James R. Giles

Policy ratification

It is not sufficient to merely check the syntax of new policies before they are deployed in a system; policies need to be analyzed for their interactions with each other and with their local environment. That is, policies need to go through a ratification process. We believe policy ratification becomes an essential part of system management as the number of policies in the system increases and as the system administration becomes more decentralized. In this paper, we focus on the basic tasks involved in policy ratification. To a large degree, these basic tasks can be performed independent of policy model and language and require little domain-specific knowledge. We present algorithms from constraint, linear, and logic programming disciplines to help perform ratification tasks. We provide an algorithm to efficiently assign priorities to the policies based on relative policy preferences indicated by policy administrators. Finally, with an example, we show how these algorithms have been integrated with our policy system to provide feedback to a policy administrator regarding potential interactions of policies with each other and with their deployment environment.

Policy-based validation of SAN configuration

Historically, storage has been directly connected to servers for fast local access and easy configuration. In recent years, storage area networks (SANs) have defined an alternative storage paradigm that allows storage to be shared among servers using fast interconnects. One of the key challenges of SAN management is the large number of configuration problems that are encountered in a typical SAN deployment. These configuration problems can be addressed by SAN management software. However, hard-coding the SAN configuration rules into the management software is not a viable option since it is not possible to easily modify or replace old configuration rules and specify new policies and guidelines. In this paper, we propose a novel policy-based SAN configuration validation system that can be used to specify, store, and evaluate configuration policies for SANs. We also introduce five new operators for collection policies that are useful for evaluating a wide variety of practical SAN configuration policies found in practice. The policy-based SAN configuration checking approach proposed in this paper is discussed within the context of device interoperability constraints. However, this approach is extensible as it can also be used to enforce performance, reliability, and security-related configuration constraints.

Towards Autonomic Fault Recovery in System-S

System-S is a stream processing infrastructure which enables program fragments to be distributed and connected to form complex applications. There may be potentially tens of thousands of interdependent and heterogeneous program fragments running across thousands of nodes. While the scale and interconnection imply the need for automation to manage the program fragments, the need is intensified because the applications operate on live streaming data and thus need to be highly available. System-S has been designed with components that autonomically manage the program fragments, but the system components themselves are also susceptible to failures which can jeopardize the system and its applications. The work we present addresses the self healing nature of these management components in System-S. In particular, we show how one key component of System-S, the job management orchestrator, can be abruptly terminated and then recover without interrupting any of the running program fragments by reconciling with other autonomous system components. We also describe techniques that we have developed to validate that the system is able to autonomically respond to a wide variety of error conditions including the abrupt termination and recovery of key system components. Finally, we show the performance of the job management orchestrator recovery for a variety of workloads.

Policy management for networked systems and applications

In this paper, we present a novel policy middleware architecture for managing IT systems and applications that span multiple networks and administrative domains. The proposed policy middleware provides a standard infrastructure for the creation, storage, distribution, and execution of policies, and helps in reducing the cost of making IT systems policy-aware. In particular, we focus on three aspects of the proposed policy middleware that help in making the middleware fully general: (1) a platform-neutral and extensible specification of policies; (2) the local ratification of policies, which lets system administrators accept, reject, or flag an incoming policy; and (3) the transformation of policies, which allows system administrators to transform incoming policies to match their local environment. We present our experience in building an application on the proposed middleware to audit the configuration of a storage area network. We also present performance results from a prototype and show that our policy middleware design can scale to handle a large number of policies.

Authentication for Distributed Web Caches

We consider the problem of of floading secure access-controlled content from central origin servers to distributed caches so clients can access a proximal cache rather than the origin servers. Our security architecture enforces the access-control policies of the origin server without replicating the access-control databases to each of the caches. We describe the security mechanisms to affect such a system and perform an extensive security analysis of our implementation. Our system is an example of how less trustworthy systems can be integrated into a distributed system architecture; it provides mechanisms to preserve the whole distributed system security even in case less trustworthy subsystems are compromised. An application of our system is the cached distribution of access-controlled contents such as subscription-based electronic libraries.

VLAN-Based Routing Infrastructure for an All-Optical Circuit Switched LAN

Exploring the use of all-optical MEM switches on Local Area Network (LAN) to increase bandwidth and reduce energy cost has received increasing attention. Compared to traditional electronic switches, an all-optical switch provides higher bandwidth, less energy cost and cheaper wiring. Once the optical port count per switch becomes a resource constraint, an all-optical switched core can change the network topology dynamically to redistribute bandwidth resources between computing hosts. This feature is particularly useful for stream processing systems whose communication patterns vary over time and where rebalancing of networking resource is needed periodically. The work we present in this paper is a practical solution for high level software systems to route through a reconfigurable optical MEM switched LAN. Our solution can be readily applied on commercial switches with standard Layer-2 protocols. Network reconfiguration time and round-trip delay are measured. Our implementation is validated with the IBM System S stream processing system.