Large Scale administration and information-gathering using CIM information modelling.
Introduction
Today, the administration of large systems is largely an art that uses ad-hoc tools and propietary administration agents, with little resilience to change and emergencies.
AdCIM is a project that defines a framework and application that tackle several aspects of large scale administration to model administration data using the CIM model and to gather them in a a coherent and integrated whole.
To make this usable, the framework uses technologies like XML, XSLT, LDAP and XForms to ease the system administrator work in developing AdCIM-enabled applications.
What is AdCIM?
AdCIM is a software architecture that allows centralized, devolved and standard-based administration of distributed system infrastructures. There are several elements that cooperate to accomplish this objective:
- Standard data model: A data model is a key issue to aggregate management data in a repository. Other approaches suffer from ad-hoc and inflexible data models. We have used CIM (Common Information Model), a standard, industry-supported (see the DMTF (Distributed Management Task Force) site), object oriented, well specified and extensible model. It allows to identify and model any managed element and the relationships among them.
- Centralized repository: A repository aggregates management data from multiple sources. We support the LDAP (Lightweight Directory Access Protocol) and native XML databases (such as Exists) as standard interface to the repository. LDAP simplifies deployment and allows physical replication for maximum availability, and XML native databases store management information seamlessñy and enable future fucntionality.
- Model-to-repository mapping: The management data model has to be straightforwardly mapped to the repository without losing navigability, semantics and efficiency. The DMTF has published guidelines to carry out these mappings
- Data Gathering Procedures: Management information is collected through scripts, which obtain management data from configuration files, commands, directory structures, and store this information in the repository in a structured way.
- Administration clients: The administration client is a high level interface to browse the modelled management data and order actions on the administrated machines. The gathered information and administration actions (eg. start/stop services, shutdown machines, change ACLs...) are performed by a special system daemon which communicates with the central repository via CORBA (we also have a less optimal Web Service interface to facilitate integration).
- Ontology Support: AdCIM also transforms the managed data to a format understandable by ontological reasoners, opening new possibilities on policy enforcement, diagnosis, configuration verification, intrusion detection, etc...