MonALISA uses specialized agents to perform global
optimization and control tasks in order to help and improve the operation of
large distributed and real-time applications. These agents communicate
by messages using a fast, reliable, scalable and secure
agents platform integrated with the MonALISA framework.
The MonALISA Agents System is modular. New agents that process the monitoring service gathered data and
cooperate can be easily developed and loaded into the distributed system.
The TCP connections between monitoring services and all proxy services make it possible a reliable
communication between agents.
Agents are hosted by the monitoring services and identifieded by their names. They communicate using the TCP connections
between the proxy and the monitoring services. The MonALISA services create TCP connections with all the discovered
proxy services and an agent message is sent on one of these connections.
If the message was successfully written on the connection, than the message is considered to have been sent to one of the
proxy service and forwarded by this proxy to the service that has loaded the destination agent. But if there was an error
writing the message on the connection, than it is chosen the following connection to another proxy and the message is trying
to be sent on this new selected connection. In this way, the agent communication is reliable, because of the TCP usage
and because of the possibility of multiple paths to send the message.
When a proxy service receives an agent message, it verifies if it comes from the agent that pretends that is the sender
of the message and, if it does, it forwards it
to the monitoring service that holds the destination agent (if it is a message transmitted to another agent).
If the connection between the proxy and the
destination farm is down or there is an error writing the message on it,
then the message is saved locally a period of time. If the timeout expires
and the connection is still down, then the message is discarded and an
error message is transmitted to the source agent to inform it about the
transmission failure. There also are messages from the agent to a proxy service
when the agent is querying for information about the existence of other agents in the whole destributed system.
There are three types of messages that can be sent on the MonALISA agents' platform:
Unicast agents message: message transmitted between two agents, an unicast message because it implies only one destination;
Broadcast agents message: message transmitted by an agent to all the agents from a group; it is a broadcast message because the message
is forwarded by the proxy to all the known agents from a group;
Information messages: messages transmitted by an agent to a proxy service for querying information about other agents (number
of agents from a group or the list of agents from a group or from the whole system).
Agents are classified in groups. The classification is maintained in the proxy service.
An agent can register to a group by setting the group source field of an agent message to
the desired group. When the message with the selected group seted in the group source
arrives to the proxy, after the message verification, the agent is added to the specified
group. If the group does not exist, then the group is created and the agent is added to it.
This classification of agents is suitable for group communication. There are broadcast messages
that are sent to all the agents registered in a specified group. If the broadcast message does
not specify a group, than the message is sent to all the existing agents. Agents can be grouped
by the application they are trying to resolve.
An agent can request from a proxy service the list of agents registered in a group or the list
of all existing agents (in case the broadcast group is not specified), or the number of agents
registered in a group or the number of all existing agents from the system (when the group is
not specified) . In a direct message between two agents the following fields can be specified:
the source address (
Figure 1: MonALISA Agents Platform Communication
Several implementations of MonALISA features make use of
the agents platform communication.
One of them is the monitoring and controlling of optical switches
(CALIENT and GLIMERGLASS). Using simple shell commands, users can creat optical pathes for communication. On
every machine having an optical network card runs a daemon that intercepts the user commands and
sends it to a convenient agent. This agent communicates and cooperates with other
agents for establishing optical pathes desired by the authorized user in real-time.
MonALISA distributed intrusion detection system makes use of the agents system.
Intrusion data are collected by a MonALISA module from the Snort intrusion detection system. Snort is a
signature detection system that analyzes the packets that are sent on the network. It detects different
attacks and labels them with a priority number, also specifying the source ip addresses. These data are
gathered in MonALISA database and analyzed by the agent which is capable of getting security decisions.
When seeing an attack, the agent uses iptables tool to introduce a rule for discarding attacking packets
and collaborates with the other intrusion detection agents from the distributed system and announces them to protect
their machines from this attack. The rule is up for a timeout. After this allocated time, the rule is deleted from
iptables. But if the same attack is detected from the same source, than the
timeout increases and the other intrusion detection agents from the system are notified to increase
their timeouts for the rule.
A distributed content-based search system can be created using the MonALISA Search Agent. These agents can
communicate in a flexible way and can group, index and search files from distributed files repositories using
specific clustering algorithms. Each agent controls the information content from one of the file repositories
and finds remote files from the description received in the messages from the other agents. The user can send simple
commands for searching files in the distributed system or can push files in the system using shell commands. These commands
are analized by a daemon running on the user machine. This daemon finds the best agents (by the search agent published
attributes) to introduce the command in the distributed system. The chosen agents cooperate with other search agents from
the distributed system to perform the user command and returns the result to the user daemon.