ipfc-developer
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipfc-developer] IPFC extensions

From: Alexandre Dulaunoy
Subject: Re: [Ipfc-developer] IPFC extensions
Date: Tue, 25 Mar 2003 13:15:37 +0100 (CET) 
On Mon, 24 Mar 2003, Glauber Reis wrote:

> I think,it's my humble opinion, IPFC should also
> support remote configuration like when an XML-message
> is delivered to the DR-Server the (new kind of)
> wrapper ( the "
> i-know-how-to-configure-localhost-services" kind)
> could also verify if there is a "message" awating it,
> then it would get the message, configure the necessary
> files, restart the service and report back to the
> "IPFC layer" if it was succeful or not (rolling back
> if something went wrong). I think it would be
> necessary to extend IPFC protocol itself and i think
> there is no drawback at all since only the
> "extended-wrapper" and the dr-server would be aware of
> that new type of message. I dont think that creating
> another MSS framework would be of any good, a
> IPFC-protocol extension would be much better since the
> IPFC framework itself is very good. This way, one can
> tackle two problems, remotely monitoring security
> applications and configuring them.
> I am going to code a basic wrapper that would
> understand some local-host-configuration extension,
> not useful at all, just to see if it fits...
> The extensions still need to be agreed upon (if they
> are desired anyways).
> 
> What do you folks think?

You  can use  the  IPFC infrastructure  (XML  message and  the 3  zone
structure) to distribute  in the other way the  messages. This is also
the purpose of the infrastructure.

You have  also to add the  verification of XML signature  on the agent
side  and  add  some  complexity  in  the agent  in  order  to  manage
configuration and software install. 

IMHO, the structure for configuration  (on the backend side) should be
fully separated from the event side. 


> Do you think of extending IPFC to a much broader
> focus, i mean jumping from a MSS framework to a MS
> framework?

It's still a MSS framework ;-)

Have a nice day,

adulau


-- 
                              Alexandre Dulaunoy -- http://www.foo.be/
  3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD  ---   AD993-6BONE
"People who fight may lose.People who do not fight have already lost."
                                                        Bertolt Brecht
reply via email to
[Prev in Thread] Current Thread [Next in Thread]