[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: XML versus SOAP/WSDL Performance
HI,
We may be starting on the configuration path, but we will end up needing
both status and statistics. This will really be forced if the infrastructure
for config has a large footprint. (That is, why have two different
infrastructures for management? Having two means constraining each so
that items modeled in one can be accessible in the other. And that
the mapping between each model is pretty easy to understand. Feels
like a lot of extra work if one is good enough!)
On the security issue, here is a repeat of what I said at the NMRG meeting
with RandyB's observation....
In management, we think about tasks, and the authorization to perform
those tasks. It is quite difficult to determine what information is
needed to perform a task and get it documented. (For example, the
MODULE-COMPLIANCE construct in SMIv2 can be used as a formal way to
document exactly the management information that is needed by management
application. But, it was effectively impossible for me to get app
developers to use it or any other approach to document the management
information that they used.) Without a complete list of management
information, authorization rules can not be specified that allow
access to only the needed items for only the needed operations.
The result has been that the fine-grained authorization rules in
CLIs (via TACACS+ or Radius) or via SNMPv3 VACM have not been used.
Instead, much courser authorization rules (typically, consisting
of 1) limited read, 2) complete read (except authentication/autororiation),
and 3) complete read/write). The result is a "trust relationship"
must be setup between a managed system and management apps, where
the apps impose the authorization (and authentication) system.
At 10:10 AM 9/20/2002 -0700, Durham, David wrote:
>I don't think performance is the issue for configuration management. Where
>as XML is already being used for voluminous ecommerce transactions, I don't
>think the comparatively minuscule amount of device configuration data should
>raise anyone's eyebrows. Architecturally, it seems that the choice of
>sending either (for example):
>
> A. The entire XML configuration for every minor config update vs.
> B. Delta updates to Named Instances of XML configuration data
>
>Is, IMHO, a much better discussion to have rather how long it takes to parse
>a bunch of tagged data.
>
>-Dave
>
>> -----Original Message-----
>> From: Steven M. Bellovin [mailto:smb@research.att.com]
>>
>> >In message <3D8AFD97.5010606@ctit.utwente.nl>, Aiko Pras writes:
>> >Hi all
>> >
>> >Recently I've had a number of discussions on the performance differences
>> >between network management approaches that use XML technology, and
>> >approaches that use web services (SOAP/WSDL). Is there anyone who has
>> >real experience in this area, or know pointers to studies on this?
>>
>> Is "performance" really the issue? Is there enough network management
>> traffic that that's an issue? I'd look more at the architectural and
>> security questions. (Note, though, that simply saying "XML" is
>> insufficient, since you need to define a transport mechanism.)
Regards,
/david t. perkins
--
to unsubscribe send a message to xmlconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/xmlconf/>