CTO Office - Standards & System Management Architecture 1 Rick Landau CTO Office, Standards & System...

CTO Office - Standards & System Management Architecture 1

Rick LandauCTO Office, Standards & System Management ArchitectureSept 2007

Understanding Web Services


What is a Web Service

Many early-generation examples in the market Realistic definition

– Is addressed at some URI on the web

– Uses XML to represent data

– Includes an XML schema to describe a valid data structure

– Uses SOAP to structure messages

– Uses WSDL to describe interfaces, if necessary


Whoa! Terminology?

WS = Web Service URI = Universal Resource Identifier XML = eXtensible Markup Language SOAP = Simple Object Access Protocol WSDL = Web Service Description Language SNMP = Simple Network Management Protocol MIB = Management Information Base RFC = Request For Comments IETF = Internet Engineering Task Force DMTF = Distributed Management Task Force CIM = Common Information Model SEP = Somebody Else's Problem


Why Is a Web Service Important?

– High points (details later) – It is the latest thing

– It will replace SNMP in time

– Improved communications reliability

– Improved communications privacy

– It is based on public standards that are easily upgraded– IETF RFCs take years to upgrade, hence private MIBs

– The protocol is very extensible using the collection of WS-* protocols– SNMP private MIBs extend only the data

– Example: no transaction control extensions to SNMP


Web Service Message

Entirely in XML– Addresses (specified by WS-Addressing)

– Headers, options (specified by WS-Management and others)

– Operations (specified by WS-Management and others)

– Payload data (specified by WS-Management, WS-CIM, and others)

– Uses SOAP to provide a little structure


SOAP Envelope

<soap:envelope>

<soap:header> . . .

</soap:header>

<soap:body>

. . .

</soap:body>

</soap:envelope>

message header

message body

message envelope


SOAP Message Header

Info that it is (generally) okay to expose– To address

– From address (and ReplyTo and FaultTo addresses)

– Managed Resource identifier

– Action

– Message unique identifier

– Other important headers and options

May be left unencrypted so it can be inspected by firewalls


SOAP Message Body

The meat of the message, the content of the exchange– Particular verbs, options

– Property names and data values

Generally NOT okay to expose The body may be encrypted even if the header is not


Interaction with aWeb Service

a web service


Access layer

Orchestration layer

Resource management layer

Aggregation layer

Logical mapping layer

Platform layer

Where It Fits in Dell Unified Manageability Architecture

Access layer(Interface Service)

Orchestration layer

Resource management layer

Aggregation layer(Repository/Database)

Logical mapping layer(Providers)

Platform layer(HW / FW / SW)

Interactive

Program

matic

Access InterfacesRemotely accessible Existing and emerging standards

Aggregation InterfaceLocal interfaces predominantly “defacto” standards

Logical InterfaceCMPI is the only open standard

Platform InterfaceSmall compact and typically low cost

Managed NodeArchitecture


Why Care?

Easier to implement– Plain text, XML

More secure– Plain text header for filtering, firewalls

– Specifies only from, to, managed resource, and action

– Contents may be encrypted– Properties and values

– Security protocols may be layered onto base


Why Care (cont'd)?

Can mix and match protocol components to meet special needs– Pieced together from "composable" protocols

– Optional add-in features, separate specs, orthogonal

– If you need more function, just add new headers and messages

– E.g., atomic transactions


WS-Managementvs SNMP

Aspect SNMP WS-Management

Introduced 1990 2004; DMTF version 2006

Reliability UDP connectionless protocol, timeout on packet losses, retry

HTTP(S)/TCP connection-oriented, retransmits

Security v1, v2: plain-text password

v3: encrypted (but not widely implemented)

HTTPS server authentication to client; encrypted client authentication to server

Privacy v1, v2: no encryption HTTPS, certificate-based

Public Standards many IETF RFCs for protocols and management data

DMTF specs for WS-Management protocol and CIM-based management data

Extensibility of data Many private MIBs. IETF RFCs take years to update

DMTF produces an updated CIM version every quarter

Extensibility of protocol v1: 1990v2: 1996v3: 2002

Dozens of WS-* protocol extensions from W3C, WS-I, OASIS, et al.


Conclusion: Monitoring vs Management SNMP

– Good for monitoring, not good for management– Okay on devices that support SNMPv3 or special

authentication mechanisms

WS – Good for monitoring and for management

– Secure and private communications


WS-Management

WS protocol (suite) Originally from Microsoft, Intel, CA, BMC, Dell, et al. Being worked on in DMTF WG, in a subgroup of WIP

– WIP = WBEM Infrastructure & Protocols WG of DMTF

Not CIM-based per se– Could use any data model

– Everyone wants to use CIM (Common Information Model from DMTF)

– Current specs use WS-Man on CIM-based data


WS-Management Components Protocol

– WS-Addressing (endpoint references to resources)

– SOAP (envelope structure)

– WS-Transfer (get, put)

– WS-Enumeration (enumerate, pull)

– WS-Eventing (subscribe, unsubscribe)

Data definition and use– WS-Management CIM Binding

– WS-CIM XML representation of CIM Schema


WS-Man Heavily Adopted New transport protocol for DMTF CIM data Required by DASH (DMWG), SMASH (SMWG) Being implemented in out-of-band management

controller chips, NICs, graphics chipsets, etc. Implemented in Windows to access WMI data Implementations being developed in Linux for

OpenWBEM and OpenPegasus CIMOMs Will be in every desktop, laptop, server, and OS

– And peripheral devices soon after


Whoa! More Acronyms

DASH = Desktop and Mobile Architecture for System Hardware (DMTF initiative)

SMASH = Systems Management Architecture for Server Hardware (DMTF initiative)

DMWG = Desktop & Mobile Working Group (of DMTF) SMWG = Server Management Working Group (of

DMTF) CIMOM = CIM Object Manager WMI = Windows Management Interface


Questions?


Backup


Compare: Reliability

SNMP uses UDP– Connectionless, packets can get lost

– Application manually times out & retries

Web services usually use HTTP/HTTPS on TCP– Connection oriented, TCP transmits reliably


Compare: Authentication SNMP

– v1 and v2 passwords (community names) transmitted in plaintext, subject to snooping

– v3 encrypted but not (yet) widely implemented

– Special sequences often invented: challenge-response, specific to device

WS– If HTTPS, server authenticates to client with certificate

– Wide variety of client authentication schemes defined: Basic, Digest, Mutual, spnego-Kerberos


Compare: Privacy

SNMP – v1 and v2 transmitted in plaintext

– v3 encrypted but not (yet) widely implemented

WS– Usually transmitted on HTTP/HTTPS

– On HTTPS, message encrypted with SSL/TLS

– On HTTP, the message body can be encrypted separately– Everything but the address and the operation (Get, Put,

Enumerate, Subscribe, etc.)


Compare: Use on Corporate Networks SNMP

– SNMP often forbidden on corporate networks, blocked by routers and firewalls

– Sometimes limited to read-only– Monitoring only, no configuration management

WS– HTTP/HTTPS always permitted on corporate networks,

usually passes firewalls


Compare: Ease of Learning SNMP

– Binary, heavily encoded (ASN.1 Binary Encoding Rules)

WS– Encoded in XML plaintext

– Protocol described by XML schema


Compare: Organization of Data SNMP

– Database called Management Information Base (MIB)

– Most data in rectangular tables– row=instance, column=property

– Data identified by long, hierarchical number strings– Object IDentifiers (OIDs)

– The system contact person string is 1.3.6.1.2.1.1.4.0

– 1(iso).3(org).6(dod).1(internet).2(management).1(mib-2).1(system).4(sysContact).0(scalar)

WS

– Data named as XML elements or attributes– <CIM_ComputerSystem>.<PrimaryOwnerContact> is the system

contact person string


Compare: Extensibility of Data SNMP

– Many companies define private MIBs as extensions of public data

– Private data tends to stay private

– IETF approval cycle for MIBs and revisions is years long

WS– Many companies define private classes and profiles as

extensions of the public data

– Companies try to standardize any data worth sharing

– DMTF updates the CIM Schema version quarterly


Compare: Extensibility of Protocol SNMP

– Average time between protocol versions = 6 years

WS– Web service protocols extended by adding new elements

to the XML

– Dozens of such extensions defined– WS-Transfer, WS-Enumeration, WS-Eventing, all used by

WS-Management

– WS-Security, WS-Policy, WS-Transaction, etc.


Compare: Asynchronous Notification SNMP

– SNMP "traps" sent over UDP (not reliable)

– List of IP addresses to send to

– No filtering: everyone gets everything

– Subscription mechanism out-of-band

WS (WS-Management specific)– Client subscribes to stream of event notices

– Event notices sent over TCP

– Several modes of delivery, including requiring ACK


WS Composed Protocols

WS-Addressing (endpoint references) SOAP (envelope structure) WS-Transfer (get, put) WS-Enumeration (enumerate, pull) WS-Eventing (subscribe, unsubscribe) WS-Security (authenticate) Etc.


WS-Man Operations

Protocol operation specifies request and response Target: resource instance

– Create, Delete– Get, Put (properties of an instance)

Target: collection of instances– Enumerate (get handle), Release (handle)– Pull (instances)

Target: event streams– Subscribe, GetStatus, Renew, Unsubscribe– Pull (collections of events)

– Normal mode is push from service to client

– Ack– Etc.


WS-Man Example Message

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsman="http://schemas.xmlsoap.org/ws/2005/02/management">

<env:Header>

<wsa:To>http://<IP address of server>:<port>/wsman?ResourceURI=(http://schemas.dmtf.org/wsman/2005/02/cimv2.9/CIM_ComputerSystem) </wsa:To>

<wsa:ReplyTo> <wsa:Address env:mustUnderstand="true"> http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous </wsa:Address> </wsa:ReplyTo>

<wsa:Action env:mustUnderstand="true"> http://schemas.xmlsoap.org/ws/2004/09/transfer/Get </wsa:Action>

<wsman:MaxEnvelopeSize env:mustUnderstand="true"> 51200 </wsman:MaxEnvelopeSize>

<wsa:MessageID>uuid:20CBF75C-008E-4C68-AA14-F3EB9D94E617</wsa:MessageID>

<wsman:SelectorSet>

<wsman:Selector Name="CreationClassName"> ComputerSystem </wsman:Selector>

<wsman:Selector Name="Name"> IPMI%20Controller%2032 </wsman:Selector>

</wsman:SelectorSet>

<wsman:OperationTimeout>PT60.000S</wsman:OperationTimeout>

</env:Header>

<env:Body></env:Body></env:Envelope>


Process of Discovery

Find a node (S.E.P.) Find WS-Man service(s) on that node (S.E.P.)

– Sticky point recently, general problem– One system may have multiple agents, OR

– Multiple nodes with agents need to be correlated

Read catalog to get resource classes (ResourceURIs) Enumerate resource instances of resource classes

(Selectors) Get or Put to a resource instance


Discovery of Multiple MAPs

Date post:	27-Mar-2015
Category:	Documents
Upload:	hayden-schmidt
View:	214 times
Download:	0 times

CTO Office - Standards & System Management Architecture 1 Rick Landau CTO Office, Standards & System...

Documents