Internet Draft Web Based Management June 13, 1996 Web Based System and Network Management Brian Harrison Hewlett-Packard Company harrison@ppg01.sc.hp.com Peter E. Mellquist Hewlett-Packard Company mellqust@hprnd.rose.hp.com Adrian Pell Hewlett-Packard Company arp@hplb.hpl.hp.com June, 13 1996 Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). 1. Abstract This document describes the application of the Hyper Text Transfer Protocol (HTTP) for system and network management. Presented are mechanisms which facilitate system and network management including the discovery of HTTP management entities, how management content may be accessed, and lastly, the role of a Simple Network Management Protocol (SNMP) agent providing SNMP information through the use of HTTP. Management and HTTP may be categorized into two groups, the management of HTTP[3] and management using HTTP. The focus of this document is on the latter, "web based management". Expires December 13, 1996 [Page 1] 2. Overview Web based management is the application of World Wide Web (WWW) tools for the management of systems and networks. This includes using HTTP servers and browsers for providing static, dynamic and interactive content of management information. An HTTP server acting in a management role can provide information in a variety of forms including Hyper Text Markup Language (HTML), graphics, executable code and binary encoded information. Together, this capability allows HTTP to function as a powerful protocol for the management of systems and networks. For HTTP servers acting in a management role, the HTTP server may also be providing non- management content. It is therefore necessary to provide a mechanism for a WWW browser or network management application to have direct access to the management information. As presented in this document, HTTP is not meant to replace SNMP. HTTP working together with SNMP can provide many benefits including ease-of-use, zero client-side installation, and security. SNMP is required for the instrumentation of systems and networks. 3. HTTP Management Transport Control Protocol (TCP) Port Definition The standardized TCP port for HTTP is port 80 [1]. A HTTP server listening on this port may provide content spanning a wide information base including non-management related content. For management usage, this requires that the management content be inter-mixed with non-management content. A WWW browser or network management application must therefore have knowledge or the ability to determine where the management content resides on a HTTP server. A well known HTTP management TCP port solves this problem by allowing only management content through the HTTP management interface. This allows a browser or network management application to easily use or discover a HTTP server acting in a management role. The proposed HTTP management TCP port is port 280 (The actual port number is pending IANA[4] approval). The recommended port for management is therefore port 280. In cases where this port is not available, port 80 may be used. An alternative to a standardized HTTP management port, a standardized Universal Request Indicator (URI), was considered. Although this mechanism could work, it was decided that the problems of attempting to standardize on a character sequence would prove to be too difficult. A HTTP server operating in a management mode on port 280 may also be using port 80 for non-management content. This allows for the clean separation of management and non-management content. A TCP port 280 interface should only supply management content. A HTTP server which does not utilize TCP port 280 for management content may inter-mix management and non-management content on port 80. In this case, a browser or network management application must determine the HTTP management capability through other means, see HTTP Manageable MIB. Expires December 13, 1996 [Page 2] 4. HTTP Manageable MIB A SNMP agent in operation together with an HTTP server allows management information to be accessed using either the SNMP protocol or using HTTP. In order to determine if an SNMP agent also supports HTTP, a SNMP Management Information Base (MIB) is utilized. The "HTTP Manageable MIB" provides SNMP objects which advertise an agent's HTTP capabilities. This allows a network management application using SNMP to query the "HTTP Manageable MIB" to determine its HTTP management capabilities and interface. The presence of this MIB in an agent implies that a HTTP server is operational in a management context. In order to determine the exact interface for HTTP access, the "HTTP Manageable MIB" provides a MIB object, "httpMgDefaultURL". This object represents the complete Universal Request Locator (URL) for management access to the agent via HTTP. The value of this URL will reflect port 280 usage when applicable. A second MIB object defines an agent's capability to perform SNMP over HTTP. The "httpMgSNMPEnabled" object represents a truth value indicating if the HTTP server can perform SNMP over HTTP. If set true, the HTTP server supports the SNMP over HTTP tunneling protocol as described in the subsequent section. Below is the MIB definition for the "HTTP Manageable MIB". Note, the MIB is currently designed to reside under the Hewlett-Packard MIB branch. The long term intent will be to move this MIB under a standard branch (The actual MIB branch is pending IANA[4] approval). HP-httpManageable-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI DisplayString, TruthValue FROM SNMPv2-TC OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF; hp OBJECT IDENTIFIER ::= { enterprises 11 } nm OBJECT IDENTIFIER ::= { hp 2 } hpWebMgmt OBJECT IDENTIFIER ::= { nm 36 } httpMgMod MODULE-IDENTITY LAST-UPDATED "9606120000Z" ORGANIZATION "Hewlett-Packard Web-based Management Working Group" CONTACT-INFO "WG E-mail: webmgmt@sysman.hpl.hp.com Chair: Brian Harrison Postal: Hewlett-Packard 5301 Stevens Creek Blvd Santa Clara CA 95052 USA Tel: +1-408-553-3786 Fax: +1-408-553-2909 E-mail: harrison@ppg01.sc.hp.com" Expires December 13, 1996 [Page 3] DESCRIPTION "Management information for HTTP manageable devices. This MIB gives SNMP systems information on how to manage a device using HTTP." REVISION "9606120000Z" DESCRIPTION "Initial Version" ::= { hpWebMgmt 1 } httpMgTraps OBJECT IDENTIFIER ::= { httpMgMod 0 } -- future httpMgObjects OBJECT IDENTIFIER ::= { httpMgMod 1 } httpMgGroups OBJECT IDENTIFIER ::= { httpMgMod 2 } httpMgCompliances OBJECT IDENTIFIER ::= { httpMgMod 3 } -- MIB Objects -- Default attributes for managing via HTTP httpMgDefaults OBJECT IDENTIFIER ::= { httpMgObjects 1 } httpMgDefaultURL OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "A Uniform Resource Locator (URL), as defined in RFC1738, for the default management information for this device. This URL is typically used by a HTTP browser to display management information for this device. This default page should contain links to any other management pages for this device." ::= { httpMgDefaults 1} httpMgSNMPEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether a HTTP server supports SNMP over HTTP where SNMP requests may be contained in the Entity-Body of a HTTP POST operation" ::= { httpMgDefaults 2 } -- Compliance statements httpMgMinCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which are http manageable." MODULE -- this module MANDATORY-GROUPS { httpMgDefaultGroup } ::= { httpMgCompliances 1 } Expires December 13, 1996 [Page 4] httpMgDefaultGroup OBJECT-GROUP OBJECTS { httpMgDefaultURL, httpMgSNMPEnabled } STATUS current DESCRIPTION "The objects providing information applicable to all http manageable systems" ::= { httpMgGroups 1 } END 5. SNMP over HTTP A HTTP server acting in a management role may provide a variety of content including HTML, graphics, executable code and binary data. SNMP Protocol Data Units (PDUs) may be transmitted over HTTP in the following manner as "application/octet-stream" Content-Type data. As described in the "HTTP Manageable MIB", the "httpMgSNMPEnabled" MIB object determines if a SNMP / HTTP agent can support SNMP over HTTP. If this object is set true, SNMP / HTTP tunneling is supported. The URL used for this capability is the one defined in the "httpMgDefaultURL" MIB object. This URL will include port 280 reference when appropriate. Once a HTTP server has been determined to support SNMP over HTTP, SNMP requests may be made by encapsulating the encoded PDU in a HTTP request entity body [1]. Web Based Managed Entity ------------------------------------------ | ----------- ---------- | | | SNMP | SNMP | HTTP | | | | Agent |<============>| Server | | | | | | | | | | | | | | | --|-----|--- --|----|-- | -----|-----|--------------------|----|---- Port 161 | | | | Port 80 --<--->-- | | -<----->-- SNMP/HTTP Port 162 | | Port 280 ------>-------- ------<----->-- SNMP/HTTP The Backus Naur Form (BNF) for a HTTP 1.0 compliant request is as follows. Please refer to the HTTP 1.0 specification for more details on HTTP [1]. Full-Request = Request-Line *( General-Header | Request-Header | Entity-Header ) CRLF [ Entity-Body ] Entity-Header fields define optional metainformation about the Entity-Body or, if no body is present, about the resource identified by the request. For SNMP / HTTP tunneling, the Entity- Header and Entity-Body fields are utilized. Expires December 13, 1996 [Page 5] Entity-Header = Allow | Content-Encoding | Content-Length | Content-Type | Expires | Last-Modified | extension-header For the transfer of a SNMP encoded PDU, the "Content-Type" and "Content-Length" specifiers are required. HTTP uses Internet Media Types for the Content-Type found in the Entity-Header field [4].The Content-Type Entity-Header field indicates the media type of the Entity-Body. The PDU is treated as media-type "application/octet-stream". The "Content-Length" value is the length, in octets, of the encoded PDU. SNMP over HTTP is defined for SNMP get, set, get-next, get-bulk and inform operations. When making making SNMP requests over HTTP, the PDU type is encoded within the request PDU. The HTTP POST operation is utilized for all SNMP operations. The POST operation allows sending the enclosed Entity-Body to the specified URL. Applications such as WWW browsers do not cache HTTP POST requests. This allows all transactions to go on the wire. To differentiate a SNMP / HTTP management request from other HTTP management requests, a standard URI, "snmp-request" is utilized. This URI is used for all SNMP get, set, next, bulk and inform PDUs since the PDU type is encoded within the PDU. Example of SNMP get over HTTP. Assume we have an encoded SNMP get PDU of 275 bytes in length. POST /snmp-request HTTP/1.0 Content-Type: application/octet-stream Content-Length: 275 [ 275 bytes of PDU ] Returned will be the HTTP response with the PDU response found in the Entity-Body. HTTP/1.0 20 OK Content-Type: application/octet-stream Content-Length: 275 [ 275 bytes of PDU] SNMP get-next, set, get-bulk and inform SNMP operations work in a similar manner. It should be mentioned that SNMP over HTTP is accomplished without the introduction of yet-another-management protocol. Instead, HTTP can be used to transfer information between a managed entity and WWW browser or network management application. In doing so, HTTP has the potential of offering many benefits including secure transfer of information. Expires December 13, 1996 [Page 6] 6. Conclusion The utilization of web based system and network management offers much potential. Without proper standardization, this new form of management will not provide an open systems solution for the management of heterogenous multi-vendor environments. In intent of this Internet Draft is to offer areas of standardization for web based management and in doing so seek a single unified approach. 7. References: [1] T. Berners-Lee, R. Fielding,H. Frystyk, "Hypertext Transfer Protocol HTTP/1.0" RFC 1945, MIT/LCS, UC Irvine, May 1996. [2] McCloghrie, K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB- II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [3] Hazewinkel, H., E. van Hengstum, A. Pras, "Definitions of Managed Objects for HTTP", draft-hazewinkel-httpmib-00.txt, University of Twente, April 1996 [4] J. Postel. "Assigned Numbers", STD 2, RFC 1700, USC/ISI, October 1994. 8. Acknowledgments This document was produced as a result of the Hewlett-Packard Web-based Management Working Group and the effort of its participants. The authors gratefully acknowledges the work and comments of the following individuals: Steve Gase,GASE_STEVE/HP-Boise_unixgw1@hpflash Hewlett-Packard Company Jean-Jacques Moreau, jjm@hplb.hpl.hp.com Hewlett-Packard Company Jeff Morgan, morgan@hpl.hp.com Hewlett-Packard Company Brian O'Keefe, bok@nsmdserv.cnd.hp.com Hewlett-Packard Company Jitendra Singh,SINGH_JITENDRA/hp-santaclara_om3@hpflash Hewlett-Packard Company Expires December 13, 1996 [Page 7]