Models of Network Administration

Week 5

Understanding the system as a whole Requires ability to see relationships and

dependencies between distinct parts The idea of a “causal web” Complex system may have multiple operating

modes – adaptive behaviour

Models for Management

IETF (SNMP RFC1155) and ISO (TMN) have defined models for management of systems

These don’t always scale well Focus on managing devices Require a Human controller Micro-manage the system

Best model are those which automate functions and regulate interactions of components

Information Models

Represent the data used by an organisation eg database of Personnel, Assets and Services

Uses a Directory service (eg X.500) Structured: hierarchical, object-oriented Common schema: allows interoperability Access Control: per record Optimised for read-only use. Not updated during use

Specific vs General search “White pages” vs “Yellow pages”

Network Directory X.500

ISO 9594 (1988) Uses ASN.1 to define format of protocols Access method (DAP) defined in ISO terms LDAPv3 (RFC 2251–2256) Now replacing or being integrating into

vendor solutions eg NDS and MS ActiveDirectory

Lightweight Directory Access Protocol (LDAP)

Contains Name-Value(s) pairs (“attributes”) Attributes have rules (sub-attributes) controlling

Method of value matching during search Order of value matching during search Whether attribute is mandatory or optional

Attributes identified by Distinguished Name (DN) or Relative Distinguished Name (RDN)

RDN is a Name-Value pair eg cn=“Chris Freeman”

DN is a concatenation of RDNs in hierarchy

Hierarchical Directory Services

Well suited to distributed environment; allows delegation of parts to separate hosts

Directory tree may be partitioned into sub-trees with no overlap

Cooperating groups with can then manage their own data locally and share with others

May allow Availability and Redundancy through replication of data and service

Hierarchical Directory Services

Querying Directory Services

Usually built-in to application software Unix system call: GetHostByName( ) Uses “nsswitch” to select one of several directory

services See also “Pluggable Authentication Modules”

(PAM) Original UNIX methods based on /etc files Later used NIS (aka “YellowPages” or yp)

Non-hierarchical, lacked security Replaces by NIS+

Other Directory Services

OpenLDAP Versatile, common platform Difficult syntax and sensitive to network LoS

Novell Directory Service (NDS) Consistent distributed physical organisation of

devices and software objects Directly implements the information model

Microsoft Active Directory Replaced NT4 Domain model Compatible with simplified version of LDAP

System Infrastructure

A network is a “community of cooperating and competing” components…

Administrator selects components and assigns roles depending on tasks required

This may involve machines and users (staff) Computing machinery: functional infrastructure Staff: build and maintain infrastructure

System Infrastructure

Identify purpose of computer system Choose hardware and software

Appropriate to task Set policies and procedures

Aspects of System Infrastructure

Homogeneity All systems identical or Configure for purpose?

Load Balancing One service per host or multi-service hosts? Separate data storage and data processing can

double network traffic Human limitations on group size: max150 objects

Mobile and AdHoc networks Peer-to-Peer: Scaled approach to management

Network Administration Models

Central management – “star” model

Network Administration Models

Centralised policy and enforcement JobRatecontroller=Rate1+Rate2+…Raten

If sum of Requests exceeds maxCapacity/n then work will queue at the controller

Disadvantage of centralised control:bottleneck in communications with controller

Other Network Administration Models

Star with intermittently connected hosts Mesh: centralised policy & local enforcement

Each host gets own copy of common policy. Does not need constant connection to controller

Each host updates itself according to policy But: Is policy up-to-date? Has policy been applied?

Mesh: partial host autonomy & local enforcement Mesh: partial autonomy and peer policy exchange

Network Management Technologies SNMP OSI TMN and Others Java Management Extensions (JMX) Jini and UPnP: management-free networks WMI and WBEM

Building an Infrastructure

What is the correct way to build a complex networked application from nothing?

1. NIC drivers

2. Local host config: Host name, SysLog

3. IP configuration (DHCP)

4. Domain Name configuration (Resolver, dDNS)

5. Middleware services (NIS, Kerberos, RADIUS)

6. Application services (MySQL, httpd, java, …)

7. Client applications (Browser, java, client-side APIs)

Aspects of Infrastructure

Creating uniformity through Automation Revision control: HostFactory, RCS

Software distribution & synchronisation Push model: rdist Pull model: cfengine, rsync

Reliability through parallelism

System Maintenance models

Reboot return to original (if it still exists!)

Manual administration not scalable, relies on knowledgable user

Central control HP Openview, Tivoli, Sun Solstice star model problems

Immunology (self-maintenance) Eg. Windows automatic restore

Multiple Operating Systems in a LAN

Convenience vs Differentiation Simple FTP vs Open file sharing? Software compatibility between systems Problems:

Different object naming schemes File System sharing: different Naming & ACLs Different User ID and password schemes User Authentication