The implementation of metapolicies in the NoCScontrol system is done by reusing as much as possible of its architecture and infrastructure. Adding of new IT management functionality with additional agents does not negatively affect the use of the implemented metapolicy capabilities. For this reason the system can scale in this dimension without any changes.
Negative performance issues as a result of the additional event communication and decision process may be seen as the main drawback of the flexible implementation approach used here. Other possible approaches for performance critical areas may be used in this case, e.g. translation into configuration files.
Some changes are done to provide the necessary information for the use of metapolicies, others to allow metapolicies take decisions. These changes are developed in a way which allows their integration in any further enhancements of the NoCScontrol application. Especially newly developed processes can be managed with metapolicies. During the development of new components, management functionality for these components can be integrated. Metapolicies will make use of this management functionality.
The Metapolicy Service Mobile Agent integrates the facilities for memorising additional states of objects, mainly to realise passive metapolicies. Metapolicies will use this functionality only for their management purpose. It is also possible to use this functionality, e.g. the created event channels and the Object State Database, for the sake of normal policies and management. This may entail security concerns, but these are not considered in this thesis.
The use of metapolicies in a management system must be restricted. Marking a metapolicy in the representation explicit with METAPOLICY instead of POLICY is a first useful step to handle different security concerns. The fact that security concerns are necessary is evident. Metapolicies can not change the behaviour of the management system, and access to all existing policies is possible and necessary. To support a sophisticated security model much more changes are necessary, but this is out of scope for this thesis.
The external representation of passive metapolicies in plain ASCII
files allows to structure them in the classes as presented in
section ![[*]](http://www.nm.informatik.uni-muenchen.de/common/icons/latex2html-97.1/cross_ref_motif.gif){kind=icon}
. It is also possible to generate the
metapolicy containing files with external tools. Tools may also be
used for other purposes, e.g. detecting metapolicy conflicts or
simplifying the constraint statements.
The functionality to create new predicates or constraints as mentioned
on page is not implemented. A combined design
process for enhancing the Constraint Interpreter and the Metapolicy
Service Mobile Agent is necessary to achieve best integration.
In further enhancements, the use of event correlation may be desirable to reduce the number of events the metapolicy service has to process. For this reason, explicit marking of metapolicy events may be necessary to distinguish them from policy events.
The ability to generate events in a metapolicy would make it possible to trigger other policies or metapolicies (chaining). The specification of sequential and concurrent enforcement of (meta-)policies would be straightforward to realise. Additionally, notifying state changes of objects by the Metapolicy Service Mobile Agent makes is possible to trigger other active policies and metapolicies.