Purpose of the PCIM Provide a set of
- Slides: 46
Purpose of the PCIM • Provide a set of classes and relationships that provide an extensible means for defining policy control of managed objects » Represents the structure, not the contents, of a policy » Content provided by subclassing classes to derive technology- and vendor-specific conditions, actions, and other elements Strassner-Policy Theory and Practice – IM 2001 1
PCIM Overview (1) • Policy-based management assumes that the network is modeled as a state machine • Classes and relationships are used to model: » the state of an entity » settings to be applied to an entity that either maintain an entity’s state or move the entity to a new state » policies that control the application of settings Strassner-Policy Theory and Practice – IM 2001 2
PCIM Overview (2) • Thus, policy is applied using a set of rules » Each rule has a set of conditions that specify when the policy should be applied – Conditions can be specified in CNF or DNF » Each rule has a set of actions that are executed if the conditions are TRUE – Execution order can be specified » Rules may be prioritized and grouped together to model an administrative hierarchy Strassner-Policy Theory and Practice – IM 2001 3
Policy Core Model: Groups & Rules Strassner-Policy Theory and Practice – IM 2001 4
Policy Class • Policy Class (Abstract) » Root of the policy tree » Carries common attributes to all policy classes – Caption, Description from CIM ME – Ordered. CIMKeys to represent CIM hierarchy – cn from X. 520 – Policy. Keywords » Policy. Element. Aux. Class is an aux class to represent this class and enables any object in the DIT to be identified as a policy class Strassner-Policy Theory and Practice – IM 2001 5
Policy. Rule • A Policy. Rule consists of a set of conditions and a set of actions » Boolean logic assumed » If condition clause is TRUE, then action clause may execute » Rule-specific and reusable policy rules are supported by using the Policy. Condition. In. Policy. Rule and Policy. Action. In. Policy. Rule aggregations » Multiple time periods may be used to define a schedule for which this Policy. Rule is active by using the Policy. Rule. Validity. Period aggregation » Rules may be prioritized Strassner-Policy Theory and Practice – IM 2001 6
Types of Policy. Rules • Rule-specific Policy. Rules are those whose components are embedded in the Policy. Rule itself. » The terms making up the Policy. Rule can NOT be reused by other Policy. Rules • Reusable Policy. Rules share one or more components with other Policy. Rules » Policy. Rule components are stored in a common Policy Repository and referenced by the Policy. Rules using them • Each has implementation implications Strassner-Policy Theory and Practice – IM 2001 7
Policy. Group • Policy. Rules may be aggregated into Policy. Groups, which may be nested » Enables hierarchical representation of policy (per-user, per-domain, etc. ) • Special semantics defined in Qo. S information model to represent different administrative scopes and groupings of rules Strassner-Policy Theory and Practice – IM 2001 8
Policy. Repository • Represents an administratively-defined container for holding REUSABLE policy conditions and actions » May be extended to hold other types of reusable policy “building blocks” » May be nested to provide more granular domain control Strassner-Policy Theory and Practice – IM 2001 9
PCIM: Conditions & Actions Strassner-Policy Theory and Practice – IM 2001 10
Policy Conditions • Abstract base class for domain-specific conditions that will be defined by domainspecific models (e. g. , Qo. S model, IPSec model) • Boolean condition expressed in CNF or DNF » Individual condition terms can be negated • Only defines keys (7 - System, Policy. Rule, and its own CCN, Name, and a user-friendly name) Strassner-Policy Theory and Practice – IM 2001 11
Expressing Policy Conditions • Policy. Rule. Condition. List. Type defines how to interpret the condition (e. g. , CNF or DNF) • Policy. Condition. In. Policy. Rule contains two additional properties: » Group. Number indicates the group to which the Policy. Condition belongs » Condition. Negated is a boolean that, if TRUE, indicates that this condition is negated Strassner-Policy Theory and Practice – IM 2001 12
Reusable Policy. Conditions • Stored in a Policy. Repository and referenced using the association Policy. Condition. In. Policy. Repository » Rule-specific Policy. Conditions do NOT use this association; thus: – Cardinality is 0 for rule-specific, 1 for reusable » QPIM extends this so that different conditions can be stored in different portions of the repository – Different portions implies different scopes and application Strassner-Policy Theory and Practice – IM 2001 13
Policy. Time. Period. Condition • Subclass of Policy. Condition to represent time when Policy. Rule is active » If not specified, then rule is always active » Policy. Rule. Validity. Period is an aggregation that defines the set of time periods for a given Policy. Rule • Instances may have up to 5 properties that together specify the time period » Property values are ANDed to determine the validity period; properties not present are treated as having their value always enabled Strassner-Policy Theory and Practice – IM 2001 14
Policy Actions • Abstract base class for domain-specific actions that will be defined by domain-specific models » Deployed actions are bound to a System; reusable actions exist in a Policy. Repository » Only defines keys (7 - System, Policy. Rule, and its own CCN and Name, and a user-friendly name) • Stored in a Policy. Repository and referenced using Policy. Action. In. Policy. Repository association » Rule-specific Policy. Conditions do NOT use this association; thus, cardinality is 0 for rule-specific, 1 for reusable Strassner-Policy Theory and Practice – IM 2001 15
Policy Actions (2) • Policy. Action. In. Policy. Rule aggregation contains the set of action clauses for a given Policy. Rule » Action. Order property indicates relative position of an action in the sequence of actions associated with a Policy. Rule – If n is a positive integer, it defines the order, with smaller integers being ordered first – 0 is a special value that indicates “don’t care” – Two or more properties with the same value can be executed in any order, as long as they are executed in the correct overall order in the sequence Strassner-Policy Theory and Practice – IM 2001 16
Rule-Specific Policy Structure • Policy. Rule is a container that holds Policy. Conditions and Policy. Actions » QPIM extends this so that a condition is treated as a container • To do this attachment » Policy. Rule is a structural class » Policy. Condition and Policy. Action are both auxiliary classes Strassner-Policy Theory and Practice – IM 2001 17
Rule-Specific Example Rule 1 (structural) DN Pointer Represents association between Rule 1 and Condition 1 DN Pointer Represents association between Rule 1 (structural) and Action 1 DIT Represents the condition Condition 1 Containment Action 1 Represents the action itself (aux attached) itself Strassner-Policy Theory and Practice – IM 2001 Condition 1 Action 1 18
Reusable Components • Policy components can be specific to a rule or reusable among many rules » Rule-specific information is attached to the rule itself » Reusable information is stored in a container that is referenced by the rule • The only difference between a reusable and a rule-specific component is in the intent of the administrator » No difference in functionality Strassner-Policy Theory and Practice – IM 2001 19
Reusable Components (2) • PCIM defines a policy repository to store reusable information. This causes some subtle differences, including: » access control can be specified for rule-specific conditions and actions, but not for reusable ones » referential integrity should be enforced for rulespecific elements; harder to due in the reusable case » mapping to a data model is more difficult Strassner-Policy Theory and Practice – IM 2001 20
Reusable Rule Example Rule 1 (structural) DIT Containment Represents association between Rule 1 and Condition 1 DIT Containment Condition 1 Action 1 (structural) DN Pointer Represents the condition itself Represents association between Rule 1 and Action 1 Condition 1 Aux Action 1 Aux (aux attachment) Condition. Instance Action. Instance (structural) DIT Containment Represents the action itself DIT Containment Policy. Repository (structural) Strassner-Policy Theory and Practice – IM 2001 21
Policy. Instance • Uses DIT content rules to allow a Policy. Condition. Aux. Class or a Policy. Action. Aux. Class to be attached to it • Uses DIT structure rules to enable it to be named using either Policy. Instance. Name, cn, or Ordered. CIMKeys Strassner-Policy Theory and Practice – IM 2001 22
Policy. Subtrees. Ptr. Aux. Class • This aux class provides a single multivalued attribute to point to the root of a set of subtrees that contain policy information » Attaching this attribute to other class instances enables the administrator to define entry points to related policy information – Can be used to define the order of visiting information in the policy tree (e. g. , for a PDP) – Can be used to tie different subtrees together Strassner-Policy Theory and Practice – IM 2001 23
Policy. Element. Aux. Class • This class is the aux equivalent of the Policy class » Enables tagging of selected instances that are outside of the policy class hierarchy, but are nevertheless policy-related » This works through searching on oc=policy » Note that some directories don’t support this, so in these cases, policy-related entries must be tagged with the keyword Policy and searched on using an attribute search Strassner-Policy Theory and Practice – IM 2001 24
Aux Containment Classes • Policy. Group. Containment. Aux. Class and Policy. Rule. Containment. Aux. Class » Each contains a single multi-valued attribute that points to a set of Policy. Groups and Policy. Rules, respectively » Enables the administrator to bind Policy. Groups/Policy. Rules to a container Strassner-Policy Theory and Practice – IM 2001 25
PCIM Extensions • New draft to simplify and encourage use of PCIM Ø Policy. Repository broadened & renamed Ø Rules may contain groups & other rules (context) Ø Priorities & decision strategies clarified Ø Refinements in the use of Policy. Roles Ø Compound conditions & actions (reusable) Ø Transactional semantics for action execution Ø Variables & values, for conditions & actions Ø Packet filtering in policy conditions based on variables/values Strassner-Policy Theory and Practice – IM 2001 26
Building Policy. Conditions • The Policy. Condition. In. Policy. Rule association has properties that require special mapping » Policy. Rule. Condition. Association represents the properties and is attached via DIT containment » The conditions themselves are represented by the Policy. Condition. Aux. Class (and its subclasses) which are either – attached directly to instances of the Policy. Rule. Condition. Association for rule-specific classes, or – indirectly, using a DN pointer to refer to an instance of a Policy. Condition. Instance class Strassner-Policy Theory and Practice – IM 2001 27
Policy. Rule. Condition. Association (1) • Contains properties characterizing the relationship between a rule and a condition » Policy. Condition. Group. Number - used to group conditions according to CNF or DNF » Policy. Condition. Negated - flag defining if a condition is negated or not » Policy. Condition. DN - pointer to a reusable Policy. Condition (should be NULL if rule-specific) Strassner-Policy Theory and Practice – IM 2001 28
Policy. Rule. Condition. Association (2) • Semantics defined using DIT structure and content rules » Policy. Condition. Aux. Class subclasses are attached using DIT content rules » Structure rules define naming, scoped by a Policy. Rule, using either the Ordered. CIMKeys, cn, or Policy. Condition. Name Strassner-Policy Theory and Practice – IM 2001 29
Policy. Condition. Aux. Class • Used to bind conditions to rules » Rule-specific conditions defined by attaching this aux class to either an instance of the Policy. Rule. Condition. Association or the Policy. Rule classes » Reusable conditions defined by attaching this aux class to an instance of the Policy. Condition. Instance class » Note: this class is derived from Top because it attaches to classes already derived from Policy – otherwise we have property conflict! Strassner-Policy Theory and Practice – IM 2001 30
Building Policy. Actions • The Policy. Condition. In. Policy. Rule association has properties that require special mapping » Policy. Rule. Action. Association represents the property and is attached via DIT containment » The actions themselves are represented by the Policy. Action. Aux. Class (and its subclasses) which are either – attached directly to instances of the Policy. Rule. Action. Association for rule-specific classes, or – indirectly, using a DN pointer to refer to an instance of a Policy. Action. Instance class Strassner-Policy Theory and Practice – IM 2001 31
Policy. Rule. Action. Association • Two properties » Policy. Action. Order determines the order of executing actions associated with a policy rule » Policy. Action. DN - pointer to a reusable Policy. Action (should be NULL if rule-specific) • Semantics » Policy. Action. Aux. Class subclasses are attached using DIT content rules » Structure rules define naming, scoped by a Policy. Rule, using either the Ordered. CIMKeys, cn, or Policy. Action. Name Strassner-Policy Theory and Practice – IM 2001 32
Policy. Action. Aux. Class • Used to bind actions to rules » Rule-specific conditions defined by attaching this aux class to either an instance of the Policy. Rule. Action. Association or the Policy. Rule classes » Reusable conditions defined by attaching this aux class to an instance of the Policy. Action. Instance class » Note: this class is derived from Top because it attaches to classes already derived from Policy – otherwise we have property conflict! Strassner-Policy Theory and Practice – IM 2001 33
Policy. Time. Period. Condition. Aux. Class • Built as an aux class so it can be attached directly to a policy rule » Represents periods of time that define when a condition is valid – time period, plus month, day of month and week, and time of day masks Strassner-Policy Theory and Practice – IM 2001 34
Structure of a Rule-Specific Policy • Policy. Rule is a container that holds Policy. Conditions and Policy. Actions » QPIM extends this so that a condition is treated as a container • To do this attachment » Policy. Rule is a structural class » Policy. Condition and Policy. Action are both auxiliary classes Strassner-Policy Theory and Practice – IM 2001 35
Attachment • Info model defines Policy. Rule relationships » Policy. Condition. In. Policy. Rule attaches conditions to a Policy. Rule » Policy. Action. In. Policy. Rule attaches actions to a Policy. Rule » Policy. Rule. In. Policy. Group groups Policy. Rules » Policy. Rule. In. System associates a Policy. Rule with a System (e. g. , a router or server) • There can be as many attached conditions and actions as required Strassner-Policy Theory and Practice – IM 2001 36
Example Rule 1 (structural) DN Pointer Represents association between Rule 1 and Condition 1 DN Pointer Represents association between Rule 1 (structural) and Action 1 DIT Represents the condition Condition 1 Containment Action 1 Represents the action itself (aux attached) itself Strassner-Policy Theory and Practice – IM 2001 Condition 1 Action 1 37
Defining Reusable Elements • Reusable elements are always stored in a special part of the DIT » Modeled using the Policy. Repository class » Attached (indirectly) using DN pointers to a rule • Since conditions and actions are aux classes, they need something to attach to » Rule-specific uses the Policy. Rule itself » Reusable uses this class, which is stored in the Policy. Repository Strassner-Policy Theory and Practice – IM 2001 38
Policy. Instance • Uses DIT content rules to allow a Policy. Condition. Aux. Class or a Policy. Action. Aux. Class to be attached to it • Uses DIT structure rules to enable it to be named using either Policy. Instance. Name, cn, or Ordered. CIMKeys Strassner-Policy Theory and Practice – IM 2001 39
Policy. Instance Subclasses • Two subclasses, Policy. Condition. Instance and Policy. Action. Instance, are defined » Defines additional naming attributes (Policy. Condition. Name and Policy. Action. Name) » DIT content rules enable condition and action aux classes to be attached to it » DIT structure rules enable it to be named under an instance of Policy. Repository using any of its four attributes Strassner-Policy Theory and Practice – IM 2001 40
Policy. Repository • This is a container for holding reusable policy elements » DIT structure rules enable it to be named under an instance of Policy. Repository using any of its four attributes Strassner-Policy Theory and Practice – IM 2001 41
Policy. Subtrees. Ptr. Aux. Class • This aux class provides a single multivalued attribute to point to the root of a set of subtrees that contain policy information » Attaching this attribute to other class instances enables the administrator to define entry points to related policy information – Can be used to define the order of visiting information in the policy tree (e. g. , for a PDP) – Can be used to tie different subtrees together Strassner-Policy Theory and Practice – IM 2001 42
Aux Containment Classes • Policy. Group. Containment. Aux. Class and Policy. Rule. Containment. Aux. Class » Each contains a single multi-valued attribute that points to a set of Policy. Groups and Policy. Rules, respectively » Enables the administrator to bind Policy. Groups/Policy. Rules to a container Strassner-Policy Theory and Practice – IM 2001 43
Policy. Element. Aux. Class • This class is the aux equivalent of the Policy class » Enables tagging of selected instances that are outside of the policy class hierarchy, but are nevertheless policy-related » This works through searching on oc=policy » Note that some directories don’t support this, so in these cases, policy-related entries must be tagged with the keyword Policy and searched on using an attribute search Strassner-Policy Theory and Practice – IM 2001 44
Example Rule 1 (structural) DIT Containment Represents association between Rule 1 and Condition 1 DIT Containment Condition 1 Action 1 (structural) DN Pointer Represents the condition itself Represents association between Rule 1 and Action 1 Condition 1 Aux Action 1 Aux (aux attachment) Condition. Instance Action. Instance (structural) DIT Containment Represents the action itself DIT Containment Policy. Repository (structural) Strassner-Policy Theory and Practice – IM 2001 45
Policy. Repository • Used to define a “repository within a repository” for storing reusable data » DIT structure rules enable it to be named under an instance of Policy. Repository using any of its three attributes Strassner-Policy Theory and Practice – IM 2001 46
Total set awareness set consideration set
Training set validation set test set
Fucntions
Correspondence function examples
Crisp set vs fuzzy set
Crisp set vs fuzzy set
Bounded set vs centered set
What is the overlap of data set 1 and data set 2?
Bổ thể
Vẽ hình chiếu đứng bằng cạnh của vật thể
Thế nào là sự mỏi cơ
độ dài liên kết
Các môn thể thao bắt đầu bằng từ đua
Sự nuôi và dạy con của hổ
Thiếu nhi thế giới liên hoan
Alleluia hat len nguoi oi
điện thế nghỉ
Một số thể thơ truyền thống
Trời xanh đây là của chúng ta thể thơ
Số nguyên tố là
Tỉ lệ cơ thể trẻ em
Phối cảnh
Các châu lục và đại dương trên thế giới
Thế nào là hệ số cao nhất
ưu thế lai là gì
Sơ đồ cơ thể người
Tư thế ngồi viết
Hát kết hợp bộ gõ cơ thể
đặc điểm cơ thể của người tối cổ
Cái miệng bé xinh thế chỉ nói điều hay thôi
Mật thư anh em như thể tay chân
Tư thế ngồi viết
Voi kéo gỗ như thế nào
Thẻ vin
Thơ thất ngôn tứ tuyệt đường luật
Các châu lục và đại dương trên thế giới
Từ ngữ thể hiện lòng nhân hậu
Diễn thế sinh thái là
Thế nào là giọng cùng tên? *
Vẽ hình chiếu vuông góc của vật thể sau
101012 bằng
Hổ đẻ mỗi lứa mấy con
Lời thề hippocrates
Chụp phim tư thế worms-breton
đại từ thay thế
Quá trình desamine hóa có thể tạo ra
