Portions of this patent document contain material subject to copyright restriction. The copyright owner has no objection to facsimile reproduction of the patent document after grant, as it appears in the U.S. Patent and Trademark Office files or records, but otherwise reserves all rights relating thereto.
The field of this application relates to apparatus, methods and computer program products relating to network management operations and protocol adapter security software.
Network management is performed by network carriers and operators to ensure that mission-critical networks are continually operating normally, without service-affecting problems. Accordingly, network management platforms, such as the Sun Microsystems Solstice Enterprise Manager (SEM) are employed. The SEM is a management framework that complies with Telecommunications Management Network (TMN) standards, as defined by the International Telecommunications Union (ITU). To ensure that an operator""s network is functioning properly, it is necessary to monitor or listen for information on events that might indicate network status changes. For example, failure of a network switching device or break in a circuit may produce an event that is received and processed by the SEM network management platform.
An xe2x80x9ceventxe2x80x9d may be defined as a signal, or the underlying occurrence, indicating that one or more changes has occurred in the state of an entity or device on the network. Event signals may include a communications alarm signal (indicating that a device has come on-line, has gone off-line or has developed a problem), an equipment alarm signal (occurrence of an error state), a quality-of-service alarm signal (deterioration of the strength or resolution or throughput of a signal or group of signals), security alarm signal (indicating that unauthorized access has been detected), and an attribute change (indicating that data for a device or process are no longer available, for reasons other than occurrence of an error).
To control and coordinate the software associated with a network of computers and peripherals, network managers often employ special purpose software designed to track, establish communications with and control other software entities and processes that represent one or more network reporting devices (referred to as xe2x80x9cagentsxe2x80x9d) or that exist independently. Software used by the network manager interacts with various platform-level software services to allow the network manager to locate and interact with other entities running on the network. Entities on the network can communicate with each other and with a network manager by sending and receiving messages with agreed-upon formats. A message can be a request, a response or an event signal. An entity running on the network may xe2x80x9csubscribe toxe2x80x9d notifications of events generated by other entities so that a cooperative relationship between the entities can be maintained. Given the number and variety of events that can occur, the volume of event notifications processed by the network management software can be very large, even when few or no error messages are being transmitted. This volume can reduce system performance dramatically.
Typically, a computer network will rely upon a single, centralized service to manage, process and/or monitor the network communications. This reliance upon a single service to process such high volumes of data creates a risk of catastrophe or collapse if the central service fails, even with swift recovery. These risks are not acceptable for large-scale networks that must be available at all hours, seven days per week. Further, if all event notifications must be processed and analyzed by each network operator or monitor, each such operator may have to provide enormous computing power for this purpose, even where the amount of information of interest to an operator is small.
During an associated event processing activity, appropriate operators are notified and corrective actions may be taken. In a large network, events occur very frequently, perhaps on the order of hundreds of events per second. Accordingly, efficient event notification processing and distribution is a key to successful network management platform operation. Currently, events are characterized by event type, indicating the nature of the event, to the extent that this information is determinable. Possible event types are defined in the managed object""s management information base (MIB). By subscribing to particular types of events, a network manager can receive notifications of events of a particular type. When a network manager subscribes to several notifications of several types of events, an event filtering mechanism or discriminator is implemented, using common management information system (CMIS) filtering to ensure that only notifications of selected event types are forwarded for consideration by the subscribing network manager.
However, there is currently no mechanism permitting a network manager to receive notifications concerning events associated with a specified source. It is not possible for a network manager to receive information focusing on a selected managed object or objects. However, it is frequently desirable for a network manager to be able to subscribe only to events from particular sources or objects. For example, a network management operator responsible for cellular switches in and around Frankfurt might only want to receive event notifications concerning the Frankfurt portion of the network. This is a practical, long-felt need of network operators throughout the world, as well as in the United States. Further, it is desirable that the event notification processing be scalable to correspond to the volume that is anticipated under given circumstances on a network.
This invention makes it possible to subscribe to notification of events that arise or occur at specified sources or specified objects. This makes it easier for a Solstice Enterprise Manager (SEM) to focus on the portion of a network of interest to that operator and reduces the burden on an SEM application developer, who would otherwise have to subscribe to all event notifications from all sources, and then to use custom code to laboriously filter or screen out events from sources or objects that are of no interest to the developer. According to the invention, the SEM operator may specify one or more event characteristics and/or one or more levels of objects associated with a computer network. An object may have associated with it one or more attributes or characteristics, such as an event type, the location (node or group of nodes) or region where an event occurred, a date and/or time interval during which one or more events of interest occurred, a type of component or device that was affected by an event, and other similar attributes. With this specification in place, only events that arise from one or more specified levels of objects and have specified characteristics are registered for consideration by that developer.
The SEM infrastructure is enhanced, according to the invention, to permit filtering internally, according to the source or object associated with an event. A network management operator thereafter receives only event notifications only from one or more specified sources and, optionally, only as to specified types of events. Accordingly, a sophisticated and improved capability is provided to allow network operators to more precisely specify notifications of events to be received. This improves the ability to focus on the portion(s) of the network system of particular concern to the operator.
The SEM has a distributed client-server architecture in which clients or applications use the services offered by the server or platform. One service offered by the platform is subscription for event notifications from network agents managed by the platform, based on one or more filtering criteria. An event notification distribution subsystem (EDS), according to the invention, allows transmission of an event notification to an event subscriber, an application that monitors network communications for event notifications (ENs) in which the event subscriber is interested. The event subscriber specifies a discriminator mechanism or CMIS filter, which is written in a predetermined CMIS filter specification. The event source includes an application or service entity that issues an EN that will be received by one or more identified event subscribers, if certain characteristics or attributes of an underlying event agree with attributes specified by an event discriminator.
However, this type of CMIS filter is of limited flexibility and does not permit specification of, and subscription for, notification of xe2x80x9cwild cardxe2x80x9d events associated with one or a group of distinguished names (DNs). The present invention permits an application to receive notifications of all events whose objects belong to one or more specified levels of objects. A managed object may agree with a given data network prefix, which may include a specification of site, channel and/or element. For example, if the prefix is set to SiteId=5, ENs corresponding to all events with SiteId=5 and ChannelId=DC (don""t care) and ElementId=DC will be received and registered by the EN application.
According to the invention, an EN received by an application passes its DN prefix for scoping, in addition to specific information concerning characteristics of the underlying event. Use of a DN scoping mechanism allows reduction in the number of fan-out events within the EDS, because an application only registers for events that are likely to be of common interest. Thus, the present invention permits receipt of ENs for all events whose managed object instances (MOIs) agree with a specified DN prefix. DN filtering may be implemented by specifying a DN scope and at least one DN attribute.