Generating diagnostic tools for network fault management
Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V : integrated management in a virtual world: integrated management in a virtual world
Managing in a distributed world
Proceedings of the fourth international symposium on Integrated network management IV
ICON: a system for implementing constraints in object-based networks
Proceedings of the fourth international symposium on Integrated network management IV
Automation of Site Configuration Management
LISA '97 Proceedings of the 11th Conference on Systems Administration
Ganymede: An Extensible and Customizable Directory Management Framework
LISA '98 Proceedings of the 12th Conference on Systems Administration
Central System Administration in a Heterogeneous Unix Environment: GeNUAdmin
LISA '94 Proceedings of the 8th USENIX conference on System administration
NESTOR: an architecture for network self-management and organization
IEEE Journal on Selected Areas in Communications
A2A: An Architecture for Autonomic Management Coordination
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Hi-index | 0.00 |
This paper describes our initial steps towards self-configuring mechanisms for automating high-level security and service policies in dynamic networks. We build on the NESTOR system developed at Columbia University for instrumenting and monitoring constraints on network elements and services such as DHCP, DNS zones, host-based access controls, firewalls, and VLAN switches.Current paradigms for configuration management require that changes be propagated either manually or via low-level scripts suited to static networks. Our longer-term goal is to provide fully automated techniques which work for dynamic networks in which changes are frequent and often unanticipated. Automated approaches, such as ours, are the only viable solution for global and dynamic networks and services. In this paper, we focus on one specific scenario to illustrate our ideas: providing transparent and secure access to selected services from a mobile laptop. The challenge is that reconfiguration must satisfy the security policies of two independent corporate networks.