Policy-based Network Management

Definition : Policy-based Network Management is that the network management is accomplished based on policy. The policy is the combination of rules and services where rules define the criteria for resource access and usage. A policy is formally defined as an aggregation of policy rules. Each policy rule is comprised of a set of conditions and a corresponding set of actions. The condition defines when the policy rule is applicable. Once, a policy rule is so activated, one or more actions contained by that policy rule may then be excuted. These actions are associated with either meetig or not meeting the set of conditions specified in the policy rule.

Motivation : The task of managing information tchnology resources becomes increasingly complex as managers must take heterogeneous systems, different networking technologies, and distributed applications into consideration. As the number of resources to be managed grows, the task of managing these devices and applications depends on numerous system and vendor specific issues. To prevent the operators from drowning in excessive detail, the level of abstraction needs to be raised in order to hide system and network specifics. Policies which are derived from the goals of management define the desired behaviour of distributed heterogeneous systems and networks, and specify means to enforce this behavior. Policy provides a means of specifying and dynamically changing management strategy without coding policy into the implementation. Policy-based management has many benefits of delivering consistent, correct, and understandable network systems. The benefits of policy-based management will grow as network systems become more complex and offer more services (security service and QoS).

Architecture of Policy-based Network Management

Policy Infrastructure Functional Groupings

• Policy Management Tool
  1. Policy Editing
  2. Policy Presentation
  3. Rule Translation
  4. Rule Validation
  5. Global Conflict Resolution
  
• Policy Repository
  1. Storage
  2. Search
  3. Retrieval
  
• Policy Consumer
  1. Rule Locator
  2. Device Adapter
  3. State Resource Validation (Requirements Checking)
  4. Policy Rule Translation
  5. Policy Transformation
  
• Policy Target
  1. Operate as specified by Policy Rule
  2. Optionally, Policy Rule Validation
  3. Optionally, Feedback
  

Standards

• IETF Policy Framework Working Group
• DMTF Information Service Level Agreement (SLA) Working Group
• IETF Policy MIB defines objects that enable policy-based configuration management of SNMP infrastructures
• J.Strassner, E.Ellesson, and B.Moore, Policy Framework Core Information Model, November 1999
• M.Stevens, W.Weiss, H.Mahon, B.Moore, et. al., Policy Framework, September 1999

Papers

• J.Moffett, M.Sloman, Policy Hierarchies for Distributed Systems Management IEEE Journal on Selected Areas in Communications, Vol.11 No.9, Dec. 1993, pp.1404-1414
• M.Sloman, Policy Driven Management For Distributed Systems, Plenum Press Journal of Network and Systems Management, vol 2, no.4, Dec. 1994, pp.333-360
• D.Marriott, M.Sloman, Implementation of a Management Agent for Interpreting Obligation Policy IEEE/IFIP Workshop on Distributed Systems Operations and Management (DSOM '96), Laquila, Italy, Oct 1996
• E.Lupu, M.Sloman, Conflict Analysis for Management Policies, Fifth IFIP/IEEE International Symposium on Integrated Network Management IM'97, San-Diego, May 1997, Chapman & Hall Publishers, pp430-443
• Damian Marriott, < a href=http://www-dse.doc.ic.ac.uk/~mss/MSSPubs.html#MarriottPHD>Policy Service for Distributed Systems, Oct. 1997
• E.Lupu,M.Sloman, Conflicts in Policy-based Distributed Systems Management, To appear in IEEE Transactions on Software Engineering - Special Issue on Inconsistency Managment, 1999
• M.Sloman, E.Lupu, Policy Specification for Programmable Networks, Extended version of paper in Proceedings of First International Working Conference on Active Networks (IWAN’99), Berlin, June 1999, ed. S. Covaci, published by Springer Verlag Lecture Notes in Computer Science
• S.Hinrichs, Policy-Based Management: Bridging the Gap, ACSAC'99, 15th Annual, 1999, Pages:209-218
• Emil C.Lupu, Conflicts in Policy-Based Distributed Systems Management, IEEE Transactions on Software Engineering, Vol. 25, No. 6, November/December 1999

Products and Prototypes

• Cisco Systems: Policy and Management Technologies and Protocols
• Cisco Systems: QoS Policy Manager Version 1.1
• Cisco Secure Policy Manager
• Intel Policy-Based Network Management (PBNM)
• HP OpenView: Primer on Policy-based Network Management
• SOFTWORKS SavanTechnology, SOFTWORKS SavanTechnology (SST) offers a suite of products for storage management called CenterStage. The products proactively monitor and manage storage devices using consistent policies and procedures.
• Redcape Software: Policy Based Management for JMAPI, This OpenView Forum presentation describes policy-based management, use of Java for policy implementation, JMAPI, and the Redcape Policy Framework.
• Lucent Technologies "RealNet Rules", Lucent's RealNet Rules is a JAVA-based, client/server software application running on Windows NT and Sun Solaris platforms that allows IT professionals to define specific rules, or policies, regarding how network resources will be used, by whom and at what times. 
• OrcheStream, Orchestream is a global leader in policy-based IP service and network management software based in New York and London.

Related sites

• Policy-based Network Management from TechWeb
• Ponder : Policies for Network and Distributed Systems Management
• Computer Associates: Unicenter Enterprise Management Strategy White Paper Discusses Neugents (neural-net method of linking business process to IT policy) and a policy-based management approach to Enterprise Management.
• A Generic Approach to Policy Description in System Management (HPL-97-82)
• Policy Management Requirements (HPL-98-64)
• Policy Based Monitoring of a Web-Based Service (HPL-98-76)
• Policies in a Resource Manager of Workflow Systems: Modeling, Enforcement and Management (HPL-98-156)
• Integrating Policy-Driven Role Based Access Control with the Common Data Security Architecture (HPL-1999-59)
• Ganymede Software's Policy Based Network Management Resources, This page provides a number of links to web sites covering policy-related news, standards, and vendor-specific information.
• http://www.house.gov/IG/97cao10/report.htm, "DIRECT ACCESS STORAGE DEVICE MANAGEMENT CAN BE IMPROVED" Report No. 97-CAO-10, March 8, 1997. Discussion of why IBM MVS SMS is not being effectively used for information systems supporting the U.S. House of Representatives.
• Ethernet Quality of Service Poll (3/1999), Results of a poll on Quality of Service (QoS) reveals that of 259 responses, 78% believe QoS is necessary on Ethernet networks and a majority will use QoS tools for both mission-critical business applications and integrating voice and data on one network.
• The Policy channel at Stardust.com, The Policy channel is one of Stardust.com's Internet technology pages. URLs to policy white papers and policy-related web pages are available here.
• Introduction to QoS Policies, A white paper also accessible from the Polict Channel Stardust.com page.

Presentaions

• M.Sloman, Inaugural Lecture - Policy Agents: Licensed to Manage, May 1998
• Morris Sloman, Policy Driven Management for Distributed Systems, Journal of Network and Systems Management, Plenum Press. Vol.2 No.4, 1994
• Takeo Hamada, David Blight, Activctive Policy in Knowledge Hyperspace -Intelligent Agent and Policy-Based Networking, apnoms99 review, 1999
• Hinrichs,S., Policy-based management: bridging the gap, Computer Security Applications Conference, 1999. (ACSAC '99). Proceedings. 15th Annual , 1999, Page(s): 209 ?218
• M.Casassa Mont, A.Baldwin, G.Goh, POWER Prototype : Towards Integrated Policy-Based Management, NOMS 2000, Proceedings, 1999