Catálogo de publicaciones - libros

Current solutions to characterize grid computing usage are limited in three important aspects. First, they do not provide a global, uniform view of the use of infrastructures comprised of heterogeneous grid middleware. Second, they do not allow the specification of policies to publicize the collected information. Third, they do not generate statistics about the applications that are executed on the grid. To fill this gap, we propose an architecture based on the Web Services Distributed Management standard and on access control policies to characterize global usage of grid computing infrastructures, even when such grids are formed by heterogeneous middleware packages. We introduce this architecture and present preliminary results obtained with a prototype.

This paper proposes a management of DiffServ-over-MPLS transit network with BFD(Bidirectional Forwarding Detection)/OAM (operation, administration and maintenance) in ForCES (Forwarding and Control Element Separation) architecture for QoS-guaranteed DiffServ-over-MPLS traffic engineering. The proposed BFD and ForCES functions are implemented on Intel 2400 network processor, where BFD/OAM packets for MPLS TE-LSP are exchanged every 5 ~ 10 ms interval for performance measurements and link failure detection. The operations of BFD/OAM-based fault detection and performance measurement are controlled via distributed control plane with ForCES (forwarding and control element separation) architecture for large scale IP/MPLS router using multiple network processors in each network interface card. We explain the implementation details of ForCES-based distributed control plane functions, hierarchical traffic grooming with label stacking, and BFD/OAM mechanisms. The link failure detection performance of BFD/OAM functions for MPLS TE-LSP is evaluated.

As the complexity of large-scale enterprise applications increases, providing performance verification through staging becomes an important part of reducing business risks associated with violating sophisticated service-level agreement (SLA). Currently, performance verification during the staging process is accomplished through either an expensive, cumbersome manual approach or ad hoc automation. This paper describes an automation approach as part of the Elba project supporting monitoring and performance analysis of distributed multi-tiered applications that helps in bottleneck detection. We use machinelearning to determine service-level objectives (SLOs) satisfaction and locate bottlenecks in candidate deployment scenarios. We evaluate our tools with TPC-W, an on-line bookstore, and RUBiS, an on-line auction site.

Enterprise middleware systems typically consist of a large cluster of machines with stringent performance requirements. Hence, when a performance problem occurs in such environments, it is critical that the health monitoring software identifies the root cause with delay. A technique commonly used for isolating root causes is rule definition, which involves specifying combinations of events that cause particular problems. However, such predefined rules (or problem signatures) tend to be inflexible, and crucially depend on domain experts for their definition. We present in this paper a method that automatically generates change point based problem signatures using administrator feedback, thereby removing the dependence on domain experts. The problem signatures generated by our method are flexible, in that they do not require exact matches for triggering, and adapt as more information becomes available. Unlike traditional data mining techniques, where one requires a large number of problem instances to extract meaningful patterns, our method requires few fault instances to learn problem signatures. We demonstrate the efficacy of our approach by learning problem signatures for five common problems that occur in enterprise systems and reliably recognizing these problems with a small number of learning instances.

From the results of a web survey we carried out in 2006, the main challenge in IT change management from a change manager’s perspective was identified as . This paper begins to address this problem by taking business considerations into account; this is done through a business-driven IT management (BDIM) approach. A reference architecture that follows BDIM principles is sketched; it includes a mathematical model linking IT availability metrics to business objectives. Monetary loss due to service level violations on service availability is used as the main business metric. We present a numerical illustration of how the derived metrics may support change management decisions in order to plan and schedule changes to minimize adverse business impact.

Firewalls are important perimeter security mechanisms that imple-ment an organisation’s network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.

IPSec/VPN management is a complicated challenge, since IPSec functions correctly only if its security policies satisfy all administrated requirements. Computer-generated security policies tend to conflict with each other, which would causes network congestion or creates security vulnerability. Thus conflict resolving has become an issue. In this paper, a method to automatically generate policies is proposed. Instead of performing complicated conflict-checking procedures as most existing works do, the proposed algorithm is able to predict and avoid conflict in advance by using and techniques. Since policies are established without the need to perform backward conflict check, thus yielding a significantly less time-complexity, which is . Experimental results show that it maintains a satisfactorily minimal numbers of generated tunnels.

This paper describes an approach for application specific conflict prevention based on model-driven refinement of policies prior to deployment. Central to the approach is an algorithm for the retrieval of application-specific data from an information model relating to the subject and targets of a given policy. This algorithm facilitates the linkage of policies loosely defined at a high level of abstraction to detailed behavioural constraints specified in the information model. Based on these constraints policies are then modified so that conflicts with other deployed policies can be readily identified using standard policy conflict detection techniques. This approach enables policy enforcement to be cognisant of application specific constraints, thereby resulting in a more trustworthy and dependable policy based management system.

The bit error rate (BER) is a key measure to quantify the reliability of a transmission system. In transparent networks, link bit error checks are not cost-effective. This paper proposes approaches for low-cost, real-time BER estimation with minimum opto-electronic conversions and applies them to a transparent optical networking testbed.

The goal of ontology-based management is to improve the manageability of network resources through the application of formal ontologies. Prior research work has studied their application to represent the management information definitions, the mapping and merging processes to obtain a semantic integration of those definitions, and the representation of behaviour and policy definitions. Using ontologies allows the additional advantage of integrating, in the same semantic manager, business and service level ontologies with the network management ontology, in a framework for automated management. This integration allows for policy refinement and interoperation between high level policies and low level policies.