Policy Technologies for Self-Managing Systems

  Policy Technologies for Self-Managing Systems   Dakshi Agrawal Calo Seraphin Kang-won Lee Jorge Lobo Dinesh Verma   Use policies to build self-managing IT systems that save money, improve availability, and enhance agility   IT policies can be used to guide and automate decision making in the management of computer and network infrastructure, helping IT organizations reduce costs, improve service quality, and enhance business agility. Now, a team of top IBM researchers introduces the latest innovations in policies and autonomic computing and demonstrates how to put them to work in your organization.   The authors cover the entire policy lifecycle: planning, definition, representation in standard policy languages, validation, distribution, enforcement, and more. They identify proven patterns for designing policy-enabled self-managing systems and show how policies can be integrated into a complete framework for system self management. They carefully introduce key technologies such as rules engines and the IBM Policy Management framework, as well as emerging standards such as the DMTF’s Common Information Model. Finally, they offer start-to-finish case studies of policy management in areas ranging from storage and IP networking to security.   This book’s insights and practical guidance will be invaluable to every IT professional who can benefit from policies: architects, developers, administrators, researchers, and managers alike. Coverage includes   Understanding the life cycle and components of policy-based self-managing systems Identifying your best opportunities to drive value from policies Defining the most appropriate abstraction level for your policies Using the DMTF’s Common Information Model to establish the logical structure and contents of policies Validating the consistency and appropriateness of your policies Making your policies automatically enforceable by computer Using policies to simplify and streamline configuration management for SANs and other IT systems Improving availability by implementing policies that can automatically react to faults and error conditions    

Table of Contents:
Foreword Preface Chapter 1 Policy Definition and Usage Scenarios 1.1. Formal Definition of Policy     1.1.1. Types, Nature, and Usage of Policies 1.2. Policy-Based Self-Configuration 1.3. Policy-Based Self-Protection in Computer Networks 1.4. Policy-Based Self-Optimization in Computer Systems 1.5. Policy-Based Self-Healing 1.6. Building a Policy-Based Management System 1.7. Summary Chapter 2 Policy Lifecycle—Creation, Distribution, and Enforcement 2.1. A Holistic View of the Policy Lifecycle 2.2. Instances of Policy-Based Systems     2.2.1. Network QoS Control     2.2.2. Privacy Policy Publication     2.2.3. Policy-Based Management of Enterprise Network Access 2.3. Policy Creation 2.4. Policy Distribution 2.5. Policy Distribution Using Repositories     2.5.1. Grouping of Policies by System Components Role     2.5.2. Grouping of Policy Components 2.6. Policy Creation and Distribution for Multiple Administrative Domains 2.7. Policy Enforcement     2.7.1. Policy Evaluation Trigger     2.7.2. Policy Enforcement Context     2.7.3. Data Gathering     2.7.4. Policy Evaluation     2.7.5. Decision Execution 2.8. Summary Chapter 3 Policy Information Model 3.1. How Is an Information Model Described? 3.2. Policy Information Models     3.2.1. Why Use Information Models     3.2.2. Condition-Action Information Model     3.2.3. Event-Condition-Action Information Model     3.2.4. Mode-Subject-Action-Target Information Model     3.2.5. Grouping, Scope, and Priorities 3.3. A Standardized Policy Model     3.3.1. The Common Information Model (CIM)     3.3.2. The CIM Policy Model 3.4. Summary Chapter 4 Policy Languages 4.1. Declarative Nature of Policy Languages 4.2. Survey of Policy Languages     4.2.1. PDL     4.2.2. Ponder     4.2.3. CQL     4.2.4. XACML     4.2.5. ACPL 4.3. CIM-SPL     4.3.1. CIM-SPL Policy Rules     4.3.2. Policy Groups     4.3.3. An Example of CIM-SPL Policy 4.4. Summary Chapter 5 Policy Transformation and Analysis 5.1. Policy Transformation 5.2. Design-Time Techniques for Policy Transformation     5.2.1. Transformation Using Analytical Models     5.2.2. Transformation Using Static Rules     5.2.3. Transformation by Policy Table Lookup     5.2.4. Transformation Using Case-Based Reasoning 5.3. Real-Time Policy Transformation 5.4. Policy Analysis     5.4.1. Conflict Checking     5.4.2. Conflict Resolution     5.4.3. Coverage Checking     5.4.4. What-If Analysis 5.5. Related Work 5.6. Summary Chapter 6 Policy-Based Configuration Management 6.1. Configuration Management Overview 6.2. Policy-Based Configuration Management     6.2.1. Policy-Based Simplification of Configuration Management     6.2.2. Policy-Based Tuning of System Configuration     6.2.3. Policy-Based Checking of System Configuration 6.3. Example in Storage Area Networks     6.3.1. Configuration Checking of Storage Area Networks     6.3.2. Policy Modeling and Representation     6.3.3. Architecture of a Policy-Based SAN Configuration Checker 6.4. Example in Hosted Server Environment     6.4.1. Architecture for Self-Configuration     6.4.2. Variations on the Architecture 6.5. Summary Chapter 7 Policy-Based Fault Management 7.1. Fault Management Overview     7.1.1. Fault Management in Networks     7.1.2. Fault Management in Web-Based Applications 7.2. Policy-Based Fault Management     7.2.1. Policy-Based Acquisition of Fault Information     7.2.2. Policy-Based Format Conversion     7.2.3. Policy-Based Event Volume Reduction     7.2.4. Policy-Based Root Cause Analysis     7.2.5. Policy-Based Remedial Action 7.3. Architecture of a Policy-Based Fault Management System 7.4. Summary Chapter 8 Policy-Based Security Management 8.1. Overview of Security Management 8.2. Policy Applications in Security     8.2.1. Policy-Driven Access Control     8.2.2. Higher-Level Access Policies     8.2.3. Policy-Based Self-Protection     8.2.4. Policy-Based Communication Assurance 8.3. Policy-Based Security Assurance for IPsec Protocol     8.3.1. Business Needs Satisfied by the Security Assurance Tool     8.3.2. Communication Control Policies for IPsec Protocol     8.3.3. Generating the Communication Control Policies 8.4. Summary Chapter 9 Related Topics 9.1. Production Rules 9.2. Business Rules and Processes 9.3. IT Processes 9.4. Event Correlation and Notification Systems 9.5. Service Level Agreements 9.6. Regulatory Compliance 9.7. Proliferation of Policy-Based Technologies References   0132213079   TOC   9/9/2008

About the Author :
Dakshi Agrawal, IBM T. J. Watson Research Center, 19 Skyline Drive, Hawthorne, New York 10532 (electronic mail: agrawal@us.ibm.com). Dr. Agrawal is a research staff member at IBM T. J. Watson Research Center in the Policy & Networking Department. He has been a core team member in developing the Policy Management Toolkit for IBM Autonomic Computing, and received an IBM Research Division Award and Invention Achievement Award for this contribution in the project. Dr. Agrawal received a Ph.D. in 1999 from the University of Illinois--Urbana-Champaign (UIUC), Urbana, IL in electrical engineering. He worked as a Visiting Assistant Professor at UIUC during 1999--2000 before joining T. J. Watson Research Center, IBM Corporation, Hawthorne, NY as a Research Staff Member. Dr. Agrawal has more than 30 publications in international conferences and journals in the area of digital communication theory, distributed computing systems, and digital security and privacy. He has been granted or has applied for more than ten patents with the US Patent Office. Seraphin Calo, IBM T. J. Watson Research Center, 19 Skyline Drive, Hawthorne, New York 10532 (electronic mail: scalo@us.ibm.com). Dr. Calo is a Research Staff Member at IBM Research and currently manages the Policy Technologies group within that organization. He received the M.S., M.A., and Ph.D. degrees in electrical engineering from Princeton University, Princeton, New Jersey. He has worked, published, and managed research projects in a number of technical areas, including: queuing theory, data communications networks, multiaccess protocols, expert systems, and complex systems management. He has been very active in international conferences, particularly in the systems management and policy areas. His recent involvements include serving on the Organizing Committee of Policy 2004 (IEEE 5th International Workshop on Policies for Distributed Systems and Networks) and serving as the General Chair of IM 2005 (The Ninth IFIP/IEEE International Symposium on Integrated Network Management). Dr. Calo has authored more than 50 technical papers and has several United States patents (three issued and four pending). He has received two IBM Research Division awards and two IBM Invention Achievement awards. His current research interests include distributed applications, services management, and policy based computing. Kang-Won Lee, IBM T. J. Watson Research Center, 19 Skyline Drive, Hawthorne, New York 10532 (electronic mail: kangwon@us.ibm.com). Dr. Kang-Won Lee is a research staff member at IBM T. J. Watson Research Center in the Policy & Networking Department. He has been a core team member in developing the Policy Management Toolkit for IBM Autonomic Computing, and received an IBM Research Division Award and Invention Achievement Award for this contribution in the project. He is currently working on policy-based storage area network planning and verification. Dr. Lee has received his Ph.D. in computer science from the University of Illinois--Urbana-Champaign, specializing in computer networks. Dr. Lee has published more than 40 technical articles in premier IEEE and ACM journals and conferences. Jorge Lobo, IBM T. J. Watson Research Center, 19 Skyline Drive, Hawthorne, New York 10532 (electronic mail: jlobo@us.ibm.com). Dr. Lobo joined IBM T. J. Watson Research Center in 2004. Before going to IBM he was principal architect at Teltier Technologies, a start-up company in the wireless telecommunication space acquired by Dynamicsoft and now part of Cisco System. Before Teltier, he was a tenured associate professor of CS at the University of Illinois at Chicago and member of the Network Computing Research Department at Bell Labs. At Teltier he developed a policy server for the availability management of Presence Servers. The servers were successfully tested inside two GSM networks in Europe. He also designed and co-developed PDL, one of the first generic policy languages for network management. A policy server based on PDL was deployed for the management and monitoring of Lucent first generation of softswitch networks. Jorge Lobo has more than 50 publications in international journals and conferences in the areas of Networks, Databases, and AI. He is co-author of an MIT book on logic programming and is co-founder and member of the steering committee for the IEEE International Workshop on Policies for Distributed Systems and Networks. He has a Ph.D. in CS from University of Maryland at College Park, and an M.S. and a B.E. from Simon Bolivar University, Venezuela. Dinesh Verma, IBM T. J. Watson Research Center, 19 Skyline Drive, Hawthorne, New York 10532 (electronic mail: dverma@us.ibm.com). Dinesh C. Verma manages the Policy & Networking technologies area at IBM T.J. Watson Research Center, Hawthorne, New York. He received his doctorate in Computer Networking from University of California at Berkeley in 1992, his bachelor's in Computer Science from the Indian Institute of Technology, Kanpur, India in 1987, and master in Management of Technology from Polytechnic University, Brooklyn, NY in 1998. He holds 14 patents related to computer networks, and has authored more than 50 papers in the area. His research interests include topics in policy-based computing systems, Quality of Service in computer communication systems, distributed computing, and autonomic self-managing software systems. Dr. Verma has authored four books, two with Pearson or its imprints, and two with John Wiley & Sons. Books published by Pearson include Policy-Based Networking(ISBN 1578702267) and Supporting Service Level Agreements on IP Networks(ISBN 1578701465).