Funktionen

Our Research Area

The following topics characterise the main focus of research and teaching:

• communications systems and protocols
• Internet-based services, middleware and grids
• design of IT-systems/networks-structures
• concepts and methods of IT-management
• systems programming, operating systems, distributed systems

At present, especially the research areas below are addressed that also lead to several long-term third-party funded projects.

The research work of this unit is strongly internationally oriented. Prof. Hegering for example received the IFIP/IEEE Dan Stokesberry Memorial Award "for his outstanding contribution to the field of Integrated Network Management" in 2001.

IT-Management Concepts and Methods

As a consequence of global-wide networking and new forms of tele-cooperations the commercial relevance of networked systems, distributed applications and distributedly provided IT-services is increasing. As one of the first groups in Germany this research unit is engaged in questions of the network-, system-, application-, enterprise- and service-management. Research is done in tight cooperation with international developers and users and in consideration of standards and best-practice-guides like ITIL, eTOM and others. This topic is intertwined with economic questions of business process modeling and the foundation of virtual organisations.

Service Management

Service management mainly is concerned with the development of new concepts and a universal architecture (service-management platform) to form the basis for an all-embracing service-management. Subquestions are the specification of service dependencies, the development of a universal service model, the modeling of customer-provider-interactions at the service access interface and the modeling of service level agreements (SLAs).

Policy-based Management.

Policies enable the transition from purely imperative management approaches to a declarative paradigm and therefore provide better support for distributed management. These policy-based techniques are predestinated for highly dynamic and mobile environments. Research is done with cooperation partners to analyse how far these concepts are suitable for the management of, e.g., mobile networks of the 4th generation. Another research topic is the development of a methodology to support business and management processes using policy techniques with the objective to realize them automated in concrete management architectures. With the distributed specification of policies and their refinement into operational policies (machine-executable) conflicts can occur. There are two basic approaches to treat these conflicts: The preventive detection of potential conflicts and the reactive solution of conflicts that already have occurred. For both possibilities formal IT-management-models are analysed and specified to find invariances that are applicable to conflict-treatment.

Management of customer-provider-interactions.

Utilising and provisioning of services as well as their quality are negotiated between customer and provider in a service level agreement (SLA). The unambiguous specification of quality attributes that are monitored and enforced during the operation of a service is a precondition for meaningful SLAs. Therefore formal and all-purpose description and modeling techniques based on existing standards are developed. In today's systems customers increasingly demand a technical interaction-interface to the management-system of the service-provider. At the so called customer-service-management (CSM) interface the customer shall be granted a uniform, but client-specific, view to the service, its current state, its current quality of service (QoS) as well as to the reporting of the service. Above all the customer shall be able to adapt the service to his current needs within the limits that were negotiated before.

In order to realise a CSM the provider has to change its component-based management system, thereby paving the way for a customer-based and service-specific paradigm. This leads to new questions. To identify the quality of a service customer-specific parameters have to be declared and monitored. Therefore, methods have to be found to map the quality-of-service-parameters on the several layers of the management hierarchy, which is to map customer-specific QoS-parameters on system- and component-specific QoS-parameters and vice versa. Today complex services are not offered by a single provider but by a chain of several providers, therefore mappings on the several QoS-architectures of each provider are also necessary (difficulty of mapping in the provider hierarchy).

Similar difficulties exist within the fault- and problem-management. The provider is forced to consider his infrastructure and his components from the point of view of the customer. In this context the question occurs how component-driven error-messages (events) could be associated to a specific service or customer. On the other hand there is the need to find the causative component as fast as possible after receiving an error report (trouble ticket) from a customer concerning a specific service. Both mappings, bottom-up as well as top-down are subject of research work.

Architectures and Concepts for the Support of process-oriented IT Service Management.

Process-oriented IT Service Management focuses on organizational, technology-independent aspects of service provisioning and defines relevant business processes. Present tools and architectures for the support of IT-management either deal solely with the monitoring and controlling of the technical infrastructure or support only particular processes of service management. Up to now, there are no architectures or concepts for integrating these tools. The TeleManagement-Forum is engaged in addressing these problems for eTOM-processes in its NGOSS (New Generation Operations Support Systems) project, but there is no corresponding framework in sight for the, in Europe much more widely-spread, ITIL. The definition of appropriate information models as well as the challenges concerning workflow-control and communication among distributed management-applications are the main research topics of this unit.

Service-Oriented Event Correlation.

While the event correlation that is performed by commercial systems mainly deals with events originated from the network and end systems, the aim of the service-oriented event correlation approach is to integrate service-related events into the event correlation process. These events formalize customer reports about current service quality problems and are matched to each other in the first place as well as to correlated events from the network and end systems management. An example to show the new kinds of challenges that arise in this context is a customer report about a slow data transfer which is caused by a high link utilization. The high link utilization cannot be classified as a fault, but it can lead to a violation of the bandwidth agreed between customer and provider and has therefore to be treated by the network and systems management.

Impact Analysis.

The outcome of the event correlation for services is a resource which has been classified as the problem's root cause. The impact analysis starts from an actual or assumed resource failure and investigates the consequences for services, the service subscribers and their Service Level Agreements. This analysis has to consider several influence factors like different kinds of dependencies for services and resources, Service Level Agreements, or the current service usage. In addition, a decision support is given to select recovery alternatives for the failure treatment with respect to the determined impact over time.

Cooperations:

BMW Group, T-Systems, Siemens ICN, Siemens CT, Cisco, IBM Research Labs Rüschlikon, INRIA Nancy,Hewlett-Packard Research Labs Bristol, Frauenhofer Fokus, German Research Network (DFN), DG Bank, RWTH Aachen, Imperial College London, University of Pretoria

Management and Security Architectures for Federations

Similar to the foundation of Virtual Organizations in Grid projects, B2B outsourcing and supply chain management based inter-organizational cooperations establish Federations to enhance the use of applications and access to resources across organizational boundaries.

Many aspects of authentication, authorization, accounting and auditing have to be adapted to federated environments, as resources are still owned by one organization, but access to them may be granted by others. Which new services are needed to realize such scenarios and how can the autonomy and autarchy of each involved organization be retained? The research topics we address include:

• formal and dynamic trust level management,
• interoperability issues with Federated Identity Management protocols and standards,
• privacy policy management,
• dynamic policy mapping,
• federated intrusion detection and prevention,
• cross-organizational single sign-on,
• delegation of rights, tasks and policies,
• PKI and SPKI enhancements for federated scenarios

Some subquestions are how the security of critical management functions could be increased with the use of federated security concepts and extended authorisation mechanisms, and how single management tasks could be delegated in an efficient and secure way. This aims towards a security architecture for federative and interorganisational management systems.

Our cooperation partners include:

• DFG-Project IntegraTUM
• Project "Security Engineering" at the Technical University of Munich
• BMW Group
• Infineon
• LKA Bayern

System Preconditions and Architectures for IT-Outsourcing

IT-outsourcing is the relocation of IT-services to external service providers who are not part of the own organisation. The provisioning of complex application services via networks (ASP) holds particular challenges for the IT-management. In addition to classic difficulties of QoS-management, these challenges include the addressing of security concerns on the part of the customer and the provisioning of controlling tools for the customer (e.g. for ad-hoc ordering of standard services or requesting accounting-information), due to the fact that by outsourcing, the customer hands over direct control over service provisioning to the service provider. Additional questions concerning this topic arise against the background of increasing trends towards a partial dynamic composition of services (e.g. with Web Services) across several domain boundaries.

Cooperations:

German Research Network (DFN), BMW Group, T-Systems

Grid Computing

Grid Computing started in the late 90's in order to accomplish complex physical computations by linking supercomputers distributed worldwide. Based on these experiences the Grid concept has been extended to coordinated sharing of resources (e.g. computers, instruments, software, or data) and problem solving in dynamic, multi-institutional virtual organizations. Typical examples can be found in weather forecasting, in astronomy projects, in the genome projects, in medical research, or in economic simulations. Although Grid Computing paved the way to a new science paradigm that is enabled by the routine use of distributed computing resources by end-user scientists (e-science), more recently the industry signaled an increasing interest in Grid Computing as well.

In order to better understand the Grid Computing paradigm in general, the essential middleware services, and the new management challenges related to the Grid, the MNM Team has joined several national and international cooperations and projects:

• The Distributed European Infrastructure for Supercomputing Applications (DEISA) is a consortium of leading national supercomputing centres that currently deploys and operates a persistent, production quality, distributed supercomputing environment with continental scope. The DEISA supercomputing infrastructure is constituted of a super-cluster of computing nodes which are located in different countries, but which appears to end users as a single unified system capable to efficiently share data across a wide area network and to redistribute the computational workload by migrating jobs across national borders. The DEISA infrastructure fully exploits the network bandwidth (up to 10 Gb/s) provided by the European research network GEANT and the national research networks (e.g. DFN in Germany).
• The D-Grid is a new initiative for the promotion of a sustainable Grid-based e-science framework in Germany. Major challenges of the D-Grid initiative are the development and the deployment of an adequate cyber infrastructure (networks, middleware) enabling the provisioning, discovery, and consumption of Grid resources like computing cycles, data, information, and applications. D-Grid is currently calling for project tenders.
• Uniform Interface to Computing Resources (UNICORE/UNICOREplus) is a project funded by the German Federal Ministry of Education and Research (BMBF) with the objective to produce a seamless infrastructure specifically designed for the use of high performance computers typically deployed state- or nationwide allowing to formulate computational jobs without any detailed knowledge as far as the specifics of the resources are concerned.

For all these projects the MNM Team contributes to the deployment, the network management of the respective infrastructures, the security management, and to the management of the Virtual Organizations. In addition, the MNM Team contributes to the Global Grid Forum (GGF) as the Grid Standards Authority. The team also participates in GridLab and AccessGrid activities.