Title: Monitoring, Security, and Dynamic Configuration with the dynamicTAO Reflective ORB
1Monitoring, Security, and Dynamic Configuration
with the dynamicTAO Reflective ORB
- Fabio Kon, Manuel Roman, Ping Liu, Jina Mao,
- Tomonori Yamane, Luiz C. Magalhaes, and Roy H.
Campbell - f-kon,roy_at_cs.uiuc.edu
- Department of Computer Science
- University of Illinois at Urbana-Champaign
- http//choices.cs.uiuc.edu/2K/dynamicTAO
2Introduction
- Network Operating System
- Facilitate management in modern computing
environments - Heterogeneity embedded sys., PDAs, laptops,
workstations - Dynamism rapid software evolution, mobile users
computers - Users must maintain different accounts in each
platform - GOAL
- Facilitate management by building a
middleware-level operating system on top of this
heterogeneous world
3Requirements
- Run on multiple hardware platforms
- Run on top of different OSes
- Support different programming languages
- Support dynamism, late binding, components
- Solution
- OMG IDL
- CORBA ORBs
- Standard CORBA Services
4But Theres A Problem!
- Conventional ORBs are static
- Fixed threading model
- Fixed transport protocol IIOP (over TCP/IP)
- Fixed security strategy (typically no security)
- Fixed scheduling
- Inadequate for a wide range of applications
- Multimedia
- Mobile Computing
- Adaptive Applications
5Proposed SolutionReflective ORB
- Reflective Systems Smith 84
- Meta-Object Protocol Kiczales 91
- Reflective ORBs Singhai and Campbell 97
- The ORB maintains a representation of its own
internal structure and allows - Inspection
- Dynamic Reconfiguration
6dynamicTAO
- Built as an extension of the TAO ORB Schmidt et
al - Written in C
- Modular design based on
object-oriented design patterns - TAO already supported startup configuration,
configuration file specifies strategies for - concurrency (threading model)
- request demultiplexing
- scheduling
- connection management
7Adding Support for Dynamic Configuration
- dynamicTAO exports an interface called
DynamicConfigurator, supporting - 1. Transfer of components across the distributed
system - 2. Loading and unloading components
- 3. Inspecting and modifying the configuration of
the ORB (and of applications running on top it)
8Reifying the ORB Structure
- ComponentConfigurator framework
- Stores inter-component dependencies
- Allows browsing, inspection, and reconfiguration
- Can be customized through inheritance
9dynamicTAO Structure
10DynamicConfiguratorIDL Interface
- interface DynamicConfigurator
-
- stringList list_categories ()
- stringList list_implementations (in string
categoryName) - stringList list_loaded_implementations ()
- stringList list_hooks (in string
componentName) - string get_hooked_comp (in string
componentName, - in string
hookName) - string get_comp_info (in string
componentName) - .
- .
- .
11Manage Component Implementations loaded in memory
- long load_implementation (in string
categoryName, - in string impName,
- in string params,
...) - void hook_implementation (in string
loadedImpName, - in string
componentName, - in string hookName)
- void suspend_implementation (in string
loadedImpName) - void resume_implementation (in string
loadedImpName) - void remove_implementation (in string
loadedImpName) - void configure_implementation (in string
loadedImpName, - in string
message)
12Manage the ORB Persistent Component Repository
- void upload_implementation (in string
categoryName, - in string impName,
- in implCode
binCode) - void download_implementation (in string
categoryName, - inout string
impName, - out implCode
binCode) - void delete_implementation (in string
categoryName, - in string
impName)
13Example of Dynamic Configuration
- 1. myRemoteOrb-gtupload_implementation
(Security, superSAFE, -
superSAFE_impl) - 2. newSecurityStrategy
- myRemoteOrb-gtload_implementation
(Security, superSAFE) - 3. oldSecurityStrategy
- myRemoteOrb-gtget_hooked_comp
(dynamicTAO, Security_Strategy) - 4. myRemoteOrb-gthook_implementation
(newSecurityStrategy, -
dynamicTAO, Security_Strategy) - 5. myRemoteOrb-gtremove_implementation
(oldSecurityStrategy)
14Consistency
- Dynamic reconfiguration may break the consistency
of the internal ORB engine. - Consistency must be ensured by the ORB developer
and by the component developer. - Achieved by creating customized subclasses of the
ComponentConfigurator class - TAOConfigurator
- Servant1Configurator
- MonitoringStrategyConfigurator
- ...
15Example of ConsistentDynamic Reconfiguration
- Concurrency strategies
- 1. Reactive (single-threaded)
- 2. Thread-per-Connection
- 3. Thread-Pool
- Switching from 1 or 2 to any other OK
- Switching from Thread-Pool problematic
16Implementing Reconfigurable ORB Components
- Two major things to consider
- 1. Transferring the state from the old component
to the new component - 2. Making sure that no dangling references to the
old component remain - Must customize TAOConfigurator or strategy
configurator (e.g. ThreadPoolConfigurator)
17Accessing the ORB Reconfiguration Interface
- 1. Local or remote code through IDL
- 2. Telnet
- 3. Java GUI
- 4. Reconfiguration Agents
18DOCTORDynamic ORB Configuration Tool
19Reconfiguration with Mobile Agents
- Suitable for Large-Scale Systems
- Agents may carry
- graph
- reconfiguration script
- state
- results
20Applications of Reflective ORBs
- Completed Prototypes
- Flexible Object Monitoring Service
- Dynamic Security Service
- Ongoing work
- Multimedia applications
- CORBA File System
21Monitoring Distributed Object Interactions
- dynamicTAO shows how to adapt
- Applications also need to know when to adapt
- Monitoring Service
- Can be dynamically loaded and unloaded
- No modifications in the applications
- Totally transparent to applications
- Uses the CORBA request-level interceptor OMG98a
22Monitoring Service Architecture
23Monitoring Service Overhead
Client
Server
Fast Ethernet
Ultra-60
Ultra-2
- String getHello ()
- Overhead
- when monitoring getHello 10.1
- with Monitoring Service on, but without
monitoring getHello 2.0
24Dynamic Security Service Prototype
- Can be dynamically loaded and unloaded
- Uses
- CORBA request-level interceps. for access control
- Cherubim Security Framework Campbell Qian 98
- Java Active Capabilities flexible dynamic
policies - implemented DAC, MAC
- working on RBAC, ABAC (?)
25Related Work
- Lancaster University Blair et al 98
- Python implementation of a Reflective ORB
- AspectIX Hauck et al 98
- Configurable ORB using Aspect-Oriented
Programming - COMERA Wang and Lee 98
- Configurable COM middleware
26Future and Ongoing Work
- LegORB a component-based reflective ORB
- select only the ORB functionality you need
- minimal configuration for client 6KB
- Implement a framework to support consistency in
dynamic configuration - state transfer
- inter-component dependency management
27Conclusions
- dynamicTAO is a powerful mechanism for
- implementing non-functional ORB services
- security
- monitoring
- communication mechanisms
- clean separation of concerns, transparency
- dynamic reconfiguration
- adaptive applications
28How to contact us
- e-mail
- f-kon_at_cs.uiuc.edu
- 2K Web site
- http//choices.cs.uiuc.edu/2K
29The 2K Architecture
30Security Architecture
- Java Active Capabilities
- Flexible Security Policies
- Caching of Authorization Decisions
- Auditing
31SwitchingThread-Pool ? Thread-per-Connection
(Example)
- Problem 1 queued incoming connections waiting
for a thread to execute them. - Solution encapsulated the queue in an object and
pass as an argument to the new strategy. - Problem2 strategy code cannot be unloaded
because threads return to it. - Solution ThreadPoolConfigurator that keeps track
of the threads handling client connections.
32Future and Ongoing Work
- Improve Security Service
- how to provide security for millions of
distributed objects efficiently? - Monitoring Service tools
- Specify what should be monitored
- Visualize monitored data graphically
33dynamicTAO Architecture