaced NT4 Domain model
 Compatible with simplified version of LDAP
System Infrastructure
 A network is a “community of cooperating and
competing” components…
 Administrator selects components and assigns
roles depending on tasks required
 This may involve machines and users (staff)


Computing machinery: functional infrastructure
Staff: build and maintain infrastructure
System Infrastructure
 Identify purpose of computer system
 Choose hardware and software

Appropriate to task
 Set policies and procedures
Aspects of System Infrastructure
 Homogeneity

All systems identical or Configure for purpose?
 Load Balancing


One service per host or multi-service hosts?
Separate data storage and data processing can
double network traffic
 Human limitations on group size:
max150 objects
 Mobile and AdHoc networks
 Peer-to-Peer:
Scaled approach to management
Network Administration Models
 Central management – “star” model
Network Administration Models
 Centralised policy and enforcement
 JobRatecontroller=Rate1+Rate2+…Raten
 If sum of Requests exceeds
maxCapacity/n
then work
will queue at the controller
 Disadvantage of centralised control:
bottleneck in communications with controller
Other Network Administration Models
 Star with intermittently connected hosts
 Mesh: centralised policy & local enforcement
 Each host gets own copy of common policy.
Does not need constant connection to controller
 Each host updates itself according to policy
 But: Is policy up-to-date? Has policy been applied?
 Mesh: partial host autonomy & local enforcement
 Mesh: partial autonomy and peer policy exchange
Network Management
Technologies
 SNMP
 OSI TMN and Others
 Java Management Extensions (JMX)
 Jini and UPnP: management-free networks
 WMI and WBEM
Building an Infrastructure
What is the correct way to build a complex
networked application from nothing?
1.
2.
3.
4.
5.
6.
7.
NIC drivers
Local host config: Host name, SysLog
IP configuration (DHCP)
Domain Name configuration (Resolver, dDNS)
Middleware services (NIS, Kerberos, RADIUS)
Application services (MySQL, httpd, java, …)
Client applications (Browser, java, client-side APIs)
Aspects of Infrastructure
 Creating uniformity through Automation
 Revision control:
HostFactory, RCS
 Software distribution & synchronisation


Push model:
Pull model:
rdist
cfengine, rsync
 Reliability through parallelism
System Maintenance models
 Reboot
 return to original (if it still exists!)
 Manual administration
 not scalable, relies on knowledgable user
 Central control
 HP Openview, Tivoli, Sun Solstice
 star model problems
 Immunology (self-maintenance)
 Eg. Windows automatic restore
Multiple Operating Systems in a LAN




Convenience vs Differentiation
Simple FTP vs Open file sharing?
Software compatibility between systems
Problems:




Different object naming schemes
File System sharing: different Naming & ACLs
Different User ID and password schemes
User Authentication