WDACS Scheme as PBNM for Plural Organizations

WDACS Scheme as PBNM for Plural Organizations

DOI: 10.4018/978-1-68318-003-6.ch007
OnDemand PDF Download:
$30.00
List Price: $37.50

Chapter Preview

Top

Background

When it is thought that Internet system is managed by some kind of methods, the communication control mechanism needs to be located on the course between network servers and clients without exception in the existing network which does not depend on the DACS Scheme. On the other hand, the DACS Scheme locates the communication controls mechanisms on each client. In other words, the software for communication control is installed on each client. So, by devising the installing mechanism letting users install software to the client easily, it becomes possible to apply the second scheme to the Internet system management.

However, it is difficult to manage the whole Internet system by using a policy-based thinking from the beginning. An enormous number of problems are assumed. Therefore, this chapter illustrates the mechanism of managing the WAN which connects some LANs as a stage before managing the whole Internet system. Indeed, by extending the DACS Scheme, the scheme for the WAN management is examined. The results of the DACS system implementation to realize the DACS Scheme. Here, this system is extended so as to move on the WAN. The examples of the technical problem to make the DACS system move on the WAN are described below.

  • Problem 1: When the private IP addresses are assigned to the network servers and clients in the different LANs, the same IP address may be assigned to them. In addition, the same user name may be used in the different LANs. In this case, correct communication may not be guaranteed.

  • Problem 2: When the network servers and clients send network communications to each other, these communications may be obstructed by the translation mechanism such as the NAT/NAPT.

  • Problem 3: There is no mechanism to hand over the key for encrypting the network communication from the clients to each client or each user.

Top

Concept Of The Cloud Type Virtual Pbnm For The Common Use Between Plural Organizations

Figure 1 shows the proposed concept. Since the existing wDACS Scheme realized the PBNM control with the software called the DACS Server and the DACS Client, the other mechanism was not needed. By this point, the application to the cloud environment becomes easy.

Figure 1.

Concept of the proposed scheme

The proposed scheme in this chapter (Odagiri, Shimizu, Ishii, & Takizawa, 2015; Odagiri, Shimizu, Takizawa, & Ishii, 2016) realizes the common usage by plural organizations by adding the following elements:

  • Element 1: User identification of plural organizations.

  • Element 2: Management of the policy information of plural organizations.

  • Element 3: Application of the PKI for code communication in the Internet.

  • Element 4: Redundant configuration of the DACS Server (policy information server).

  • Element 5: Load balancing configuration of the DACS Server.

  • Element 6: Installation function of DACS Client by way of the Internet.

Figure 2.

Concept of the proposed scheme

Complete Chapter List

Search this Book:
Reset