Evolution of Network
Management Technologies
Session 801
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 2
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 1
How Can We?
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 3
Agenda
• Current Challenges
• Network Management Evolution
• Summary
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 4
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 2
Fundamental Premise
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 5
Present Situation
• Multiservice, VPN
multilayer networks
Internet
• Network Address
Translation (NAT)
• Huge amounts of
data to be managed
• High speed
networking
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 6
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 3
Present Situation (Cont.)
• Transition to Remote
Office
service management
• Redundancy for
high availability
• Cohesive security
system for network,
systems, and
applications
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 7
Evolving Network
Management Architecture
LDAP
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 8
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 4
Command Line Interface
• Primary configuration
interface
• Used through telnet User
by users
and applications Telnet SSH
• Highest level of
configuration,
monitoring,
troubleshooting
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 9
Issues—Open to Attack…
telnet
telnet rtr-1
rtr-1
username:
username: dandan
password:
password: I’m Bob,
please print
out all of the
m-y-p-a-s-s-w-o-r-d d-a-n enable passwords
Snooping Impersonation
Bob
CPU
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 5
Solution—Secure Shell (SSH)
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 11
I dare You to
say “Shazam”
Shazam! 1010101010098jlkf82189120j Shazam!
X
Shazam! 870980jd09210982j092u0912 Idiot!
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 12
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 6
Deploying SSH
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 13
Management Security
• Secure transport
for multiple
management
protocols required
• Securing SNMP, IPSec
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 7
Issues—Security
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 15
Solution—IPSec
Management
System HR Server
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 16
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 8
Using IPSec
Tunnel Terminates
Encrypted Encrypted at Agent
Intranet/
Internet Managed
Device
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 17
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 18
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 9
It Isn’t That Bad!
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 19
SNMP Management
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 20
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 10
Issues—SNMP
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 21
Solution—SNMPv3
• Security
User Security Model (USM)
Authenticates users
Multiple user/administrative levels
Encrypts PDUs
Addresses SNMP security issue
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 22
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 11
Solution—SNMPv3
• Additional features
Distributed management
Confirmed notifications
Extends reach?
64-bit counters
Bulk data retrieval
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 23
SNMPv1 SNMPv3
msgVersion msgVersion
community msgID
msgMaxSize
msgFlags
PDU msgSecurityM
msgAuthoritat
odel
msgAuthoritat
iveEngineID
iveEngineBoot
msgAuthoritat
iveEngineTime
msgUserName
s
msgAuthentic
ationParamete
msgPrivacyPa
rameters
rs
contextEngine
ID
contextName
PDU
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 24
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 12
Cisco’s SNMP Evolution
• Structured method of
exchanging information
Appl CIM/XML Appl
• Multisystem, CIM/XML
multivendor
interoperability
• Durable, supports mix
and match application
versions
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 26
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 13
Issues—Application
Data Exchange
Solution—CIM + XML
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 14
CIM Data Model
LogicalElement
Service
LogicalDevice System
1 HostedService
w
*
CreationClassName: string [key]
NameFormat: string
Name: string [key]
PrimaryOwnerName: string 1
PrimaryOwnerContact: string HostedBootService w
* BootService ClusterService
w
* Roles: string [ ]
SystemDevice
w
*
StorageExtent Processor
* ComputerSystem ApplicationSystem
ComponentCS
*
w
* 2..n 1 1
HostedClusterService
InstalledOS
w
*
ParticipatingCS 0..1
Memory OperatingSystem
RunningOS
w
*
1 UnitaryComputerSystem Cluster
Computer
System InitialLoadInfo: string [ ]
* Interconnect: string
1
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 29
CIM
CIM
////////////////////////////////////////////////////////
// Device: nmcpw1601.cisco.com
////////////////////////////////////////////////////////
instance of DEN_NetworkElement {
DeviceId = "133";
CommonName = "nmcpw1601";
DNSName = "cisco.com";
Description = "";
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 30
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 15
Sample Inventory Data
instance of DEN_NetworkPort {
CIM_PhysicalElementID = "143";
CommonName = "ethernetCsmacd";
Description = "CiscoPro EtherSwitch CPW1601 HW
Rev 5; SW 2.0(1) (Oct 15 1996 11:17:49)";
Status = "up";
MACAddress = "00:80:24:38:9c:90";
NetworkAddress = "";
};
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 31
<XML>CIM Data</XML>
HTTP/HTTPS
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 32
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 16
Sample Inventory Data with XML
<?XML version="1.0" >
<NAMESPACENODE>ROOT</NAMESPACENODE>
<NAMESPACE>
<NAMESPACENODE>CIMV2</NAMESPACENODE>
</NAMESPACE>
</NAMESPACE>
</NAMESPACEPATH>
<CLASSNAME>CIM_ManagedSystemElement</CLASSNAME>
</CLASSPATH>
<QUALIFIER NAME="Abstract" LOCAL="true"
TYPE="boolean”
OVERRIDABLE="EnableOverride”
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 33
• Security, replication,
and distribution
• Enables
user/applications
based services (not
just network based)
• Key is to use
open standards
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 34
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 17
What Is a Directory?
AD
LDAP/ NDS
Kerberos
Database
Value of Directories
Personal
Personal Network
Network
Applications
Applications Devices
Devices
Referrals, Managed
Shared Data Entities Network
Network
Users
Users Desktop
Desktop Services
Services
Personalization, Service Definition
Remote management and User Subscription
Directory
Collaborate, Publish Manage Segments
and Secure of the Network
File,
File, Network
Network
Print
Print Authentication, VPN, TagVPN, Management
Management
Credentials Data Encryption
Integrated
Integrated
User
User and
and Network
Network
Computing Resources Network Resources
Security
Security
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 36
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 18
Directory Enabled Example
DHCP
CNS/AD Server
Server
Network
Service
Service Request
Request Network
Network Events
Events
Monitoring
End User
Service Creation Provisioning
Application Server
CiscoAssure
Policy Server Intelligent Network Devices
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 37
Directory Protocols
• LDAP—standards-based
query/update
• Kerberos—standard token-based
authentication
• ADSI—Active Directory Service
Interface (Microsoft AD)
• NDS/NDK—Novell Directory Services
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 38
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 19
LDAP
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 39
Service Monitoring
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 40
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 20
Issues—Service Monitoring
ATM
Frame Relay Telecommuters
RTR
Dial/ISDN
Central/HQ
Configure
Collect Internet Mobile
Present Users
IP-VPN
Remote Sites
Present
IPM Client
(Windows NT, Solaris) IPM Server Mobile
(Solaris)
Partners/Customers Users
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 42
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 21
How RTR Works
RTR
RTR
ping ping
ping
RTR
Agent
IP Addressable
Device
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 44
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 22
Deploying RTR
(config)# rtr 5
(config-rtr)# type tcpConn dest-ipaddr 10.0.0.1 dest-port 80
(config-rtr)# exit
(config)# rtr schedule 5 start now
Entry LifeI BucketI SampleI SampleT CompT
20 1 1 1 140741381 4
20 1 2 1 140741382 4
20 1 3 1 140742381 1
20 1 4 1 140743381 1
20 1 5 1 140744381 1
20 1 6 1 140745381 1
20 1 7 1 140746381 1
20 1 8 1 140747381 1
20 1 9 1 140748381 1
20 1 10 1 140749381 1
RTR
RTR
RTR
Web Server Agent
Farm
10.0.0.1
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 46
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 23
Summary
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 48
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 24
801
1115_06F9_c1 © 1999, Cisco Systems, Inc. 49
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr 25