Autonomic Approach to IT Infrastructure Management in
a Virtual Computing Lab Environment
H. Abdel Salam
K. Maly
R. Mukkamala
M.Zubair
[email protected]
[email protected]
[email protected]
[email protected]
Department of Computer Science, Old Dominion University, Norfolk, Virginia
D. L. Kaminsky
[email protected]
IBM Research Triangle Park, North Carolina
ABSTRACT
The Virtual Computing Lab at NC State University is an example
of an IT environment that allows users to reserve computing
resources and applications and to access the resources remotely
over the Internet. Its primary goal is to offer flexible, on-demand
services of hardware and software resources to a diverse
community of users. In this environment, there is a need to make
the resources highly available with maximum flexibility and with
minimal administrative support. Managing IT resources in such an
environment poses challenging issues---on one hand it has to
satisfy the needs of the user community and on the other hand it
has to take into account the needs of system administrators
responsible for keeping all the hardware and software current and
running. Automation of workflow-based management systems can
improve flexibility and increase the ease of administration
somewhat. We propose in addition a policy-based process
manager that can interact with the workflow support system. In
this paper, we describe a policy-based, infrastructure and time
aware process manager: (i) to help manage IT resources more
effectively by providing conflict identification when providing
resource reservations with QoS guarantees to end users; (ii) to
support change management for IT staff that perform impact
analysis of proposed changes and schedule the actual changes in
the context of potential conflicts with a resource reservation
system. We have developed a prototype system that represents the
IT resources in both a dependency graph and a connectivity graph.
The prototype process manager allows the expression of policy
statements about the resources, their reservations, and change
management processes. It further evaluates resource reservations
and change management actions against the policies and points
out possible conflicts with existing reservations and/or change
actions. The system has been written in Java and policies are
expressed in XML in a language based on ACPL. At this point we
have established the feasibility of the approach. We are currently
studying the scalability, expressibility, and extensibility issues.
Categories and Subject Descriptors
K.6.1 [Management of Computing and Information Systems]:
Project and People Management--- Systems analysis and design;
K.6.4 [Management of Computing and Information Systems]:
System Management --- Quality assurance; H.4.2 [Information
Systems Applications]: Types of Systems --- Policy based
decisions;
and
D.2.1
[Software
Engineering]:
Requirements/Specifications --- Languages.
General Terms
Management, Design, Languages.
Keywords
Infrastructure-Aware, Policy Engine, Autonomic Manager, Policy
Language, IT Change Management, Resource Reservation.
1. INTRODUCTION
The IT infrastructure in educational organizations is quite diverse
due to its unique need for instructional support of courses in
several disciplines, diverse research projects and supporting
administrative processes, with different hardware and computing
needs. There is a need to make the resources available to students,
faculty, researchers, and staff with maximum flexibility and high
availability. The Virtual Computing Lab at NC State University is
an example of such IT environment that allows users to reserve
computing resources along with a set of applications, and use
them remotely over the Internet. Its primary goal is to offer
flexible, on-demand services of hardware and software resources
to a diverse community of users.
In this environment, there is a need to make the resources highly
available with maximum flexibility and with minimal
administrative support. Managing IT resources in such an
environment poses challenging issues---on one hand it has to
satisfy the needs of the user community and on the other hand it
has to take into account the needs of system administrators
responsible for keeping all the hardware and software current and
running. The new vision of autonomic computing [7, 9] called for
the use of policy engines to automate decision making in different
management processes; and a middleware architecture has been
proposed in [3] to manage systems and applications that span
multiple networks and administrative domains.
To improve flexibility and increase the ease of administration, we
have designed and prototyped a policy-based process manager
that can interact with the workflow. In this paper specifically, we
describe the policy-based, infrastructure- and time- aware process
manager:
(i) to help manage IT resources more effectively by providing
conflict identification (and later conflict resolution) when
providing resource reservations with QoS guarantees to end users
(ii) to support change management for IT staff that perform
impact analysis of proposed changes and schedule the actual
changes in the context of potential conflicts with a resource
reservation system.
We have developed a prototype system that represents the IT
resources as both a dependency graph and an availability graph.
The prototype process manager allows the expression of policy
statements about the resources, their reservations, and change
management processes. It further evaluates resource reservations
and change management actions against the policies and points
out possible conflicts with existing reservations and or change
actions. The system has been written in Java and policies are
expressed in XML in a language based on ACPL.
The remainder of this paper is organized as follows. Section 2
provides a general background on different concepts related to our
work. Section 2.1 covers IT change management and workflows
and provides motivation for infrastructure-aware policy engines.
A short survey on currently available policy engines and
associated languages is given in Section 2.2. Section 2.3
introduces resource reservation in a Virtual Computing
Laboratory environment. Section 3 describes our approach to the
problem of providing a system that can astronomically decide on
change management actions and resource reservation requests.
Section 4 details the requirements the problem poses on the policy
language and Section 5 describes our prototype implementation
and enhancements we have added to solve the scheduling conflict
detection problem. Conclusions are given in Section 6.
2. BACKGROUND
2.1 Change Management
ITIL[13], IT Infrastructure Library, defines Change Management
as the standard methods, procedures and best practices that ensure
that changes to configuration items in a controlled IT
infrastructure are carried out in a planned and authorized manner
that do not contradict with any of system performance goals. This
includes ensuring that there is a business reason behind the
change, identifying specific configuration items and services
affected by the change, planning the change, testing the change,
and having a back-out plan in case of unexpected outcomes. In
this context, changes are usually managed through workflows,
which at its simplest form can be defined as the movement of
tasks through a work process. In other words, a workflow is the
operational aspect of a work procedure; it describes for instance
how tasks are structured, what their relative order is, and who
performs different tasks.
Organizationally-customized Change Management workflows
should provide IT directors and managers with the ability to
assess and authorize change requests. This is tightly integrated
with system availability requirements that may come from
different sources like state or organizational policies or from
commitments to system users through resource reservation
systems. Automating the management of such a highly integrated
environment where a change in some part of the network may
have unexpected impacts on other parts is challenging. Although
the importance of such automation increases dramatically as the
size of underlying IT infrastructure increases, the requirements of
an appropriate policy engine have not been even clarified
completely. In [1], we pointed out a major disadvantage in
traditional policy engines: they have access only to the set of
properties exposed by the resources they manage.
2.2 Policies and Policy Languages
A policy can be viewed as a set of rules or guidelines through
which system administrators can manage and control access to
system resources. In a distributed computing context, policybased management involves different categories of policies such
as security policies (to maintain confidentiality, access control,
and intrusion detection), resource management policies (for
availability and quality of service), and information sharing and
dissemination policies. Several policy languages and policy
engines, with different application domains, exist today. In this
subsection we provide an overview of some of the currently
available policy engines, their key features and their associated
languages.
Ponder [5] is an object-orientated policy language that has four
basic types: authorizations, obligations, refrains and delegations.
Ponder allows the definition of rules that control the behavior
between a set of subjects (users) and a set of targets (resources).
Rei [10] is another policy language that is represented in Prolog
predicates. It allows for easy translation of policies into other
semantic languages. Rei is built on a set of constructs that
describe the concepts of rights, prohibitions, obligations, and
dispensations. PDL [11] is an event-based simple and expressive
language that specifies policies using the event-condition-action
rule paradigm. ACPL [6] is used for writing policies for PMAC
[8]. Conditions in ACPL expressions are written using ACEL[2].
It is an XML-based language with the following elements: scope,
condition, decision and business values. The most important
elements are the "condition" element which refers to when a
policy is to be applied and the "decision" element which describes
the result or the action to be taken if the condition is satisfied.
XACML [4, 12] is another XML based language that describes
access control requests and responses. The request constructs
enable forming queries to ask whether a certain action is allowed
or not. The response constructs include an answer using one of
the following four values: Permit, Deny, Indeterminate, or Not
Applicable.
Unfortunately, none of the above languages support conditions
with infrastructure dependent operators. It is neigh impossible to
express conditions that involve facts such as the existence of a
path from one resource (e.g. a router) in the network to another
resource (e.g., a machine in a lab). Another example would be the
condition stating that an application depends on the operation of
another application (e.g., data base) running on another server.
Another challenging issue is the design of a policy language that
supports constructs and operators that simplify writing high level
policies. Policy writers want to be able to express their policies
using high level constructs and operators they are familiar with
and not use technically oriented, low level, XML based ones. We
would want to support the expression of policy by managers
rather than by technical system persons.
2.3 Resource Reservation (Virtual Computing
Laboratory)
In any organization, the primary goal of the IT infrastructure is to
provide service to its users to run their applications. The users
may be connected to the infrastructure via intranet or internet. In
the academic environments, where students (especially distance
learning ones) and research groups are geographically spread out,
it is important to offer the users guaranteed performance and
availability of resources. The Virtual Computing Lab (VCL)
project at North Carolina State University (NCSU) is aimed at
exactly this kind of setup. It has been funded by IBM both as a
research project and an operational unit of the University. Here,
users (local or remote) are able to make reservation requests to
schedule both hardware and software resources (e.g., Matlab,
Maple, SAS, and Solidworks). In fact, the lab guarantees a 24x7
access to their computational resources providing a remote
desktop environment. One of the challenges to work in such a
virtual environment is providing high availability and
performance to the users while maintaining the systems through
IT change management.
One of the challenges to work in such a virtual environment is
providing high availability and performance to the users while
maintaining the systems through IT change management. Since IT
infrastructure (both hardware and software) continually evolves
through different versions, updates, and upgrades, some of the
machines (and hence the software running on it) and
communication infrastructure (e.g., routers) need to be brought
down for maintenance. This in turn will make the machines
unavailable to the users (planned or unplanned) who had been
scheduled on such a down-machine. This calls for a scheduling
system that can simultaneously take into account present and
future commitments to users and their performance goals as well
as the goals of the IT personnel to maintain and upgrade the
systems.
Many resource allocation and scheduling strategies and
algorithms exist today. However, to our knowledge, none of them
allow for a consistent integration with changes in the underlying
infrastructure. More importantly, none of them directly interact
with policies in making their decisions. We propose an integrated
policy-based autonomic computing system that takes both these
aspects into account in the presence of dynamically changing user
load and a dynamically changing infrastructure.
3. APPROACH
To meet the primary goal of VCL-like environments of offering
flexible, on-demand 24x7 service to users, it is important to
maintain the infrastructure well. One critical aspect that is needed
to make system administration perform effectively is to provide
administrators with at least the identification of potential conflicts
when changes in the infrastructure are planned while resources are
being reserved. This, in itself, is a very difficult task as the
dependency of application on the infrastructure can be rather
complex. Consider the following scenario.

A teacher has reserved a computer running an application for
an entire Saturday as she is offering a special exam that
students will need to take on that day. The application itself
depends on a web server, an Apache server, and two


databases, all running on different servers. Students will
access the application from two specific labs.
A system administrator has received an upgrade request for a
subset of routers that will need to be taken down for an hour
to install and proposes to do so on that weekend.
If any of the routers in that subset are either on the path of
the dependency graph of the teacher’s application or are
critical (no other path available) in the path from the
application server to the student labs, we have a conflict.
Hence, the administrator needs to be informed about the
conflict.
Figure 1. Process manager architecture
We designed a process manager (PM) architecture, see Figure 1,
that interacts with the change management process, the resource
reservation process, an appropriate policy editor and the IT
infrastructure through sensors (S), and effectors (E). The process
manager consists of a policy deployer, a policy evaluator, an
impact analyzer, and a conflict free scheduler. The policy engine
also has access to an internal database that stores currently
scheduled changes and reservations. The policy deployer verifies
the syntax of the policy file against the xml schema defining the
policy language. The policy evaluator, on the other hand, provides
decisions to the policy scheduler for proposed changes and
reservation requests based on the current infrastructure, the
deployed policies, the current schedules and reservations. The
impact analyzer provides details of the impact (if any) of the
approved changes on the services provided by the IT
infrastructure. In case of a denied request, it provides the reasons
for the denial. The current IT infrastructure is assumed to be
available in a knowledgebase (e.g., IBM’s CCMDB).
Accordingly, our policy engine can use the knowledgebase to
implement infrastructure-dependent operators which traditional
policy engines do not generally implement. The change
management and the reservation processes either provide the
process manager with required parameters in their request of the
process manage can demand these values using sensors (S). Using
another set of sensors, the process manager has access to the
underlying infrastructure knowledgebase. Similarly, the process
manager sends replies to the change management process and the
resource reservation process through effectors (E). The ‘end user’
interacts with the reservation process, the ‘staff user’ interacts
with the change management process and the ‘policy writer’
interacts with
either policy editor. The infrastructure
knowledgebase is updated through some software process.
The interface between the policy engine and the knowledgebase
can be based on two different approaches. In the first approach, a
monitoring tool periodically uploads the current infrastructure
information to the knowledgebase. In the second approach, the
monitoring tool provides a web service-based interface to convey
the status information on demand.
This architecture allows the proposed conflict free scheduler to be
policy-based: scheduling rules and constraints are not hard-coded
in the algorithm but made available via external policy files.
While we do not intend to develop new scheduling
methodologies, we intend to develop new scheduling structures
that can read policies from external sources and arrive at request
schedules. Due to the interaction of the schedulers with the
resource reservation and IT change management policies along
with the current schedules and the dynamic infrastructure, they are
quite complex in design and implementation. We intend to arrive
at new scheduling paradigms that can be used in such complex
environments.
The process manager provides a number of services to the change
management process including checking whether or not a
particular change is consistent with the current policies, and
checking whether or not any scheduling conflicts exist with the
current resource allocation and change schedule. In this context,
we are especially sensitive to the reduction of false positives since
they might reduce the trust that administrators may have about the
system---too many false alarms is a waste of time for the system
administrators. We are also concerned about minimizing false
negatives as they reduce the effectiveness of the system in conflict
reduction. More importantly, we are interested in developing a
robust conflict identification system. The next phase of this
project would concentrate on developing robust conflict
resolution techniques.
For the resource reservation process, given a resource reservation
request, the process manager determines whether or not it can be
granted and if so during which time slot and which machine. As
before, the process manager takes the current active policies, the
current IT infrastructure, and current schedules into account in
making the decisions.
To realize our approach, we first need to identify the policy
requirements to express the organizational policies that dictate
expected performance (e.g., reservation policies) offered by
virtual computing lab’s IT infrastructure to its users as well as the
constraints within which IT personnel need to operate (e.g.,
availability policies). In addition, we need to identify language
constructs to express infrastructural change requests and user
resource reservation requests. This is discussed in the next
section. In the subsequent section we shall describe the
implementation of a prototype of a process manager that is able to
make the decisions on the feasibility and schedulability of IT
change requests and resource reservations and which can identify
(resolve) conflicts between the two.
4. POLICY LANGUAGE REQUIREMENTS
The problem domains (resource reservation and change
management) require us to define the vocabulary of terms that
form the objects of the policies. Further, our approach
(infrastructure-aware, time-aware) necessitates a number of
language constructs so that we can formulate policies. Finally the
issue of high level of abstraction so that non-technical people can
write policies has strong implications on the language design.
This last point we shall not address in this paper. Following is a
list of requirements and constraints:
(i) High-level constructs for resource reservation requests. We
need to identify language constructs to express user requests in a
high-level language. For example, a user’s (e.g., student,
researcher, faculty) request may contain several parameters:
specific software to be made available, required time, possible
alternate acceptable times, location from where the software will
be accessed, priority of the job, an absolute deadline, and
alternates for the software (e.g., SAS, MATLAB).
(ii) High-level constructs for change management requests.
Here, we identify language constructs to express IT change
management requests in a high-level language. For example, a
database administrator may require that some security patches be
applied on certain versions of a database (e.g., DB2, MSQL)
during certain time intervals. The administrator needs to indicate
the duration of downtime; the machines where the patch will be
applied, possible times when it could be carried out, and request
priority (e.g., low, medium, high, very high, and immediate).
(iii) High-level language constructs to express quality of
service guarantees. We identify language constructs to express
performance guarantees that the organization (e.g., the University)
offers to different types of users. For example, it may guarantee to
a student that his/her request for specific software will be met with
certain success if the requests are made in some specified number
of days in advance and based on other criteria such as the deadline
and urgency. Similarly, it may promise an IT personnel that
his/her request to take down a machine(s) be guaranteed with
some probability of success as a function of its other
characteristics such as priority.
(iv) XML-based representation for IT infrastructural
connectivity. We propose to identify a representation for the
underlying infrastructural components and their interconnectivity.
Currently, we use the configuration structure offered by IBM’s
CCMDB. This is XML based representation and is easy to be
parsed and used by software. Since there could be dynamic
changes to the infrastructure either in the present or in the future,
it should be possible to generate multiple versions of the
infrastructure files rather automatically. We refer to this as timedata dependency.
(v) XML-based representation of application specifications.
We need a representation to describe the requirements of the
applications (e.g., payroll for staff, payroll for faculty, and
accounts payable) in terms of infrastructural components needed
to run them. For example, Blackboard, a course support system,
may need a DB2 database running on a specific server (having a
back-up server), a Tomcat server, and an Apache server each
running on a different machine.
We have considered several policy languages/engines such as
XACML [12] and ACPL [6] for expressing and enforcing change
management policies. However, we found these languages
inadequate to meet the needs of change management and resource
reservations. In particular, we found them to be unsuitable to
express and evaluate availability requirements of an IT
organization in the context of proposed changes. For example,
consider the following two policies, which are relevant to our
change management scenario:


The Blackboard application should be available at all times
but possibly Saturday evening from 10pm to 12pm; however
urgent security patches may be installed anytime as long as
the application is accessible from at least 2 labs during work
hours.
No server may be taken down on three consecutive
weekends.
With the help of an ‘availability’ construct, we can envision a
language that a manager can formally express these policies. For
example, an “IsAvailable” predicate would, among others, see if
there is a route from a user’s PC to the server that runs the
Blackboard application and another part would be to check the
availability of all services needed to run the Blackboard itself.
Based on ACEL[2], we have developed an XML-based policy
language that supports infrastructure-aware constructs.
5. IMPLEMENTATION
5.1 Prototype Status
In [1], we proposed an infrastructure aware policy engine which
enables expressing policies that involve the connectivity and
dependencies within the infrastructure. To demonstrate the
feasibility, we implemented a language and a policy engine that
allows Infrastructure-aware rules. Here, we briefly describe the
implementation along with enhancements to support more
complex IT infrastructure. The reader is encouraged to check
some of the features of our online prototype of the engine at [14].
The detailed architecture of that infrastructure-aware policy
engine is reproduced in Figure 2 (taken from [14]). Note that the
policy evaluator, like its counterpart in the traditional engine, has
access to the exposed properties of the managed resource through
property sensors or getter functions. However, an infrastructureaware policy engine differs from traditional policy engine in the
following way:


Policy Evaluators have access to infrastructure knowledge
base which contains relevant information about underlying
infrastructure. This information can be represented in
different formats (e.g., regular file system files, XML
documents, databases, etc.).
Policy Evaluators can use information stored in an
infrastructure knowledge base to implement infrastructuredependent operators traditional engines are unable to
implement. Hence, policy languages that are associated with
infrastructure-aware policy engines are able to express policy
conditions that contain both infrastructure dependent and
independent operators and vocabulary terms.
In our earlier design of the policy engine, reported in [1], we only
considered IT infrastructure with simple dependencies. However,
dependency between applications and hardware in a large IT
infrastructure is much more complex. For example, in a large
organization, it is common to use database replicas to improve
availability. From the change management perspective, this is a
complex dependency as it is possible to bring one database server
Figure 2. Infrastructure-aware policy engine
down for upgrades and still continue to run the application
accessing the database. To express these complex dependencies,
we need richer constructs in the policy language. To better
understand the motivation for these constructs, consider an
application A accessing a database, which is replicated on server
S1 and server S2. In this configuration, any of the two servers S1
or S2 can serve application A. To represent this kind of “OR”
dependencies, we introduce the “DependencyGroup” and
“Option” elements in the policy language. The “Min” attribute in
the “DependencyGroup” specifies the minimum number of
optional applications that must be up and running to serve the
enclosing “Node” element. The “option” elements are used to list
all possible alternatives. The value of “Min” = 1 refers to the basic
“OR” dependency.
5.2 Integration Model
In the previous sections, we have discussed the motivation for an
infrastructure aware policy engine and a prototype for change
management. In this section, we discuss how the change
management system can be integrated with a resource reservation
system like VCL to coordinate resource reservations of end users
with change management action requests by IT maintenance staff.
Figure. 3 shows the basic components in the integrated system.
Resource reservation components are to the left side of the figure
and change management policy engine components are to the
right. Reservation requests for one or more of the system
resources are issued by the system’s end users. Based on required
resources, reservation time, the QoS policies, current reservations,
and the scheduled changes, the resource reservation system either
grants or denies the reservation requests. Granted reservations are
added to the reservations database.
Similarly, IT staff members, through different change
management processes in the change management workflow,
might need to decide or schedule one or more changes to the IT
infrastructure, the change management process sends a change
request to the process manager. Based on deployed system
policies (including QoS policies), current reservations, and
scheduled changes, the process manager makes a decision about
scheduling the change request. Obviously, not all resource
reservations are of the same priority. While one set of reservations
can be very important and critical that it must be preserved,
another set of reservations are less important and hence can be
scheduled at another time. Finally, a third set of reservations are
of least significance and they may even be cancelled without
rescheduling.
Similar classification is applicable for end user reservation
requests also. Although, the discussion on assigning priorities to
reservation requests and change requests is outside the scope of
the paper, it can be achieved in many ways. For example, we can
assign priority based on the end user’s priority or the type of the
reservation request. Only critical reservations are translated into
reservations policies. Since the format of the resource reservation
is different from the format of a scheduled change, we suggest an
XSLT-based format converter, to convert critical reservations into
constraints that have to be preserved when considering change
requests. Only critical reservations need to be converted. For
example, assume that we want to convert the following critical
reservation <U1, R1, T1> which reserves the resource R1 during
the time period T1 for a user of type U1. Now, we need some
mechanism to prevent change management subsystem from
scheduling some changes that may make R1 unavailable from the
web at the time period T1. One way of doing this, is to convert
this request into the following constraint:
if ((Not IsAvailable<R1,Web,U1>) And (ChangeTime in T1))
Then Reject change.
Clearly, the previous condition is enough to prevent the change
management subsystem from violating a critical reservation entry.
Let us now consider the non-critical reservation entries. The
process engine does not take non-critical reservations into account
when scheduling infrastructural changes. As a result, a scheduled
change entry can be added to the scheduled changes database and
this change entry may violate one or more non-critical
reservations. Hence, when a new entry is to be added to the
scheduled change list, the resource reservation system must
review all the non critical reservations of the system that are
scheduled at a time interval that intersects with the down time
interval of the new scheduled change. Accordingly, it may
reschedule any impacted reservations at a new time. When the
resource reservation system reviews a non critical reservation, it
has two options. The first one is to cancel the reservation, and the
second one is to reschedule it to another time. Either way QoS
guidelines require the system to notify the user of the
cancellation/rescheduling of its reservation. To implement the
above scenario, another converter is needed to map change
impacts to reservations entries to be analyzed by the resource
reservation manger and in case of conflict the reservation entry
with the lowest priority is cancelled and the owner is notified.
As an example of the cancellation of a non critical reservation,
assume that the change management subsystem has just inserted a
new entry <R1, T1, {S1, S2}>, into the scheduled changes
database. (i) This entry schedules a change for resource R1; (ii)
The change would take R1 down for the time period T1; and (iii)
the impact analyzer determined that this action would take the
services S1 and S2 down. The insertion of this entry is converted
into the following reservation entries: <Admin, S1, T1>, <Admin,
S2, T1>, <Admin, R1, T1>. The resource reservation manager
then queries the reservations database for all non critical
reservations that reserve the resource R1, service S1 or S2, or any
of the impacted services that occur in a time period that intersects
with T1. These reservation entries must be deleted from the
reservations database, and owners of these reservations should be
notified. Based on the reservation system policy followed, deleted
reservation entries may be either cancelled or rescheduled to
different times. By default, the proposed model assigns scheduled
changes higher priority over user reservations; more precisely it
assigns scheduled changes higher priority over non critical user
reservations. This is apparent when we notice that a new
scheduled change may result in the cancellation (or at least
rescheduling) of one or more non critical reservations that might
have been reserved in an earlier time. This is not the case for
critical reservations. Critical reservations are converted into
reservation constraints and hence are taken into account when the
policy engine decides about scheduling new changes to the
system.
We believe that assigning scheduled changes higher priority over
user reservations is a reasonable assumption as many of the
changes to resources may be critical (e.g., applying a security
patch). On the other hand, the integration model enjoys high level
of flexibility, as it allows for a general category of critical
reservations which have a priority level that is equivalent to the
priority level of scheduled changes.
To meet the primary goal of VCL-like environments of offering
flexible, on-demand 24x7 service to users, it is important to
maintain the infrastructure well. Toward this goal, the proposed
model of integration would be helpful to resolve conflicts between
the reservation requests and change request.
6. CONCLUSION
The goal of our research is to develop a policy engine to
coordinate resource reservations of system end users and change
management actions taken by IT staff to maintain their system up
and running. Since current policy engines/languages do not
provide system managers with constructs that simplify the
definition of high level availability policies needed in change
management, we have proposed and implemented an
infrastructure aware policy engine/language that provides some of
these constructs.
We also proposed an integration model that coordinates the
output of a resource reservation system with the scheduling of
changes guided by a change management workflow to maintain
resources in this system. This model of integration would be a
promising step towards building highly autonomous systems that
can react and adjust to changes in IT infrastructure in a VCL-like
environment.
At this point we have demonstrated the feasibility of the engine an
integration approach. Further we need to test the scalability of the
engine and the integration model with regard to the number of
servers, switches … etc in the infrastructure. As the algorithms
used to implement connectivity and dependency predicates are
polynomial in nature, we expect our approach to be scalable too.
Figure 3. Policy engine integration with resource reservation manager
7. REFERENCES
[1] Abdel Salam, H., Maly, K., Mukkamala, R., and Zubair,
M., “Infrastructure-aware Autonomic Manager for change
management,” Policy 2007, 2007 IEEE Workshop on
Policies for Distributed Systems and Networks, 13-15 June
2007, Bologna, Italy (to appear).
[2] Agrawal, D., Giles, J., Lee, K., and Lobo, J., “Autonomic
Computing Expression Language”, IBM developerWorks,
http://www-128.ibm.com/developerworks/edu/ac-dw-acacel-i.html, Apr 2005.
[3] Agrawal, D., Calo, S., Giles, J., Lee, K., Verma, D., “Policy
Management for Networked Systems and Applications”. In
Proceedings of Ninth IFIP/IEEE International Symposium
on Integrated Network Management (IM 2005), May 2005.
[4] Bhoopalam, K., Maly, K., Mukkamala, R., and Zubair, M.,
“Framework for information sharing across multiple
government agencies under dynamic access policies”, ARES
2007, The International Conference on Availability,
Reliability and Security, April 10-13, 2007, Vienna, Austria.
[5] Damianou, N., Dulay, N., Lupu, E., Sloman, M., “The
Ponder policy specification language”, Workshop on Policies
for Distributed Systems and Networks, Policy2001, HP Labs
Bristol, UK, 29-31 Jan. 2001, Springer-Verlag LNCS 1995,
pp. 18-39
[6] IBM Tivoli, “Autonomic Computing Policy Language”,
http://dl.alphaworks.ibm.com/technologies/pmac/acpl.pdf.
[7] IBM Tivoli, “Autonomic Computing: IBM’s Perspective on
the State of Information Technology”, http://www03.ibm.com/industries/government/doc/content/bin/auto.pdf.
[8] IBM Tivoli, “Policy Management for Autonomic
Computing”,
Version
1.2,
http://dl.alphaworks.ibm.com/technologies/pmac/PMAC12_s
dd.pdf
[9] Kephart, J.O., and Chess, D. M., “The vision of Autonomic
Computing”, IEEE Computer Society, January 2003, pp. 41–
50.
[10] Kagal, L., “Rei: A Policy Language for the Me-Centric
Project”, TechReport, HP Labs, September 2002.
[11] Lobo J. et al., “A Policy Description Language”, Proceedings
of AAAI’99, Orlando, Florida, USA, 1999.
[12] Moses, T., and other committee members, “Extensible
Access Control Markup Language Version 2.0”, Core
Specification
http://xml.coverpages.org/XACMLv20CDCoreSpec.pdf
[13] OGC, “The IT Infrastructure Library”, http://www.itil.co.uk
[14] Policy Research Group, “ODU Policy Engine Prototype”,
http://www.cs.odu.edu/~asalam/demo/demo.html.