230 likes | 415 Vues
Models of Network Administration. Week 5. Understanding the system as a whole. Requires ability to see relationships and dependencies between distinct parts The idea of a “causal web” Complex system may have multiple operating modes – adaptive behaviour. Models for Management.
E N D
Understanding the system as a whole • Requires ability to see relationships and dependencies between distinct parts • The idea of a “causal web” • Complex system may have multiple operating modes – adaptive behaviour
Models for Management • IETF (SNMP RFC1155) and ISO (TMN) have defined models for management of systems • These don’t always scale well • Focus on managing devices • Require a Human controller • Micro-manage the system • Best model are those which automate functions and regulate interactions of components
Information Models • Represent the data used by an organisation eg database of Personnel, Assets and Services • Uses a Directory service (eg X.500) • Structured: hierarchical, object-oriented • Common schema: allows interoperability • Access Control: per record • Optimised for read-only use. Not updated during use • Specific vs General search • “White pages” vs “Yellow pages”
Network Directory X.500 • ISO 9594 (1988) • Uses ASN.1 to define format of protocols • Access method (DAP) defined in ISO terms • LDAPv3 (RFC 2251–2256) • Now replacing or being integrating into vendor solutions eg NDS and MS ActiveDirectory
Lightweight Directory Access Protocol (LDAP) • Contains Name-Value(s) pairs (“attributes”) • Attributes have rules (sub-attributes) controlling • Method of value matching during search • Order of value matching during search • Whether attribute is mandatory or optional • Attributes identified by Distinguished Name (DN) or Relative Distinguished Name (RDN) • RDN is a Name-Value pair eg cn=“Chris Freeman” • DN is a concatenation of RDNs in hierarchy
Hierarchical Directory Services • Well suited to distributed environment; allows delegation of parts to separate hosts • Directory tree may be partitioned into sub-trees with no overlap • Cooperating groups with can then manage their own data locally and share with others • May allow Availability and Redundancy through replication of data and service
Querying Directory Services • Usually built-in to application software • Unix system call: GetHostByName( ) • Uses “nsswitch” to select one of several directory services • See also “Pluggable Authentication Modules” (PAM) • Original UNIX methods based on /etc files • Later used NIS (aka “YellowPages” or yp) • Non-hierarchical, lacked security • Replaces by NIS+
Other Directory Services • OpenLDAP • Versatile, common platform • Difficult syntax and sensitive to network LoS • Novell Directory Service (NDS) • Consistent distributed physical organisation of devices and software objects • Directly implements the information model • Microsoft Active Directory • Replaced NT4 Domain model • Compatible with simplified version of LDAP
System Infrastructure • A network is a “community of cooperating and competing” components… • Administrator selects components and assigns roles depending on tasks required • This may involve machines and users (staff) • Computing machinery: functional infrastructure • Staff: build and maintain infrastructure
System Infrastructure • Identify purpose of computer system • Choose hardware and software • Appropriate to task • Set policies and procedures
Aspects of System Infrastructure • Homogeneity • All systems identical or Configure for purpose? • Load Balancing • One service per host or multi-service hosts? • Separate data storage and data processing can double network traffic • Human limitations on group size: max150 objects • Mobile and AdHoc networks • Peer-to-Peer: Scaled approach to management
Network Administration Models • Central management – “star” model
Network Administration Models • Centralised policy and enforcement • JobRatecontroller=Rate1+Rate2+…Raten • If sum of Requests exceeds maxCapacity/n then work will queue at the controller • Disadvantage of centralised control:bottleneck in communications with controller
Other Network Administration Models • Star with intermittently connected hosts • Mesh: centralised policy & local enforcement • Each host gets own copy of common policy. Does not need constant connection to controller • Each host updates itself according to policy • But: Is policy up-to-date? Has policy been applied? • Mesh: partial host autonomy & local enforcement • Mesh: partial autonomy and peer policy exchange
Network Management Technologies • SNMP • OSI TMN and Others • Java Management Extensions (JMX) • Jini and UPnP: management-free networks • WMI and WBEM
Building an Infrastructure What is the correct way to build a complex networked application from nothing? • NIC drivers • Local host config: Host name, SysLog • IP configuration (DHCP) • Domain Name configuration (Resolver, dDNS) • Middleware services (NIS, Kerberos, RADIUS) • Application services (MySQL, httpd, java, …) • Client applications (Browser, java, client-side APIs)
Aspects of Infrastructure • Creating uniformity through Automation • Revision control: HostFactory, RCS • Software distribution & synchronisation • Push model: rdist • Pull model: cfengine, rsync • Reliability through parallelism
System Maintenance models • Reboot • return to original (if it still exists!) • Manual administration • not scalable, relies on knowledgable user • Central control • HP Openview, Tivoli, Sun Solstice • star model problems • Immunology (self-maintenance) • Eg. Windows automatic restore
Multiple Operating Systems in a LAN • Convenience vs Differentiation • Simple FTP vs Open file sharing? • Software compatibility between systems • Problems: • Different object naming schemes • File System sharing: different Naming & ACLs • Different User ID and password schemes • User Authentication