The following components are included that are essentially equivalent to the corresponding component in the existing Solaris WBEM services, with any functional or interface-related differences indicated in section 1.3:
The following components are included in addition to existing Solaris WBEM components:
Process Providers
- support basic UNIX process information, such as name of the executable image, process ID, priority, execution state, and various process resource utilization statistics. Client applications can use these Providers to give clients an understanding of the processes running on the Managed System within the context of its operating system.The following components from existing Solaris WBEM services are not included, with support for these components contingent on additional efforts that are not part of this project (see section 1.3 for details):
The general case for WBEM support in Solaris has been established in the original ARC case, and that product was proactively maintained in Solaris 8 and 9. However, support for evolution and updates for Solaris WBEM services has not kept up with CIM technology advances and market demand. In particular, Solaris WBEM is out of date in terms of the supported JDK, CIM Schema and CIM/XML version, and uses a non-standard Provider API.
Addressing this deficiency will prevent internal groups from either abandoning SMI-S support in their products or finding a third party alternative to license. Internal groups (Amber Road, HoneyComb, AppIQ, Sysnet, etc.) will be able to use the Pegasus APIs to develop providers and client applications. As well, various Solaris OEMs and customers have developed and are developing applications and infrastructure that can interoperate with WBEM, and updating the Solaris WBEM will strengthen our presence in this technology space.
In particular, by using the OpenPegasus CIM server, Sun can leverage the existing Open Pegasus community to provide product bug fixes and enhancements.
This is a major change to the existing Solaris WBEM Services product (LSARC/1998/372 ), for the following reasons:
Ports 5988 and 5989 are specified
by the DMTF and are registered with the Internet Assigned Numbers Authority (IANA).
Feature Existing WBEM
Service OpenPegasus WBEM
Service RMI port 5987
Supported Not Supported Supported CIM Object
Manager Provided MOF
compiler Provided Provided Provided (although CMPI standard is provided only
on Pegasus) Provided Provided WBEM SDK Provided WBEM object browser SNMP protocol
adapter MIB-to-MOF
compiler Supported Not Supported CMIP protocol
adapter Supported Not
Supported CIM Standard
TBD v2.3, v2.13.1 for the
schema TBD v2.3 TBD v2.1 HTTP
Standard TBD v1.1 CIM over HTTP
Standard TBD v1.2.0 xmlCIM
Standard TBD v2.2.0
HTTP port
5988
Supported
(though not enabled by default on OpenPegasus)
HTTPS
port 5989
Not
Supported
Client
APIs
Provider
APIs
Indications APIs
Not Provided
Solaris
Providers
API
modifications needed for support of existing Solaris providers, although
generic providers are supported for operating system, Unix process and
computer system information.
Solaris
Schema
Supported
Recompile
needed for support
CIM
Workshop
Basic
command-line query of the OS provider
Security
Infrastructure
SSL
SSL, PAM,
RBAC
Supported
Not supported
MOF Standard
XML Standard
CIM
Repository
LDAP
Internal
proprietary implementation
Process
control (start, stop)
via
init.wbem
via Service
Management Facility
(SMF)
"Development" in this project consists of porting the source code to the target Solaris platforms, and integrating the working product into Nevada. Robert Harryman is leading the porting effort, and Gary Horton is leading the integration effort (both are members of the Storage Platform Software Group in the Software Division). No new functionality or features will be added as part of this project. Modifications made by Sun will be pushed back to the OpenPegasus project if approved by the Pegasus community.
Man pages and Solaris-specific release notes will be provided. The release notes will include a notice around how to co-exist with the legacy CIMOM. An administrative guide and product-specific release notes are available from OpenPegasus.
TBD
OpenSSL 0.9.8.a -- PSARC/2006/019/
| ICU
(International Components for Unicode) -- PSARC/2002/348
PAM (Pluggable Authentication Module) -- PSARC/1992/080
Greenline (Service
Management Facility) -- PSARC/2002/547
SLP (Service
Location Protocol) -- PSARC/1997/307
In terms of ongoing maintenance and evolution, there is a dependency on the OpenPegasus open source development project and community. In turn, that development relies on WBEM and CIM technologies and specifications managed by the DMTF.
None at present, though it is expected that existing clients and providers relying on the existing Solaris WBEM service will eventually migrate to use this service instead.
The existing Solaris WBEM service is expected to eventually be phased out and supplanted by this new CIM server. However, its obsolensce is not part of this case.
None.
WS-MAN
The current CIMOM is out of date and as such is likely discouraging the development of client and provider software. Alternative CIMOMs cost money. The Pegasus CIMOM will be freely available and will also provide an external community to help with feature additions and bug fixes.
The project is a realization of multiple industry standards, as such the discussion here will focus on those standards and elaborate as needed around OpenPegasus specifics. Various sections that follow will reference individual files in the ARC materials case folder for illustrations, and these are intended to be viewed in sequence with the textual content here. Note that all such files can be viewed in entirety in the single PDF file TechnicalArchitecture-drawings.pdf.
As an initial high-level overview, see overview-1.eps in the ARC materials case folder as background for this discussion.
Management applications can utilize a single WBEM client interface to obtain information from any managed element with a proxy written to the WBEM provider interface. Devices from various vendors can thus be monitored and controlled from a single management application.
See overview-2.eps in the ARC materials case folder for a closer look at the architecture.
OpenPegasus provides its own C++ API for clients, providers and consumers, and support the industry standard CMPI API for providers. The data model definitions are given in Managed Object Format (MOF), with a MOF compiler provided to add the definitions to the repository. OpenPegasus provides an out-of-the-box schema that supports provider registration, generic operating system, generic computer system, Unix process, DNS, NTP and IP information. The particular CIM schema supported in the repository in version 2.13.1.
See overview-3.eps in the ARC materials case folder for an illustration of communication between client and server.
OpenPegasus exposes WBEM-standard ports 5988 for HTTP and 5989 for HTTPS. The standard for encoding CIM into XML is known as xmlCIM. These CIM messages are transported over HTTP; this standard is referred to as CIM Operations over HTTP. Overall, the standard comprising the CIM data model, encoding in XML, set of operations and HTTP transport is known as CIM-XML. Clients may also use the CIM Query Language to request information.
If clients wish to perform dynamic discovery of CIM servers in a network environment, Service Location Protocol is used. Use of SLP also facilitates determining non-standard ports the CIM server might be using instead of the WBEM standards.
Startup and shutdown of OpenPegasus is done with Solaris Service Management Facility (SMF). Prior to any client operations, authentication is done via Pluggable Authentication Module (PAM) and access control (authorization) is managed using RBAC profiles and roles. Secure Socket Layer (SSL) is combined with Public Key Infrastructure (PKI) to provide additional security in the forms of confidentiality (encryption), data integrity and mutual authentication.
See diagram.eps and interface-table.eps in the ARC materials case folder for a diagrammatic view and abbreviated legend around the following interface tables:
| Interface | Stability | Specified in What Document? | Comments | ||||||||||||||||||||||||||||||||
| [A] Port 5988 | Committed | http://www.dmtf.org/standards/published_documents/DSP200.html (section 4.7) and IANA | Recommended port for WBEM HTTPS, as authorized by IANA | ||||||||||||||||||||||||||||||||
| [A] Port 5989 | Committed | http://www.dmtf.org/standards/published_documents/DSP200.html (section 4.7) and IANA | Recommended port for WBEM HTTPS, as authorized by IANA | ||||||||||||||||||||||||||||||||
|
[B] Command Line Interface
|
Committed | OpenPegasus External Interface Definition, section 2.3 | Utilities as described in Interface column | ||||||||||||||||||||||||||||||||
| [C] C++ API - Common, Client, Provider, Consumer | Committed | OpenPegasus External Interface Definition, section 2.1 | An OpenPegasus non-standard API | ||||||||||||||||||||||||||||||||
| [D] CMPI Provider API version 2.0 | Committed | OpenPegasus External Interface Definition, section 2.2.1. Also see Reference [6]. | CMPI is a standard C/C++ API for WBEM-based providers. | ||||||||||||||||||||||||||||||||
| [E] OpenPegasus Schema | Committed | OpenPegasus External Interface Definition, section 2.2.2 | Support for provider registration, generic operating system, generic computer system, unix process, DNS, NTP and IP information. | ||||||||||||||||||||||||||||||||
| [F] OpenPegasus Configuration Parameters | Committed |
OpenPegasus External Interface Definition, section 2.4 |
Runtime options; note that additionally, Pegasus Enhancement Proposal #292 specifies recommended options for building, testing and running OpenPegasus 2.7.0 on a selected set of platforms | ||||||||||||||||||||||||||||||||
|
[H] DMTF CIM Schema 2.13.1 |
Committed | http://www.dmtf.org/standards/cim/cim_schema_v2131 | The specific CIM data model used in the CIM-XML framework. | ||||||||||||||||||||||||||||||||
| [I] Representation of CIM in XML (xmlCIM), version 2.2.0 | Committed | http://www.dmtf.org/standards/published_documents/DSP201.html | The specific CIM-to-XML mapping used for messages in the CIM-XML framework. Used for both declarations and messages. | ||||||||||||||||||||||||||||||||
| [J] CIM Operations over HTTP, version 1.2.0 | Committed | http://www.dmtf.org/standards/published_documents/DSP200.html | The mapping of CIM Messages onto HTTP | ||||||||||||||||||||||||||||||||
| [K] CIM Query Language, version 1.0.0 | Committed | http://www.dmtf.org/standards/published_documents/DSP0202_1.0.0.pdf |
A query language used to extract data from a CIM-based management infrastructure. | ||||||||||||||||||||||||||||||||
| [L] MOF Language | Committed | http://www.dmtf.org/standards/published_documents/DSP0004V2.3_final.pdf | A BNF-based language used to declare classes, operations, properties, associations and etc. as needed to describe managed resources. | ||||||||||||||||||||||||||||||||
| [M] MOF Files bundled w/Pegasus | Committed | As found in distribution directory ./pegasus/Schemas for CIM Schemas 2.13.1, 2.9, 2.5 and 2.0 | User uses the MOF compiler (which is part of the CLI: the cimmof command) to compile the desired CIM schema into the repository | ||||||||||||||||||||||||||||||||
| [N] RBAC Authorizations | Committed | TBD | RBAC will used to establish a least-privilege model for start/stopping the CIM server. | ||||||||||||||||||||||||||||||||
| [O] SLP Advertisements | Committed | http://www.openpegasus.org/pp/uploads/40/5498/PEP30_slp.html | The template used by Pegasus to advertise its service. | ||||||||||||||||||||||||||||||||
| [P] SMF Manifest | Committed | TBD | The project will use SMF to start/stop the product and to initiate startup with alternate port numbers | ||||||||||||||||||||||||||||||||
| [U] Compile-time symbols | Committed | ./mak/platform_SOLARIS_SPARC_CC.mak
./mak/platform_SOLARIS_SPARC_GNU.mak ./mak/platform_SOLARIS_X86_CC.mak ./mak/platform_SOLARIS_X86_64_CC.mak ./mak/platform_SOLARIS_SPARC_64_CC.mak ./src/Pegasus/Common/Platform_SOLARIS_SPARC_CC.h ./src/Pegasus/Common/Platform_SOLARIS_SPARC_GNU.h ./src/Pegasus/Common/Platform_SOLARIS_X86_CC.h ./src/Pegasus/Common/Platform_SOLARIS_X86_64_CC.h ./src/Pegasus/Common/Platform_SOLARIS_SPARC_64_CC.h ./src/SDK/samples/mak/SOLARIS_X86_CC.mak ./src/SDK/samples/mak/SOLARIS_X86_64_CC.mak ./src/SDK/samples/mak/SOLARIS_SPARC_CC.mak ./src/SDK/samples/mak/SOLARIS_SPARC_64_CC.mak |
The project will add new platform definitions to
the OpenPegasus platform. These will Additionally a #ifdef will be used to
discriminate usage of Solaris SLP vs OpenSLP, with The symbols added by this project are specific to
the Solaris platform; of course, other | ||||||||||||||||||||||||||||||||
| [V] C++ Provider API libraries: libpegclient.so, libpegprovider.so, and libpegcommon.so | Committed | http://cvs.opengroup.org/pegasus-doc/CProviderInterfaces.html | The runtime libraries used by providers in and clients of the CIM server. | ||||||||||||||||||||||||||||||||
| [Y] SUNWcimserver package name | Uncommitted | http://wolfman.sfbay/cgi-bin/wolfman/login_check.sh | The registered name for the Solaris package. Stability level is Uncommitted as per LSARC inception review request. |
| Interface | Stability | Specified in What Document? | Comments |
| [Q] PAM (Pluggable Authentication Module) - /etc/pam.d | Committed | PSARC/1992/080 and man page for pam | The project will add/modify entries as needed to /etc/pam.d (TBD) |
| [P] Service Management Facility | Committed | PSARC/2002/547 and man page for smf | The project will use SMF to start/stop the product and to initiate startup with alternate port numbers |
| [O] Solaris SLP (Service Location Protocol) | Committed | PSARC/1997/307 and man page for slp, slpd | The project will use SLP to act as an SA and advertise itself as a wbem service |
| [R] OpenSSL 0.9.8.a | Committed | PSARC/2006/019 and man page for openssl | The project will use SSL for encrypted connections over HTTP and for mutual certificate-based authentication. |
| [A] HTTP 1.1 | Committed | http://www.w3.org/Protocols/rfc2616/rfc2616.html | HTTP is the standard WBEM transport protocol. |
| [S] XML DocumentType Definition, version 2.1 | Committed | http://www.w3.org/XML/1998/06/xmlspec-report-v21.htm | The CIM schema is encoded in XML. |
| [N] RBAC - user_attr, auth_attr, prof_attr, exec_attr | Committed | Solaris Man Pages | RBAC will used to establish a least-privilege model for start/stopping the CIM server. |
|
[T] CIM Infrastructure Specification, version 2.3
|
Committed | http://www.dmtf.org/standards/published_documents/DSP0004V2.3_final.pdf |
Defines the foundation for CIM, including the management schema (Core, Common and Extensions models), the meta-schema (datatypes, qualifiers, etc.), the MOF language and namespaces. |
| [Aggregate of H, I, J and A] CIM-XML | Committed | http://www.dmtf.org/standards/wbem/CIM-XML/ | Comprises the CIM data model, encoding in XML, set of operations and HTTP transport. The given document lists various individual specifications addressing each of these areas, and following entries in this table list the specific ones use by OpenPegasus. |
|
[H] DMTF CIM Schema 2.13.1 |
Committed | http://www.dmtf.org/standards/cim/cim_schema_v2131 | The specific CIM data model used in the CIM-XML framework. |
|
[I] Representation of CIM in XML (xmlCIM), version 2.2.0 |
Committed | http://www.dmtf.org/standards/published_documents/DSP201.html | The specific CIM-to-XML mapping used for messages in the CIM-XML framework. Used for both declarations and messages. |
| [J] CIM Operations over HTTP, version 1.2.0 | Committed | http://www.dmtf.org/standards/published_documents/DSP200.html | The mapping of CIM Messages onto HTTP |
| [K] CIM Query Language, version 1.0.0 | Committed | http://www.dmtf.org/standards/published_documents/DSP0202_1.0.0.pdf |
A query language used to extract data from a CIM-based management infrastructure. |
| [W] Solaris libraries | Committed |
For 32-bit:
/usr/lib/libpthread.so.1 For 64-bit:
/lib/amd64/libpthread.so.1 |
Imported from Solaris |
| | [X] International Components for Unicode (ICU) | | Committed |
| /usr/lib/libicudata.so |
| Libraries and header files supporting I18N needs |
The project does not include a GUI.
CLI commands used for management of Pegasus are listed above as item [B] in the Exported Interfaces table.OpenPegasus supports version 2.0 of the CMPI standard[6], a C/C++ interface for providers maintained by the Open Group. The C++ interface preserves binary compatibility as a wrapper for the C interface.
The following DMTF standards are supported[7]:
| DMTF Specification | Specification Version |
| DSP 0004 - CIM Infrastructure Specification | 2.3 Final, 4 October 2005 |
| DSP 0200 - CIM Operations over HTTP | 1.2.0, preliminary, 9 December 2004 |
| DSP 0201 - Representation of CIM in XML | 2.2.0, preliminary, December 2004 |
| DSP 0202 - CIM Query Language Specification | 1.0.0, preliminary, 9 December 2004 |
| DSP 0205 - WBEM Discovery using SLP | 1.0, preliminary, 27 January 2004 |
| DSP 0206 - WBEM SLP Template | 1.0.0, Preliminary, January 2004 |
| CIM Schema | 2.13.1 Final, Jan. 2005 ( default) |
IPv6 is supported[9].
Additional standards, as given above in the interface tables, are as follows:
Standard Specification Version MOF Language 2.3 Service Location Protocol v2 Secure Socket Layer 3.0 HTTP 1.1 XML DocumentType Definition 2.1
Nevada, SPARC/x86, 32/64bit
Pegasus will co-exist with Solaris WBEM Services, even though there is a port conflict regarding HTTP 5988. This will be accomplished in the following manner:
- The Pegasus service will be disabled by default. In this case, SMC/WBEM will run and acquire port 5988 without problem.
- If Pegasus is enabled, the default configuration is to expose only 5989 (HTTPS). In this case, both SMC/WBEM and Pegasus will run concurrently without problem.
- The user has the option to configure Pegasus to expose 5988. If SMC/WBEM is already running when the user starts Pegasus, the Pegasus execution will terminate with a message around port conflict. If Pegasus is already running when the user starts SMC/WBEM, the SMC/WBEM execution will terminate with a message around port conflict. A workaround (see next scenario) will be described in the Pegasus Release Notes.
- The user has the option to start Pegasus on an alternate set of ports, i.e. the WBEM standard ports of 5988/5989 will not be used. In this case, both SMC/WBEM and Pegasus will run concurrently without problem.
As long as startup is done by specifying ports not already in use, multiple concurrent instances are supported. The command-line interface for startup provides for this kind of configuration.
Forward and backward compatibility are intended to be maintained by the open source community, though this is not totally under our own control since this is an open source codebase.
See the following documents:
http://www.openpegasus.org/pp/uploads/40/7452/pep224_testarch.htm - as provided by the OpenPegasus community
http://www.knom.or.kr/knom-review/v8n2/2.pdf - a white paper describing exhaustive performance evaluations of threee industry-leading WBEM servers, including OpenPegasus, OpenWBEM from Center7 and the existing Solaris WBEM Services. Excerpts of note:
"Many vendors are especially interested in OpenPegasus over other WBEM implementations because (of its) desirable characteristics ... it is a lightweight and efficient implementation because of its great regard for execution performance."
"Overall, WBEM Services performed the worst where as OpenPegasus and OpenWBEM performed relatively the same. We suspect that the reason for poor performance by WBEM Services compared to the other two is because it is implemented in Java."
As such, our conclusion is that this project will be at least as performant as the existing Solaris WBEM service.
The intended usage is for a fixed footprint of data to reside in the CIMOM repository, representing the classes in the schema. Objects, properties, associations, etc. in the operational environment are a function of the providers that plug into the CIMOM. As the number of objects in the environment grow, the overall footprint grows. Possible bottlenecks include number of client sessions and simultaneous requests, repository (xml vs binary) and how providers utilize it, and number of providers and their behavior.
Binary footprint is approximately 500M, including the repository. This will increase as a function of how many providers are added by the user to the CIM server.
Memory resource consumption comprises about 22M for the CIM server.
Disk space exhaustion may result in failure to continue logging and/or to load additional providers (since the persistent schema space expands for each new provider). Memory exhaustion will result in immediate process termination.
It has been observed by members of the open-source community that Pegasus will stop processing associations altogether. The only remedy found to-date is to entirely delete the repository and rebuild it.
2.6.3 Network Failures
Since WBEM clients contact the CIM server via HTTP, a network failure would be seen as a failure to connect to the server and/or receive a pending response. Understanding the details of client behavior in this context is not in scope for this project.
The worst case failure is a disk crash or process failure causing corruption of the CIM repository and instance data as maintained by the providers. Recovery in this case is not problematic; the user would reconstruct the CIM repository with existing command line utilities that compile MOF files into repository classes, properties, etc. On subsequent restart, there is no concern for loss of any historical data since that is not the purpose of the system; instead, a representation of current overall system state would become available as the providers initialize and clients make requests for that state, i.e. data integrity is quickly restored with current state in short order on restart.
No checkpointing is done. There is an internal repository that persists various aspects of state. If a system crash calls for a rollback to a previous state, or if e.g. ZFS is rolled back, the user may need to re-register various parts of the schema, and loss of data is not necessarily an issue since these schema pieces are generated from existing external MOF files. Loss of dynamic data gathered from the various providers is not an issue either since the intent is only to provide current state rather than historical data, and current state will be restored shortly after the next session is started.
TBD
TBD
Startup and shutdown of OpenPegasus is done with Solaris Service Management Facility (SMF). Prior to any client operations, authentication is done via Pluggable Authentication Module (PAM) and access control (authorization) is managed using RBAC profiles and roles. Secure Socket Layer (SSL) is combined with Public Key Infrastructure (PKI) to provide additional security in the forms of confidentiality (encryption), data integrity and mutual authentication.
For additional information, see Security Questionnaire in case materials.
Proposed package name is SUNWwbem.
None.
Done
64 bit supported. Lint -errchk=longptr64 : TBD
As per the 2.7 Release Notes:
|
Platform and
OS |
Compilers |
|
HP-UX |
HP C++ B3910B |
|
Linux on Power |
gcc |
|
zLinux |
gcc |
|
Linux
Itanium |
gcc |
| Linux IA-32 | gcc (versions 2.9x,
3.xx, 4.xx) |
|
Linux
X86_64 |
gcc (versions 2.9x, 3.xx, 4.xx) |
|
Windows 2000 |
Microsoft Visual C++ Ver. 6 and Microsoft .Net compiler version. Works on VC .NET 2003 v7.1). NOTE: Visual C++ Ver. 6 no longer being regularly tested. |
| Windows XP, Windows 2003 | Microsoft Visual C++ Ver. 6 and Microsoft .Net compiler Version 7.1. Note: Visual C++ Ver. 6 no longer being regular tested. |
| MacOS version 10.3 and higher | gcc 4.01 |
| HP OpenVMS 8.3 or later Alpha | HP C++ V7.3-009 or later requiredfor OpenVMS Alpha |
| HP OpenVMS 8.3 or later IA64 | HP C++ V7.3-023 or later required on OpenVMS IA64 |
| Solaris 8 | GNU
2.95.3, Sun CC compiler V 5.8. Note that the latest thread patch
(108993) may be required. (see Pegasus bug
4632) |
| Solaris 9 | GNU
2.95.3, Sun WorkShop 6 update 2 C++ 5.3, patch 111685-22
2005/04/09 |
N.A.
A single required package will be delivered. It will install the Pegasus CIMOM, repository and related configuration and utility tools.
TBD
As described in section 2.4.5, OpenPegasus will co-exist gracefully with the existing legacy Solaris WBEM.
pkgadd
SMF, RBAC and PAM configuration will take place during installation (details TBD).
None
The Pegasus project uses the MIT open source license.
Versioning will follow the Opengroup's versioning of Pegasus.
pkgrm
CLI commands used for management of Pegasus are listed above as item [B] in the Exported Interfaces table.
The CIM Server is the primary component. See section 2.1 for a more detailed overview.
CLI commands used for management of Pegasus are listed above as item [B] in the Exported Interfaces table.
Refer to ARC materials for the original CIMOM.
See the OpenPegasus website.
Refer to interface tables in 2.2.1 and 2.2.2.
Refer to documents in 2.1.
R.6 Referenced Documents and Resources
[1] http://sac.eng/arc/Processes/Client.Handbook/
[2] http://sac.eng/BestPractices/interface_taxonomy.txt/
[3] Motif 1.2 Style Guide (sun part no. 801-5366-10)
[4] CDE Style Guide and Certification Checklist (Sun part no. 802-1581-10)
[5] Architectural Considerations Document, http://sac.eng.sun.com/arc/ARC-Considerations.html [