hyper-active directories: adding intelligence & automation to network directories with amber...
TRANSCRIPT
Hyper-Active Directories: Adding Intelligence & Automation to Network
Directories with Amber
Paul Gardner-Stephen, Tim Seeley, Murray RogersComputing Services Group,
School of Informatics & Engineering,Flinders University
Outline
• What is Amber, and what can it do?
• Fly through three examples of using Amber
• Summary
• Future Directions
Motivation
• Account Provision– We have an existing and effective system.
– But changing behaviour is difficult: C is not a good language for expressing business logic.
• Change code, recompile, regression test …
• Interoperability with central administration
• The more we develop Amber, the more potential applications we can see.
Who Can Make Use of Amber?• Any business with processes and procedures!
– Job tracking / Help Desk– Scheduling events (e.g. testing or auditing regimes)– Resource allocation – human or physical– Risk management / Expert Systems / Decision
making– Transfer of data from one system to another– [On-line] registration activities– Verifying existing business information …
• If you can explain a business process, you can probably implement it with Amber.
Who Can Make Use of Amber?
• This means Amber is useful to:– Technical Managers
– Administrators
– Computing and Other Support Groups
– OH&S Officers, Committees and Related Structures
What is Amber?• Information Management System
– Read data, consider implications, update data according to administrator defined directives
• Information Visualisation and Interaction System, with built in web server– Display selected information to users, and allow
them to modify data, according to administrator defined directives
• The Tools to Take an Information Centric Approach to Business & Business Processes
What Can Amber Do?
• Keep Network Directory Contents Consistent– Consistency against user supplied rules
– User account provision falls into this category: Account existence & status are consequences of the application of rules!
– Resolve inconsistent situations
What Can Amber Do?
• Continuously Synchronise Dis-Similar Network Information Repositories– Amber uses an internal representation, and can
convert to and from other formats: abstraction– Perform intelligent synchronisation, according to
administrator defined directives.
• Continuously Apply Network Policies– i.e. synchronise network information with the
real world, e.g. disk quotas
What Can Amber Do?
• Manage Business Processes and Procedures– e.g. track process state, solicit approvals,
record decisions.
– Intelligently Direct Processes according to available information
• If you can explain a business process, you can probably implement it with Amber.
Example 1: Account Provision
• Can describe the process:– If enrolled in a topic in this school, grant an
account in this school.
– Disk quota is sum of quota allocations for topics in this school.
• All required information is available,e.g. from HR/Student Services.
Example 1: Account Provision• Information is accessible
– Active Directory: Uses LDAP for accounts– UNIX: Uses NIS, or maybe LDAP for accounts– Student Information: Uses LDAP
• but in multiple incompatible formats:– We can see how to translate between the formats -
but our computers cannot.
• If we can describe how to do this, we can get Amber to do it for us!
• Automate AD accounts, group policies etc...
Example 1: Account Provision• Describe Rules:
topic(TOPIC,LOCATION),enrolment(STUDENT,TOPIC),_eq(LOCATION,”this department”)-> interesting_enrolment(STUDENT,TOPIC).
interesting_enrolment(STUDENT,_)-> account_entitlement(STUDENT).
interesting_enrolment(STUDENT,TOPIC),topic_quota(STUDENT,TOPIC,QUOTA)-> student_quota(STUDENT,$+QUOTA).
Example 1: Account Provision• Hook into the network:
– associate topic(T,L) with “ldap://ldapserver/(objectClass=topic)”.
– associate enrolment(S,T) with “ldap://ldapserver/(objectClass=enrolment)”.
– associate account_entitlement(S) with “ldap://ldapserver/(objectClass=posixUser)”.
– associate student_quota(S,Q) with “diskquota://fileserver/home1”.
• Rules will now keep network consistent!
Example 2: Procedure Management
• e.g. Electrical Safety Testing Management– All electrical goods require regular testing.
– Interval of testing varies.
– What item(s) will need testing soon?
– Recording test histories
Example 2: Procedure Management
Example 2: Procedure Management
• Describe Rules:• test_record(NAME,DATE)-> latest_test_record(NAME,$>DATE).
• elec_item(NAME,FREQ),latest_test_record(NAME,LAST_TEST),_lessthan(LAST_TEST+FREQ,TODAY+30)-> test_soon(NAME).
• elec_item(NAME,FREQ),latest_test_record(NAME,LAST_TEST),_lessthan(LAST_TEST+FREQ,TODAY)-> test_yesterday(NAME).
Example 2: Procedure Management
• Hook into the network:– associate test_soon with
“odbc://someserver/elecdb”– associate test_yesterday with
“mailto://[email protected]”– associate test_record(N,D) with
“odbc://someserver/elecdb”– or: associate test_record(N,D) with
“file:///test_records.txt”
Example 2: Procedure Management
Example 2: Procedure Management
• Create Web Interface:echo <p>The following need testing NOW:render test_yesterday(_)%prefix<table>%body<tr><td bgcolor=$toggle(red,pink)$><a href=$link formelecitem(FIELD1)$>$FIELD1$</a></td></tr>%missing<br>Nothing needs testing soon.%suffix</table>%end render
Example 2: Procedure Management
Example 2: Procedure Management
• Define form to accept re-test notification:
render current_date(_)%prefix%bodyItem $ARG1$:<br><form action=$link form elecrecordtest(ARG1,FIELD1) $><input type=submit value='Tested Today'></form><br><a href=$link form elecdb$>Back to list</a>%missing%suffix%end render
Example 2: Procedure Management
Example 2: Procedure Management
• Define form to record new test date:
assert test_record(ARG1,ARG2)echo Test date for $ARG1$ has been recordedform elecdb()
Example 2: Procedure Management
Functional example with web interfaces, data inputand management defined in only 41 lines of code!
Example 2: Procedure Management
• Can now incrementally enhance while remaining online, e.g:– Add more interfaces (e.g. recent test history, revoke
test, recently tested equipment, add new items)– Add authentication– Beautify existing interfaces– Modify rules to provide a different escalation policy
• The strength of Amber is in its flexibility!
Example 3: Video Database
• 11:30am – Corridor conversation about postgres to mysql database migration on linux.
• 12:09pm – Working Amber application.
• Runs in < 2MB• Less dependencies
no apache/php/mysql.
Summary
• Amber combines the flexibility and functions necessary to support and build many types ofon-line business process: If you can describe it, Amber can probably be made to do it.
• Amber’s intelligence makes interoperability easy.
• Amber reduces complexity: no separate DB, web and scripting language dependencies. Plus, fast and easy to set up, maintain and enhance.
Where To Now?
• We are seeking potential users to prove the paradigm in the field– We would be interested in hearing from you if
you think Amber might be able to help you.
• We are seeking potential commercial partners to help bring Amber to market.