On Tue, 2005-05-24 at 12:25 -0400, DJ Gregor wrote:
> I've also seen the same thing done in a commercial product where not
> only the firewall configuration, but the entire device configuration
> was specified in an XML language that was translated to operating
> system-specific configurations (for multiple OSes, even). The XML
> configurations were per-device, not per-network, however.
We use this kind of approach on our embedded receivers. The entire
configuration of the receiver (they run embedded linux) from the network
addresses down to the software and daemons is ruled by a configuration
daemon that uses a pseudo-xml structured file to retrieve settings. The
delivery of these configurations are done to targeted devices, which may
be a single device or a group of devices (a group is used
interchangeably). Configuration data can also update the entire box (new
firmware and configuration) or only a subset of sections (all firewall
configuration files, or just the ip address). Using the group IDs with
masking and conflict management at the management system you can do per
device and per network configurations.
Cheers
Kon
References:
|
|
