diff options
author | ramverma <ram.krishna.verma@ericsson.com> | 2018-07-31 18:25:39 +0100 |
---|---|---|
committer | ramverma <ram.krishna.verma@ericsson.com> | 2018-07-31 18:27:31 +0100 |
commit | af74a6270d6ab6badf04a97495a6ef8ccded9b4b (patch) | |
tree | 2c7a536e54207a0870ca2008ce457a64de917ab9 /src/site-docs/adoc/fragments/apex-intro | |
parent | 9e318f20f2e64970bf3c2e3a5532c516231a6f8a (diff) |
Adding first set of apex-pdp document changes
Adding document changes for auth, context, core, model, services & the
main apex-pdp module.
Change-Id: Id0d026baa258f1dc6998978f9911f3c4a73b5b3b
Issue-ID: POLICY-867
Signed-off-by: ramverma <ram.krishna.verma@ericsson.com>
Diffstat (limited to 'src/site-docs/adoc/fragments/apex-intro')
6 files changed, 287 insertions, 0 deletions
diff --git a/src/site-docs/adoc/fragments/apex-intro/configuration-matrix.adoc b/src/site-docs/adoc/fragments/apex-intro/configuration-matrix.adoc new file mode 100644 index 000000000..c82b2aa41 --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/configuration-matrix.adoc @@ -0,0 +1,31 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== APEX Configuration + +An APEX engine can be configured to use various combinations of + event input handlers, + event output handlers, + event protocols, + context handlers, and + logic executors. +The system is build using a plugin architecture. +Each configuration option is realized by a plugin, which can be loaded and configured when the engine is started. +New plugins can be added to the system at any time, though to benefit from a new plugin an engine will need to be restarted. + +.APEX Configuration Matrix +image::apex-intro/ApexEngineConfig.png[APEX Configuration Matrix] + +The APEX distribution already comes with a number of plugins. +The figure above shows the provided plugins. +Any combination of input, output, event protocol, context handlers, and executors is possible. diff --git a/src/site-docs/adoc/fragments/apex-intro/introduction.adoc b/src/site-docs/adoc/fragments/apex-intro/introduction.adoc new file mode 100644 index 000000000..b936ef51b --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/introduction.adoc @@ -0,0 +1,57 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== Introduction to APEX + +APEX stand for Adaptive Policy EXecution. +It is a lightweight engine for execution of policies. +APEX allows you to specify logic as a policy, logic that you can adapt on the fly as your system executes. +The APEX policies you design can be really simple, with a single snippet of logic, or can be very complex, with many states and tasks. +APEX policies can even be designed to self-adapt at execution time, the choice is yours! + +.Simple APEX Overview +image::apex-intro/ApexSimple.png[Simple APEX Overview] + +The Adaptive Policy Engine in APEX runs your policies. +These policies are triggered by incoming events. +The logic of the policies executes and produces a response event. +The __Incoming Context__ on the incoming event and the __Outgoing Context__ on the outgoing event are simply the fields and attributes of the event. +You design the policies that APEX executes and the trigger and action events that your policies accept and produce. +Events are fed in and sent out as JSON or XML events over Kafka, a Websocket, a file or named pipe, or even standard input. +If you run APEX as a library in your application, you can even feed and receive events over a Java API. + +.APEX States and Context +image::apex-intro/ApexStatesAndContext.png[APEX States and Context] + +You design your policy as a chain of states, with each state being fed by the state before. +The simplest policy can have just one state. +We provide specific support for the four-state link:https://www.researchgate.net/publication/303564082_Apex_An_Engine_for_Dynamic_Adaptive_Policy_Execution[MEDA (Match Establish Decide Act)] policy state model and the three-state link:https://en.wikipedia.org/wiki/Event_condition_action[ECA (Event Condition Action)] policy state model. +APEX is fully distributed. +You can decide how many APEX engine instances to run for your application and on which real or virtual hosts to run them. + +In APEX, you also have control of the __Context__ used by your policies. +Context is simply the state information and data used by your policies. +You define what context your policies use and what the scope of that context is. +__Policy Context__ is private to a particular policy and is accessible only to whatever APEX engines are running that particular policy. +__Global Context__ is available to all policies. +__External Context__ is read-only context such as weather or topology information that is provided by other systems. +APEX keeps context coordinated across all the the instances running a particular policy. +If a policy running in an APEX engine changes the value of a piece of context, that value is is available to all other APEX engines that use that piece of context. +APEX takes care of distribution, locking, writing of context to persistent storage, and monitoring of context. + +.The APEX Eco-System +image::apex-intro/ApexEcosystem.png[The APEX Eco-System] + +The APEX engine (AP-EN) is available as a Java library for inclusion in your application, as a microservice running in a Docker container, or as a stand-alone service available for integration into your system. +APEX also includes a policy editor (AP-AUTH) that allows you to design your policies and a web-based policy management console you use to deploy policies and to keep track of the state of policies and context in policies. +Context handling (AP-CTX) is integrated into the APEX engine and policy deployment (AP-DEP) is provided as a servlet running under a web framework such as link:http://tomcat.apache.org/[Apache Tomcat]. diff --git a/src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc b/src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc new file mode 100644 index 000000000..b3c626522 --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/policy-matrix.adoc @@ -0,0 +1,90 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== APEX Policy Matrix + +APEX offers a lot of flexibility for defining, deploying, and executing policies. +Based on a theoretic model, it supports virtually any policy model and allows to translate legacy policies into the APEX execution format. +However, the most important aspect for using APEX is to decide what policy is needed, what underlying policy concepts should be used, and how the decision logic should be realized. +Once these aspects are decided, APEX can be used to execute the policies. +If the policy evolves, say from a simple decision table to a fully adaptable policy, only the policy definition requires change. +APEX supports all of that. + +The figure below shows a (non-exhaustive) matrix, which will help to decide what policy is required to solve your problem. +Read the matrix from left to right choosing one cell in each column. + +.APEX Policy Matrix +image::apex-intro/ApexPolicyMatrix.png[APEX Policy Matrix] + +The policy can support one of a number of stimuli with an associated purpose/model of the policy, for instance: + +* Configuration, i.e. what should happen. + An example is an event that states an intended network configuration and the policy should provide the detailed actions for it. + The policy can be realized for instance as an obligation policy, a promise or an intent. +* Report, i.e. something did happen. + An example is an event about an error or fault and the policy needs to repair that problem. + The policy would usually be an obligation, utility function, or goal policy. +* Monitoring, i.e. something does happen. + An example is a notification about certain network conditions, to which the policy might (or might not) react. + The policy will mitigate the monitored events or permit (deny) related actions as an obligation or authorization. +* Analysis, i.e. why did something happen. + An example is an analytic component sends insights of a situation requiring a policy to act on it. + The policy can solve the problem, escalate it, or delegate it as a refrain or delegation policy. +* Prediction, i.e. what will happen next. + An example are events that a policy uses to predict a future network condition. + The policy can prevent or enforce the prediction as an adaptive policy, a utility function, or a goal. +* Feedback, i.e. why did something happen or not happen. + Similar to analysis, but here the feedback will be in the input event and the policy needs to something with that information. + Feedback can be related to history or experience, for instance a previous policy execution. + The policy needs to be context-aware or be a meta-policy. + +Once the purpose of the policy is decided, the next step is to look into what context information the policy will require to do its job. +This can range from very simple to a lot of different information, for instance: + +* No context, nothing but a trigger event, e.g. a string or a number, is required +* Event context, the incoming event provides all information (more than a string or number) for the policy +* Policy context (read only), the policy has access to additional information related to its class but cannot change/alter them +* Policy context (read and write), the policy has access to additional information related to its class and can alter this information (for instance to record historic information) +* Global context (read only), the policy has access to additional information of any kind but cannot change/alter them +* Global context (read and write), the policy the policy has access to additional information of any kind and can alter this information (for instance to record historic information) + +The next step is to decide how the policy should do its job, i.e. what flavor it has, how many states are needed, and how many tasks. +There are many possible combinations, for instance: + +* Simple / God: a simple policy with 1 state and 1 task, which is doing everything for the decision-making. + This is the ideal policy for simple situation, e.g. deciding on configuration parameters or simple access control. +* Simple sequence: a simple policy with a number of states each having a single task. + This is a very good policy for simple decision-making with different steps. + For instance, a classic action policy (ECA) would have 3 states (E, C, and A) with some logic (1 task) in each state. +* Simple selective: a policy with 1 state but more than one task. + Here, the appropriate task (and it's logic) will be selected at execution time. + This policy is very good for dealing with similar (or the same) situation in different contexts. + For instance, the tasks can be related to available external software, or to current work load on the compute node, or to time of day. +* Selective: any number of states having any number of tasks (usually more than 1 task). + This is a combination of the two policies above, for instance an ECA policy with more than one task in E, C, and A. +* Classic directed: a policy with more than one state, each having one task, but a non-sequential execution. + This means that the sequence of the states is not pre-defined in the policy (as would be for all cases above) but calculated at runtime. + This can be good to realize decision trees based on contextual information. +* Super Adaptive: using the full potential of the APEX policy model, states and tasks and state execution are fully flexible and calculated at runtime (per policy execution). + This policy is very close to a general programming system (with only a few limitations), but can solve very hard problems. + +The final step is to select a response that the policy creates. +Possible responses have been discussed in the literature for a very long time. +A few examples are: + +* Obligation (deontic for what should happen) +* Authorization (e.g. for rule-based or other access control or security systems) +* Intent (instead of providing detailed actions the response is an intent statement and a further system processes that) +* Delegation (hand the problem over to someone else, possibly with some information or instructions) +* Fail / Error (the policy has encountered a problem, and reports it) +* Feedback (why did the policy make a certain decision) diff --git a/src/site-docs/adoc/fragments/apex-intro/resources.adoc b/src/site-docs/adoc/fragments/apex-intro/resources.adoc new file mode 100644 index 000000000..f4c8b947a --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/resources.adoc @@ -0,0 +1,19 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== Resources + +* APEX Documentation hosted on Github: link:https://ericsson.github.io/apex-docs[] +* APEX source code repo hosted on Github: link:https://github.com/Ericsson/apex[] +* Issue Management (source and documentation): link:https://github.com/Ericsson/apex/issues[] +* List of APEX publications: link:https://ericsson.github.io/apex-docs/apex-publications.html[] diff --git a/src/site-docs/adoc/fragments/apex-intro/upee-clustering.adoc b/src/site-docs/adoc/fragments/apex-intro/upee-clustering.adoc new file mode 100644 index 000000000..1ce6142ad --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/upee-clustering.adoc @@ -0,0 +1,46 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== Flexible Clustering + +APEX can be clustered in various ways. +The following figure shows a few of these clustering options. +Cluster, engine and (policy) executors are named UPec (universal policy cluster), UPe (universal policy engine, APEX engine) and UPx (universal policy executor, the APEX internal state machine executor). + +.APEX Clustering Options +image::apex-intro/UpeeClusterOptions.png[APEX Clustering Options] + +[loweralpha] +. Single source/target, single UPx + * Simple forward +. Multiple sources/targets, single UPx + * Simple forward +. Single source/target, multiple UPx + * Multithreading (MT) in UPe +. Multiple sources/targets, multiple UPx instances + * Simple forward & MT in UPe +. Multiple non-MT UPe in UPec + * Simple event routing +. Multiple MT UPe in UPec + * Simple event routing +. Mixed UPe in UPec + * Simple event routing +. Multiple non-MT UPec in UPec + * Intelligent event routing +. Multiple mixed UPec in UPec + * Intelligent event routing + +["loweralpha", start=11] +. Mix of UPec in multiple UPec + * External intelligent event routing + * Optimized with UPec internal routing diff --git a/src/site-docs/adoc/fragments/apex-intro/upee-deployment.adoc b/src/site-docs/adoc/fragments/apex-intro/upee-deployment.adoc new file mode 100644 index 000000000..63608b836 --- /dev/null +++ b/src/site-docs/adoc/fragments/apex-intro/upee-deployment.adoc @@ -0,0 +1,44 @@ +// +// ============LICENSE_START======================================================= +// Copyright (C) 2016-2018 Ericsson. All rights reserved. +// ================================================================================ +// This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE +// Full license text at https://creativecommons.org/licenses/by/4.0/legalcode +// +// SPDX-License-Identifier: CC-BY-4.0 +// ============LICENSE_END========================================================= +// +// @author Sven van der Meer (sven.van.der.meer@ericsson.com) +// + +== Flexible Deployment + +APEX can be deployed in various ways. +The following figure shows a few of these deployment options. +Engine and (policy) executors are named UPe (universal policy engine, APEX engine) and UPx (universal policy executor, the APEX internal state machine executor). + +.APEX Deployment Options +image::apex-intro/UpeeDeploymentOptions.png[APEX Deployment Options] + +[loweralpha] +. For an interface or class + * Either UPx or UPe as association +. For an application + * UPx as object for single policies + * UPe as object for multiple policies +. For a component (as service) + * UPe as service for requests + * UPec as service for requests +. As a service (PolaS) + * One or more UPe with service i/f + * One or more Upec/UPec with service i/f + * One or more Upec/UPec with service i/f +. In a control loop + * UPe as decision making part + * UPec as decision making part +. On cloud compute nodes + * Nodes with only UPe or Upec + * Nodes with any combination of UPe, UPec +. A cloud example + * Left: 2 UPec managing several UPe on different cloud nodes + * Right: 2 large UPec with different UPe/UPec deployments |