Research
People
- Leadership
- People
- Jobs
- Awards
- Blogs
About
- About
- Worldwide Sites

Automatic Policy Rule Extraction for Configuration Management

Who We Are
- »HPL Israel Home
- »Director's biography
- »Our people

Research

»Enterprise Swarm Research Program

Current Projects

Past Projects

Collaboration
- »Open Innovation

News & Information

Visitor Information
- »Directions & Map

Related Links
- »Worlwide sites

This work allows new IT automation technology for configuration management: automatic baseline policy extraction out of the Configuration Management Data Base (CMDB). Whereas authoring a configuration policy rule manually is time consuming and unlikely to realize the actual state of the configurations in the overall organization, this new approach summarizes the de-facto policies from the data. IT staff, instead of authoring the policy rule, is required to simply validate the automatically extracted policy. Our technology applies datamining to organization’s configuration assets in the CMDB, and automatically identifies repeating structures of compound configurations. Based on these repeating structures, we build policy rules for compound configuration items. The heart of our technique is a new distance measure we introduce between the configuration assets, whose computation is reduced to a minimum-cost flow problem.
Demo
View the following presentation that demonstrates the Configuration Manager and its breakthrough capabilities due to this technology:
Technology
High Level Algorithm. The technical challenge we face is finding patterns of Composite Configuration Items (CI). We can coarsely break the problem down to three main sub-tasks: 1) Computing the similarity between composite CIs 2) Finding frequent patterns of CIs, and 3) Cluster and generating a baseline policies. In particular, the Composite CIs are represented as trees. Thus item 1) required to correctly define a similarity measure. Once this is done, an efficient methode way should be advised to find the frequent patterns and cluster them. The former appeared to be the more challenging task in this case. Composite CIs Similarity. To define the correct similarty measure, we considered a list of requirement for these tree distances. As it appeared one of the major differences from previous work was the multiplicity of similar sibling sub-trees that should be regarded differently, depending on the type of the sub-tree. We intoduce a recursive assingment problem of sibling sub-trees, and then reduce this assignment to a minimum cost flow problem, which we solve using a successive shortest path algorithm in polynomial time.
News & Publication
Automatic Policy Rule Extraction for Configuration Management Ron Banner; Omer Barkol; Ruth Bergman; Shahar Golan; Yuval Carmely; Ido IshHurwitzy; and Oded Zilinsky [Technical Report] Conference presentation