Monitoring, Security, and Dynamic Configuration with the dynamicTAO Reflective ORB

1
Monitoring, Security, and Dynamic Configuration
with the dynamicTAO Reflective ORB

• Fabio Kon, Manuel Roman, Ping Liu, Jina Mao,
• Tomonori Yamane, Luiz C. Magalhaes, and Roy H.
  Campbell
• f-kon,roy_at_cs.uiuc.edu
• Department of Computer Science
• University of Illinois at Urbana-Champaign
• http//choices.cs.uiuc.edu/2K/dynamicTAO

2
Introduction

• Network Operating System
• Facilitate management in modern computing
  environments
• Heterogeneity embedded sys., PDAs, laptops,
  workstations
• Dynamism rapid software evolution, mobile users
  computers
• Users must maintain different accounts in each
  platform
• GOAL
• Facilitate management by building a
  middleware-level operating system on top of this
  heterogeneous world

3
Requirements

• Run on multiple hardware platforms
• Run on top of different OSes
• Support different programming languages
• Support dynamism, late binding, components
• Solution
• OMG IDL
• CORBA ORBs
• Standard CORBA Services

4
But Theres A Problem!

• Conventional ORBs are static
• Fixed threading model
• Fixed transport protocol IIOP (over TCP/IP)
• Fixed security strategy (typically no security)
• Fixed scheduling
• Inadequate for a wide range of applications
• Multimedia
• Mobile Computing
• Adaptive Applications

5
Proposed SolutionReflective ORB

• Reflective Systems Smith 84
• Meta-Object Protocol Kiczales 91
• Reflective ORBs Singhai and Campbell 97
• The ORB maintains a representation of its own
  internal structure and allows
• Inspection
• Dynamic Reconfiguration

6
dynamicTAO

• Built as an extension of the TAO ORB Schmidt et
  al
• Written in C
• Modular design based on
  object-oriented design patterns
• TAO already supported startup configuration,
  configuration file specifies strategies for
• concurrency (threading model)
• request demultiplexing
• scheduling
• connection management

7
Adding Support for Dynamic Configuration

• dynamicTAO exports an interface called
  DynamicConfigurator, supporting
• 1. Transfer of components across the distributed
  system
• 2. Loading and unloading components
• 3. Inspecting and modifying the configuration of
  the ORB (and of applications running on top it)

8
Reifying the ORB Structure

• ComponentConfigurator framework
• Stores inter-component dependencies
• Allows browsing, inspection, and reconfiguration
• Can be customized through inheritance

9
dynamicTAO Structure
10
DynamicConfiguratorIDL Interface

• interface DynamicConfigurator
• stringList list_categories ()
• stringList list_implementations (in string
  categoryName)
• stringList list_loaded_implementations ()
• stringList list_hooks (in string
  componentName)
• string get_hooked_comp (in string
  componentName,
• in string
  hookName)
• string get_comp_info (in string
  componentName)
• .
• .
• .

11
Manage Component Implementations loaded in memory

• long load_implementation (in string
  categoryName,
• in string impName,
• in string params,
  ...)
• void hook_implementation (in string
  loadedImpName,
• in string
  componentName,
• in string hookName)
• void suspend_implementation (in string
  loadedImpName)
• void resume_implementation (in string
  loadedImpName)
• void remove_implementation (in string
  loadedImpName)
• void configure_implementation (in string
  loadedImpName,
• in string
  message)

12
Manage the ORB Persistent Component Repository

• void upload_implementation (in string
  categoryName,
• in string impName,
  
• in implCode
  binCode)
• void download_implementation (in string
  categoryName,
• inout string
  impName,
• out implCode
  binCode)
• void delete_implementation (in string
  categoryName,
• in string
  impName)

13
Example of Dynamic Configuration

• 1. myRemoteOrb-gtupload_implementation
  (Security, superSAFE,
• 
  superSAFE_impl)
• 2. newSecurityStrategy
• myRemoteOrb-gtload_implementation
  (Security, superSAFE)
• 3. oldSecurityStrategy
• myRemoteOrb-gtget_hooked_comp
  (dynamicTAO, Security_Strategy)
• 4. myRemoteOrb-gthook_implementation
  (newSecurityStrategy,
• 
  dynamicTAO, Security_Strategy)
• 5. myRemoteOrb-gtremove_implementation
  (oldSecurityStrategy)

14
Consistency

• Dynamic reconfiguration may break the consistency
  of the internal ORB engine.
• Consistency must be ensured by the ORB developer
  and by the component developer.
• Achieved by creating customized subclasses of the
  ComponentConfigurator class
• TAOConfigurator
• Servant1Configurator
• MonitoringStrategyConfigurator
• ...

15
Example of ConsistentDynamic Reconfiguration

• Concurrency strategies
• 1. Reactive (single-threaded)
• 2. Thread-per-Connection
• 3. Thread-Pool
• Switching from 1 or 2 to any other OK
• Switching from Thread-Pool problematic

16
Implementing Reconfigurable ORB Components

• Two major things to consider
• 1. Transferring the state from the old component
  to the new component
• 2. Making sure that no dangling references to the
  old component remain
• Must customize TAOConfigurator or strategy
  configurator (e.g. ThreadPoolConfigurator)

17
Accessing the ORB Reconfiguration Interface

• 1. Local or remote code through IDL
• 2. Telnet
• 3. Java GUI
• 4. Reconfiguration Agents

18
DOCTORDynamic ORB Configuration Tool
19
Reconfiguration with Mobile Agents

• Suitable for Large-Scale Systems
• Agents may carry
• graph
• reconfiguration script
• state
• results

20
Applications of Reflective ORBs

• Completed Prototypes
• Flexible Object Monitoring Service
• Dynamic Security Service
• Ongoing work
• Multimedia applications
• CORBA File System

21
Monitoring Distributed Object Interactions

• dynamicTAO shows how to adapt
• Applications also need to know when to adapt
• Monitoring Service
• Can be dynamically loaded and unloaded
• No modifications in the applications
• Totally transparent to applications
• Uses the CORBA request-level interceptor OMG98a

22
Monitoring Service Architecture
23
Monitoring Service Overhead
Client
Server
Fast Ethernet
Ultra-60
Ultra-2

• String getHello ()
• Overhead
• when monitoring getHello 10.1
• with Monitoring Service on, but without
  monitoring getHello 2.0

24
Dynamic Security Service Prototype

• Can be dynamically loaded and unloaded
• Uses
• CORBA request-level interceps. for access control
• Cherubim Security Framework Campbell Qian 98
• Java Active Capabilities flexible dynamic
  policies
• implemented DAC, MAC
• working on RBAC, ABAC (?)

25
Related Work

• Lancaster University Blair et al 98
• Python implementation of a Reflective ORB
• AspectIX Hauck et al 98
• Configurable ORB using Aspect-Oriented
  Programming
• COMERA Wang and Lee 98
• Configurable COM middleware

26
Future and Ongoing Work

• LegORB a component-based reflective ORB
• select only the ORB functionality you need
• minimal configuration for client 6KB
• Implement a framework to support consistency in
  dynamic configuration
• state transfer
• inter-component dependency management

27
Conclusions

• dynamicTAO is a powerful mechanism for
• implementing non-functional ORB services
• security
• monitoring
• communication mechanisms
• clean separation of concerns, transparency
• dynamic reconfiguration
• adaptive applications

28
How to contact us

• e-mail
• f-kon_at_cs.uiuc.edu
• 2K Web site
• http//choices.cs.uiuc.edu/2K

29
The 2K Architecture
30
Security Architecture

• Java Active Capabilities
• Flexible Security Policies
• Caching of Authorization Decisions
• Auditing

31
SwitchingThread-Pool ? Thread-per-Connection
(Example)

• Problem 1 queued incoming connections waiting
  for a thread to execute them.
• Solution encapsulated the queue in an object and
  pass as an argument to the new strategy.
• Problem2 strategy code cannot be unloaded
  because threads return to it.
• Solution ThreadPoolConfigurator that keeps track
  of the threads handling client connections.

32
Future and Ongoing Work

• Improve Security Service
• how to provide security for millions of
  distributed objects efficiently?
• Monitoring Service tools
• Specify what should be monitored
• Visualize monitored data graphically

33
dynamicTAO Architecture