Tải bản đầy đủ (.pdf) (50 trang)
  1. Trang chủ
    2. >>
  2. Công Nghệ Thông Tin
    3. >>
  3. Quản trị mạng

Tài liệu MIDDLEWARE NETWORKS- P1 ppt

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (603.75 KB, 50 trang )

TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
M
IDDLEWARE
N
ETWORKS
C
ONCEPT
, D
ESIGN
AND
D
EPLOYMENT OF
I
NTERNET
I
NFRASTRUCTURE
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
The Kluwer International Series on
ADVANCES IN DATABASE SYSTEMS
Series Editor
Ahmed K. Elmagarmid
Purdue University
West Lafayette, IN 47907
Other books in the Series:
ADVANCED DATABASE INDEXING, Yannis Manolopoulos, Yannis Theodoridis, Vassilis J.
MULTILEVEL SECURE TRANSACTION PROCESSING, VijayAtluri, Sushil Jajodia, Binto George
FUZZY LOGIC IN DATA MODELING, Guoqing Chen ISBN: 0-7923-8253-6
INTERCONNECTING HETEROGENEOUS INFORMATION SYSTEMS, Athman Bouguettaya,
Boualem Benatallah, Ahmed Elmagarmid ISBN: 0-7923-8216-1


FOUNDATIONS OF KNOWLEDGE SYSTEMS: With Applications to Databases and Agents,
Gerd Wagner ISBN: 0-7923-8212-9
DATABASE RECOVERY, Vijay Kumar, Sang H. Son ISBN: 0-7923-8192-0
PARALLEL, OBJECT
-
ORIENTED, AND ACTIVE KNOWLEDGE BASE SYSTEMS, Ioannis
DATA MANAGEMENT FOR MOBILE COMPUTING, Evaggelia Pitoura, George Samaras ISBN:
MINING VERY LARGE DATABASES WITH PARALLEL PROCESSING, Alex A. Freitas, Simon H.
Lavington ISBN: 0-7923-8048-7
INDEXING TECHNIQUES FOR ADVANCED DATABASE SYSTEMS, Elisa Bertino, Beng Chin
Ooi, Ron Sacks
-
Davis, Kian
-
Lee Tan, Justin Zobel, Boris Shidlovsky, Barbara Catania ISBN:
INDEX DATA STRUCTURES IN OBJECT
-
ORIENTED DATABASES, Thomas A. Mueck, Martin L.
DATABASE ISSUES IN GEOGRAPHIC INFORMATION SYSTEMS, Nabil R. Adam, Aryya
VIDEO DATABASE SYSTEMS: Issues, Products, and Applications, Ahmed K. Elmagarmid,
REPLICATION TECHNIQUES IN DISTRIBUTED SYSTEMS, Abdelsalam A. Helal, Abdelsalam
SEARCHING MULTIMEDIA DATABASES BY CONTENT, Christos Faloutsos ISBN: 0-7923-
TIME
-
CONSTRAINED TRANSACTION MANAGEMENT: Real
-
Time Constraints in Database
Transaction Systems, Nandit R. Soparkar, Henry F. Korth, Abraham Silberschatz ISBN:
DATABASE CONCURRENCY CONTROL: Methods, Performance, and Analysis, Alexander
Tsotras; ISBN: 0-7923-7716-8

ISBN: 0-7923-7702-8
Vlahavas, Nick Bassiliades ISBN: 0-7923-8117-3
0-7923-8053-3
0-7923-9985-4
Polaschek ISBN: 0-7923-9971-4
Gangopadhyay ISBN: 0-7923-9924-2
Haitao Jiang, Abdelsalam A. Helal, Anupam Joshi, Magdy Ahmed ISBN: 0-7923-9872-6
A. Heddaya, Bharat B. Bhargava ISBN: 0-7923-9800-9
9777-0
0-7923-9752-5
Thomasian, IBM T. J. Watson Research Center ISBN: 0-7923-9741-X
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
MIDDLEWARE NETWORKS
Concept, Design and Deployment of
Internet Infrastructure
Michah Lerner, AT&T Labs
George Vanecek, AT&T Labs
Nino Vidovic, AT&T Labs
Dado Vrsalovic, Intel Corp.
KLUWER ACADEMIC PUBLISHERS
New York/Boston/Dordrecht/London/Moscow
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
eBook ISBN: 0-306-47022-5
Print ISBN: 0-792-37840-7
©2002 Kluwer Academic Publishers
New York, Boston, Dordrecht, London, Moscow
Print ©2000 Kluwer Academic / Plenum Publishers
New York

All rights reserved
No part of this eBook may be reproduced or transmitted in any form or by any means, electronic,
mechanical, recording, or otherwise, without written consent from the Publisher
Created in the United States of America
Visit Kluwer Online at:
and Kluwer's eBookstore at:
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Table of Contents
List of Figures ..................................................
xiii
Preface .............................................................
xix
Acknowledgements ...............................................
xxiii
List of Tables ....................................................
xvii
PART I
Chapter1
IP T
ECHNOLOGY
F
UNDAMENTALS
Introduction
...............................................................
1.1 The Golden Age of the Telecommunication Industry ...............
1.2 Internet – The New Kid on the Block ..................................
1.3 Metamorphosis of the Telecommunications Industry ..............
1.4 Rising Intelligence in the Network .....................................
1.5 Civilizing Data Networks

..................................................
1.7 Growing Dependency on Middleware ........................................
1.6 End
-
point Devices and the Changing the Role of Networks .........
1.8 Need for Protocol Mediation and Translation in the Network ......
1.9 Emergence of IP as the Unifying Mechanism of Computing and
Communication ...........................................................
1.10 From Protocols to Interfaces ............................................
1.11 Challenges for the 21st Century Networks ............................
1.1 1.1 Empowering Anyone to become a Service Provider?
.................
1.11.2 Enabling Faster Time to Market at Lower Cost
.........................
1.11.3 Reducing Complexity and Providing for Ease
-
of use
................
3
3
5
7
8
11
12
13
14
16
18
19

20
22
22
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
vi
M
IDDLEWARE
N
ETWORKS:
C
ONCEPT,
D
ESIGN AND
D
EPLOYMENT
Chapter 2
PART II
Chapter 3
1.11.4 Design for Seamless Interoperability and Mobility
..................
1.11.5 Working towards Reliable IP Networks
..................................
1.11.6 Consolidated Intelligence in Data Networks
............................
1.12 Summary ...................................................................
Technology Overview
.......................................................
2.1 Public Switched Telephone Network (PSTN) ............................
2.1.1 Intelligent Network

.......................................................
2.1.2 Private Branch Exchange, Key Systems, and Centrex
..................
2.1.3 Services Spanning both the PSTN and the Internet
....................
2.2 Packet Networks ..............................................................
2.3 Network Access and the Local Loop ....................................
2.4 World
-
Wide Web .............................................................
2.5 Java Language ...............................................................
2.5.1 Green Project
.............................................................
2.5.2 First Person Inc.
............................................................
2.5.3 HotJava and the “tumbling”Duke
............................................
2.5.4 JavaSoft
...................................................................
2.6 IP Version 6 .................................................................
2.7 IPSec: Internet Protocol Security ..............................................
2.8 Common Object Request Broker Architecture ............................
2.9 Virtual Private Networks .....................................................
2.10 Quality of Service ........................................................
2.11 IP Telephony and Voice over IP ..........................................
2.12 Unified Messaging ...........................................................
2.13 Electronic Commerce ...................................................
2.14 Summary .....................................................................
IP S
ERVICE

P
LATFORM
F
UNDAMENTALS
Network
-
enabled and Online Services
...........................
3.1 The Market for Online Services ..............................................
3.2 Issues with the Development and Delivery of Network
-
Enabled and
Online Services ..............................................................
3.2.1 Implications of these Issues
.................................................
3.2.2 Network-Enabled and Online Services Architecture
....................
3.2.3 The Opportunity for Network Carriers
.....................................
3.3 A Solution: IP Service Platform .........................................
3.3.1 Benefits of Networking Middleware
.....................................
3.4 Service Provisioning Scenario ..........................................
23
24
24
24
27
27
30

31
32
34
39
41
47
47
48
48
49
49
53
56
57
62
66
69
70
72
75
78
80
81
81
83
84
89
90
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

vii
Chapter 4
Chapter 5
3.4.1 How a Service is Deployed
.................................................
3.4.2 Where do Services Run?
......................................................
3.4.3 Network Integration Services
.............................................
3.4.4 How Authentication Tokens Can Protect Network Web Content
........
3.4.5 Multiple Networks and Accounts
...........................................
3.5 Summary .......................................................................
Platform Requirements and Principles
...........................
4.2 Security ........................................................................
4.1 Requirements ..................................................................
4.2.1 Adequate Security for Acceptable Cost
...................................
4.2.2 Technical Security Differs from Organizational Trust
..................
4.2.3 Security Goals
............................................................
4.2.4 Information Integrity
......................................................
4.2.4.1 Accountability .....................................................
4.2.3.1 Information Secrecy ..............................................
4.2.4.2 Availability ........................................................
4.2.5 Security Summary

........................................................
4.3 Scalability .....................................................................
4.3.1 Current or Known Solutions
.............................................
4.3.1.1 Client
-
Server Architecture .......................................
4.3.1.2
Client
-
Server Architecture Extended with Proxy Machines
....
4.3.1.3
Architecture Based on Communicating Proxy Machines
....
4.3.1.4 Multiple Servers and POPs ....................................
4.4 Extensibility ..................................................................
4.5 Design Principles ............................................................
4.5.1 Routing Principle
.........................................................
4.5.2 Membership Principle
....................................................
4.5.3 Authentication Principle
...................................................
4.5.4 Activity Principle
.........................................................
4.5.6 Access Principle
.........................................................
4.5.7 Tracking Principle
.........................................................

4.5.5 Mediation Principle
.......................................................
4.6 Summary ......................................................................
Cloud Architecture and Interconnections
........................
5.1 Cloud Architecture ...........................................................
5.1.1 Applications, Kernels and Switches
.......................................
5.1.2 Points of Presence (POPs) and System Operation Centers (SOCs)
....
5.1.3 Gates, Cores, and Stores
...................................................
5.1.4 POP Based Authentication and Aggregation
..............................
5.2 Small Cloud: Development and Providers ................................
5.3 Large Service Node Cloud, the SNode ..................................
91
97
98
98
100
101
103
103
106
106
108
108
110
110

111
112
113
113
115
115
116
116
117
118
119
120
121
121
122
123
124
125
125
127
128
129
129
131
133
134
136
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
viii

M
IDDLEWARE
N
ETWORKS:
C
ONCEPT,
D
ESIGN AND
D
EPLOYMENT
PART
III
Chapter
6
5.4 Distributed Network Cloud (GuNet) ...................................
5.5 Gates as Distributed Network Elements (DNE) ........................
5.5.1 Routing Protocols and the Inherent Difficulty of Resource Allocation
...
5.5.2 Distributed Network Element Integrates Gate with Network Elements
....
5.5.2.1 DNE Specialization of Gate Functionalities ..........................
5.5.2.2 DNE Functional Areas ............................................
5.5.2.3 DNE Behavior ....................................................
5.7 Summary ....................................................................
5.6 Scaling with Multiple Clouds ..............................................
B
UILDING THE
IP S
ERVICE
P

LATFORM
Interoperable and Scalable Security
.................................
6.1 Secure System Structure ....................................................
6.2 Cryptographic Fundamentals of Secure Systems ...................
6.2.1 Symmetric Crptography
...................................................
6.2.2 Asymmetric
-
Key Encrption
...............................................
6.2.3 Digital Signatures – Cryptographic Seals
................................
6.3 Peer Credential and Key Management ....................................
6.3.1
Authentication and Session Layers
......................................
6.3.2
Key Hierarchy
..........................................................
6.3.3
Key Lifetimes
...........................................................
6.3.4
Rekeying
.................................................................
6.3.4.1 Authentication Rekeying ..........................................
6.3.4.2 Session Rekeying .................................................
6.3.5
Peer

-
Based Credential Usage
..............................................
6.3.6
Cloud Security
...........................................................
6.3.6.1 Gates and Peers ...................................................
6.3.6.2 Corporate Intranets ...............................................
6.3.7
Intercloud Security
.......................................................
6.3.8
Roaming
.................................................................
6.3.9
Security Applications and Benefits
.......................................
6.4 Trust Boundaries: Firewalls and Protocols .................................
6.4.1
Managed Firewalls
......................................................
6.4.2
Discussion of Rules
-
Based Flrewall
......................................
6.5 Public Key Infrastructure – PKI ...........................................
6.5.2
Certificates Characteristics and Syntax
...................................

6.3.5.1 Selective Encryption ..............................................
6.5.1
PKI and the X.509 v3 Certificate Authority
...............................
6.5.3
Certificate Validation
....................................................
6.5.4
Middleware Networks and the Public Key Infrastructure
..............
6.5.4.2 Advantages of PKI Principles ....................................
6.5.4.1 Five Principles of an Open PKI ..................................
6.5.4.3 Additional Value
-
Added Services ................................
137
139
139
141
141
142
144
144
145
151
152
155
156
158
159

162
165
167
168
169
169
170
170
172
172
174
175
175
177
179
180
180
183
187
188
190
191
192
193
194
196
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
ix
Chapter 7

6.5.5
Conformance and Compliance with External CA
.......................
6.6 IPSec ........................................................................
6.7 Authentication, Secure Single
-
Sign
-
On and Service
-
Access ........
6.7.1 Web Browser Security – Peerless Web Login and Service Access
.......
6.7.1.1
Saved State in
RFC-2109
“Cookies”
.................................
6.7.1.2Encrypted Cookies from Authentication to Termination ......
6.7.2 Microsoft NTLM and Browser Authentication
..........................
6.7.2.1 Microsoft Security Architecture ..................................
6.7.2.2
Single
-
Sign
-
On to Middleware Services through NTLM
.........
6.7.2.3

Single
-
Sign
-
On to Microsoft Services through Middleware
......
6.7.2.4
LDAP Credentials with Microsoft Commercial Internet System
..
6.8 Summary ..................................................................
APIs and Managed Infastructure
.....................................
7.1 Viewpoints on Middleware ...............................................
7.1.1
Middleware as Integrator of Standards
..................................
7.1.2
Middleware as Extender of Standards
..................................
7.1.3
Characteristics of Network Middleware APIs
.............................
7.1.3.1 Object Oriented and Extensible .................................
7.1.3.2 Abstraction .....................................................
7.1.3.3 Complete Coverage .............................................
7.1.3.4 Comparison with Remote Procedure Call (RPC) ...........
7.2 Managed Networks .......................................................
7.2.1
Substrate: Middleware-Defined Networks
..............................

7.2.2
Middleware as Service Manager: The Service Model
.................
7.2.3
Middleware as Manager of Global Shared State
.........................
7.3 Organization of the Middleware APIs .................................
7.3.1
PD – Proxy Development
..............................................
7.3.2
SD – Service Development and Peer
...................................
7.3.2.1
Peer Functionality
..............................................
7.3.3
Network Development – ND
...........................................
7.3.4
Operations Development – OD
........................................
7.4 Summary .................................................................
Chapter 8
Smart Network Components
............................................
8.1.1
Gate Capabilities
....................................................
8.1 Overview of SNode — Edge Gateway Functionality .................

8.2 Active Registries: Connections, Users and Services .................
8.2.1
Authenticated User Registry (AUR)
....................................
8.2.2
Authenticated Service Registry (ASR)
..................................
8.2.3
Authenticated Connections Table (ACT, AuthConnTab)
...............
8.2.4
Programming the Registries – AUR, ASR and ACT
...................
8.2.4.1 Validation of Identity – Peer and HTTP CallerID .........
197
198
201
202
203
204
206
206
207
208
210
211
213
214
215
216

217
218
218
219
220
220
220
224
225
226
228
232
233
235
235
236
239
242
244
246
248
249
250
251
253
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
x
M
IDDLEWARE

N
ETWORKS:
C
ONCEPT,
D
ESIGN AND
D
EPLOYMENT
8.2.4.2 Specification of Connection Control – Packet Filter API ..... 254
8.2.4.3 Validation of Access Control – Access Check API ......... 256
8.2.4.4 Usage Recording and Retrieval APIs ............................. 256
8.2.5 Summary of the Gate Architecture and Capabilities
................... 257
8.3 Domains: Accounts, Users and Services ................................ 258
8.3.1 Membership Structure
................................................... 260
8.3.2 Domain Model
.......................................................... 261
8.3.3 Domain Objects: Accounts, Users, and Services
.......................... 262
8.3.3.1 Subscriber Management ......................................... 262
8.3.4 Account Privilege List
.................................................. 265
8.3.5 Service Access Control List
.............................................. 265
8.3.6 User Subscription List
.................................................... 266
8.3.7 Objects and Attributes
................................................... 266
8.3.7.1 Retrieving Attribute Values ...................................... 267

8.3.7.2 Retrieving Multiple Attribute Values in One Network Call . . . 269
8.3.7.3 Value Refresh .................................................... 270
8.3.7.4 C++ Example Running as Proxy Code ........................... 271
8.4 Service Development ...................................................... 271
8.4.1 SD APIs for Service Development and Development and Peer
........... 272
8.4.2 Service Development (SD) Application Models
........................... 276
8.4.4 Monolithic Peer Application Model
..................................... 278
8.4.5 Connection Objects Independent of Domains and Locations
............. 279
8.4.6 External Peer Application Model
......................................... 281
8.4.3 Peerlets
................................................................ 277
8.5 Summary .................................................................. 282
Chapter 9
Mechanisms of Middleware Components
........................
9.1 Rules
-
Based Packet Filter Firewall .....................................
9.1.1 Rules Management: Unambiguous Caching of Dynamic Entries
.......
9.1.2 How to Build a Packet Filter
...........................................
9.2 Security Framework: Authentication Proxy and Agents ............
9.2.1 Authentication Agent – Control Daemon and Peers
....................

9.2.2 Authentication Agents – Data Proxy and Secured Web “Logins”
.......
9.2.3 Authentication – RADIUS Dial Support and Session Control
..........
9.2.4 Firewall and Access Control –
Access
Daemon
..........................
9.2.5 Middleware
-
Based PKl and PKl Management
..........................
9.2.5.1
PKI
as Basis for Wide Scale Single
-
Sign
-
On
..........................
9.2.5.2
Credential Generation

Accreditation
of
Authorities
...............
9.2.5.3
Credential Enrollment


Importation
of
Certificates
.................
9.2.5.4
Credential Revocation

Invalidation
of
Thumbprints
..............
9.2.5.5
Examples
of
PKI
Management and Revocation Services
..........
9.3 Proxy Framework .........................................................
9.3.1 Proxy Framework Mechanisms
...........................................
9.3.1.1 Proxy Framework Behavior ....................................
9.3.1.2
Summary
of
Proxy and Component Interactions
..................
283
283
287
289

290
294
294
296
297
300
301
302
303
303
304
304
305
306
308
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
xi
Chapter 10
Chapter 11
Chapter 12
9.4 Proxy Design, Deployment and Methodology ..........................
9.4.1 Deployment of Proxy
-
Enabled Services
....................................
9.4.1.1 Proxy
-
Enabled Service Definition .............................
9.4.1.3

Proxy
-
Enabled Traffic Flow for Gate
-
Deployed Mediation
.....
9.4.2 Proxy Design and Development Methodology
.............................
9.4.2.1 Proxy Affinity and Server Affinity ............................
9.4.2.2 Examples of Proxy Affinity and Server Affinity .........
9.4.3.1 DNS: End
-
point Enhancement for Names and Services ....
9.4.3.3
CIFS: Data Path Enhancement for File and Print Services
.......
9.5 Programmable Interfaces for Networks (PIN) ..........................
9.5.1 Edge Gateway Architecture and Distributed Network Element (DNE)
.....
9.5.3 Distributed Network Element – DNE
.....................................
9.6 Summary ..................................................................
9.4.1.2 Proxy-Enabled Service Activation ............................
9.4.3 Enhancement Examples – DNS, HTTP and CIFS ...................
9.4.3.2 HTTP: Web Development Framework .........................
9.5.2 Broadband Network Reference Implementation of PIN
.................
Systems Management and Monitoring
...........................
10.1 Third

-
party Network Management System .............................
10.2 GMMS Overview ........................................................
10.3 Event System, An Overview ...........................................
10.3.1 Event System Concepts
................................................
10.3.2 Implementation
........................................................
10.3.2.1 Requirements .................................................
10.3.2.2 Architecture ...................................................
10.4 Summary .................................................................
Sample Consumer Services
...........................................
11.1 KidsVille .................................................................
Conclusion: Future Directions
........................................
12.1 Application Service Providers .........................................
12.2 ASPs and IP Service Platforms .......................................
12.3 Summary ................................................................
Glossary
.....................................................................
References
...................................................................
Index
..........................................................................
309
309
310
311
312

313
313
315
315
316
317
318
323
324
324
327
330
331
334
336
338
339
339
340
341
343
345
347
351
353
356
358
361
365
371

TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
This page intentionally left blank.
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
List of Figures
Figure 1
-
1:
Figure 1
-
2:
Figure 1
-
3:
Figure 2
-
1:
Figure 2
-
2:
Figure 2
-
3:
Figure 2
-
4:
Figure 2
-
5:

Figure 2
-
6:
Figure 2
-
7:
Figure 2
-
8:
Figure 2
-
9:
Figure 2
-
10:
Figure 2
-
11:
Figure 2
-
12:
Figure 2
-
13:
Figure 3
-
1:
Figure 3
-
2:

Figure 3
-
3:
Figure 3
-
4:
Figure 3
-
5:
Figure 3
-
6:
Figure 3
-
7:
Figure 3
-
8:
Figure 3
-
9:
Figure 3
-
10:
Kansas, 1909 – The Wages of Competition ....................................
Identical Smokestacks ...........................................................
Middleware Model ...............................................................
The LATA view of PSTN ......................................................
Connection Layers: Tower, MTSO Mobile Switch, PSTN Central Office . . .
SS7 components of an IN/AIN .................................................

Tunneling to an ISP over POTS to reach the Internet .............................
Internet and POTS with Digital Subscriber Loop ...............................
Internet and Television access over Cable .......................................
On the Road to the World
-
Wide Web ............................................
WWW Connectivity ............................................................
IPSec Transport Mode ..........................................................
IPSec Tunnel Mode .............................................................
Enterprise VPN Combining Best Public and Private Networks ..............
Typical VPN Solution ..........................................................
IP Telephony Components ......................................................
Building Global Markets .......................................................
First Generation Architecture for Network
-
Enabled Services ................
Merging the Internet and International Telephone Systems ................
Reengineering of the Network
-
Computing Architecture ...................
Distributed Online System .......................................................
PCs to Phones – Middleware Networking Supports All Devices ............
All Users Obtain Access to All Services ......................................
Jane the Dandelion Wine Merchant’s Unmanaged Internet .................
Jane’s Partially Managed Internet .............................................
Peered Tunnels ...................................................................
4
10
10
28

29
31
35
41
42
43
44
53
54
58
59
67
79
82
84
85
86
87
88
93
94
96
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
xiv
M
IDDLEWARE
N
ETWORKS:
C

ONCEPT,
D
ESIGN AND
D
EPLOYMENT
Figure 3
-
11:
Figure 4
-
1:
Figure 4
-
2:
Figure 4
-
3:
Figure 4- 4:
Figure 4
-
5:
Figure 4
-
6:
Figure 4
-
7:
Figure 4
-
8:

Figure 4
-
9:
Figure 4
-
10
Figure 4
-
11:
Figure 4
-
12:
Figure 4
-
13:
Figure 5
-
1:
Figure 5
-
2:
Figure 5
-
3:
Figure 5
-
4:
Figure 5
-
5:

Figure 5
-
6:
Figure 5
-
7:
Figure 5
-
8:
Figure 5
-
9:
Figure 5
-
10:
Figure 6
-
1:
Figure 6
-
2
Figure 6
-
3:
Figure 6
-
4:
Figure 6
-
5:

Figure 6
-
6:
Figure 6
-
7:
Figure 6
-
8:
Figure 6
-
9:
Figure 6
-
10:
Figure 6
-
11:
Figure 6
-
12:
Figure 6
-
13:
Figure 6
-
14 :
Figure 6
-
15:

Figure 7
-
1:
Figure 7
-
2:
Services as Stores on the Middleware Network ..................................
Typical Architecture of the Internet .............................................
“Classical” Client
-
Server Architecture ...........................................
Proxy Architecture ...............................................................
Communicating Proxies Architecture ...........................................
Multiple Machines Sharing Single Link ........................................
Multiple Machines Sharing Multiple Links ....................................
Routing Principle: Peer
-
Gate
-
Peer Communication..............................
Membership Principle – One
-
time Initial Registration .........................
Authentication Principle – Gates Identify Access to Cloud .................
Activity Principles – Gates Monitor Authentication .............................
Mediation Principle – Clouds Redirect to Service Proxies ..................
Access Principle – Peers Manage Traffic at Gates ..............................
Tracking Principle – Usage and State Changes Logged at Gates .............
Points of Presence and Operating Centers Located at Network Edge ......
Interconnected SPOPs Using DNE and Full Gates (non

-
DNE) ..............
Large Cloud Showing Gates, DNEs, Stores, and Core .........................
Small SNode Composed of Three Gates and One Core ........................
Logical View of a Large Middleware Service Node ............................
Distributed GUNet Cloud Via Cylink’s VPN Solution Over Internet ........
Distributed Network Element (DNE) ..........................................
Networks Scale with Multiple Autonomous Domains ..........................
Architecture of Middleware System Security ................................
Encryption and Decryption with Shared
-
Secret Key ...........................
Encrypted Links between Peers and Cloud ....................................
Single
-
Gate Cloud with Centralized Store ......................................
Network
-
Based Access Control ................................................
Authentication Protocol .........................................................
Key Hierarchy ..................................................................
Incoming and Outgoing Filters .............................................
Rule Sets Enforce Session Level Policy .......................................
Packet
-
Filter Rule Stacks .......................................................
IPSec Connection to Service with Cloud
-
Administered Access Control .....
Web

-
Based Authentication .....................................................
Protocol Flow and NetBios Proxy .............................................
Credential Swapping ............................................................
Network Middleware Layers ................................................
Internal and External Views of the Cloud .......................................
IPSec Tunnel Between User and Gateway ....................................
Security Associations with SNode and Service – IPSec Through Gate ......
Data Flow Validating Access via NTLM Credentials ..........................
97
113
115
116
117
118
118
120
121
122
123
123
124
125
130
131
132
135
136
137
138

142
143
146
154
157
166
167
167
183
184
184
199
200
200
204
208
209
210
213
221
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
xv
Figure 7
-
3:
Figure 7
-
4:
Figure 7

-
5:
Figure 7
-
6:
Figure 7
-
7:
Figure 7
-
8:
Figure 7
-
9:
Figure 7
-
10:
Figure 7
-
11:
Figure 7
-
12:
Figure 8
-
1:
Figure 8
-
2:
Figure 8

-
3:
Figure 8
-
4:
Figure 8
-
5:
Figure 8
-
6:
Figure 8
-
6:
Figure 8
-
7:
Figure 8
-
8:
Figure 8
-
9:
Figure 8
-
10:
Figure 8
-
11:
Figure 8

-
12:
Figure 8
-
13:
Figure 8
-
14:
Figure 8
-
15:
Figure 8
-
16:
Figure 8
-
17:
Figure 8
-
18:
Figure 8
-
19:
Figure 8
-
20:
Figure 8
-
21:
Figure 8

-
22:
Figure 8
-
23:
Figure 9
-
1:
Figure 9
-
2:
Figure 9
-
3:
Figure 9
-
4:
Figure 9
-
5:
Figure 9
-
6:
Figure 9
-
7:
Function and Performance Unpredictable with Unconstrained Routing ....
Non
-
Proxied Route ..............................................................

IP Traffic under Explicit Routing ..............................................
Gate Components – Network Interfaces through Application Proxies ......
Middleware Layers Supporting End
-
to
-
End Connection .....................
Custom Proxy Code Installed with Proxy API ..................................
SDK Integrates Client to Cloud
-
Managed Network and Services ............
Open APIs Expose Platform Functionality .....................................
Clients Capabilities Extended through Common Platform with SD .........
Logical Cloud: Network, Filter, Framework, Processes and Services .........
Custom Server Code Installed with Proxy API .................................
Edge Gateway: Filters and Proxies Extending Protocols and Interfaces ......
Gate Enforces Security Boundary .............................................
Secure Global Storage: Active Registries .......................................
Example of AUR Update ......................................................
Access to Authenticated Connections (AuthConnTab) ........................
Level
-
One Packet Filter API ..................................................
Level
-
Two Packet Filter APIs ..................................................
Access Control Validation APIs .................................................
Submitting Usage Record .........................................................
Elements and Interactions of Usage Subsystem ................................
General Credential

-
Issuance Framework ........................................
Secure Global Storage: Domain API and Database .............................
Domain Model and Attributes ..................................................
Two Independent Domains ......................................................
Sample Account Hierarchy for Manufacturing Domain ......................
Retrieval of User Joe from Domain foobar.com ................................
Modifying Attribute Values ....................................................
Network Thread API Combines with Domain API .............................
HTTP CallerID Wedge in Peer .................................................
The “Simplest” Peerlet ..........................................................
Monolithic Peer with Authentication Code .....................................
Simples Monolithic Peer without Authentication ...............................
External Application Model .....................................................
Firewall Integrates Transport Features with Service Requirements ..........
Streams
-
Based Packet
-
Filter .....................................................
Authentication Structure ..........................................................
Service Provider Interface .......................................................
Integrated Security Architecture .................................................
Authentication Protocol “Dance” .................................................
Time
-
Varying Encrypted Cookies Securing Identity .............................
222
223
223

229
230
230
231
232
233
234
240
243
244
247
252
253
255
255
256
256
257
259
259
260
262
264
268
271
272
275
277
279
280

281
284
289
291
292
293
294
296
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
xvi
M
IDDLEWARE
N
ETWORKS:
C
ONCEPT,
D
ESIGN AND
D
EPLOYMENT
Figure 9
-
8:
Figure 9
-
9:
Figure 9
-
10:

Figure 9
-
11:
Figure 9
-
12:
Figure 9
-
13:
Figure 9
-
14:
Figure 9
-
15:
Figure 9
-
16:
Figure 9
-
17:
Figure 9
-
18:
Figure 9
-
19:
Figure 9
-
20

Figure 10
-
1:
Figure 10
-
2:
Figure 10
-
3:
Figure 10
-
4:
Figure 10
-
5:
Figure 11
-
1:
Figure 11
-
2:
Figure 11
-
3:
Figure 11
-
4:
Figure 11
-
5:

Figure 12
-
1:
Figure 12
-
2:
Figure 12
-
3:
Multiple Cloud Firewall ........................................................
User
-
Managed Certificate Selection and Revocation ..........................
Simplest Proxy Source Code ..................................................
Packet Filter Protects Gateways and Supports Proxies .........................
Announcement and Cloud Mediated Access ...................................
Detailed Traffic Flow from Client to Proxy and Service .......................
IEEE Programmable Interfaces Networks (PIN) Reference Model ..........
Multiple Layers Integrates Standards
-
Based Transports ...................
One
-
Time Secure Authentication Allows Client to Request Content ........
Client IP
-
Based Request with Delivery over High
-
speed Transport .........
Access Control and Load Balancing through DNE and Network Elements . .

DNE Data and Control Structures ...........................................
GMMS Web GUIs for Remote Management of All Components ............
Firewall/SNMP
-
Proxy Solution ................................................
GMMS Hierarchical Structure ..................................................
PIN Model Realization of Managed IP Over ATM ............................
Security Problems of SNMP/RPC Traffic Traversing Firewall ..............
GMMS and NMS Integrate Application Management .........................
Conceptual Diagram of Subscribers Access to Service .........................
KidsVille-II Login Screen ......................................................
KidsVille-II Sending E
-
mail Through Secure Server ...........................
The Merging of ISPs and ASPs ...............................................
ASP Players (International Data Corp., 1999) ................................
Taxonomy of ASP Businesses .................................................
KidsVille-II Homeroom Displays Services with 3D Graphics ................
Chatting with Friends On KidsVille-II .........................................
300
304
306
309
312
314
324
325
326
326
327

328
329
333
334
335
335
336
347
348
349
349
350
352
355
357
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
List of Tables
TABLE 1:
TABLE 2:
TABLE 3:
TABLE 4:
TABLE 5:
TABLE 6:
TABLE 7:
TABLE 8:
TABLE 9:
TABLE 10:
TABLE 11:
Cryptographic Elements .......................................................

Crypto Key Lifetimes ...........................................................
Firewall Actions ...............................................................
Certificate Fields ................................................................
Network APIs and Component Availability ..................................
CallerID Table Maintenance and Access ....................................
SD Java Classes and Purpose .................................................
C/C++ Interfaces with SD .....................................................
Commonly Used Ports .........................................................
Student Projects during Fall 1999 Developed Innovative Services .......
Layered Architecture Combines Firewall and Proxies ....................
157
169
182
190
227
245
254
273
276
308
346
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
This page intentionally left blank.
TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Preface
Long ago, when the computer industry was young, software was built – and rebuilt –
from the “ground up”. Each application was custom designed and built for a given
machine, and interacted directly with the hardware of that particular machine only.

The idea of a common operating system – let alone middleware upon which to rapidly
develop new applications – was a mere flicker of a dream in the minds of a few vision
-
aries. The applications for a particular computer were usually built by its vendor. Need
-
less to say, software was scarce and expensive.
Gradually, computer vendors began to recognize that software applications would
become the driving force of their industry. In their quest to satisfy customer demands
for unerring software rapidly delivered, the vendors sought new ways to develop soft
-
ware more quickly and at a lower cost. From these roots, the Independent Software
Vendor (ISV) industry emerged. In order to make the building of applications cheaper
and easier, ISVs, often in partnership with computer vendors, endeavored to create an
“environment” that would assure more or less “common” functionality for all applica
-
tions. As a result, various operating systems were born.
Much later, the breakneck rise in the Internet created a situation of ubiquitous connec
-
tivity between fully autonomous components. Collectively, this may comprise the larg
-
est and most complex distributed system ever developed by a civilization. Operating
on an international scale, Internet needs to provide reliable services to billions of peo
-
ple around the world. Today many companies are competing to provide these services.
Again, an ability to quickly and economically build various IP
1
services, or outsource
their building, is crucial to attract and retain customers. A parallel with the past and
the need for an independent service vendor (ISV) community is quite obvious.
1. Internet Protocol

TEAM LinG - Live, Informative, Non-cost and Genuine!
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×