Remotable Interface

The overall architecture for the remotable interface appears below.

The remotable interface (DMI 2.0) is designed to provide remote access to DMI functionality and data while hiding the intricacies of manipulating the DMI 1.x data blocks. DMI 1.x often 'batches' together somewhat related functions into single commands.

The Remotable Interface is based on RPCs (remote procedure calls). In this client/server architecture, the client side includes only prototypes for functions that are included on the server side. When an RPC call is made, the actual function is executed on the server and the results are returned to the local calling program, as if the call was executed locally.

A remote node acts as a client for procedural MI function calls, and as a server when receiving indications. The node under management acts as a server for procedural MI function calls, and as a client when delivering indications to a remote node.

Remotable Interface Architecture

Security

Though Authentication and Authorization are often confused, these primary network security methods are in fact quite distinctive. And much like network security, DMI security is composed of Authentication and Privacy, and Authorization.

Authentication determines if a process wishing to access the DMI database is what it claims to be. It is achieved by using credentials that are somewhat unique to the process requesting authorization. For example, a user login using a user name and a password can be authenticated by matching the supplied password to a saved password. Other authorization tools are biometrics devices and secure ID cards.

Privacy prevents eavesdropping. Thus private communication between the DMI SP and the authenticated entity is safe from third parties. For example, encryption is widely used to cipher information, preventing third-party access.

Once an authenticated entity is communicating with the SP privately, authorization determines that entity's level of access to the DMI database. For example, some entities may be allowed to read only the DMI attributes in the database, while others may be accorded read- and write-privileges to static and dynamic DMI attributes--and yet these same entities may not be granted access to control attributes within the database.

The most common form of authorization at the operating system level is file protection. For example, certain individuals can enjoy read- write- and execute-permissions on some files, with others have only read access to those same files.

Today's DMI relies on the security environments, defined as part of industry standard RPCs, to provide remote Authentication and Privacy on the communication link. This should prevent most casual or malicious remote users from arbitrarily gaining access to a managed machine. In particular, the OSF (Open Software Foundation) DCE (Distributed Computing Environment) defines a comprehensive framework for RPC security with designed-in flexibility to interface to a number of different security packages.

Although DMI 2.0 does not handle authorization, future versions will--and it most likely will depend on native operating system authorization.