Policy Driven Management for Distributed Systems - PowerPoint PPT Presentation

About This Presentation
Title:

Policy Driven Management for Distributed Systems

Description:

a relationship between a domain of subjects (managers) and ... Distributed Systems,' Journal of Network and Systems Management, Plenum Press. Vol.2 No.4, 1994. ... – PowerPoint PPT presentation

Number of Views:159
Avg rating:3.0/5.0
Slides: 19
Provided by: dpnmPos
Category:

less

Transcript and Presenter's Notes

Title: Policy Driven Management for Distributed Systems


1
Policy Driven Management for Distributed Systems
Mi-Joung Choi mjchoi_at_postech.ac.kr DPNM
(1)
2
Contents
  • Introduction
  • Definition, Architecture, Advantages
  • Policy Classification
  • Policy as Relationship Objects
  • Example Policy Objects
  • Access Rules, Domain Membership Policy, Security
    Administrator, Responsibility
  • Consideration Issues for policy
  • Conclusions
  • References

3
Introduction (1)
  • Distributed System Management
  • monitoring the activity of a system
  • making management decision
  • performing control actions to modify the behavior
    of the system
  • Policy
  • a relationship between a domain of subjects
    (managers) and a domain of target managed objects
  • one aspect of information which influences the
    behavior of objects within the system
  • Policy Driven Management
  • perform management based on policy

4
Introduction (2)
Management Policies
Interprets
Interpreter
Monitor
Control
Figure 1. PDM Architecture
5
Introduction (3)
  • Advantages
  • facilitates the dynamic change of behavior of a
    distributed management system
  • permits the reuse of the managers in different
    environments

6
DMS Architecture
7
Policy Classification (1)
  • Authorization policies
  • define what an manager is permitted or not
    permitted to do
  • the operations they are permitted to perform on
    managed objects
  • considered target based
  • Obligation Policies
  • define what a manager must or must not do
  • guide the decision making process
  • considered subject based

8
Policy Classification (2)
Figure 2. Policies Influence Behavior of Object
within System
9
Policy Classification (3)
  • Positive Policy permitting or must
  • Negative Policy prohibiting or must not
  • Activity Based the simplest policies
  • State Based include a predicate based on object
    state
  • (ex) - John is permitted to read file
    F1(authorization positive activity based)
  • John is prohibited to read personnel records
    where employment grade gt 10 (authorization
    negative state based)
  • Manager must perform reset on links with error
    count gt 50 (obligation positive state based)
  • The standby manager must not perform any control
    actions (obligation negative activity based)

10
Terminology
  • Management domain a collection of managed
    objects to which policies apply (subdomain,
    direct member, indirect member, parent)
  • Constraints specification to restrict the
    applicability of the policy (temporal
    constraints, parameter value constraints,
    preconditions)
  • Propagation policy applying to a parent domain,
    should propagate to member subdomains of parent

Figure 4. Policy Propagation
11
Policy as Relationship Objects
Figure 3. Typical Management Relationship
12
Example Policy Objects (1)
  • Access Rules

13
Example Policy Objects (2)
  • Domain Membership Policy
  • specify membership of a domain by specifying an
    object selection predicate creating deleting
  • (Ex)
  • A any include X, create X Dt when X.typeT
  • (any subject is permitted to include or create
    objects of type T in target domain Dt)
  • A- any remove, delete Dt when Dt.membernum gt 2
  • (any subject is prohibited to remove or delete
    domain Dt when the member number is more than 2)

14
Example Policy Objects (3)
  • Security Administrator

15
Example Policy Objects (4)
  • Responsibility

16
Consideration Issues of Policy
  • Policy Implementation Issues Policy
    Dissemination Function
  • transforms policies into a form suitable for
    interpretation
  • sends obligation policies to managers in subject
    domain
  • sends authorization policies to reference
    monitors associated with objects in the target
    domain
  • Form O O- onlteventgt ltsubjectgt actions
    lttargetgt when ltconstraintsgt
  • Policy Hierarchy
  • Policy Goals
  • Policy Rules
  • Policy Mechanism Information
  • Policy Analysis
  • Coverage
  • Missing Obligation/Authorization
  • Conflicts

17
Conclusions
  • PDM provides the basis for dealing with automated
    dynamic reusable management
  • Policy specification language should produce a
    set of rules which can be interpreted by managers
  • Domains are used to specify the scope for
    applying the policy
  • Important Issues policy analysis, conflict
    detection resolution

18
References
  • Morris Sloman, Policy Driven Management for
    Distributed Systems, Journal of Network and
    Systems Management, Plenum Press. Vol.2 No.4,
    1994.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Policy Driven Management for Distributed Systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!