| The policy-based network management mechanism targets at the whole network. Since it can solve the problems that are irresoluble for traditional network management systems, the policy-based network management is becoming a new network management solution. By combining the policy-based network management with traditional SNMP-based network management, the secure policy-based network management prototype is proposed.The policy-based network management system consists of four essential components, the policy management tool, policy server, policy agent and the policy repository. The policy agent is attached with concrete network devices. It configures and manages network devices based on the predefined rules of policy server. The policy server is the nexus of the whole system, which makes decisions by fetching rules from policy repository and dispatches each rule to the corresponding policy agent. The policy repository is a directory and/or storage service where policies and related information are stored. The policy management tool is an application set which can be used to view and edit the policies. It has a graphic user interface and is responsible for converting the formats of policies so that they can be stored in the policy repository.According to the practical characteristic of network management, this prototype is designed with layered architecture so that it can be implemented with higher flexibility and scalability. By mapping network management policies to the SNMPv3 framework, based on the design of VACM MIB, the policy-based network management system is able to support SNMPv3 protocol. In addition, the security of SNMPv3 protocol is analyzed and an improved rebroadcast protection mechanism is proposed to secure the network management.Through the theoretic analysis and prototype implementation, the policy-based network security management system is proved to be feasible both theoretically and practically. It may have a good prospect for the next generation network management field.
|
PDF Full Text Request