The management of network infrastructure in an enterprise is a complex and. daunting affair. In an era of increasing technical cornplexity, it is becoming difficult to find trained personnel who can manage the new features introduced into the various servers, routers, and switches. Policy-based network management provides a means by which the administration process can be simplified and largely automated. In this article we look at a general policy-based architecture that can be used to simplify several new technologies emerging in the context of IP networks. We explain how network administration can be simplified by defining two levels of policies, a business level and a technology level. We discuss how business-level policies are validated and transformed into technology-level policies, and present some algorithms that can be used to check for policy conflicts and unreachable policies. We then show how to apply this architecture to two areas: managing performance service level agreements, and supporting enterprise extranets using IPSec communication.
[1]
Philippe Massonet,et al.
GRAIL/KAOS: An Environment for Goal-Driven Requirements Engineering
,
1997,
Proceedings of the (19th) International Conference on Software Engineering.
[2]
James A. Hoagland,et al.
Specifying and Implementing Security Policies Using LaSCO, the Language for Security Constraints on Objects
,
2000,
ArXiv.
[3]
Michael Ian Shamos,et al.
Computational geometry: an introduction
,
1985
.
[4]
Robert S. Cahn,et al.
Wide Area Network Design
,
1998
.
[5]
Emil C. Lupu,et al.
Ponder: A Language for Specifying Security and Management Policies for Distributed Systems
,
2000
.
[6]
W. Douglas Maughan,et al.
Internet Security Association and Key Management Protocol (ISAKMP)
,
1998,
RFC.
[7]
Christopher Allen,et al.
The TLS Protocol Version 1.0
,
1999,
RFC.
[8]
Andrea Westerinen,et al.
Policy Core Information Model - Version 1 Specification
,
2001,
RFC.