Building a Cisco Network for Windows 2000 P2

DEN is a solution to several challenges from which both enterprise administratorsand software vendors suffer. Administrators and vendors arefaced with the following issues:
Nội dung trích xuất từ tài liệu:
Building a Cisco Network for Windows 2000 P24 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork The DEN Solution DEN is a solution to several challenges from which both enterprise admin- istrators and software vendors suffer. Administrators and vendors are faced with the following issues: s How to integrate new e-business systems s How to incorporate service level agreements for specific users s How to apply and manage policies s How to integrate management “islands” (i.e., separate network administration units and separate network management systems) s How to get interoperability from systems right out of the box s How to achieve advanced services that are applicable network-wide DEN solves these issues with the definition of a directory service, shown in Figure 1.2, which can manage: s Integration of e-business systems, media, devices, and protocols s Incorporation of service levels into the management of users and applications s Application and management of policies s Integration of extensible management applications into the direc- tory to centralize the network management s Utilization of common protocols, common application programming interfaces (APIs), and a common repository for information to ensure interoperability s Advanced services from configuration, access control, security, and provisioning of Quality of Service (QoS) As a result, DEN harnesses the power of a database to centralize and manage network systems and services. DEN defines a common schema for network units and services, and enables interoperability between them. DEN specifies an object-oriented information model, called a directory, for networked units. A networked unit is defined within the directory as a class. The network units, or classes, are not limited to devices or user accounts, but encompass every possible application or system that can participate on the network. Classes are composed of objects that share the same basis of attributes. Any single network element (a user account, server, policy, etc.) represents some individual entity (Joe User, Server1, or SecurityPolicyA, and so on) on the network. Each object contains a set ofwww.syngress.com Developing a Windows 2000 and Cisco Internetwork • Chapter 1 5Figure 1.2 Directory-enabled networking architecture. Directory Report Report can be generated from directory Application C Application A with integrated information Directory service Distributed storage Application B Application D Users can access directory for use of applicationsattributes that describe its properties. For example, an attribute for a useraccount may be the user’s telephone number. DEN does not define a management protocol like Simple NetworkManagement Protocol (SNMP), even though it enables network manage-ment at a new level. It does not define a network protocol like LightweightDirectory Access Protocol (LDAP), although new directory services willlikely integrate LDAP. It does not define a new type of schema for adatabase. DEN is not a product in and by itself. DEN is a definition of the foundational elements required for building adirectory enabled network service or application. It defines a standard hier-archy for a directory service, but opposes limitations by defining extensi-bility. When DEN is used, multiple vendors will not experience conflictsbetween their schemas, and network device configuration and managementcan be performed through the use of the directory service. In the DEN policy server model, network devices will use standard pro-tocols to access the network, such as Domain Name System (DNS) andDynamic Host Configuration Protocol (DHCP). The network devices willaccess servers or hosts to attempt a network transaction, which will checkthe directory service (whether it is stored locally, or on other servers) forany policies that may apply. If a policy does apply to the network transaction, the policy is appliedand the transaction is permitted with whatever alterations the policyrequires, or denied based on the policy, as shown in Figure 1.3. www.syngre ...