The N1 Service Provisioning System Software Architecture

The N1 Service Provisioning System software is a distributed software platform that automates the deployment and configuration tasks in an enterprise wide computing environment and provides increased visibility and control of the servers, installed applications, and file structures.

The provisioning software includes the following special-purpose applications:

• Master Server, a server that hosts the N1 Service Provisioning System software application. This server stores components and plans and provides an interface for managing application deployments. There can only be one Master Server within an enterprise.

• Remote Agent, small management applications that perform operations on the individual host on which it is installed. Every host that is under provisioning software control must have the Remote Agent installed.

• Local Distributors, optional servers that act as a proxy for the Master Server to optimize network communications across data centers, through firewalls, and to reduce the load on the Gold Server.

• Command Line Interface Client, establishes a communication path to the Master Server allowing command execution on the Master Server.

• Web Server, establishes a communication path to the Master Server allowing control of the N1 Service Provisioning System software through the use of a web browser.

The following illustration shows how an example of how applications might be installed on an enterprise network.

Figure 1–1 The N1 Service Provisioning System Software Architecture.

Master Server (MS)

The Master Server is the main processing engine of the N1 Service Provisioning System software . It is installed on a dedicated machine and provides the primary processing engine that drive the various provisioning software functions. The Master Server houses the database that defines all the objects, object attributes, and plans that define the tasks to be performed. The Master Server also runs a Command Line Interface (CLI) client to provide typed control over the N1 Service Provisioning System software and a web server that provides the HTML (graphical) interface.

The Master Server:

• A database identifying all hosts registered in the provisioning software

• A database of system objects, components, and plans

• Performs version control on the objects stored in the repository

• Authenticates IT operators and ensures that only authorized users perform specific operations

• Includes special purpose engines for performing tasks such as dependency tracking and deployments

• Provides both an HTML interface and a command-line interface for users

The N1 Service Provisioning System software repository stores components and plans in a secure, embedded SQL relational database accessible only to authorized users. The repository tracks the version of each component and each plan. For example, as part of a deployment, an IT operator can run plan version 5, which deploys version 3 of a Web server and a version 4 of a custom application.

In live data center operations, proposed changes to applications can come from many sources: from the original application development group, from the QA team, and from the IT team managing production servers. The provisioning software enables IT operators to capture configuration data from any of these sources and check these changes into the repository. IT operators can use the command line interface (CLI) to access any machine on the network and capture its configuration data. Alternatively, they can install a Remote Agent on a machine and then use the HTML interface to select resources from the machine that the provisioning software stores in the repository and combines with configuration data to create a component.

Remote Agent (RA)

A Remote Agent is a Java^TM application that runs on every system managed by the N1 Service Provisioning System software . Its job is to perform the tasks requested by the Master Server. Because Remote Agents are typically invoked only when application is being brought up or taken down, Remote Agents do not compete for resources with applications on data center servers.

Remote Agents:

• Report server hardware and software configurations to the Master Server

• Start and stop services

• Manage directory contents and properties

• Caches applications and/or directories and files before actual installation

• Install and uninstall software

• Run OS commands and native scripts specified in component models

Local Distributor (LD)

The use of Local Distributors is optional. When used they become a proxy that temporarily acts as the Master Server to optimizes the distribution and management of applications, files, and directories.

Data centers can use Local Distributors to:

• Minimize network traffic during deployments. The Master Server can send one copy of a component to a Local Distributor, which then replicates the component for installation on a collection of servers through the use of the Remote Agent.

• Minimize firewall reconfigurations. If a firewall stands between the Master Server and a collection of servers, administrators can open the firewall just for the servers running Local Distributors, rather than for every server involved in a deployment.

• Minimize the load to the Master Server during large scale deployments.

Command Line Interface Client

The Command-Line Interface Client provides a communication path to the Master Server to enable the execution of N1 Service Provisioning System software commands from a remote system. These commands are entered using the Windows command line or a UNIX® shell such as bash. The command-line interface also supports the use of shell scripts using sh or Perl.

The Command-Line Interface Client can also use the Jython programming language. Jython is a Java implementation of the high-level, dynamic, object-oriented language Python. You should install Jython on any system on which you plan to install the Command-Line Interface Client. For more information about Jython and to download Jython, visit http://www.jython.org.

Web

The Web provides a communication path to the Master Server.

Network Protocols

N1 Service Provisioning System software supports a variety of network protocols for communication among the N1 Service Provisioning System software applications. The protocols are:

• Raw TCP/IP

• Secure Shell (SSH v1 and v2)

• Secure Sockets Layer (SSL)

Raw TCP/IP

Raw TCP/IP is standard TCP/IP without additional encryption or authentication. The advantage of raw TCP/IP is that it requires no additional set-up and configuration. If your data center network is protected by a firewall and secured from intrusion, using raw TCP/IP provides a convenient method for communication among N1 Service Provisioning System software applications.

Secure Shell

ssh (Secure Shell) is a UNIX-based command suite and protocol for securely accessing a remote computer. ssh secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. ssh uses RSA public key cryptography to manage connections and authentication. Because it is more secure than telnet or other shell-based communication methods, many system administrators use ssh to manage Web servers and other remote systems.

The provisioning software can be configured so that its applications communicate using ssh. N1 Service Provisioning System software supports OpenSSH explicitly. OpenSSH is a free version of ssh that has been primarily developed by the OpenBSD Project. (For more details, see http://www.openssh.com.) The provisioning software can be configured to support other versions of ssh, as well.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a protocol for securing communication over IP networks. SSL uses TCP/IP sockets technology to exchange messages between a client and a server, while protecting the message with a public-and-private key encryption system developed by RSA. Support for SSL is included in most Web server products, as well as in the Netscape and Microsoft Web browsers.

N1 Service Provisioning System software applications can be configured to use SSL for their network communications, preventing the provisioning software's messages from being read or tampered with. Optionally, N1 Service Provisioning System software applications can be configured to use SSL to authenticate each other before communicating, further increasing network security.

Selecting Protocols to Meet Specific Needs

N1 Service Provisioning System software enables you to select the protocol you will apply to each of the following types of network communication:

• Communication between the Master Server and its children (Local Distributors and Remote Agents)

• Communication between a particular Local Distributor and its children (Remote Agents)

• Communication between the Master Server and a Command Line Interface Client

You can tailor your network security to meet the needs of your particular network topology. For example, if communication within each of your data centers is secure, but your network connection to a remote data center passes through the public Internet, you could configure the Master Server to use SSL when communicating a Local Distributor installed inside the firewall for the remote data center, so that all communication over the Internet is secured. The Local Distributor could use raw TCP/IP to communicate with its children, since all the communication over the local network is secure, and SSL is not required.

For information on configuring SSL and SSH, please see N1 Service Provisioning System 4.1 Installation Guide.

Complex Heterogeneous Data Center Environments

The N1 Service Provisioning System software is designed to fit into data center environments and complement the management, monitoring, and control systems already in place.

Recognizing the diversity of hardware and software found in most Internet data centers, the provisioning software has been designed with cross-platform support in mind. It uses standard communication protocols (HTTP, HTTPS, SSH, and TCP/IP) and standard file and presentation formats (HTML and XML), and it works with standard application architectures (J2EE^TM and .Net). It provides data centers with a standards-based system for managing all their applications, whether those applications are UNIX-based or Windows-based.

Supported Operating Systems

You can install the N1 Service Provisioning System software Master Server on systems that are running the following operating systems:

• Solaris 8, Solaris 9

• Red Hat Linux 7.2, 7.3, 8.0 and Red Hat Advanced Server 2.1

• Microsoft Windows 2000 Server and Microsoft Windows 2000 Advanced Server

You can install the N1 Service Provisioning System software Remote Agent, Local Distributor, and CLI Client on systems that are running the following operating systems:

• Solaris 2.6, Solaris 7, Solaris 8, Solaris 9

• Red Hat Linux 7.2, 7.3, 8.0 and Red Hat Advanced Server 2.1

• IBM AIX 4.3.3, 5.1, 5.2

• Microsoft Windows 2000 Server and Microsoft Windows 2000 Advanced Server

For more information about system requirements, see the N1 Service Provisioning System 4.1 Installation Guide.

Supported Web Browsers

The following table summarizes the Web browser requirements for the HTML user interface.

Table 1–1 Web Browser Requirements for the HTML User Interface

Platform	Browser
Solaris	Netscape 6.2.2, Netscape 7.0
Red Hat	Netscape 6, Netscape 7.1
Windows	Internet Explorer 5.5 and 6, Netscape 6, Netscape 7.1

Supported Locales

The N1 Service Provisioning System software has been internationalized to install and run in localized environments. You will need to adhere to the following requirements if you want to run the software in a localized environment.

• All applications must be run in the same locale or in locales that are equivalent. The Remote Agent, Local Distributors, and CLI Client must run in the same locale as the Master Server.

• The software accepts only ASCII characters for file names, directory names, and other input.