Models of Network Administration Week 5

Understanding the system as a whole Requires ability to see relationships and dependencies between distinct parts The idea of a causal web Complex system may have multiple operating modes – adaptive behaviour

Models for Management IETF (SNMP RFC1155) and ISO (TMN) have defined models for management of systems These dont always scale well Focus on managing devices Require a Human controller Micro-manage the system Best model are those which automate functions and regulate interactions of components

Information Models Represent the data used by an organisation eg database of Personnel, Assets and Services Uses a Directory service (eg X.500) Structured: hierarchical, object-oriented Common schema: allows interoperability Access Control: per record Optimised for read-only use. Not updated during use Specific vs General search White pages vs Yellow pages

Network Directory X.500 ISO 9594 (1988) Uses ASN.1 to define format of protocols Access method (DAP) defined in ISO terms LDAPv3 (RFC 2251–2256) Now replacing or being integrating into vendor solutions eg NDS and MS ActiveDirectory

Lightweight Directory Access Protocol (LDAP) Contains Name-Value(s) pairs (attributes) Attributes have rules (sub-attributes) controlling Method of value matching during search Order of value matching during search Whether attribute is mandatory or optional Attributes identified by Distinguished Name (DN) or Relative Distinguished Name (RDN) RDN is a Name-Value pair eg cn=Chris Freeman DN is a concatenation of RDNs in hierarchy

Hierarchical Directory Services Well suited to distributed environment; allows delegation of parts to separate hosts Directory tree may be partitioned into sub-trees with no overlap Cooperating groups with can then manage their own data locally and share with others May allow Availability and Redundancy through replication of data and service

Hierarchical Directory Services

Querying Directory Services Usually built-in to application software Unix system call: GetHostByName( ) Uses nsswitch to select one of several directory services See also Pluggable Authentication Modules (PAM) Original UNIX methods based on /etc files Later used NIS (aka YellowPages or yp) Non-hierarchical, lacked security Replaces by NIS+

Other Directory Services OpenLDAP Versatile, common platform Difficult syntax and sensitive to network LoS Novell Directory Service (NDS) Consistent distributed physical organisation of devices and software objects Directly implements the information model Microsoft Active Directory Replaced NT4 Domain model Compatible with simplified version of LDAP

System Infrastructure A network is a community of cooperating and competing components… Administrator selects components and assigns roles depending on tasks required This may involve machines and users (staff) Computing machinery: functional infrastructure Staff: build and maintain infrastructure

System Infrastructure Identify purpose of computer system Choose hardware and software Appropriate to task Set policies and procedures

Aspects of System Infrastructure Homogeneity All systems identical or Configure for purpose? Load Balancing One service per host or multi-service hosts? Separate data storage and data processing can double network traffic Human limitations on group size: max150 objects Mobile and AdHoc networks Peer-to-Peer: Scaled approach to management

Network Administration Models Central management – star model

Network Administration Models Centralised policy and enforcement JobRate controller =Rate 1 +Rate 2 +…Rate n If sum of Requests exceeds maxCapacity/n then work will queue at the controller Disadvantage of centralised control: bottleneck in communications with controller

Other Network Administration Models Star with intermittently connected hosts Mesh: centralised policy & local enforcement Each host gets own copy of common policy. Does not need constant connection to controller Each host updates itself according to policy But: Is policy up-to-date? Has policy been applied? Mesh: partial host autonomy & local enforcement Mesh: partial autonomy and peer policy exchange

Network Management Technologies SNMP OSI TMN and Others Java Management Extensions (JMX) Jini and UPnP: management-free networks WMI and WBEM

Building an Infrastructure What is the correct way to build a complex networked application from nothing? 1. NIC drivers 2. Local host config: Host name, SysLog 3. IP configuration (DHCP) 4. Domain Name configuration (Resolver, dDNS) 5. Middleware services (NIS, Kerberos, RADIUS) 6. Application services (MySQL, httpd, java, …) 7. Client applications (Browser, java, client-side APIs)

Aspects of Infrastructure Creating uniformity through Automation Revision control: HostFactory, RCS Software distribution & synchronisation Push model:rdist Pull model:cfengine, rsync Reliability through parallelism

System Maintenance models Reboot return to original (if it still exists!) Manual administration not scalable, relies on knowledgable user Central control HP Openview, Tivoli, Sun Solstice star model problems Immunology (self-maintenance) Eg. Windows automatic restore

Multiple Operating Systems in a LAN Convenience vs Differentiation Simple FTP vs Open file sharing? Software compatibility between systems Problems: Different object naming schemes File System sharing: different Naming & ACLs Different User ID and password schemes User Authentication