SNMP network management
Download
Report
Transcript SNMP network management
انستیتیوت تکنالوجی معلوماتی
دیپارتمنت تکنالوجی معلوماتی
IT 424
NETWORK ADMINISTRATION
Covered Topics:
Information models and directory service
Network administration model
Network management Technologies
Creating infrastructure
System maintenance model
Configuration policy
Methods
Automation of host configuration
Preventative host maintenance
SNMP tool
Information models and directory
service
One way of binding together an organization is through a structured
information model – a database of its personnel, assets and services
Directory service: A collection of open systems that cooperate to hold a
logical database of information about a set of objects in the real world
Directory services are often referred to using the terms White Pages and
Yellow Pages that describe how a directory is used.
If one starts with a lookup key for a specific resource, then this is called
White Pages lookup – like finding a number in a telephone book.
Information models and directory
service
(Cont.)
If one does not know exactly what one is looking for, but needs a list of
possible categories to match, such as in browsing for users or services, then
the service is referred to as Yellow Pages.
An implementation of yellow pages called Yellow Pages or YP was
famously introduced into Unix by Sun Microsystems and later renamed the
Network Information Services (NIS) in the 1980s due to trademark issues
with British Telecom(BT).
they were used for storing common data about users and user groups
X.500 information model
In the 1970s, attempts were made to standardize computing and
telecommunications technologies.
One such standard that emerged was the OSI (Open Systems
Interconnect) model (ISO 7498), which defined a seven-layered model for
data communication.
In 1988, ISO 9594 was defined, creating a standard for directories called
X.500.
X.500 specifies a Directory Access Protocol (DAP) for addressing a
hierarchical directory, with powerful search functionality.
X.500 information model
(Cont.)
Since DAP is an application layer protocol, it requires the whole OSI
management model stack of protocols in order to operate.
This required more resources than were available in many small
environments
LDAP was thus defined and implemented in a number of draft standards.
The current version is LDAP v3, defined in RFC 2251–2256.
LDAP is an Internet open standard and is designed to be inter-operable
between various operating systems and computers.
It employs better security than previous open standards (like NIS).
X.500 information model
(Cont.)
It is therefore gradually replacing, or being integrated with, vendor specific
systems including the Novell Directory Service (NDS) and the Microsoft
Active Directory (AD).
All of the entries in an X.500 directory are arranged hierarchically, forming
a Directory Information Tree (DIT).
Unix legacy directories
Before networking became commonplace, Unix hosts stored directory
information in the /etc file directory, in files such as /etc/passwd,
/etc/services and so on.
In the 1980s this was extended by a network service that could bind hosts
together with a common directory for all hosts in a Local Area Network.
Sun Microsystems, who introduced the service, called it ‘YP’ or Yellow
Pages, but later had to change the name to the Network Information
Service (NIS)
Unix legacy directories
The original NIS directory was very popular, but was both primitive, nonhierarchical and lacked an effective security model and was thus
replaced by ‘NIS+’ which was able to add strong authentication to
queries, and allow modernized and more flexible schema.
NIS+ never really caught on, and it is now being replaced by an open
standard LDAP(Lightweight Directory Access Protocol).
OpenLDAP
The OpenLDAP implementation is the reference implementation for Unixlike systems.
The strength of LDAP is its versatility and interoperability with all operating
systems.
Its disadvantage is its somewhat arbitrary and ugly syntactical structure,
and its vulnerability to loss of network connectivity.
Novell Directory Service – NDS
Novell Netware was originally a centralized sharing service that allowed a
regiment of PCs to connect to a common disk and a common printer, thus
allowing expensive hardware to be shared amongst desktop PCs.
As PCs have become more network-able, Netware has developed into a
sophisticated directory-based server suite.
The Novell directory keeps information about all devices and users within
its domain: users, groups, print queues, disk volumes and network services.
Active Directory – AD
Early versions of Windows were limited by a flat host infrastructure model
that made it difficult to organize and administer Windows hosts rationally
by an information model.
Active Directory is the directory service introduced with and integrated
into Windows 2000.
It replaces the Domain model used in NT4, and is based on concepts from
X.500.
It is LDAP compatible.
Active Directory – AD
(Cont.)
In the original Windows network software, naming was based around
proprietary software such as WINS(Windows Internet Name Service).
Windows has increasingly embraced open standards like DNS, and has
chosen the DNS naming model for LDAP integration.
The Active Directory is still being developed.
Network administration models
Central management ‘star’ model
The traditional (idealized) model of host configuration is based on the idea of
remote management (e.g. using SNMP).
Here one has a central manager who decides and implements policy from a
single location, and all networks and hosts are considered to be completely
reliable.
The manager must monitor the whole network, using bi-directional
communication.
This leads to an N: 1 ratio of clients to manager
Network administration models
(Cont.)
Central management ‘star’ model
Network administration models
(Cont.)
Mesh topology with centralized policy and local enforcement
Communication over a mesh topology, with policy choice made hierarchically.
Sub-controllers (dark nodes) edit policy as received from the central controller,
and pass the result to members of the local group
The final step in increasing autonomy is the free exchange of information
between arbitrary hosts.
Hosts can now offer one another information, policy or source materials in
accordance with an appropriate trust model.
Network administration models
(Cont.)
Mesh topology with centralized policy and local enforcement
Network management technologies
The ability to read information about the performance of network hardware
via the network itself is an attractive idea.
Suppose we could look at a router on the second floor of a building half a
mile away and immediately see the load statistics, or the number of
rejected packets it has seen; or perhaps the status of all printers on a
subnet.
That would be useful diagnostic information.
Network management technologies
(Cont.)
SNMP network management
The Simple Network Management Protocol (SNMP) is a protocol designed to do
just this.
SNMP was spawned in 1987 as a Simple Gateway Monitoring Protocol, but was
quickly extended and became a standard for network monitoring.
SNMP was designed to be small and simple enough to be able to run on even
minor pieces of network technology like bridges and printers.
SNMP has often been criticized for the weak security of its agents, which are
configured by default with a clear text password of ‘public’.
Version 3 of the SNMP protocol was finally agreed on and published in
December 2002 in order to address these problems, using strong encryption
methods.
Network management technologies
(Cont.)
SNMP network management
SNMP supports three operations on devices: read, write and notify.
The management console can read and modify the variables stored on a
device and issue notifications of special events.
Network management technologies
(Cont.)
OSI, TMN and others
The International Telecommunications Union (ITU) has defined the
Telecommunications Management Network (TMN) standards for managing
telecommunications networks.
It is an alternative scheme designed for telecommunications networks and has
a strong relationship with the OSI Management Model known as the Common
Management Information Protocol (CMIP).
The ISO 7498 Open System Interconnect (OSI) Model consists of a large number
of documents describing different aspects of network communication and
management
Network management technologies
(Cont.)
Amongst these is the basic conceptual model for management of
networked computers. It consists of these issues:
Configuration management
Fault management
Performance management
Security management
Accounting management
Network management technologies
(Cont.)
Java Management Extension (JMX)
Java Management Extension (JMX) is Java’s answer to dealing with managed
objects.
The basic idea of JMX is not very different to that of SNMP, but the transport
mechanisms are integrated into Java’s extensive middleware framework.
Network management technologies
(Cont.)
Jini and UPnP: management-free networks
Jini is a Java derivative technology that is aimed at self-configuring ad hoc
networks.
A similar project is Microsoft’s Universal Plug’n’Play (UPnP), a peer-to-peer
initiative that uses existing standards like TCP/IP, HTTP and XML to perform a
similar function.
The aim of these technologies is to eliminate the need for system administrators,
by making devices configure themselves.
Creating infrastructure
With the explosion in numbers of hosts combined in networks, several
authors have begun to address the problem of defining an infrastructure
model which is stable, reproducible and robust to accidents and
upgrades.
Until recently, little attention was given to analyzing methodologies for the
construction of efficient and stable networks from the ground up.
Principles of stable infrastructure
Any model of system infrastructure must be able to scale efficiently to large
numbers of hosts (and perhaps subnets, depending on the local netmask ).
A model which does not scale efficiently with numbers of hosts is likely to fail quickly.
Any model of system infrastructure must have reliability as one of its chief goals.
Down time can often be measured in real money.
Reliability is not just about the initial quality of hardware and software, but also about
the need for preventative maintenance.
Reliability is safeguarded by redundancy, or backup services running in parallel
System maintenance models
Unix administrators have run background scripts to perform system checks
and maintenance for many years. Such scripts run daily or hourly and
make sure that each system is properly configured, perform garbage
cleaning and report any serious problems to an administrator.
Windows can be both easier and harder to administrate than Unix. It can
be easier because the centralized model of having a domain server
running all the network services, means that all configuration information
can be left in one place (on the server), and that each workstation can be
made to configure itself from the server’s files.
System maintenance models
(Cont.)
Several generalized approaches to the management of computers in a
network have emerged.
Reboot
With the rapid expansion of networks, the number of local networks has outgrown the
number of experienced technicians. The result is that there are many administrators
who are not skilled in the systems they are forced to manage.
A disturbing but common belief, which originated in the 1980s microcomputer era, is
that problems with a computer can be fixed by simply rebooting the operating system.
Rebooting a multi-user system is dangerous since users might be logged in from remote
locations and could lose data and service.
System maintenance models
(Cont.)
Manual administration
The default approach to system management is to allow qualified humans to do
everything by hand.
This approach suffers from a lack of scalability.
When two manual administrators have a difference of opinion, there can be
contention.
System maintenance models
(Cont.)
Central control
Another approach to system administration is the use of control systems, in the manner
of the star model.
Tivoli, HP OpenView and Sun Solstice are examples of these.
A process on each host reports errors as they occur to the administrator.
In this way the administrator has an overview of every problem on the network from
his/her single location and can either fix the problems by hand as they occur (if the
system supports remote login), or distribute scripts.
System maintenance models
(Cont.)
Immunology (self-maintenance)
A relatively new approach to system management which is growing in popularity is the
idea of equipping networked operating systems with a simple immune system.
An immune system is the Fire, Police and Paramedic services as well as the garbage
collection agencies.
In an immune system, every host is responsible for automatically repairing its own
problems
Reference:
Principles of Network and System Administration
Second Edition
Mark Burgess
Oslo University College, Norway
Chapter 6
Chapter 7