A few steps beyond policy-based network management is the road to managing through a directory services domain and the move to service-level management.
A directory service is a repository that contains information which identifies users, devices and resources in an enterprise. Tying a policy-based management system to a directory services repository creates a powerful and even more intuitive type of management.
You basically set up your policies within a directory services domain at the system level, choosing any number of current directory service offerings — NDS from Novell, Mission Control from Netscape, StreetTalk from Banyan, or the upcoming Active Directory from Microsoft.
“At (the system level where a directory service resides) you can actually set up policies that are associated with resources — users, applications, databases, printers or whatever,” said Kelly Kanellakis, technology director for Cabletron Canada. Directories are like “giant 4-1-1 services,” he said.
“The policy could say this becomes the highest priority traffic on the network. Then what would happen is a network-layer level device or below would actually talk to that directory service.
“You’re not even programming the policy manager any more,” he continued. “Then the question becomes: do you need that policy manager as an interim step? In the beginning you probably will, but then later on down the road, the end devices will be able to go right out to those directory services themselves. So, I put in a new switch and if a new user shows up, the switch goes out and actually polls the directory service about that user and gets all of the required policy information and downloads it.”
At this point, you are moving beyond machine-level, policy-based management of network hardware devices to service-level management — basically taking an application and defining a level of service for it.
“Policy management is more of a lower-level thing, whereas service-level management is much higher level,” Kanellakis said. “I think businesses have tended to confuse the two.”
And as attractive as it all sounds, there’s still some distance to travel before arriving at this paradigm. The development of smarter network management is dependent upon defining standards that would provide a base upon which to provide such intelligence. Routers, switches, end stations and all manner of IT equipment needs to have built-in standardized identification that would allow these to all be recognized by smart applications. Standards are in the works, but even the limited tools and solutions available tend to be proprietary, according to Kanellakis.
“Right now, the best you can hope for is a policy manager that is tied into some sort of configuration manager. But then the (degree of functionality and intelligence in the) configuration management depends on how much depth it has been given from the various vendors of equipment.”
— Dan McLean