Directory Enabled Networks
1. IntroductionAs Internet develops, it is getting more and more complex to manage a network. The information about the nodes, or devices, attached to a network is stored in a special purpose database called directory. Directory service is the physically distributed, logically centralized repository of infrequently changing data that is used to manage a computing environment.
Networks are becoming increasingly complex. There are different types of network elements, each running a potentially different set of protocols and services over possibly different media. As a result, a network has too many different directory services for network administrators to successfully manage. For example, there are operating system directories, RADIUS directories, DNS directories, DHCP directories, etc. Administrating all of these directories might be a big headache and time consuming, because of their different user interfaces, incompatible data formats, and many other problems. 
In May 7 1997, Microsoft and Cisco announced a letter of intent in which Cisco will license Active Directory from Microsoft for use in managing network infrastructure and to provide richer network services. Both parts will jointly develop extensions to Active Directory to integrate advanced management of network elements and services . In September 24 1997, Cisco and Microsoft announced an initiative and draft specification for directory enabled networks. This open, industry-wide initiative intents to help customers develop rich network application that will work with offerings from a variety of network and directory vendors . It will also allow service providers to simplify service delivery and provide new sets of services for their customers.
2. What Is a Directory Enabled Network?In a short explanation, a directory enabled network is a network where user profiles, applications and network services are integrated through a common information model that stores network state and exposes network information. This information then enables bandwidth utilization to be optimized; it enables policy-based management; it provides a single point of administration of all network resources; and all this serves to lower total cost of ownership, and improves the services that end-users can rely on regardless of their physical location. 
2.1 Directory ServicesA directory is a special purpose database that contains information about the various resources available on a network. A directory service is quite different from a general DBMS in that directory information is attribute-based more descriptive in nature. These attributes give specific information about various objects to the clients of the directory service. 
Directory services are optimized to store information that is frequently read, but not frequently written. So, directories are aiming at maintaining static information, such as user name, email address, passwords, device configuration parameters.
Rapid Internet growth over past years has created the need for more robust, scalable and secure directory services. DEN provides a new paradigm for using directory services where the directory is an authoritative, distributed, intelligent repository of information for services and applications.
2.2 ProfilesIn DEN, users, applications, and services can be abstracted through profiles. A profile is a template of attributes and behaviors that describe an object or a set of objects. Profiles provide a higher level of abstraction for important system components, while still providing the ability to model and operate on the fundamental objects. Profiles just tell the system what needs to be done, not the specific steps necessary to do it. 
2.3 PoliciesIn a distributed networking environment, simply managing individual devices is no longer sufficient. Network administrators need to define and manage policies to control the network and its resources in a distributed, yet logically centralized, manner. Directories are simply databases; they are not designed to collect information from multiple sources and then make a policy decision.
In general, policies define what resources a given resource consumer can use in the context of a given application or service. Technically, a policy is a rule that instructs a network node on how to manage requests for network resources. It is essentially a mechanism for encoding business objectives concerning the proper use of scarce resources. 
2.4 DEN SpecificationDEN specification defines schema and an information model for representing network element and service information and relationships gathered from the network using existing protocols and other sources of network information. An access protocol is also included to store and retrieve information.
It develops a robust directory service for storing network element and service information. It also defines an extensible information model representing the structural, behavioral and functional relationships between objects in the schema. And finally LDAP access protocol is used to access, manage and manipulate directory information. 
3. DEN Information ModelAn information model is an abstraction of knowledge. It structures the knowledge about users, applications, networks, and how they interact into multiple knowledge domains to enable different people to use it. This structure is object-oriented modeling.
The information model consists of three parts: 
3.1 CIM and X.500The DEN schema incorporates concepts from both CIM and X.500. 
The Common Information Model (CIM) is an object-oriented conceptual model for the information required to manage many common aspects of complex computer systems defined by the DMTF. CIM provides a rich framework, including representation of products, systems, applications, and components that can be managed. The concepts defined by CIM are used for supporting the network element and services modeling in DEN.
X.500 is the name given to a series of standards developed by the ISO/ITU-T that specify how information can be stored and accessed in a global directory service. The X.500 specification proposes basic definitions to represent Person and Application. DEN will assume an X.500-based model of Person and Application to use in developing the representation of network elements and services and their binding to users and applications .
3.2 Information Model for Network Elements and ServicesSix base class hierarchies form the root for DEN's representation of network elements and services. These are Network Device, Network Protocol, Network Media, Profile, Policy, and Network Service classes. Application-specific needs are accommodated by refining the DEN classes into more specific subclasses to represent the desired additional functionality. 
3.3 Exchanging Model InformationOnce network elements are bootstrapped into the system, they will then exchange a set of queries and responses with information about themselves. Four different types of information are necessary to model the structural information of network elements and services: 
3.4 RelationshipsThe DEN information model consists of both a data model and a relationship model. The data model is represented by the schema. The relationship model describes how different objects in the schema are related to one another.
There are three main types of relationships: links, associations, and aggregations. 
A link is physical or conceptual relationship between two object instances. The relationship can be defined as an ordered tuple. A link is an instance of an association.
An association is a group of links with a common structure and set of semantics. An association can be modeled as a class with its own attributes and methods.
An aggregation is a special type of association. It represents a relationship where some objects are "a-part-of" another object. Aggregation has additional semantics, such as transitivity, anti-symmetricity, separability, and property propagation.
4. DEN Base SchemaThe schema of a directory defines the set of objects that can be created in that directory and the set of attributes that can be used to describe those objects.
The DEN schema consists of abstract base classes from which all other network-specific classes are derived. The base classes are refined by specialization from the basic model for representing network elements, services, consumers, etc. Figure 1 shows the functional structure of the DEN base classes, with key classes defined by CIM, X.500, and DEN listed separately.
Figure 1. Functional structure of the DEN base classes. 
DEN is the aggregation of concepts from the currently released version of the CIM specification (2.0), the currently released versions of the X.500 specification (1993 version), and a collection of new ideas. The new ideas build on the framework provided by CIM and X.500 in order to model network elements and services.
The details of the class hierarchy is beyond the content of this essay. Interested readers should refer to  for more details. Following is just a list of short descriptions of the base classes.
4.1 Overview of Base Classes Derived from X.500
4.2 Overview of Base Classes Derived from CIM
4.3 New DEN ClassesEnhanced and extended concepts defined by DEN:
5. LDAPThe access protocol for DEN information is LDAP version 3. LDAP was designed to provide the most important functions of X.500 DAP, while making them much easier to implement in servers, and especially in clients. LDAP is specifically targeted at management applications and browser applications that provide read/write interactive access to directories. For detailed information about LDAP, please refer to RFC 2251 and other related RFCs (RFC 2252 - 2256).
6. ConclusionsThe DEN initiative, launched in September 1997 by Cisco and Microsoft, intents to promote consistent modeling of network elements and services across heterogeneous directories. Driven by two major parties, and supported by many other big companies, DEN will shape the future of network management and application developing.