Fusion tool bar
Archives
What's New
Site Map
Subscriptions

Scroll to bottom for text toolbar


The proper role of Web-based management

Network World, 4/21/97

Given what's good about World-Wide Web technology - most notably its ease of use and operating system independence - it makes sense that it should be extended to network management, a problem in dire need of both attributes. But to use Web technology to solve all net management problems would be a step in the wrong direction because there already are workable and agreed-upon ways to solve some aspects of the management dilemma. Rather than reinvent the wheel, it's better to use Web technology to only tackle issues that have yet to be adequately addressed.

That is the premise behind the following white paper by Jeffrey Case, who co-invented the Simple Network Management Protocol and is now president of SNMP Research International, Inc. in Knoxville, Tenn. The paper originally was intended only for internal distribution at SNMP Research, a company that sells SNMP-related source code primarily to vendors. But because we think it is an important addition to the discussion on the topic and essentially agree with his argument, we asked Case to let us publish it. He agreed, for which we thank him.

Effective Web-based management means using the right tool for the job. In general terms, the four ''jobs'' of network and systems management are knowing, telling, crunching and showing.

Knowing means management data must first be identified and defined. Typically, this involves instrumentation - adding agents to or capturing status output from each device or system to be managed. The Internet-standard approach for instrumentation is the SNMP Structure of Management Information (SMI) defined in RFC 1902 and the use of standard Management Information Bases (MIB) as defined in over 60 published requests for comment.

Telling is providing access to and transporting management data. Again, the Internet-standard approach is to use SNMP. Because of its low overhead as a connectionless protocol and its ability to punch through even during periods of network degradation, the User Datagram Protocol (UDP) has been used most often to transport SNMP data.

Crunching converts management data into meaningful information. Crunching is the job of smart applications capable of performing data reduction, data correlation and data aggregation. We'll call these ''thinker'' applications.

Showing is simply providing humans access to the information that results from all of the above.

The industry's current infatuation with Web-based management has induced some vendors to promote products that use Web-based technologies for all four tasks. However, upon close inspection, it is clear that while the Web is well suited for some functions, using Web technology alone in other areas will eventually lead to scalability, interoperability and performance nightmares.

To illustrate, let's examine the suitability of Web-based technologies in the four basic functional areas.

*Knowing: Using Web technology for data definition and instrumentation - no.

The act of simply publishing a device's status or other management data is easy and convenient. But it assumes two things: that a human is available to read the Web page when the device is having a problem and it is sufficient to be able to monitor only one device at a time.

Unless a standard data definition language - such as the SNMP SMI - is used, interoperability among management systems and managed devices from multiple vendors is virtually impossible. When each vendor outputs device status or other management data to a Web page in a nonstandard format, the data is programmatically useless to every management system except those supplied by the individual device vendor.

While it is true that any human may be able to read it, it is equally true that it will be impossible for any other vendor's management application to manipulate that data along with management data from other vendors' equipment. As a result, automation will never be achieved.

Over the past eight years, customers and vendors have made enormous investments of time, money and operator training in standards-based data definition and instrumentation based on the Internet-standard SMI and MIB. This investment has enabled at least a minimum degree of management interoperability. Disregarding that investment, rather than building upon it, will surely be incredibly and unnecessarily expensive in the long run as customers seek to regain critical interoperability levels and achieve automation.

*Telling: Using Web technology for data access and movement - no.

The most prevalent management paradigm in use today is manager/agent, whereby a management system or midlevel manager (intelligent agent) periodically polls attached systems and devices to check status or retrieve other critical information and to send configuration and control commands. The managed entities may also emit asynchronous traps (alerts) when a critical condition occurs.

HTML and HTTP are not well suited for polling, as they require a human to ''push'' a reload button to retrieve information (set up a new network connection) and build a new screen (Web page). Likewise, HTML/HTTP are not designed for accepting asynchronous traps. While a Java applet may be written to emulate pushing the reload button or to achieve ''server push'' for trap notification, this is a workaround solution attempting to make HTML/HTTP do tasks for which they were not designed. Performance inefficiencies will be the result.

In contrast, it is more appropriate to view SNMP and Web technologies as complementary and allow SNMP to perform the ''knowing'' and ''telling'' (instrumentation and data access/movement) while using the Web for other jobs, as described below.

Furthermore, analytical studies, controlled experiments and field experience have all shown the superiority of connectionless transports for use with management protocols, such as that used by SNMP, and have identified the problems associated with attempting to convey management data over a stateful connection-oriented transport stack, such as HTML over HTTP over TCP.

*Crunching: Using Web technology for thinker applications - yes.

While SNMP has helped organize and drive the management industry with respect to instrumentation and data access/movement, the market still suffers fragmentation in the critical areas of data repository interface and data modeling. This, as well as operating system and hardware differences among various management platform suppliers, has created far too many permutations and combinations for management application providers (those who sell ''thinker applications'') to support, eroding product profitability and their ability to improve their products enough to satisfy customer requirements.

Web-based technology in general, and Java in particular, is certainly appropriate for reducing the porting burden among management application providers and perhaps for serving as a foundation for a data repository interface.

*Showing: Using Web technology for information display - yes.

The ubiquity of the Web makes it an ideal display vehicle. Publishing data on a Web page is an effective, easy and affordable way to disseminate information to people who need it. The platform-independent features of HTML/HTTP and Java are certainly advantageous, leading one to conclude that the Web can be viewed as an effective replacement for X Windows in many situations.

HTML is limiting in that it is simply a markup language with limited dynamic capabilities. Java does support dynamic features and also has richer drawing capabilities.

Alternative Web-based architectures

The Web-based management market is beginning to organize, and various vendors and consortiums have proposed different architectures. The most well-known of these architectures include the following:

  1. Web-based device management via HTTP access to devices (agents)
  2. HTTP access to management systems
  3. Java and the Java Management API (JMAPI)
  4. Web-based Enterprise Management (WBEM)

Architecture 1 involves putting a Web server in each managed device or system for enabling HTTP access to management data. In many cases, the management device also provides SNMP access to management data for compatibility with the enterprise's management strategy.

Products in this category typically use one of two approaches for accomplishing this: dual stack, meaning the SNMP stack is separate from HTTP stack; or integrated stack, where a single communications stack is used for both SNMP and HTTP, with mapping between SNMP and HTTP constructs occuring at a high layer in the stack.

A number of vendors have implemented dual-stack technology. However, the integrated approach offers many advantages over clunky multiple-stack approaches, including:

  • Tighter security, because there is a single path to management data and that path has a fine degree of granularity for authentication, authorization and access control.
  • Better guarantee of set synchronization.
  • Smaller stack footprint and memory size.
  • Consistency - again, a single path to management data.

Testing is also easier because there are fewer components to test - one stack instead of two.

While Web-based device management has several positive features, it also has a number of limitations. Management is more than just perusing MIB variables with a Web browser. Web browsers are connection-oriented; they were not designed for machine-to-machine interaction. Since Web browsers are meant to handle only one connection at a time, an enterprisewide global view is hardly supportable.

For these reasons, among others, Web-based device management does not scale and is a poor choice for fault management. But it is well suited for some aspects of configuration management.

Web access to management stations

Architecture 2 provides HTTP access to the management system while preserving the use of SNMP between the manager and the agents. The architecture uses a protocol designed to carry management data (SNMP) and uses protocols intended for communications with browsers (HTML and HTTP) to communicate with browsers. That is, it uses technologies for their originally intended purposes - the right tool for the job.

One advantage of this architecture is that multiple browsers can be accessing the management system concurrently. And the management system, in turn, can be managing multiple devices concurrently.

While this architecture solves the problems of data collection and information display, it does not yet address other areas of management fragmentation such as data repository and data modeling.

Java and JMAPI

Architecture 3, JMAPI, is part of SunSoft, Inc.'s Java-based Solstice Workshop initiative. Solstice Workshop is a programming environment for developing Web-based network and systems management software. In addition to JMAPI, the Solstice Workshop includes a small footprint database and a Java programming environment. Solstice Workshop's big drawing card is JMAPI's extensibility and the popularity of Java's ''write once, run anywhere'' appeal.

A number of third-party vendors have endorsed JMAPI, and several are planning to release beta products built using the first version of the JMAPI tool kit. This tool kit will support Java ''widgets'' for standardized presentation look.

However, JMAPI object classes have not yet been defined in any detail, and tool kits with refined data definitions will not be available for some time. In fact, much of the detail of managed object definitions will be left up to the third parties to sort out.

As such, additional standards will be needed to achieve the level of integrated applications that users need and to provide the level of application portability that developers need.

Web-based Enterprise Management

Architecture 4, WBEM, will include detailed data definitions. The original WBEM architecture -- spearheaded in July 1996 by Microsoft Corp., Compaq Computer Corp., Cisco Systems, Inc., BMC Software, Inc. and Intel Corp. -- has been publicly endorsed by more than 50 vendors. It calls for defining the following components:

  • HyperMedia Management Schema (HMMS), which is an extensible data description for representing the managed environment. The original intent was that HMMS would be further defined by the Desktop Management Task Force (DMTF). However, the DMTF has chosen to overhaul the ambitious schema effort and is about to publish a superset called the Common Information Model (CIM). CIM specifies mappings between HMMS and products conforming to Common Object Request Broker Architecture, SNMP and DMTF Desktop Management Interface standards.
  • The HyperMedia Object Manager (HMOM), which is a data model that consolidates management data from different sources. HMOM is expressed as a written specification, defined by Microsoft and Compaq, as well as a C++ reference implementation to be placed in the public domain.
  • HyperMedia Management Protocol (HMMP), which is a communications protocol that embodies HMMS, running over HTTP and with planned interfaces to SNMP and DMI.

The WBEM/CIM is certainly the most ambitious of all Web-based management architectures and is therefore more likely to take the longest time to reach maturity.

Adjusting the vision

Clearly, Java shows promise for reducing the portability burden associated with developing ''thinker applications'' while providing unprecedented information display capabilities. But amidst the excitement over Java, some segments of the industry are moving toward repeating mistakes of the past: pursuing gigantic efforts that are not sufficiently compatible with the vast installed base.

For example, both the JMAPI over Java and WBEM architectures are ambitious efforts rivaling the scope of the now-defunct Open Software Foundation, Inc.'s Distributed Management Environment. Huge efforts such as these rarely result in useful products in a timely fashion.

Some advocates of both the Java and WBEM camps are trying to reinvent instrumentation; they will have to pay a performance and compatibility hit for mapping to the existing installed base. Users learned about the costs of incompatibility when attempts were made to deploy the DMTF's technology with enterprisewide SNMP-based management.

Another lesson can be found in recalling the network management platform wars of the early 1990's, which, although diminished in fury, continue to this day. Reinventing today's net management platforms as Web-based platforms will only fuel similar battles. We need standards for data modeling, a data repository and libraries for those functions in order to avoid repeating the costly platform wars.

In summary, the industry needs to get a grip and be realistic about what technologies such as Java-based applets can and cannot do. Standards - of the right kind - are needed before real progress can be made toward solving the truly difficult management problems customers face.

For example, a Java-based application ''bus'' for manager station extensibility is one practical solution. Such a bus would provide Java-based, platform-independent, standard interfaces that can be exploited by portable management applications. However, the amount of work to produce standards for these interfaces is daunting, so it behooves vendors to work together on the problem.

In the meantime, throughout this year, many more devices supporting Web-based device management will enter the market, most of which will also support SNMP access. Useful Web-based management standards will evolve slowly. But progress will be slowed even further by attempts to revisit the solved problems of instrumentation and data movement rather than focusing efforts on the harder problems of management application integration and data definition.

Customers are advised to watch developments carefully, armed with a healthy dose of skepticism when it comes to silver-bullet technologies. Don't abandon what you have; rather, buy and use what works and is complementary to your existing installed base. Harmonious marriages with other technologies are the key to success, tempered with discretion for using the right tool for the right job.

Feedback | Network World, Inc. | Sponsor index
How to Advertise | Copyright

Home | NetFlash | This Week | Industry/Stocks
Buyer's Guides/Tests | Net Resources | Forums | Careers
Seminars & Events | Product Demos/Info
Audio Primers | IntraNet

For more info:

The DMTF Common Information Model

Web-Based Enterprise Management

Java Management API

1997 Network World management survey - Users speak out on management issues, Network World, 4/14/97.

Contact Case