22 April 2005 EPSRC e-Science Meeting 2005 1
AMUSEAMUSEAutonomic Management of UbiquitousAutonomic Management of Ubiquitous
Systems for e-HealthSystems for e-Health
Prof. J. SventekProf. J. SventekUniversity of GlasgowUniversity of Glasgow
[email protected]@dcs.gla.ac.uk
In collaboration with M. Sloman, E. Lupu, and N. In collaboration with M. Sloman, E. Lupu, and N. Dulay of Imperial College LondonDulay of Imperial College London
The AMUSE ProjectThe AMUSE Project
Imperial CollegeImperial College University of GlasgowUniversity of Glasgow Start date: February 2004Start date: February 2004 Duration: 36 MonthsDuration: 36 Months Funded by the EPSRC Funded by the EPSRC
under the e-Science under the e-Science ProgrammeProgramme
Emil Lupu Joe Sventek
Morris Sloman Naranker Dulay
Executive SummaryExecutive Summary
Increasing complexity of distributed application systems Increasing complexity of distributed application systems leads customers to desire automated management of leads customers to desire automated management of such systems.such systems.
Work at Agilent/Glasgow has yielded an architectural Work at Agilent/Glasgow has yielded an architectural pattern and an hierarchical architecture for closed-loop pattern and an hierarchical architecture for closed-loop management of distributed application systems.management of distributed application systems.
Imperial has established itself as one of the premier Imperial has established itself as one of the premier research groups for policy-based management.research groups for policy-based management.
AMUSE is focused on integrating these complementary AMUSE is focused on integrating these complementary competencies to address automated management of e-competencies to address automated management of e-Health applicationsHealth applications
Policy-Based ManagementPolicy-Based Management
ControlControlactionsactions
DecisionsDecisionsManaged Managed ObjectsObjects
MonitorMonitorEventsEvents
Manager Manager AgentAgent
EventsEvents
PoliciesPolicies
New functionalityNew functionality PoliciesPolicies
A Ubiquitous Control LoopA Ubiquitous Control Loop
PAN Control
Home Appliance Control
Master Control
Self-Managed CellSelf-Managed Cell
Measurement& Monitoring
ServiceDiscovery
RawMeasurements
Event Bus
PolicyManagement
Measurementand Control
Adapters
Context
ContextInformation
Goals andpolicies
InteractionAdaptation
Other
Managed Resources
Layered and Federated SMCsLayered and Federated SMCs
Layered SMCs: Layered SMCs: application / services / application / services / networknetwork
Peer SMCs (peer devices, Peer SMCs (peer devices, peer networks, SLAs…)peer networks, SLAs…)
Measurement& Monitoring
ServiceDiscovery
RawMeasurements
Event Bus
PolicyManagement
Measurementand Control
Adapters
Context
ContextInformation
Goals andpolicies
InteractionAdaptation
Other
Managed Resources
Measurement& Monitoring
ServiceDiscovery
RawMeasurements
Event Bus
PolicyManagement
Measurementand Control
Adapters
Context
ContextInformation
Goals andpolicies
InteractionAdaptation
Other
Managed Resources
Measurement& Monitoring
ServiceDiscovery
RawMeasurements
Event Bus
PolicyManagement
Measurementand Control
Adapters
Context
ContextInformation
Goals andpolicies
InteractionAdaptation
Other
Managed Resources
…
…
SMC CompositionSMC CompositionMeasurement& Monitoring
ServiceDiscovery
Event Bus
PolicyManagement Measurement and
Control AdaptersContext
InteractionAdaptation
Other
Measurement &Monitoring
ServiceDiscovery
Event Bus
PolicyManagement Measurement and
Control AdaptersContext
InteractionAdaptation
Managed Resources
Measurement &Monitoring
ServiceDiscovery
Event Bus
PolicyManagement Measurement and
Control AdaptersContext
InteractionAdaptation
Managed Resources
The enclosing The enclosing SMC programs SMC programs the nested the nested SMCsSMCs
SMC InteractionsSMC Interactions
LayeredLayered - Network SMCs interact with application - Network SMCs interact with application SMCs, the SMC controlling a heart rate monitor SMCs, the SMC controlling a heart rate monitor reports to a diagnostic management device, … reports to a diagnostic management device, …
Federated, Peer-to-peerFederated, Peer-to-peer – SMCs for peer devices – SMCs for peer devices interact with each other.interact with each other.
SMC CompositionSMC Composition – Need to be able to compose – Need to be able to compose SMCs into larger structures e.g., home patient SMCs into larger structures e.g., home patient monitoring SMCs “program” individual device monitoring SMCs “program” individual device SMCs SMCs
Architectural AssumptionsArchitectural Assumptions
Event bus is publish/subscribe using a routerEvent bus is publish/subscribe using a router The router is content-basedThe router is content-based We may need to consider different classes of We may need to consider different classes of
delivery attributes for eventsdelivery attributes for events A discovery/membership service is concerned A discovery/membership service is concerned
with keeping track of which devices and services with keeping track of which devices and services are “in” a self-managed cellare “in” a self-managed cell
each device as a unique identifier (e.g. 802.* each device as a unique identifier (e.g. 802.* MAC address of one of the communication MAC address of one of the communication interfaces)interfaces)
At-most-once, persistent event deliveryAt-most-once, persistent event delivery
No session establishment for PublisherNo session establishment for Publisher Subscriber must register ‘filter’ and callbackSubscriber must register ‘filter’ and callback Push of event from Publisher to Router (and Router to Subscriber) is Push of event from Publisher to Router (and Router to Subscriber) is
synchronous – i.e. exception condition is returned to sender if synchronous – i.e. exception condition is returned to sender if unsuccessfulunsuccessful
Router attempts to deliver a message until it knows that a Subscriber is Router attempts to deliver a message until it knows that a Subscriber is no longer a member of the SMCno longer a member of the SMC
When purge event received, removes ‘filter’ and any queued messages When purge event received, removes ‘filter’ and any queued messages associated with that Subscriberassociated with that Subscriber
Each Subscriber is guaranteed to receive all messages from a particular Each Subscriber is guaranteed to receive all messages from a particular publisher in the same order as received by the Routerpublisher in the same order as received by the Router
Publisher SubscriberRouterfilter
purge ‘subscriber’
SS
S
At-most-once, persistent, quenchable event At-most-once, persistent, quenchable event deliverydelivery
Publisher must register ‘Ev type’ and callbackPublisher must register ‘Ev type’ and callback Subscriber must register ‘filter’ and callbackSubscriber must register ‘filter’ and callback Push of event from Publisher to Router (and Router to Subscriber) is synchronous – Push of event from Publisher to Router (and Router to Subscriber) is synchronous –
i.e. exception condition is returned to sender if unsuccessfuli.e. exception condition is returned to sender if unsuccessful Router attempts to deliver a message until it knows that a Subscriber is no longer a Router attempts to deliver a message until it knows that a Subscriber is no longer a
member of the SMCmember of the SMC When purge event receivedWhen purge event received
If for a subscriber, removes ‘filter’ and any queued messages associated with that SubscriberIf for a subscriber, removes ‘filter’ and any queued messages associated with that Subscriber If for a publisher, removes ‘Ev type’If for a publisher, removes ‘Ev type’
Each Subscriber is guaranteed to receive all messages from a particular publisher in Each Subscriber is guaranteed to receive all messages from a particular publisher in the same order as received by the Routerthe same order as received by the Router
Quench/unquench messages sent to Publisher if the number of subscribers matching Quench/unquench messages sent to Publisher if the number of subscribers matching event type is zero/non-zero.event type is zero/non-zero.
Publisher SubscriberRouterfilter
purge ‘subscriber’ or ‘publisher’
SS
SP
P
Ev type
How to incorporate a mote into this How to incorporate a mote into this structure?structure?
S
S
ProxyMote
S
S
Proxy Mote
AuthenticationAuthentication
performed SMC wide (device/service is a performed SMC wide (device/service is a member of the SMC)member of the SMC)
what about integrity/confidentialitywhat about integrity/confidentiality access control – component-specific, done access control – component-specific, done
through policiesthrough policies
Discovery/MembershipDiscovery/Membership
Detect new devices within communication rangeDetect new devices within communication range Vette device for membershipVette device for membership
obtain device profileobtain device profile perform any required authenticationperform any required authentication
Generate new cell member eventGenerate new cell member event Determine when device leaves cellDetermine when device leaves cell
Generate cell member left eventGenerate cell member left event
Discovery protocol does NOT use the event system; Discovery protocol does NOT use the event system; discovery service uses event service to announce discovery service uses event service to announce member added/removedmember added/removed
Discovery protocolDiscovery protocol
Cell is centred around event bus routerCell is centred around event bus router Device that contains router broadcasts its identity message at Device that contains router broadcasts its identity message at
frequency frequency R R (the identity message has the form “id; type[; extra]”)(the identity message has the form “id; type[; extra]”) Other devices respond to router identity message with unicast Other devices respond to router identity message with unicast
device identity messagedevice identity message Router device and other device carry on vetting protocol (obtain Router device and other device carry on vetting protocol (obtain
profile[; authenticate])profile[; authenticate]) After other device knows that it has been granted membership, it After other device knows that it has been granted membership, it
unicasts its identity message at frequency unicasts its identity message at frequency DD If router device misses nIf router device misses nDD successive device identity messages, it successive device identity messages, it
declares the device to have forfeited its membership in the celldeclares the device to have forfeited its membership in the cell If the other device misses nIf the other device misses nRR successive router device identity successive router device identity
messages, it inferds that it is no longer a member of that cellmessages, it inferds that it is no longer a member of that cell Must think through ramifications of Must think through ramifications of RR ≠ ≠ D D and nand nDD ≠ n ≠ nRR
Communication primitives requiredCommunication primitives required
Event bus is only used for communications Event bus is only used for communications between cell management elementsbetween cell management elements
Basic communication primitives are required to Basic communication primitives are required to implement the event bus communications, implement the event bus communications, required protocols, and general communication required protocols, and general communication between application componentsbetween application components broadcast, asynchronous messagingbroadcast, asynchronous messaging unicast, asynchronous messagingunicast, asynchronous messaging remote method invocationremote method invocation
What about services?What about services?
Devices are discovered by the discovery service.Devices are discovered by the discovery service. When a device becomes part of the cell, it When a device becomes part of the cell, it
generates events announcing active services that generates events announcing active services that it provides/hostsit provides/hosts
While a member of the cell, each device While a member of the cell, each device generates an event whenever another service generates an event whenever another service that it provides/hosts becomes active or if such a that it provides/hosts becomes active or if such a service is deactivatedservice is deactivated
Where do the new device/service events go?Where do the new device/service events go?
The system must be primed with obligation policies that The system must be primed with obligation policies that listen for these eventslisten for these events
Upon receipt of one of these events, the action enters the Upon receipt of one of these events, the action enters the device/service into appropriate domain[s]device/service into appropriate domain[s]
A particular obligation policy will be interested only in A particular obligation policy will be interested only in particular types of devices or services; new device/service particular types of devices or services; new device/service event may trigger several such obligation policiesevent may trigger several such obligation policies if can specify event type and filter expression upon subscription, if can specify event type and filter expression upon subscription,
then only the particular obligation policy that is interested in that then only the particular obligation policy that is interested in that particular device/service type will be notifiedparticular device/service type will be notified
if cannot specify filter expression to event bus, than all such if cannot specify filter expression to event bus, than all such policies will be invoked; only those for which the condition is true policies will be invoked; only those for which the condition is true will perform actionswill perform actions