TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. M IDDLEWARE N ETWORKS C ONCEPT , D ESIGN AND D EPLOYMENT OF I NTERNET I NFRASTRUCTURE TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. The Kluwer International Series on ADVANCES IN DATABASE SYSTEMS Series Editor Ahmed K. Elmagarmid Purdue University West Lafayette, IN 47907 Other books in the Series: ADVANCED DATABASE INDEXING, Yannis Manolopoulos, Yannis Theodoridis, Vassilis J. MULTILEVEL SECURE TRANSACTION PROCESSING, VijayAtluri, Sushil Jajodia, Binto George FUZZY LOGIC IN DATA MODELING, Guoqing Chen ISBN: 0-7923-8253-6 INTERCONNECTING HETEROGENEOUS INFORMATION SYSTEMS, Athman Bouguettaya, Boualem Benatallah, Ahmed Elmagarmid ISBN: 0-7923-8216-1 FOUNDATIONS OF KNOWLEDGE SYSTEMS: With Applications to Databases and Agents, Gerd Wagner ISBN: 0-7923-8212-9 DATABASE RECOVERY, Vijay Kumar, Sang H. Son ISBN: 0-7923-8192-0 PARALLEL, OBJECT - ORIENTED, AND ACTIVE KNOWLEDGE BASE SYSTEMS, Ioannis DATA MANAGEMENT FOR MOBILE COMPUTING, Evaggelia Pitoura, George Samaras ISBN: MINING VERY LARGE DATABASES WITH PARALLEL PROCESSING, Alex A. Freitas, Simon H. Lavington ISBN: 0-7923-8048-7 INDEXING TECHNIQUES FOR ADVANCED DATABASE SYSTEMS, Elisa Bertino, Beng Chin Ooi, Ron Sacks - Davis, Kian - Lee Tan, Justin Zobel, Boris Shidlovsky, Barbara Catania ISBN: INDEX DATA STRUCTURES IN OBJECT - ORIENTED DATABASES, Thomas A. Mueck, Martin L. DATABASE ISSUES IN GEOGRAPHIC INFORMATION SYSTEMS, Nabil R. Adam, Aryya VIDEO DATABASE SYSTEMS: Issues, Products, and Applications, Ahmed K. Elmagarmid, REPLICATION TECHNIQUES IN DISTRIBUTED SYSTEMS, Abdelsalam A. Helal, Abdelsalam SEARCHING MULTIMEDIA DATABASES BY CONTENT, Christos Faloutsos ISBN: 0-7923- TIME - CONSTRAINED TRANSACTION MANAGEMENT: Real - Time Constraints in Database Transaction Systems, Nandit R. Soparkar, Henry F. Korth, Abraham Silberschatz ISBN: DATABASE CONCURRENCY CONTROL: Methods, Performance, and Analysis, Alexander Tsotras; ISBN: 0-7923-7716-8 ISBN: 0-7923-7702-8 Vlahavas, Nick Bassiliades ISBN: 0-7923-8117-3 0-7923-8053-3 0-7923-9985-4 Polaschek ISBN: 0-7923-9971-4 Gangopadhyay ISBN: 0-7923-9924-2 Haitao Jiang, Abdelsalam A. Helal, Anupam Joshi, Magdy Ahmed ISBN: 0-7923-9872-6 A. Heddaya, Bharat B. Bhargava ISBN: 0-7923-9800-9 9777-0 0-7923-9752-5 Thomasian, IBM T. J. Watson Research Center ISBN: 0-7923-9741-X TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. MIDDLEWARE NETWORKS Concept, Design and Deployment of Internet Infrastructure Michah Lerner, AT&T Labs George Vanecek, AT&T Labs Nino Vidovic, AT&T Labs Dado Vrsalovic, Intel Corp. KLUWER ACADEMIC PUBLISHERS New York/Boston/Dordrecht/London/Moscow TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. eBook ISBN: 0-306-47022-5 Print ISBN: 0-792-37840-7 ©2002 Kluwer Academic Publishers New York, Boston, Dordrecht, London, Moscow Print ©2000 Kluwer Academic / Plenum Publishers New York All rights reserved No part of this eBook may be reproduced or transmitted in any form or by any means, electronic, mechanical, recording, or otherwise, without written consent from the Publisher Created in the United States of America Visit Kluwer Online at: http://kluweronline.com and Kluwer's eBookstore at: http://ebooks.kluweronline.com TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Table of Contents List of Figures xiii Preface . xix Acknowledgements . xxiii List of Tables xvii PART I Chapter1 IP T ECHNOLOGY F UNDAMENTALS Introduction . 1.1 The Golden Age of the Telecommunication Industry . 1.2 Internet – The New Kid on the Block 1.3 Metamorphosis of the Telecommunications Industry 1.4 Rising Intelligence in the Network . 1.5 Civilizing Data Networks 1.7 Growing Dependency on Middleware 1.6 End - point Devices and the Changing the Role of Networks . 1.8 Need for Protocol Mediation and Translation in the Network 1.9 Emergence of IP as the Unifying Mechanism of Computing and Communication . 1.10 From Protocols to Interfaces 1.11 Challenges for the 21st Century Networks 1.1 1.1 Empowering Anyone to become a Service Provider? . 1.11.2 Enabling Faster Time to Market at Lower Cost . 1.11.3 Reducing Complexity and Providing for Ease - of use 3 3 5 7 8 11 12 13 14 16 18 19 20 22 22 TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. vi M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT Chapter 2 PART II Chapter 3 1.11.4 Design for Seamless Interoperability and Mobility 1.11.5 Working towards Reliable IP Networks 1.11.6 Consolidated Intelligence in Data Networks 1.12 Summary . Technology Overview . 2.1 Public Switched Telephone Network (PSTN) 2.1.1 Intelligent Network . 2.1.2 Private Branch Exchange, Key Systems, and Centrex 2.1.3 Services Spanning both the PSTN and the Internet 2.2 Packet Networks 2.3 Network Access and the Local Loop 2.4 World - Wide Web . 2.5 Java Language . 2.5.1 Green Project . 2.5.2 First Person Inc. 2.5.3 HotJava and the “tumbling”Duke 2.5.4 JavaSoft . 2.6 IP Version 6 . 2.7 IPSec: Internet Protocol Security 2.8 Common Object Request Broker Architecture 2.9 Virtual Private Networks . 2.10 Quality of Service 2.11 IP Telephony and Voice over IP 2.12 Unified Messaging . 2.13 Electronic Commerce . 2.14 Summary . IP S ERVICE P LATFORM F UNDAMENTALS Network - enabled and Online Services . 3.1 The Market for Online Services 3.2 Issues with the Development and Delivery of Network - Enabled and Online Services 3.2.1 Implications of these Issues . 3.2.2 Network-Enabled and Online Services Architecture 3.2.3 The Opportunity for Network Carriers . 3.3 A Solution: IP Service Platform . 3.3.1 Benefits of Networking Middleware . 3.4 Service Provisioning Scenario 23 24 24 24 27 27 30 31 32 34 39 41 47 47 48 48 49 49 53 56 57 62 66 69 70 72 75 78 80 81 81 83 84 89 90 TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. vii Chapter 4 Chapter 5 3.4.1 How a Service is Deployed . 3.4.2 Where do Services Run? 3.4.3 Network Integration Services . 3.4.4 How Authentication Tokens Can Protect Network Web Content 3.4.5 Multiple Networks and Accounts . 3.5 Summary . Platform Requirements and Principles . 4.2 Security 4.1 Requirements 4.2.1 Adequate Security for Acceptable Cost . 4.2.2 Technical Security Differs from Organizational Trust 4.2.3 Security Goals 4.2.4 Information Integrity 4.2.4.1 Accountability . 4.2.3.1 Information Secrecy 4.2.4.2 Availability 4.2.5 Security Summary 4.3 Scalability . 4.3.1 Current or Known Solutions . 4.3.1.1 Client - Server Architecture . 4.3.1.2 Client - Server Architecture Extended with Proxy Machines 4.3.1.3 Architecture Based on Communicating Proxy Machines 4.3.1.4 Multiple Servers and POPs 4.4 Extensibility 4.5 Design Principles 4.5.1 Routing Principle . 4.5.2 Membership Principle 4.5.3 Authentication Principle . 4.5.4 Activity Principle . 4.5.6 Access Principle . 4.5.7 Tracking Principle . 4.5.5 Mediation Principle . 4.6 Summary Cloud Architecture and Interconnections 5.1 Cloud Architecture . 5.1.1 Applications, Kernels and Switches . 5.1.2 Points of Presence (POPs) and System Operation Centers (SOCs) 5.1.3 Gates, Cores, and Stores . 5.1.4 POP Based Authentication and Aggregation 5.2 Small Cloud: Development and Providers 5.3 Large Service Node Cloud, the SNode 91 97 98 98 100 101 103 103 106 106 108 108 110 110 111 112 113 113 115 115 116 116 117 118 119 120 121 121 122 123 124 125 125 127 128 129 129 131 133 134 136 TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. viii M IDDLEWARE N ETWORKS: C ONCEPT, D ESIGN AND D EPLOYMENT PART III Chapter 6 5.4 Distributed Network Cloud (GuNet) . 5.5 Gates as Distributed Network Elements (DNE) 5.5.1 Routing Protocols and the Inherent Difficulty of Resource Allocation . 5.5.2 Distributed Network Element Integrates Gate with Network Elements 5.5.2.1 DNE Specialization of Gate Functionalities 5.5.2.2 DNE Functional Areas 5.5.2.3 DNE Behavior 5.7 Summary 5.6 Scaling with Multiple Clouds B UILDING THE IP S ERVICE P LATFORM Interoperable and Scalable Security . 6.1 Secure System Structure 6.2 Cryptographic Fundamentals of Secure Systems . 6.2.1 Symmetric Crptography . 6.2.2 Asymmetric - Key Encrption . 6.2.3 Digital Signatures – Cryptographic Seals 6.3 Peer Credential and Key Management 6.3.1 Authentication and Session Layers 6.3.2 Key Hierarchy 6.3.3 Key Lifetimes . 6.3.4 Rekeying . 6.3.4.1 Authentication Rekeying 6.3.4.2 Session Rekeying . 6.3.5 Peer - Based Credential Usage 6.3.6 Cloud Security . 6.3.6.1 Gates and Peers . 6.3.6.2 Corporate Intranets . 6.3.7 Intercloud Security . 6.3.8 Roaming . 6.3.9 Security Applications and Benefits . 6.4 Trust Boundaries: Firewalls and Protocols . 6.4.1 Managed Firewalls 6.4.2 Discussion of Rules - Based Flrewall 6.5 Public Key Infrastructure – PKI . 6.5.2 Certificates Characteristics and Syntax . 6.3.5.1 Selective Encryption 6.5.1 PKI and the X.509 v3 Certificate Authority . 6.5.3 Certificate Validation 6.5.4 Middleware Networks and the Public Key Infrastructure 6.5.4.2 Advantages of PKI Principles 6.5.4.1 Five Principles of an Open PKI 6.5.4.3 Additional Value - Added Services 137 139 139 141 141 142 144 144 145 151 152 155 156 158 159 162 165 167 168 169 169 170 170 172 172 174 175 175 177 179 180 180 183 187 188 190 191 192 193 194 196 TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. ix Chapter 7 6.5.5 Conformance and Compliance with External CA . 6.6 IPSec 6.7 Authentication, Secure Single - Sign - On and Service - Access 6.7.1 Web Browser Security – Peerless Web Login and Service Access . 6.7.1.1 Saved State in RFC-2109 “Cookies” . 6.7.1.2Encrypted Cookies from Authentication to Termination 6.7.2 Microsoft NTLM and Browser Authentication 6.7.2.1 Microsoft Security Architecture 6.7.2.2 Single - Sign - On to Middleware Services through NTLM . 6.7.2.3 Single - Sign - On to Microsoft Services through Middleware 6.7.2.4 LDAP Credentials with Microsoft Commercial Internet System 6.8 Summary APIs and Managed Infastructure . 7.1 Viewpoints on Middleware . 7.1.1 Middleware as Integrator of Standards 7.1.2 Middleware as Extender of Standards 7.1.3 Characteristics of Network Middleware APIs . 7.1.3.1 Object Oriented and Extensible . 7.1.3.2 Abstraction . 7.1.3.3 Complete Coverage . 7.1.3.4 Comparison with Remote Procedure Call (RPC) . 7.2 Managed Networks . 7.2.1 Substrate: Middleware-Defined Networks 7.2.2 Middleware as Service Manager: The Service Model . 7.2.3 Middleware as Manager of Global Shared State . 7.3 Organization of the Middleware APIs . 7.3.1 PD – Proxy Development 7.3.2 SD – Service Development and Peer . 7.3.2.1 Peer Functionality 7.3.3 Network Development – ND . 7.3.4 Operations Development – OD 7.4 Summary . Chapter 8 Smart Network Components 8.1.1 Gate Capabilities 8.1 Overview of SNode — Edge Gateway Functionality . 8.2 Active Registries: Connections, Users and Services . 8.2.1 Authenticated User Registry (AUR) 8.2.2 Authenticated Service Registry (ASR) 8.2.3 Authenticated Connections Table (ACT, AuthConnTab) . 8.2.4 Programming the Registries – AUR, ASR and ACT . 8.2.4.1 Validation of Identity – Peer and HTTP CallerID . 197 198 201 202 203 204 206 206 207 208 210 211 213 214 215 216 217 218 218 219 220 220 220 224 225 226 228 232 233 235 235 236 239 242 244 246 248 249 250 251 253 TEAM LinG - Live, Informative, Non-cost and Genuine! Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... 136 Logical View of a Large Middleware Service Node 137 Distributed GUNet Cloud Via Cylink’s VPN Solution Over Internet 138 Distributed Network Element (DNE) 142 Network-Based Access Control 143 Networks Scale with Multiple Autonomous Domains 146 Architecture of Middleware System Security ... services Again, an ability to quickly and economically build various IP1 services, or outsource their building, is crucial to attract and retain customers A parallel with the past and the need for an independent service vendor (ISV) community is quite obvious 1 Internet Protocol TEAM LinG - Live, Informative, Non-cost and Genuine! xx MIDDLEWARE NETWORKS: CONCEPT, DESIGN AND DEPLOYMENT This led to the... service platform and the creation of GeoPlex, conceived, developed and deployed at AT&T Labs, and referenced in this book GeoPlex is the “project codeword” for generations of Advanced Networking Middleware This middleware strives towards fully integrated global connectivity, To date, this has provided important deployments of service architecture, and further it has infused the community with leading-edge... benefits of network middleware The chapter finishes with the several lengthy provisioning scenarios through which we attempt to describe the challenges and opportunities Chapter Four addresses IP platform requirements such as security, scalability, and interoperability that are driving the movement towards IP service platforms It then TEAM LinG - Live, Informative, Non-cost and Genuine! xxii MIDDLEWARE NETWORKS:... Telephone Systems Reengineering of the Network-Computing Architecture Distributed Online System PCs to Phones – Middleware Networking Supports All Devices All Users Obtain Access to All Services Jane the Dandelion Wine Merchant’s Unmanaged Internet Jane’s Partially Managed Internet... TEAM LinG - Live, Informative, Non-cost and Genuine! 4 10 10 28 29 31 35 41 42 43 44 53 54 58 59 67 79 82 84 85 86 87 88 93 94 96 xiv MIDDLEWARE NETWORKS: CONCEPT, DESIGN AND DEPLOYMENT Figure 3-11: Figure 4-1: Figure 4-2: Figure 4-3: Figure 4-4: Figure 4-5: Figure 4-6: Figure 4-7: Figure 4-8: Figure 4-9: Figure 4-10 Figure 4-11: Figure... 6-2 6-3: 6-4: Figure 6-5: Figure 6-6: Figure 6-7: Figure Figure Figure Figure Figure Figure Figure Figure 6-8: 6-9: 6-10: 6-11: 6-12: 6-13: 6-14: 6-15: Figure 7-1: Figure 7-2: Services as Stores on the Middleware Network 97 Typical Architecture of the Internet 113 “Classical” Client-Server Architecture 115 Proxy...x MIDDLEWARE NETWORKS: CONCEPT, DESIGN AND DEPLOYMENT 8.2.4.2 Specification of Connection Control – Packet Filter API 254 8.2.4.3 Validation of Access Control – Access Check API 256 8.2.4.4... 204 Data Flow Validating Access via NTLM Credentials 208 Protocol Flow and NetBios Proxy 209 Credential Swapping 210 Network Middleware Layers 213 Internal and External Views of the Cloud 221 TEAM LinG - Live, Informative, Non-cost and Genuine! xv Figure Figure Figure Figure... Routing Non-Proxied Route IP Traffic under Explicit Routing Gate Components – Network Interfaces through Application Proxies Middleware Layers Supporting End-to-End Connection Custom Proxy Code Installed with Proxy API Custom Server Code Installed with Proxy API SDK Integrates Client to Cloud-Managed . on Middleware . 7.1.1 Middleware as Integrator of Standards 7.1.2 Middleware. Substrate: Middleware- Defined Networks 7.2.2 Middleware as Service Manager: The Service Model . 7.2.3 Middleware