Distributed Systems Management & Security
Work on providing a framework for managing large-scale distributed systems is based on the premise that management is itself a distributed activity, so the tools and techniques used to build distributed systems can also be used for management. A consistent approach is needed to manage all the services which constitute a typical distributed system, based on the use of domains as a means of partitioning responsibility. Domains provide a flexible means of introducing boundaries of management responsibility and a framework for specifying management policy. A domain is a collection of managed objects which have been explicitly grouped together for a purpose e.g. to which a common management policy applies. Domains may contain other subdomains enabling hierarchical structures to be represented.
Distributed systems management involves monitoring the activity of a system, making management decisions and performing control actions to modify the behaviour of the system. Policies are one aspect of information which influences the behaviour of objects within the system. Authorisation policies define what a manager is permitted or not permitted to do. They constrain the information made available to managers and the operations they are permitted to perform on managed objects. Obligation policies define what a manager must or must not do and hence guide the decision making process - the manager has to interpret policies in order to achieve the overall objectives of the organisation. Separating management policy from the automated managers which interpret the policy facilitates the dynamic change of behaviour of a distributed management system. This permits it to adapt to evolutionary changes in the system being managed and to new application requirements. Changing the behaviour of automated managers can be achieved by changing the policy without have to reimplement them - this permits the reuse of the managers in different environments. It is also useful to have a clear specification of the policy applying to human managers in an enterprise.
We have developed notations and tool support for specifying policies, and analysing them for conflicts within a role-based framework. A management role is represented as a set of policies related to a particular manager position domain. Policies are specified with respect to a manager position rather than a person, permitting individual managers to be reassigned to different positions without having to redefine the role policies. We have devloped techniques for specifying interaction and coordination between different roles and we are working on tools and techniques for refining high level goals into implementable policies.
Related work involves development of methods and tools for configuring and managing mobile multi-media distributed services and applications. We are looking at how to apply policy concepts to configuration, availability and locating mobile users in large-scale distributed information systems and to develop methods for analysis of policies to determine conflicts and inconsistencies.
Ponder2 Toolkit is now avaialable
For further information on work in the area of policies, please refer to the DSE Policies for Network and Distributed Systems Management Page.
Current Projects
For current projects on Distributed Systems Management and related topics see Projects
Key Publications
For an up-to-date list of papers in this area, please refer to Morris Sloman's publications page.