headers
Luke Kanies | 4 Oct 2006 19:46
Gravatar

Interesting paper on emergent behaviour

A friend just sent me this link to an HP Labs paper on emergent behaviour:

http://www.hpl.hp.com/techreports/2006/HPL-2006-2.pdf

Probably not anything we haven't seen before, but still a good paper.

--

-- 
Kai's Example Dilemma:
     A good analogy is like a diagonal frog.
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
Permalink | Reply | 0 comments |
headers
Sanjai Narain | 11 Oct 2006 17:01
Favicon

New session at Configuration Management Workshop

Presentations are invited from members of this group for a new 1/2 day 
session on Configuration Validation 
http://homepages.informatics.ed.ac.uk/group/lssconf/config2006/index.html. 
Especially important are real-world case studies in this area covering 
topics such as the adverse impact of configuration errors, the business 
value of validation tools, what tools are currently in use, what new 
tools need to be developed. We are likely to have representation from 
network administrators at leading enterprises. If you are interested 
please send me and Paul Anderson a short note. Thanks. -- Sanjai
Permalink | Reply | 16 comments |
headers
Narayan Desai | 11 Oct 2006 18:18
Favicon

Re: New session at Configuration Management Workshop

Sanjai, will this be a part of the configuration workshop, or a
separate 1/2 day workshop?
 -nld
Permalink | Reply | 1 comment |
headers
Sanjai Narain | 11 Oct 2006 18:20
Favicon

Re: New session at Configuration Management Workshop

Narayan: This will a part of the Configuration Workshop. Regards. -- Sanjai

Narayan Desai wrote:
> Sanjai, will this be a part of the configuration workshop, or a
> separate 1/2 day workshop?
>  -nld
>
Permalink | Reply | 0 comments |
headers
Luke Kanies | 11 Oct 2006 18:57
Gravatar

Re: New session at Configuration Management Workshop

Sanjai Narain wrote:
> Presentations are invited from members of this group for a new 1/2 day 
> session on Configuration Validation 
> http://homepages.informatics.ed.ac.uk/group/lssconf/config2006/index.html. 
> Especially important are real-world case studies in this area covering 
> topics such as the adverse impact of configuration errors, the business 
> value of validation tools, what tools are currently in use, what new 
> tools need to be developed. We are likely to have representation from 
> network administrators at leading enterprises. If you are interested 
> please send me and Paul Anderson a short note. Thanks. -- Sanjai

I take it that this means that the workshop will not be split 50/50 into 
theory and practice discussions as we discussed last year.

Will there be any focus on practice this year?

--

-- 
Hanlon's razor:
    Never attribute to malice that which can adequately be explained by
    stupidity.
---------------------------------------------------------------------
Luke Kanies | http://reductivelabs.com | http://madstop.com
Permalink | Reply | 13 comments |
headers
Sanjai Narain | 11 Oct 2006 21:21
Favicon

Re: New session at Configuration Management Workshop

Hi Luke: The new session is intended to focus on practice as well. Since 
the vast amount of configuration today is manual, large numbers of 
configuration errors are made. So, tools to diagnose these are of 
substantial practical use. I am referring to errors that cannot be 
diagnosed by a simple "diff" between a golden state and the current 
state. Rather, these are deep structural errors that violate end-to-end 
security, connectivity, performance and reliability requirements. 
Diagnosing whether these requirements are falsified cannot be done 
locally by examining each component in isolation. Rather, it needs a 
global approach where we check -relationships- of configurations of 
multiple components. A new class of algorithms needs to be developed 
that is analogous to those for static analysis of programs.

For example, suppose one asks whether there is a single point of failure 
in an infrastructure. How does one answer this question? Surely not by 
failing each component and checking? This is a hard problem because 
spofs can arise at each layer, and at each layer there can be both link 
and node failures; even if each layer does not have a spof, incorrect 
mappings between layers can creat spofs; fault-tolerance 
misconfiguration can cause service to not recover even if redundant 
resources are available; finally, interactions between security and 
fault-tolerance technologies can arise.  By examining component 
configurations, one can create pretty penetrating answers to this 
question. -- Sanjai

Luke Kanies wrote:
> Sanjai Narain wrote:
>> Presentations are invited from members of this group for a new 1/2 
>> day session on Configuration Validation 
>> http://homepages.informatics.ed.ac.uk/group/lssconf/config2006/index.html.
(Continue reading)

Permalink | Reply | 12 comments |
headers
Narayan Desai | 11 Oct 2006 21:44
Favicon

Re: New session at Configuration Management Workshop

Sanjai, I think there might be some miscommunication here. While the
sorts of problems that you are describing occur in all installations,
many of us consider their discussion to be largely theoretical. (I
mean no disrespect to your work; I know that you are actively using
these techniques in stressful environments. I find it fascinating and
topical, but most sites aren't in a position to put any of this work
into practice.) There is an unfortunately negative response to
discussion of these issues by many people who have simpler, though
serious, configuration problems _now_.

I think that Luke is concerned with the discussion of practical
solutions today, as well as nearer-term implementation issues. I must
admit that I am somewhat concerned with this issue as well. I think
that my perspective differs in that I am quite interested in the
theory as well. 

The two things that I look forward to about LISA (both the workshop
and general program) are the theory discussion, and contact
with new people that have interesting configuration problems. For what
it is work.
 -nld
Permalink | Reply | 4 comments |
headers
Sanjai Narain | 11 Oct 2006 22:11
Favicon

Re: New session at Configuration Management Workshop

Hello Narayan: I believe the new session will provide opportunities in 
both categories that you mention below. I have invited system/network 
administrators from major enterprises who, in fact, are very concerned 
about configuration errors of the types previously mentioned. Regards. 
-- Sanjai

> The two things that I look forward to about LISA (both the workshop
> and general program) are the theory discussion, and contact
> with new people that have interesting configuration problems. For what
> it is work.
>  -nld
>   

--

-- 
Sanjai Narain, Ph.D.
Senior Research Scientist
Information Assurance and Security Department
Telcordia Technologies, Inc. 
1 Telcordia Drive, Room 1N-375
Piscataway, NJ 08854
732 699 2806 (T)
908 337 3636 (M)
narain <at> research.telcordia.com
Permalink | Reply | 3 comments |
headers
Narayan Desai | 11 Oct 2006 22:25
Favicon

Re: New session at Configuration Management Workshop

>>>>> "Sanjai" == Sanjai Narain <narain <at> research.telcordia.com> writes:

  Sanjai> Hello Narayan: I believe the new session will provide
  Sanjai> opportunities in both categories that you mention below. I
  Sanjai> have invited system/network administrators from major
  Sanjai> enterprises who, in fact, are very concerned about
  Sanjai> configuration errors of the types previously
  Sanjai> mentioned. 

Sounds great. I am really looking forward to the workshop this year.
 -nld
Permalink | Reply | 0 comments |
headers
Alva Couch | 11 Oct 2006 22:38
Picon

Re: New session at Configuration Management Workshop

I disagree that the verification idea is purely theoretical.

Note that unlike configuration management tools, verification tools can
more easily be combined and can work in concert, because all that
matters is that the description of configuration goals and policies is
consistent between cooperating tools. There is thus some promise for
verification tools that are reusable and sharable, in ways that
manipulative tools have not been practical to share.

For example, it would be perfectly reasonable to write a verification
tool for a single service, such as mail, so that multiple people can
collaborate on a complex verification problem without much
communication.

In this way, verification can be seen as a first step toward automation,
for sites still using manual configuration management. It is relatively
low-cost and low-risk compared to committing to a fully automated
approach.

So there is a *very* practical angle to the verification idea that
has not been fully explored or exploited.

--

-- 
Dr. Alva L. Couch
Associate Professor of Computer Science
Associate Professor of Electrical and Computer Engineering
Tufts University, 161 College Avenue, Medford, MA 02155
Phone: +1 (617) 627-3674
Web: http://www.cs.tufts.edu/~couch
(Continue reading)

Permalink | Reply | 1 comment |

Gmane