Integrated management of network and security devices in IT infrastructures

IT infrastructures just needs to work and at the same time adapt to changing requirements. A significant amount of their downtime is caused by configuration errors and because all other subsystems depend on the network, network errors there have a big impact. Configuration errors are often caused by parameters that are inconsistent because changing one parameter often requires updating multiple other parameters. The configuration of a network is mostly determined by the physical connections and by the subsystems that use the network. Therefore a lot of configuration parameters are derived from other parameters, which increases the risk of inconsistencies. In this paper we present ISIM, a configuration tool for managing a network and its security devices. A first contribution of ISIM is its model with relations between configuration parameters over abstraction and subsystems. This ensures that each parameter only has to be provided once in a configuration and it reduces the work needed to manage a network. The second contribution is a domain model for the network and implementations for this domain model. Other implementations can be added without changing existing configuration code. This enables configuration code reuse. The third contribution is validating the configuration input of ISIM using the types and constraints in the domain model. It reduces the risk of misconfigurations and inconsistencies in the configuration input.