Upload
caleb-hogan
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Models of Network Administration
Week 5
Understanding the system as a whole Requires ability to see relationships and
dependencies between distinct parts The idea of a “causal web” Complex system may have multiple operating
modes – adaptive behaviour
Models for Management
IETF (SNMP RFC1155) and ISO (TMN) have defined models for management of systems
These don’t always scale well Focus on managing devices Require a Human controller Micro-manage the system
Best model are those which automate functions and regulate interactions of components
Information Models
Represent the data used by an organisation eg database of Personnel, Assets and Services
Uses a Directory service (eg X.500) Structured: hierarchical, object-oriented Common schema: allows interoperability Access Control: per record Optimised for read-only use. Not updated during use
Specific vs General search “White pages” vs “Yellow pages”
Network Directory X.500
ISO 9594 (1988) Uses ASN.1 to define format of protocols Access method (DAP) defined in ISO terms LDAPv3 (RFC 2251–2256) Now replacing or being integrating into
vendor solutions eg NDS and MS ActiveDirectory
Lightweight Directory Access Protocol (LDAP)
Contains Name-Value(s) pairs (“attributes”) Attributes have rules (sub-attributes) controlling
Method of value matching during search Order of value matching during search Whether attribute is mandatory or optional
Attributes identified by Distinguished Name (DN) or Relative Distinguished Name (RDN)
RDN is a Name-Value pair eg cn=“Chris Freeman”
DN is a concatenation of RDNs in hierarchy
Hierarchical Directory Services
Well suited to distributed environment; allows delegation of parts to separate hosts
Directory tree may be partitioned into sub-trees with no overlap
Cooperating groups with can then manage their own data locally and share with others
May allow Availability and Redundancy through replication of data and service
Hierarchical Directory Services
Querying Directory Services
Usually built-in to application software Unix system call: GetHostByName( ) Uses “nsswitch” to select one of several directory
services See also “Pluggable Authentication Modules”
(PAM) Original UNIX methods based on /etc files Later used NIS (aka “YellowPages” or yp)
Non-hierarchical, lacked security Replaces by NIS+
Other Directory Services
OpenLDAP Versatile, common platform Difficult syntax and sensitive to network LoS
Novell Directory Service (NDS) Consistent distributed physical organisation of
devices and software objects Directly implements the information model
Microsoft Active Directory Replaced NT4 Domain model Compatible with simplified version of LDAP
System Infrastructure
A network is a “community of cooperating and competing” components…
Administrator selects components and assigns roles depending on tasks required
This may involve machines and users (staff) Computing machinery: functional infrastructure Staff: build and maintain infrastructure
System Infrastructure
Identify purpose of computer system Choose hardware and software
Appropriate to task Set policies and procedures
Aspects of System Infrastructure
Homogeneity All systems identical or Configure for purpose?
Load Balancing One service per host or multi-service hosts? Separate data storage and data processing can
double network traffic Human limitations on group size: max150 objects
Mobile and AdHoc networks Peer-to-Peer: Scaled approach to management
Network Administration Models
Central management – “star” model
Network Administration Models
Centralised policy and enforcement JobRatecontroller=Rate1+Rate2+…Raten
If sum of Requests exceeds maxCapacity/n then work will queue at the controller
Disadvantage of centralised control:bottleneck in communications with controller
Other Network Administration Models
Star with intermittently connected hosts Mesh: centralised policy & local enforcement
Each host gets own copy of common policy. Does not need constant connection to controller
Each host updates itself according to policy But: Is policy up-to-date? Has policy been applied?
Mesh: partial host autonomy & local enforcement Mesh: partial autonomy and peer policy exchange
Network Management Technologies SNMP OSI TMN and Others Java Management Extensions (JMX) Jini and UPnP: management-free networks WMI and WBEM
Building an Infrastructure
What is the correct way to build a complex networked application from nothing?
1. NIC drivers
2. Local host config: Host name, SysLog
3. IP configuration (DHCP)
4. Domain Name configuration (Resolver, dDNS)
5. Middleware services (NIS, Kerberos, RADIUS)
6. Application services (MySQL, httpd, java, …)
7. Client applications (Browser, java, client-side APIs)
Aspects of Infrastructure
Creating uniformity through Automation Revision control: HostFactory, RCS
Software distribution & synchronisation Push model: rdist Pull model: cfengine, rsync
Reliability through parallelism
System Maintenance models
Reboot return to original (if it still exists!)
Manual administration not scalable, relies on knowledgable user
Central control HP Openview, Tivoli, Sun Solstice star model problems
Immunology (self-maintenance) Eg. Windows automatic restore
Multiple Operating Systems in a LAN
Convenience vs Differentiation Simple FTP vs Open file sharing? Software compatibility between systems Problems:
Different object naming schemes File System sharing: different Naming & ACLs Different User ID and password schemes User Authentication