IPv6 Operational Guidelines for Datacenters
0
Citation
0
Reference
20
Related Paper
Abstract:
This document is intended to provide operational guidelines for
datacenter operators planning to deploy IPv6 in their infrastructures.
It aims to offer a reference framework for evaluating different
products and architectures, and therefore it is also addressed to
manufacturers and solution providers, so they can use it to gauge
their solutions. We believe this will translate in a smoother and
faster IPv6 transition for datacenters of these infrastuctures. The
document focuses on the DC infrastructure itself, its operation, and
the aspects related to DC interconnection through IPv6. It does not
consider the particular mechanisms for making Internet services
provided by applications hosted in the DC available through IPv6
beyond the specific aspects related to how their deployment on the
Data Center (DC) infrastructure. Apart from facilitating the
transition to IPv6, the mechanisms outlined here are intended to make
this transition as transparent as possible (if not completely
transparent) to applications and services running on the DC
infrastructure, as well as to take advantage of IPv6 features to
simplify DC operations, internally and across the Internet.Cite
The Poly^2 Project is an research project in security architecture. The goal of this project is to secure critical network services and provide reliability and redundancy to these services. For the initial design, we applied good security design principles to achieve these goals. The design incorporates separation of network services onto multiple computing systems and strict control of the information flow between the systems and networks. This allows us to build reliability and redundancy into the platform while increasing overall trust. Additionally, we create minimized, application-specific operating systems. The operating system will only provide the minimum set of needed services and resources to support a specific application or network service. This customization will increase the difficulty in attacking and compromising the system. To manage the individual systems and services in this design, a management system will be created to allow administrators to quickly provision new and additional network services. In conjuction with the SODA project, we are proposing a new research project to analyze various computing architectures and their strengths in different contexts.
Services computing
Cite
Citations (0)
The Internet of Things (IOT) concept and enabling technologies such as RFID offer the prospect of linking the real world of physical objects with the virtual world of information technology to improve visibility and traceability information within su
Traceability
Information Sharing
Cite
Citations (14)
This document describes the scenarios for IPv6 deployment within enterprise networks.It defines a small set of basic enterprise scenarios and includes pertinent questions to allow enterprise administrators to further refine their deployment scenarios.Enterprise deployment requirements are discussed in terms of coexistence with IPv4 nodes, networks and applications, and in terms of basic network infrastructure requirements for IPv6 deployment.The scenarios and requirements described in this document will be the basis for further analysis to determine what coexistence techniques and mechanisms are needed for enterprise IPv6 deployment.The results of that analysis will be published in a separate document.
IPv4
Enterprise private network
Cite
Citations (24)
Due to the increasing availability of competing service providers and the decreasing costs of moving services online recent trends in information systems development direct focus towards leveraging complex distributed system interconnections. To that end service-oriented architectures and web services have become commonplace in busi- ness and government application development because they facilitate rapid development and deployment through the use of standards that document interfaces and the message exchanges. However, the hierarchically related standards have complex documented interconnections and dependencies. The configuration of the services and the messages they exchange must adhere to the mandates established in these documents, yet the guidance offered by each specification is often too expansive for software developers to understand without assistance. Incorrect configurations can lead to messaging configurations that result in software vulnerabilities, system unavailability, service disruption, and ultimately loss of protected information. In this paper, we devise a Security Meta Language for secure web service communication based on a dynamic modeling framework. The framework models expert knowledge gathered from the intensive analysis of message protection protocols specified in web service standards. We outline a process to create and modify secure messaging directives through a case study investigating X.509 PKI tokens and digital signatures for SOAP communication.
SOAP
Cite
Citations (0)
The operations of almost all organisations critically depend on the computing infrastructure and its applications. Therefore, it is vital to provide system administrators with appropriate tools to manage these infrastructures. The management of a large scale computing infrastructure and its applications has become a complex problem. In this project, we want do develop an environment that enables holistic management of the infrastructure. We propose a high level, network wide policy language to specify the desired behaviour of the infrastructure. Also, we design a modular platform which enforces the policy on all devices in the infrastructure, and which supports dynamic reconfiguration. Our project will create an environment with a high level of abstraction for the task of infrastructure management. This will enable network administrators to manage large infrastructures with less effort.
Converged infrastructure
Abstraction
Control reconfiguration
Cite
Citations (0)
Planning is by far the most important aspect of a DirectAccess deployment project. DirectAccess can be deployed in many different configurations to meet a variety of implementation requirements. Many design decisions and deployment options have implications for security, scalability, performance, client support, and general supportability. There are scenarios in which features are mutually exclusive. Some implementation models may limit future deployment flexibility or prevent additional security features from being enabled. A clear understanding of the implementation goals will help the architect design a solution that is reliable, secure, flexible, and supportable.
Cite
Citations (0)
Abstract Policy based management have gained a crescent importance in the last years. New demands on internetworking, on services specification, on QoS achievement and generically on network management functionality, have driven this paradigm to a very important level. The main idea is to provide services that allow specifying management and operational rules in the same way people do business. Despite the main association of this technology with network management solutions, its generality allows to extend these principles to any business process inside an organization. In this paper we discuss the main proposals in the field, namely the IETF/DMTF model, and we present a proposal that allows the specification of policy rules through a user-friendly and component-oriented graphical interface. I. INTRODUCTION Network management has become in the last years a matter of great importance due the increased dependence of enterprises on their networked applications. This dependence has made the availability and performance of network services more critical than ever. The evolution of network management has passed several stages, from management based on human-effort to proprietary management systems and finally to management systems based on open standards encouraged by standardization organizations mainly, like the International Organization for Standardization (ISO) and the Internet Engineering Task Force (IETF). Configuration management is a key area in any management solution and it affects directly other functional areas like security, performance, accounting and fault. Usually network configuration is an interactive task between the network administrator and the managed network equipments. If we consider that, due the crescent complexity of equipments and their management, new technologies, new network services and so on, the network administration occupy more and more time of user managers it is essential to find new solutions for network management. In this context it is desirable that a network management system will be enriched with the ability to automatically manage the network configuration based upon high-level rules, more or less in the same way business-oriented requests are issued. For example, a management system should be capable, for a specific management situation, to offer facilities to reconfigure the whole system without the network administrator have to worry about the configuration details of network equipment. Policy-Based Management (PBM) has emerged during the last years as the right paradigm to deal with this type of requirements [1]. The main idea of PBM is the definition of high level procedures – policies – that will rule the behaviour of the network regardless the intricate lower level equipment details. The main purpose of the PBM systems is the storage, management and the transformation of policies into configuration instructions that can be applied to the network equipment. Although the focus has been primary put on configuration management, all other management areas are suitable for the application of policies. This paper reviews current models for policies specification and proposes a solution based on visual composition of management policies.
Cite
Citations (2)
This book is a practical guide to IPv6 addressing Unix and network administrators with experience in TCP/IP(v4) but not necessarily any IPv6 knowledge. It focuses on reliable and efficient operation of IPv6 implementations available today rather than on protocol specifications. Consequently, it covers the essential concepts, using instructive and thoroughly tested examples, on how to configure, administrate, and debug IPv6 setups. These foundations are complemented by discussions of best practices and strategic considerations aimed at overall efficiency, reliability, maintainability, and interoperation.
Maintainability
Interoperation
Implementation
Cite
Citations (16)
The design, development and implementation of electronic (e-) services relying on XML and Web Service (WS)-based technologies is the current trend in achieving interoperability. Eservices can be offered either as autonomous Web Services or embedded in Service Oriented Architectures (SOAs) (High et al., 2005). In this context, despite the fact that applications with similar business goals adopt the same technical standards, quite often their interactions capabilities are extremely limited. Thus, application developers show an increasing concern for evaluating interoperability between common services which are offered either autonomously or through a SOA. The creation of a proper framework (EIF) has a significant importance in the evaluation of interoperability of such services and is accomplished by the precise definition of the applied standards and guidelines which guarantee the interaction of the services. Existing testing methodologies developed by various organizations (e.g ISO/IEC 9646, ESTI) treat the interoperability of services as a generic problem. They merely provide guidelines and describe high level testing procedures that can be applied to test interoperability of various telecommunication as well as software and data communication systems. Most Web Service-oriented methodologies (i.e. WS-I, ebXML IIC framework) demonstrate weaknesses as they are not capable of testing all the required aspects that compose an interoperability framework and mostly the security aspects of the message content. Additionally, in literature, specific testing types (Saglietti et al., 2008) have been presented defining diverse testing approaches that treat the applications under test either as white boxes having full knowledge of the software or as black boxes without any understanding of their internal behaviour or even as grey boxes with limited knowledge of their internal architecture. The nature the WSs (e.g. geographic distribution of the examined WSs and dependencies with external trusted third parties) plays an important role in the adoption of the most appropriate testing type as they raise specific challenges that should be underlined and taken into account. Therefore, there is a specific need for targeted methodologies and frameworks that check and guarantee the end-to-end application interaction capabilities of common Web Services and follow and deploy the most appropriate testing strategies covering all WSs aspects. Identifying this need, this paper proposes a well-formed grey box testing methodology 35
Conformance testing
Cite
Citations (0)
This document makes some observations on the effects of virtualization
on Internet architecture, as well as provides some guidelines for
further work at the IETF relating to virtualization. This document
also provides a summary of IETF technologies that relate to network
virtualization. An understanding of what current technologies there
exist and what they can or cannot do is the first step in developing
plans for possible extensions.
Network Virtualization
Service virtualization
Application virtualization
Storage virtualization
Cite
Citations (0)