18.12.1998
Zhou Yuchen
Department of Civil Environmental Engineering
Helsinki University of technology
Zhou@cc.hut.fi
Network management has been an integral part of DECnet. Even at that early stage of the DECnet architecture, an effective management capability was recognized as an essential part of an organized approach to networking. The DECnet network management architecture has undergone a major revision based on Digital's Enterprise Management Architecture. The functions and service provided by a network management system are described to analyse the basic principles of network management architecture. At the same time, strengthly explain to importance of security and reliability of a network in network management system, and indicated advanced information processing techniques are taken for network management and network configuration management. Finally, shown us the good prospects of development network management.
Our initial work on the network management were the broad range of networking functions planned. First, network managers would have to be able to manage all the components in a consistent manner. A method was needed to build management components that would give the same general look and feel and the same modeling approach to all components.
Second, network management would have to be extensible. The network architecture was being designed to allow the use of multiple modules that would provide the same or similar services at each layer and to simultaneously support multiple-layer protocols in a network. Therefore, the management architecture transparently assimilate new devices and technologies. Our management architecture had to become as extensible as the network architecture.
Finally, since network layer was designed to be an open architecture, management of network layer components would have to be effective in a multivendor network. Our design had to ensure that the ability to provide effective management of network components was independent of the vendors supplying them.
We began our development network project by examining in detail the requirements for a new network management architecture. Our goal was to design an open architecture that allowed for consistent management of an extensible array of network components in a multivendor environment. As we identified the specific requirements that would have to be addressed to meet this goal, we realized that we had the opportunity to develop a architecture that went beyond management of Phase V networks. We realized that we could provide an architecture for the management of both networks and systems. The architecture eventually became known as the Enterprise Management Architecture or EMA.
Network management tasks (eg. device polling) consume a considerable amount of bandwidth by themselves, so the system should be designed so that the distributed VR user interface does not add much more traffic.[6]
Early in the network management, we recognized that the conceptual separation of manageable components from the software that manages them was a fundamental design principle. EMA therefore distinguished entities, the basic components of the network that had to be managed, from directors, the software systems and accompanying applications used by managers to manage the components.[3]
Formally, an entity was further split into a service element, a managed object, and an agent. The service element is the portion of the entity that performs the primary function of the entity, e.g., a data link layer protocol module whose primary purpose is communication with a peer protocol module on another machine. The managed object encapsulates the software that implements the functions supported by the entity for its own management. For example, it responds to management requests for the current values of state variables or to requests for the values of certain configuration variables to be set to new values. The agent is the software that provides the interface between the director and the managed object. The agent encodes and decodes protocol messages it exchanges with the director and passes requests to and receives responses from the managed object.
Each network layer address of the node (a node can have more than one) is encoded in a standard way as a soft link to the node's name[3]. This allows a manager (or director) to translate a node address into the equivalent node name, making many diagnostic problems much simpler.
In network management, the specification of the management of each module is an integral part of the architecture of the subsystem. Moving responsibility for the management of a subsystem from a central network management architecture to the subsystem architecture has made the specifications clearer and more complete. In network management, a great deal of effort was spent coordinating the subsystem specifications and the network management specification. Placing responsibility in one person's hands made writing an internally consistent subsystem much easier.
In DECnet/OSI, the transport, network, and data link subsystems were among the first to have the EMA concepts applied to their management. Others quickly followed and, presently, more than 50 modules have been specified, with others being added as new subsystems are designed[5]. Not surprisingly, during the early days considerable interaction took place between the architects responsible for the central network management architecture and those responsible for developing the management of specific subsystems. The EMA evolved and was refined based on the experiences of the many subsystem architects using it.
In creating a high-performance enterprise network, no two organizations start at the same point or follow the same path. Wherever you are in the process, network management has the technical resources, project experience, multivendor expertise, and global presence to help you Web-enable your enterprise quickly, cost- effectively, and with minimal risk.
Some customers begin by asking us to create a public Web site or departmental intranet. Others entrust us to build the enterprise network backbone or to transform a variety of departmental intranets into a full-function enterprise intranet. We can extend an intranet to encompass mobile workers and remote sites (via a Virtual Private Network), external users (via extranet capabilities), and Web commerce applications[5]. Often, we are implementing several of these capabilities in parallel.
At every stage, we ensure that your solution meets the highest standards for security and manageability. In addition, our proven methodology supports rapid, reliable deployment, even in the most demanding environments. As a result, you can achieve your business goals as quickly as possible.
The global telecommunications is able to service providers and Internet service providers (ISPs), helping them build the infrastructures they will use to deliver advanced services to their customers into the next century[2]. Our experience working with companies that support millions of users makes us uniquely qualified to work with companies that must support tens or hundreds of thousands of users.
A wide range of complementary capabilities including:
Extensive knowledge of the global communications infrastructure maintains strong relationships with dozens of service providers around the world including large traditional telecommunications service providers, ISPs, and specialty carriers. We are working with these providers to extend their capabilities and infrastructures. This experience gives us the insight required to help you plan a strategic direction for your IP infrastructure.
We augment these general networking solutions with industry-focused solutions for communications, manufacturing, and financial services.
At DIGITAL, we thrive on helping organizations around the globe win by confronting and resolving their toughest business challenges. As the top-ranked systems integrator in North America and one of the top five in the world, DIGITAL Worldwide Services excels at deploying proven technologies in powerful, innovative ways to solve complex, real-world business problems[2]. Our resources include a highly skilled and experienced workforce, a rich set of alliances with other technology and SI leaders, and a truly global services organization that can deliver consistent, high-quality support wherever you do business.
DIGITAL integration solutions can help you:
Implement and integrate enterprise applications. Enterprise application software can dramatically improve your visibility into and control of business operations. DIGITAL helps ensure smooth, rapid deployment of leading platforms.
Two kinds of security have been considered for the system: IP address restriction and User IDs. Only browsers from privileged IP addresses can connect to the system, and each user has a unique user ID and password. IP addresses are checked for all transactions, but the user IDs are only checked at connection establishment time. Also, Users have different access privileges; some have read/write access, while others only have read privilege.
The Transmission Control Protocol and Internet Protocol (TCP/IP) were first developed in 1979. The primary focus then was to ensure reliable communications between groups of networks connected by computers acting as gateways[1]. At that time, security was not an issue because the size of this Internet was small and most of the users knew each other. The base technologies used to construct this network contained many insecurities, most of which continue to exist today.
Network security, for the purposes of this work, means more than simply creating firewalls against intrusion; it also means the creation of procedures and protocols that allow users of a network to be secure about the state of their data--its integrity and confidentiality.[4]
Security problems are aggravated by the barrier that still exists between the computer people and the rest of the world. Many decisions that properly relate to the running of the business are left to computer staff whose knowledge of the business is at best imperfect. Or managers must make decisions concerning the selection of hardware, software, or encryption tools with only the sketchiest understanding of the relative merits of the available products. It remains to be seen whether a fresh computer-literate generation will still suffer from these problems.
An organization implementing a secure network must first develop a network security policy that specifies the organization's security requirements for their Internet connection. A network security policy specifies what connections are allowed between the private and external networks and the actions to take in the event of a security breach. A firewall placed between the private network and the Internet, enforces the security policy by controlling what connections can be established between the two networks[1]. All network traffic must pass through the firewall, which ensures that only permitted traffic passes and is itself immune to attack and penetration.
Reliability is a major issue in network management. In a distributed VR game if some update messages are lost, the effect on the overall system is not dramatic. In a network management environment, each individual message may carry important information, and may have catastrophic effects on the network, if does not reach the destination. To fulfil both reliability and bandwidth restriction conditions, we recommend the utilisation of a reliable end-to-end protocol, such as TCP/IP, instead of a best effort communication protocol. The connection is continuously monitored, and in case the it is broken due to network failure, the connection will be re-established.
In the olden days, say a decade or so ago, local area networks (LANs) had narrow service goals. Perhaps a user could login to a host computer or catalog system, send files to a dot matrix printer, and maybe, if there were another host computer on the network, transfer files between them. If the network were advanced, users might be able to send e-mail to each other, even if they were on different hosts! The now-retired BITNET (Because It's Time Network), founded in 1981, operated along those lines. It supported everything except remote login, and it did so on leased telephone lines running data at 9600 bits per second[3]! Network management was almost totally concerned with the issue of connectivity--do we have a network? If you were connected, you had a network; if the network didn't work, you must have become disconnected.
Since then, of course, the picture has become more complicated, and is becoming more complicated even as this review is written. The global Internet is forever facing meltdown, and still more users are piling on and on.
These proceedings probably won't help the user whose new modem won't work on his new computer with the old university's dial-in lines and whose life seems to have been reduced to an interminable game of phone tag with different vendors in different time zones. In the daily scheme of things, this concern with advanced techniques might seem beside the point--any information processing at all would be an improvement. For those somewhat more behind the scenes, maybe even those sitting behind a help line or reference desk, the conference proceedings provide evidence that some progress is being made to make network life easier. It wasn't really all that long ago, for example, that making a long distance call was a major production; yet today, it's all mostly invisible-- except on Mother's Day. Someday, in the digital future, everything will be just a mouse click away.
The ISL(Initial System Load) technology provides many advantages over the traditional means of performing upgrades. Typically, upgrades are performed one system at a time, at each console by the system manager, who must maintain the correct set of installation media for each client system's unique set of peripherals and answer eachquestion as the upgrade procedure prompts.In a network managed by the POLYCENTER Software Distribution product, operating system upgrades are performed simultaneously. Any number of ISL operations can be invoked by using a single installation medium and often by issuing a sigle command[1]. In addition, the ISL mechanism can be used for system disk maintenance operations, such as upgrade, replacement, replication, backup, or compression.
A hierarchically structured name. An individual entity's local name is constructed by concatenating its class name to its instance identifier. The class name is a keyword that uniquely identifies the class (object type) of an entity. The instance identifier is the value of an identifying attribute used for naming instances of the entity's class, for which each instance of the class has a unique value.
In DECnet/OSI, the transport, network, and data link subsystems were among the first to have the EMA concepts applied to their management. Others quickly followed and, presently, more than 50 modules have been specified, with others being added as new subsystems are designed[2]. Not surprisingly, during the early days considerable interaction took place between the architects responsible for the central network management architecture and those responsible for developing the management of specific subsystems. The EMA evolved and was refined based on the experiences of the many subsystem architects using it.
In addition, a port entity has counter attributes that record the total number of times something of interest occurred on the TC. For example, there are counters recording the number of octets and protocol data units (PDUs) sent and received. A management station can poll these and determine usage over time. A port entity also maintains counters for both duplicated transport PDUs (TPDUs) detected and retransmitted TPDUs. Taken with the usage counters, these can be used to calculate error ratios and rates on the TC.
In the future, network management constantly challenged to:
-- The technology is immensely complex In addressing these challenges, you encounter immense complexity and a plethora of network technology options. To add to this complexity, the boundaries between LANs and WANs are blurring, as are the boundaries between your corporate network and your telecommunications service provider's network[2]. The enterprise network of the future will be inextricably linked with added-value services provided by backbone carriers.
-- Lay the foundation for success Compaq helps you navigate through this myriad of choices and challenges to architect, design, and implement a network backbone that delivers application-enabling performance, preserves your existing network investment, and positions your network for unprecedented growth.
-- Create an architecture that encompasses different growth scenarios, network design approaches, and technologies while addressing your requirements for integrated voice, data, and video.[6]
-- Develop short-and long-term strategies for network growth, management, and migration.
-- Design and implement your network infrastructure using the best and most cost-effective technologies from industry-leading vendors such as Cisco, Cabletron, 3Com, Ascend, and others.
-- Develop a global communications strategy that utilizes the best carriers, services, and access methods given your specific communication and connectivity needs.
| [1] | J. Mark Smith, Sean G. Doherty, Oliver J. Leahy and Dermot
M. Tynan,Protecting a Private Network: The AltaVista Firewa, 20.7.1998.[referred 18.12.1998]
< http://www.digital.com/info/DTJQ02/DTJQ02SC.TXT> |
| [2] | John R. Lawson, Jr., Automatic, Network-directed Operating System Software Upgrades:A Platform-independent Approach, Digital Technical Journal, 01.044.1995. [referred 18.12.1998]
< http://www.digital.com/info/DTJG06/DTJG06SC.TXT> |
| [3] | J. P. Claude, ed., Advanced Information Processing Techniques for LAN and MAN Management Amsterdam, NY: North Holland, 1994, Vol.3 No.9. [referred 18.12.1998]
< http://www.lita.org/ter/ter-3-9.html#claude> |
| [4] | Mike Hendry, Practical ComputerNetwork Security. Norwood MA: Artech, 1995, Vol.3 No.9. [referred 18.12.1998]
< http://www.lita.org/ter/ter-3-9.html#claude> |
| [5] | Mohsen Kahani, H. W. Peter Beadle, Using Virtual Reality to Manage Broadband Telecommunication Networks , ATNAC'95 Conference Proceeding, Vol. 2.1995. [referred 18.12.1998]
< http://www.geocities.com/SiliconValley/Bay/5543/atnac95.htm> |
| [6] | Mohsen Kahani, H. W. Peter Beadle, WWW-based 3D Distributed Collaborative
Environment for Telecommunication Network Management, ATNAC'96. Conference Proceeding, 12.1996, Vol. 2. [referred 18.12.1998]
< http://www.geocities.com/SiliconValley/Bay/5543/public.html> |