Policies in SNMPv3-based Management

Two important achievements in the network management area motivated the work presented in this paper. The first one is the wide acceptance of the policy concept and its introduction as a means for driving management procedures. The second concerns the capabilities brought by the version 3 of the SNMP protocol for configurable and secure network management. The deployment of SNMPv3 at equipment level allows henceforth concretizing the policy-driven management: Refining enterprise policies; and enforcing them down the managed network resources. This paper aims at integrating the policy concept into the SNMPv3 framework. It proposes a set of rules to map authorization policies to the VACM (View Based Access Control Model) standardized as part of the SNMPv3 management framework. Policy attributes are maintained in a configuration database local to the SNMPv3 entity and a new application is incorporated into the SNMPv3 entity to perform the mapping. This will ultimately allow manager and management applications to enforce enterprise authorization policies independently of the security model(s) implemented by SNMPv3 entities.