Overview
OpenClovis’s SAFplus Management Platform provides out-of-the-box comprehensive management functionality for your networking, computing and telecom products. Using your YANG (NETCONF) definition files, we provide NETCONF, SNMP, RESTCONF, and command line access protocols. The SAFplus manageability agents automatically route incoming requests to your applications, running anywhere on the cluster. And at development time, our software can read your YANG files, generating C++ objects for application instrumentation.
Features
Protocols
NETCONF: The SAFplus Management Platform uses the OpenYuma software to provide a NETCONF over SSH northbound interface
SNMP: The SAFplus Management Platform uses the Net-SNMP software to provide an SNMP northbound interface. Either V2, V2c or V3 operation is supported.
HTTP/HTTPS: The SAFplus Management Platform provides a REST API for access to Management data.
Access
- Any SSH capable NETCONF client and any v2, v2c or v3 SNMP client may be used.
- Any user program running on the network element may access the management information via C++ or Python APIs.
- The SAFplus Management CLI may also be used in either NETCONF or "local access" mode. In "local access" mode CLI accesses the management information via direct API calls.
Configuration Management
The SAFplus Management data may be imported and exported to XML using the "safplus_db" application provided on the network element. This facility allows configuration to be saved, analyzed, and modified in a human-understandable format. It also allows configuration to be managed using document revision control systems (i.e. subversion, git, ClearCase), if desired.
Access Control
NETCONF authentication is via SSH, so user accounts defined at the Linux level are available as NETCONF logins. Users can be added to groups and access permissions by group are available at the module, NETCONF operation, data element, and notification level as specified by the "Network Configuration Protocol (NETCONF) Access Control Model" (proposed as RFC 6536).
SNMP authentication and access control is via the standard mechanisms defined in V2c or V3.
HTTPS authentication and access control is via HTTPS session login and cookies. Access control follows the rules specified in the NETCONF Access Control Model.
Remote CLI access control is the same as NETCONF, since the CLI communicates via the NETCONF protocol. "Local access" CLI presumes that the user has already successfully logged into the network element and has permissions to execute the safplus_cli application. Access control therefore occurs via SSH and Linux user security mechanisms. But, if the local access CLI is available to the login user, the super-user role is assumed. In other words, all operations are available to the a user of the local access CLI.
Conversion between XML files and the database also occurs on the network element so access is limited by Linux SSH and the login user's capabilities.
Auditing
Application Programming Interface
SAFplus has infrastructure at the application layer that binds objects to the NETCONF path so that C++ objects, and even C++ variables, are management aware. This makes it very easy to connect management definitions to the running code. The binding is dynamic, so that if one process fails another can take over and rebind to the object.
Automatic Object and Object Class Creation. Full C++ Object classes and Object hierarchies can be automatically generated from the Yang file using SAFplus. This code generator is extensible and customizable.
It is also easy to manually create and bind your own management objects -- the programmer simply derives his objects from our base classes.
Provisioning and Statistical Objects Independently Supported. SAFplus supports provisioning (configuration) objects, which are database backed, and statistical objects, which are held in RAM and are read only. The objects are defined in NETCONF and Yang, and are fully supported down through the hierarchy. Since objects are split into two classes, the live running system is more efficient than if there was only a single class.
Easy upgrade to SAFplus High Availability Platform from SAFplus Management Platform. All SAFplus services use management natively. For example all of the Availability Management Framework (AMF) objects, log streams, groups, and messaging pipes are also visible through management interfaces. The resulting close ties between HA and manageability makes things very efficient from a programmer’s and user’s perspective.
High Availability