Policy Based Network Management System Design Document

PDF

Authors
  1. Spagnolo, J.
  2. Cayer, D.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);NRNS Inc, Ottawa ON (CAN)
Abstract
This report presents an architectural design and concept of operation for a policy-based network management system. Policy-based network management (PBNM) systems provide an automated means to configure and administer Policy Enforcement Point (PEP) devices such as virtual private network (VPN) gateways, firewalls and routers. The Policy Decision Point (PDP) takes high level policies as input and produces lower level PEP-specific policies as output. The PBNM system can process different types of policies. When evaluating policies, the PDP must identify and resolve conflicts within competing policies as well as take into consideration external factors such as the time-ofday and the current threat level.
Keywords
Common Open Policy Service (COPS) protocol;Inter-domain security policy;Network Managament;Policy;Policy-based network management;Policy Decision Point (PDP);Policy Editor;Policy enforcement;Policy Enforcement Point (PEP);Policy negotiation;Policy Negotiation Proxy (PNP);Policy object;Polic Processing Unit (PPU);Policy repository;Security policy;XML policy
Report Number
DRDC-OTTAWA-CR-2005-109 — Contractor Report
Date of publication
01 Sep 2005
Number of Pages
30
DSTKIM No
CA026675
CANDIS No
524593
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: