TY - GEN
T1 - Automatic policy rule extraction for configuration management
AU - Banner, Ron
AU - Barkol, Omer
AU - Bergman, Ruth
AU - Golan, Shahar
AU - Carmel, Yuval
AU - Ish-Hurwitz, Ido
AU - Zilinsky, Oded
PY - 2011/9/9
Y1 - 2011/9/9
N2 - We propose a new IT automation technology for configuration management: automatic baseline policy extraction out of the Configuration Management Data Base (CMDB). Whereas authoring a configuration policy rule manually is time consuming and unlikely to realize the actual state of the configurations in the overall organization, this new approach summarizes the de-facto configurations from the data. IT staff, instead of authoring the policy rule, is required to simply validate and possibly enhance the automatically extracted policy. Our technology applies data-mining to organization's configuration assets in the CMDB, and automatically identifies repeating structures of compound configurations. Based on these repeating structures, we build policy rules for compound configuration items. The heart of our technique is a new distance measure we introduce between the configuration assets, whose computation is reduced to a minimum-cost flow problem.
AB - We propose a new IT automation technology for configuration management: automatic baseline policy extraction out of the Configuration Management Data Base (CMDB). Whereas authoring a configuration policy rule manually is time consuming and unlikely to realize the actual state of the configurations in the overall organization, this new approach summarizes the de-facto configurations from the data. IT staff, instead of authoring the policy rule, is required to simply validate and possibly enhance the automatically extracted policy. Our technology applies data-mining to organization's configuration assets in the CMDB, and automatically identifies repeating structures of compound configurations. Based on these repeating structures, we build policy rules for compound configuration items. The heart of our technique is a new distance measure we introduce between the configuration assets, whose computation is reduced to a minimum-cost flow problem.
UR - http://www.scopus.com/inward/record.url?scp=80052412849&partnerID=8YFLogxK
U2 - 10.1109/POLICY.2011.13
DO - 10.1109/POLICY.2011.13
M3 - Conference contribution
AN - SCOPUS:80052412849
SN - 9780769543307
T3 - Proceedings - 2011 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2011
SP - 125
EP - 128
BT - Proceedings - 2011 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2011
T2 - 2011 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2011
Y2 - 6 June 2011 through 8 June 2011
ER -