Hyper-Active Directories: Adding Intelligence & Automation to Network

Directories with Amber

Paul Gardner-Stephen, Tim Seeley, Murray RogersComputing Services Group,

School of Informatics & Engineering,Flinders University

Outline

• What is Amber, and what can it do?

• Fly through three examples of using Amber

• Summary

• Future Directions

Motivation

• Account Provision– We have an existing and effective system.

– But changing behaviour is difficult: C is not a good language for expressing business logic.

• Change code, recompile, regression test …

• Interoperability with central administration

• The more we develop Amber, the more potential applications we can see.

Who Can Make Use of Amber?• Any business with processes and procedures!

– Job tracking / Help Desk– Scheduling events (e.g. testing or auditing regimes)– Resource allocation – human or physical– Risk management / Expert Systems / Decision

making– Transfer of data from one system to another– [On-line] registration activities– Verifying existing business information …

• If you can explain a business process, you can probably implement it with Amber.

Who Can Make Use of Amber?

• This means Amber is useful to:– Technical Managers

– Administrators

– Computing and Other Support Groups

– OH&S Officers, Committees and Related Structures

What is Amber?• Information Management System

– Read data, consider implications, update data according to administrator defined directives

• Information Visualisation and Interaction System, with built in web server– Display selected information to users, and allow

them to modify data, according to administrator defined directives

• The Tools to Take an Information Centric Approach to Business & Business Processes

What Can Amber Do?

• Keep Network Directory Contents Consistent– Consistency against user supplied rules

– User account provision falls into this category: Account existence & status are consequences of the application of rules!

– Resolve inconsistent situations

What Can Amber Do?

• Continuously Synchronise Dis-Similar Network Information Repositories– Amber uses an internal representation, and can

convert to and from other formats: abstraction– Perform intelligent synchronisation, according to

administrator defined directives.

• Continuously Apply Network Policies– i.e. synchronise network information with the

real world, e.g. disk quotas

What Can Amber Do?

• Manage Business Processes and Procedures– e.g. track process state, solicit approvals,

record decisions.

– Intelligently Direct Processes according to available information

• If you can explain a business process, you can probably implement it with Amber.

Example 1: Account Provision

• Can describe the process:– If enrolled in a topic in this school, grant an

account in this school.

– Disk quota is sum of quota allocations for topics in this school.

• All required information is available,e.g. from HR/Student Services.

Example 1: Account Provision• Information is accessible

– Active Directory: Uses LDAP for accounts– UNIX: Uses NIS, or maybe LDAP for accounts– Student Information: Uses LDAP

• but in multiple incompatible formats:– We can see how to translate between the formats -

but our computers cannot.

• If we can describe how to do this, we can get Amber to do it for us!

• Automate AD accounts, group policies etc...

Example 1: Account Provision• Describe Rules:

topic(TOPIC,LOCATION),enrolment(STUDENT,TOPIC),_eq(LOCATION,”this department”)-> interesting_enrolment(STUDENT,TOPIC).

interesting_enrolment(STUDENT,_)-> account_entitlement(STUDENT).

interesting_enrolment(STUDENT,TOPIC),topic_quota(STUDENT,TOPIC,QUOTA)-> student_quota(STUDENT,$+QUOTA).

Example 1: Account Provision• Hook into the network:

– associate topic(T,L) with “ldap://ldapserver/(objectClass=topic)”.

– associate enrolment(S,T) with “ldap://ldapserver/(objectClass=enrolment)”.

– associate account_entitlement(S) with “ldap://ldapserver/(objectClass=posixUser)”.

– associate student_quota(S,Q) with “diskquota://fileserver/home1”.

• Rules will now keep network consistent!

Example 2: Procedure Management

• e.g. Electrical Safety Testing Management– All electrical goods require regular testing.

– Interval of testing varies.

– What item(s) will need testing soon?

– Recording test histories

Example 2: Procedure Management

Example 2: Procedure Management

• Describe Rules:• test_record(NAME,DATE)-> latest_test_record(NAME,$>DATE).

• elec_item(NAME,FREQ),latest_test_record(NAME,LAST_TEST),_lessthan(LAST_TEST+FREQ,TODAY+30)-> test_soon(NAME).

• elec_item(NAME,FREQ),latest_test_record(NAME,LAST_TEST),_lessthan(LAST_TEST+FREQ,TODAY)-> test_yesterday(NAME).

Example 2: Procedure Management

• Hook into the network:– associate test_soon with

“odbc://someserver/elecdb”– associate test_yesterday with

“mailto://elecmanager@ourplace.com.zz”– associate test_record(N,D) with

“odbc://someserver/elecdb”– or: associate test_record(N,D) with

“file:///test_records.txt”

Example 2: Procedure Management

Example 2: Procedure Management

• Create Web Interface:echo <p>The following need testing NOW:render test_yesterday(_)%prefix<table>%body<tr><td bgcolor=$toggle(red,pink)$><a href=$link formelecitem(FIELD1)$>$FIELD1$</a></td></tr>%missing<br>Nothing needs testing soon.%suffix</table>%end render

Example 2: Procedure Management

Example 2: Procedure Management

• Define form to accept re-test notification:

render current_date(_)%prefix%bodyItem $ARG1$:<br><form action=$link form elecrecordtest(ARG1,FIELD1) $><input type=submit value='Tested Today'></form><br><a href=$link form elecdb$>Back to list</a>%missing%suffix%end render

Example 2: Procedure Management

Example 2: Procedure Management

• Define form to record new test date:

assert test_record(ARG1,ARG2)echo Test date for $ARG1$ has been recordedform elecdb()

Example 2: Procedure Management

Functional example with web interfaces, data inputand management defined in only 41 lines of code!

Example 2: Procedure Management

• Can now incrementally enhance while remaining online, e.g:– Add more interfaces (e.g. recent test history, revoke

test, recently tested equipment, add new items)– Add authentication– Beautify existing interfaces– Modify rules to provide a different escalation policy

• The strength of Amber is in its flexibility!

Example 3: Video Database

• 11:30am – Corridor conversation about postgres to mysql database migration on linux.

• 12:09pm – Working Amber application.

• Runs in < 2MB• Less dependencies

no apache/php/mysql.

Summary

• Amber combines the flexibility and functions necessary to support and build many types ofon-line business process: If you can describe it, Amber can probably be made to do it.

• Amber’s intelligence makes interoperability easy.

• Amber reduces complexity: no separate DB, web and scripting language dependencies. Plus, fast and easy to set up, maintain and enhance.

Where To Now?

• We are seeking potential users to prove the paradigm in the field– We would be interested in hearing from you if

you think Amber might be able to help you.

• We are seeking potential commercial partners to help bring Amber to market.