Mandis Beigi

Policy transformation techniques in policy-based systems management

Policy based systems management provides a means for administrators, end-users and application developers to manage and dynamically change the behavior of computing systems. One advantage of policy-based management is that it simplifies and automates the administration of IT environments. A significant part of the simplification is obtained by allowing the system administrator to specify only the objectives or goals that are to be met, rather than having to specify detailed configuration parameters for each of the different devices in the system. It may not be obvious to the administrator how the goals can be achieved without having to know the internals of the system. This knowledge thus needs to be captured in the policy driven actions. The existing algorithms for mapping policy objectives to specific configuration details tend to be specific to each policy discipline. This makes the policy-based approach harder to deploy for new disciplines. In this paper, we address different types of policy transformations and propose methods, which are not discipline specific for mapping objectives to system configurations.

Policy Based SLA Management in Enterprise Networks

The Differentiated Services Architecture defines the mechanisms that are needed to offer multiple classes of services in an IP network. While this model offers significant scaling advantages over the signaling-oriented approach of Integrated Services, the management of a differentiated services network remains a complex problem. Since the operation of a differentiated network involves numerous access routers, core routers and servers, a consistent operation is difficult to achieve by independently configuring each device. In this paper, we explore a scheme to enable a network administrator to manage and configure DiffServ networks from a central location and also abstract away the specific details of device configuration, and allow him/her to express the management of the network in terms of application-oriented performance metrics. This leads to a simplification of network management task, which can be exploited to support business needs of an enterprise network, such as honoring Service Level Agreements provided to its customers.

Planning and Managing the IPTV Service Deployment

The deployment of converged services of TV, telephony, and Internet access over IP entails a significant initial investment for service providers. This investment is not only for the underlying network infrastructure but also for provisioning and managing vast data centers needed to provide sophisticated IP-based TV (IPTV) experience, including multiple camera views, live (broadcast) and on demand programming, etc., to a large number of viewers. Thus the service providers need to carefully plan and manage the IPTV service deployment to maximize the return-on-investment while providing a good quality of experience to the subscribers. In this paper, we develop a methodology to aid service providers to effectively plan for the staggered deployment of IPTV services in this fledgling market. We present the utility of this framework by demonstrating a planning tool developed from this framework.

A Policy Service for GRID Computing

In a distributed multi-institute environment like the GRID, each participating institute may want to enforce some limits on how its resources are being used by other institutes. We discuss how the concept of resource allocation policies can assist in this task. We then present an architecture for policy based resource management in the case of a single institute, and how a policy server based on GRID concepts can be developed. We then show how to extend the policy server to support virtual organizations.

Policy-based information lifecycle management in a large-scale file system

Policy-based file lifecycle management is important for balancing storage utilization and for regulatory conformance. It poses two important challenges, the need for simple yet effective policy design and an implementation that scales to billions of files. This paper describes the design and an innovative implementation technique of policy-based lifecycle management in a prototype built as a part of IBMs new SAN file system. The policy specification leverages a key abstraction in the file system called storage pools and its ability to support location independence for files. The policy implementation uses an innovative new technique that combines concurrent policy execution and a policy decisions cache, to enable scaling to billions of files under normal usage patterns.

An architecture for lifecycle management in very large file systems

We present a policy-based architecture STEPS for lifecycle management (LCM) in a mass scale distributed file system. The STEPS architecture is designed in the context of IBMs SAN file system (SFS) and leverages the parallelism and scalability offered by SFS, while providing a centralized point of control for policy-based management. The architecture uses novel concepts like policy cache and rate-controlled migration for efficient and non-intrusive execution of the LCM functions, while ensuring that the architecture scales with very large number of files. The architecture has been implemented and used for lifecycle management in a distributed deployment of SFS with heterogeneous data. We conduct experiments on the implementation to study the performance of the architecture. We observed that STEPS is highly scalable with increase in the number as well as the size of the file objects hosted by SFS. The performance study also demonstrated that most of the efficiency of policy execution is derived from policy cache. Further, a rate-control mechanism is necessary to ensure that users are isolated from LCM operations.

The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment

We are investigating computing platform-independent policy frameworks to specify, analyze, and deploy security and networking policies. The goal is to provide easy to use mechanisms for refining high-level user-specified goals into low-level controls. This scenario-based demo of a Coalition Policy Management Portal prototype uses the context of a hostage rescue situation to demonstrate usable and effective policy authoring through either natural language or structured lists that create natural language policy rules; policy visualization; analysis of policies for conflict, dominance, and coverage, and methods to resolve the issues identified; policy transformation from natural language to XML or ACPL SPL for automated enforcement, and deployment of policies onto mission equipment. The prototype builds on the SPARCLE and PONDER2 research projects.

Anomaly detection in information streams without prior domain knowledge

A key goal of information analytics is to identify patterns of anomalous behavior. Such identification of anomalies is required in a variety of applications such as systems management, sensor networks, and security. However, most of the current state of the art on anomaly detection relies on using a predefined knowledge base. This knowledge base may consist of a predefined set of policies and rules, a set of templates representing predefined patterns in the data, or a description of events that constitutes anomalous behavior. When used in practice, a significant limitation of information analytics is the effort that goes into defining and creating the predefined knowledge base and the need to have prior information about the domain. In this paper, we present an approach that can identify anomalies in the information stream without requiring any prior domain knowledge. The proposed approach simultaneously monitors and analyzes the data stream at multiple temporal scales and learns the evolution of normal behavior over time in each time scale. The proposed approach is not sensitive to the choice of the distance metric and hence is applicable in various domains and applications. We have studied the effectiveness of the approach using different data sets.

A scale-invariant local descriptor for event recognition in 1D sensor signals

In this paper, we introduce a shape-based, time-scale invariant feature descriptor for 1-D sensor signals. The timescale invariance of the feature allows us to use feature from one training event to describe events of the same semantic class which may take place over varying time scales such as walking slow and walking fast. Therefore it requires less training set. The descriptor takes advantage of the invariant location detection in the scale space theory and employs a high level shape encoding scheme to capture invariant local features of events. Based on this descriptor, a scale-invariant classifier with “R” metric (SIC-R) is designed to recognize multi-scale events of human activities. The R metric combines the number of matches of keypoint in scale space with the Dynamic Time Warping score. SIC-R is tested on various types of 1-D sensors data from passive infrared, accelerometer and seismic sensors with more than 90% classification accuracy.

Prefetching based on web usage mining

This paper introduces a new technique for prefetching web content by learning the access patterns of individual users. The prediction scheme for prefetching is based on a learning algorithm, called Fuzzy-LZ, which mines the history of user access and identifies patterns of recurring accesses. This algorithm is evaluated analytically via a metric called learnability and validated experimentally by correlating learnability with prediction accuracy. A web prefetching system that incorporates Fuzzy-LZ is described and evaluated. Our experiments demonstrate that Fuzzy-LZ prefetching provides a gain of 41.5 % in cache hit rate over pure caching. This gain is highest for those users who are neither highly predictable nor highly random, which turns out to be the vast majority of users in our workload. The overhead of our prefetching technique for a typical user is 2.4 prefetched pages per user request.