A Work Domain Analysis for Virtual Private Networks

Similar documents
Virtual private networks

Secure VPNs for Enterprise Networks

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Transform your network and your customer experience. Introducing SD-WAN Concierge

Intranets and Virtual Private Networks (VPNs)

Transform your network and your customer experience. Introducing SD-WAN Concierge

Cisco How Virtual Private Networks Work

Seven Criteria for a Sound Investment in WAN Optimization

Automating VPN Management

RingCentral White Paper UCaaS Connectivity Options in the New Age. White Paper. UCaaS Connectivity Options in the New Age: Best Practices

E-Commerce. Infrastructure I: Computer Networks

Logical Network Design (Part II)

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS

Custom Connect. All Area Networks. customer s guide to how it works version 1.0

Campus Network Design

Optimal Network Connectivity Reliable Network Access Flexible Network Management

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Campus Network Design. 2003, Cisco Systems, Inc. All rights reserved. 2-1

Verizon Software Defined Perimeter (SDP).

MASERGY S MANAGED SD-WAN

Multi-Dimensional Service Aware Management for End-to-End Carrier Ethernet Services By Peter Chahal

NetPro. from Wireless Logic. Available on a per SIM license basis. No CAPEX. Retain your Airtime Contracts with your existing providers

ARM Security Solutions and Numonyx Authenticated Flash

90 % of WAN decision makers cite their

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Data Center Interconnect Solution Overview

VPN Overview. VPN Types

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

EVERYTHING YOU NEED TO KNOW ABOUT NETWORK FAILOVER

INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

SECURE DATA EXCHANGE

Five Key Considerations When Implementing Secure Remote Access to Your IIoT Machines. Blanch Huang Product Manager

VIRTUAL PRIVATE NETWORKS (VPN)

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

IPv6-based Beyond-3G Networking

CDW LLC 200 North Milwaukee Avenue, Vernon Hills, IL

The Modern Manufacturer s Guide to. Industrial Wireless Cisco and/or its affiliates. All rights reserved.

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.3 REVIEWER S GUIDE

Deployment Scenarios for Standalone Content Engines

WHITE PAPER BCDR: 4 CRITICAL QUESTIONS FOR YOUR COMMUNICATIONS PROVIDER

Industrial Control System Security white paper

SERVICE DESCRIPTION MANAGED FIREWALL/VPN

INTERNATIONAL LAW ENFORCEMENT HD CCTV NETWORK

THE COMPLETE FIELD GUIDE TO THE WAN

Authenticating on a Ham Internet

Frame Relay or Internet VPNs

EMC Celerra Replicator V2 with Silver Peak WAN Optimization

Carrier Ethernet White-Paper

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

CtrlS Datacenters Placement Questions And Answers

Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites

Hybrid Cloud for Business Communications

Certified SonicWALL Security Administrator (CSSA) Instructor-led Training

Network Service Description

IP ALL THE WAY TO THE BEDHEAD

Chapter 8: Subnetting IP Networks

Virtual Private Networks (VPNs)

SD-WAN Transform Your Agency

2. INTRUDER DETECTION SYSTEMS

Continuous auditing certification

WHITE PAPER ULTRA LOW LATENCY MICROWAVE THE NEED FOR SPEED: BEST PRACTICES FOR BUILDING ULTRA-LOW LATENCY MICROWAVE NETWORKS

Data center interconnect for the enterprise hybrid cloud

Cisco ISR G2 Management Overview

Introduction to Cisco ASR 9000 Series Network Virtualization Technology

Firewalls, Tunnels, and Network Intrusion Detection

VPN Virtual Private Networks

Analysis of VPN Protocols

Virtual Private Networks

Evaluating networking technologies

Choosing the Right. Ethernet Solution. How to Make the Best Choice for Your Business

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

INTRODUCTION TO ICT.

Module 1. Introduction. Version 2, CSE IIT, Kharagpur

University of San Francisco Course Syllabus and Outline

A Flexible Model for Resource Management in Virtual Private Networks. Presenter: Huang, Rigao Kang, Yuefang

INTERNATIONAL LAW ENFORCEMENT CCTV NETWORK SERVICES

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

Truffle Broadband Bonding Network Appliance

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Datasheet. Millimeter-Wave Radio (MMW) Security of MMW. Overview

SOFTWARE-DEFINED NETWORKING WHAT IT IS, AND WHY IT MATTERS

Broadband Internet Access Disclosure

By VPNet Technologies. What s a VPN Anyway? A Virtual Private Networking Primer

Network Security Policy

The Solution Requirements and considerations

Corporate Private Networks Applications

Network Connectivity and Mobility Part 2

The Benefits of Wireless Infrastructure Management in the Cloud

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

How Cisco Deploys Video Conferencing for Employee Collaboration

ENSC 427: COMMUNICATION NETWORKS

The high-speed services required for these customers and environments include:

IPv6 Deployment Overview & Policy Update

Exam: : VPN/Security. Ver :

Next-generation IT Platforms Delivering New Value through Accumulation and Utilization of Big Data

IP Mobility vs. Session Mobility

Transcription:

A Work Domain Analysis for Virtual Private Networks Johnson Kuo & Catherine M. Burns Advanced Interface Design Lab, Department of Systems Design Engineering University of Waterloo, Canada jkuo@engmail.uwaterloo.ca, c4burns@engmail.uwaterloo.ca ABSTRACT For businesses, virtual private networking has become a new method of building corporate communication networks. In addition to providing improved flexibility, security and global reach, virtual private networks (VPNs) can offer substantial cost-savings by reducing the dependence on expensive, private leased-line networks and troublesome remote-access solutions. Unfortunately, the deployment and management of such systems may come at a high cost. Depending on the nature of the business relationship between the enterprise and the Internet Service Provider (ISP), the network manager may have to deal with the increasingly daunting task of configuring, operating, and fixing security leaks and other faults in the system as the communication needs of the organization expand and change. However, a new design technique known as ecological interface design (EID) has been shown to be a promising approach for supporting operator tasks in complex work domains, such as nuclear power plants or petrochemical systems. A distinguishing feature of this approach is that display interfaces are designed by first conducting a work domain analysis (WDA), which focuses on identifying the important goals and environmental constraints that govern system behavior. By visually portraying the relationships between system goals, constraints, and the state of physical components in a structured manner, the problemsolving activities of operators can be effectively supported during abnormal or unanticipated situations. Due to the problem-solving nature of VPN management, interfaces for network management tools can be made more effective through the application of EID principles. 1. INTRODUCTION This paper examines the application of a relatively new approach to user interface design in the domain of network management. This innovative approach, known as ecological interface design (EID), has been shown to be useful in designing effective interfaces for complex process control systems such as nuclear power plants, where efficient fault detection and management of unanticipated events are crucial to the operation of the system [7]. The EID approach improves upon traditional user-centered design approaches in these domains by analyzing the work structure of systems in an attempt to identify process goals and constraints that shape the actions of the operator. These constraints may include the intended purpose for which the system was designed, as well as natural and physical laws that govern the behavior of the system. Also, these constraints govern operator behavior because they limit the range of control actions that they can perform with respect to accomplishing various management and fault detection tasks [6]. The unique feature of user interfaces designed with this approach is that they portray system state information in a way that visually reveals the relationships among system goals, process constraints, and the state of the physical components. By displaying information in a goaloriented way, problems or anomalies that develop during the operation of the system can be easily identified and diagnosed by examining the structural relationships between process variables. The operator can therefore easily assess how changes to various component states will affect the overall goals of the system, thereby suggesting subsequent actions to consider. Thus, the important implication with respect to interface design is that the complete set of goal-relevant constraints needs to be represented in order for the operator to effectively optimize system performance and manage faults that occur within the system. In order to identify all the relevant constraints within a system, a work domain analysis (WDA) needs to be performed. WDA is an analytical approach developed by Rasmussen [4] and summarized by Vicente [6] which essentially captures the relationships between different variables of the system at various hierarchical levels of abstraction. It forms the primary information needs analysis that drives the design approach of EID. To date, EID has been successfully applied to a variety of work domains such as petrochemical processing [2] and biomedical applications [1]. Given the relatively recent rapid growth of the enterprise networking industry, this paper examines how WDA and EID can also bring value to the domain of virtual private network (VPN) management through a proof-of-concept work domain analysis. By demonstrating how management of a VPN system can be described through a decomposition of relevant variables into an abstraction hierarchy, meaningful relationships within the system can be mapped out into a design for an effective interface.

This paper will begin by first examining some of the fundamental concepts and components of a virtual private network and discuss how such a system is a good candidate for applying the techniques of ecological interface design. A work domain analysis will then be performed for the domain of managing virtual private networks, with particular emphasis placed upon the setup and configuration aspects. The goal of this analysis is to essentially provide a model of the VPN system. In this way, the potential of WDA for the VPN domain will be demonstrated. The paper will then conclude with an assessment of the design requirements needed to implement the knowledge gained from the WDA into an interface design. 2. VIRTUAL PRIVATE NETWORKS A virtual private network is commonly defined as the secure transport of private traffic over a public or shared IP network, using a combination of tunneling, encryption, authentication, and access control technologies [5]. As such, the purpose of VPNs is to extend the corporate network out to distant branch offices, sales people, and business partners as well as remote and/or telecommuting employees [3]. But rather than using expensive leased lines, VPNs use worldwide IP network services, such as the Internet or a service provider s IP backbones, to transmit private data between corporate sites. With such a setup, remote users, for example, can dial in by simply making local Internet calls, thus saving the company expensive long-distance charges. Generally speaking, VPNs provide enterprises, both large and small, with several key benefits [8]: they allow network managers to cost-effectively increase the span of the corporate network; they enable remote users to easily and securely access their corporate enterprise; and they permit corporations to securely communicate with business partners. Thus, the general idea behind using a VPN is that a company can reduce the recurring telecommunications charges that are incurred when connecting remote users and branch offices to resources in its corporate headquarters. While VPN solutions can offer significant benefits to network managers with respect to lowering networking costs, there is inevitably extra work that comes as a result of having to plan, deploy, and manage such a system. When it comes to integrating any new technology into a business network, a number of common concerns must always be addressed, including interoperability, scalability, security, reliability and performance [3]. Given the wide range of issues that network managers must contend with, it is very important that the software tools they use are designed to explicitly support their daily tasks. In order to achieve this, these tools should be designed with primary consideration given to the constraints that the environment imposes upon operator actions. One of the key features of the ecological approach to user interface design is the great emphasis placed on analyzing the semantics of the work domain. By structuring elements within this domain into a meaningful relationship that ties together the various components with the goals and constraints of the system, a more effective interface can be designed to support operator tasks within a complex work environment. Indeed, the domain of VPN systems management seems to be a good candidate for applying the ecological approach, as these systems are often large, complex systems which are characterized by both physical and logical constraints and capabilities. As well, problemsolving tasks are particularly relevant in such a domain, as rapid fault detection and diagnosis is often crucial to the successful operation of the business. Since EID is specifically geared toward supporting operator problemsolving tasks in unanticipated situations, the domain of VPN management may benefit considerably from using this approach. 3. WORK DOMAIN MODEL A work domain model consists of an abstraction hierarchy analysis conducted across several levels of detail in a system. Typically, five levels of abstraction are used and are defined as follows [4]: Functional Purpose: the overall goals or purposes of the designed system Abstract Function: the first principles and conservation laws that govern the functioning of the system Generalized Function: the physical processes of the domain Physical Function: the capabilities and interconnections of physical components in the system Physical Form: the physical appearance and condition of components as well as their locations Generally, the main idea behind analyzing a work domain using this hierarchical model is that one s understanding of a system will increase by moving vertically among the different levels. For example, by moving up the hierarchy, one can gain a deeper understanding of various components with respect to system goals, while moving down the hierarchy reveals how these goals are carried out. By following the links and interconnections between elements of the domain through these different levels, one can determine the how and why of any particular aspect of the system and determine the fundamental relationships and constraints that exist for the domain.

TABLE 1. Abstraction hierarchy model for VPN management. Level Performance Security Functional Purpose Abstract Function Maximize availability of connections. Minimize latency and data loss. Maintain path availability of information flow between sources and sinks. Minimize unauthorized access. Maintain path integrity of information flow across the public network. Generalized Function Traffic routing and prioritization processes. Tunneling, encryption, authentication, and access control processes. Physical Function Capabilities of routers, switches, hubs, as well as efficiency of encryption-decryption algorithms. Capabilities of data encryption and authentication devices (e.g. security gateways, firewalls), and tunneling protocols (e.g. IPSec, PPTP, L2TP). Physical Form Physical locations and forms of these Physical locations and forms of these Table 1 provides a description of the various levels of the abstraction hierarchy for the domain of VPN management. These levels are analyzed in terms of both performance and security management domains, which constitute the two major areas of concern involved with managing a VPN. A discussion of the fundamentals of the work domain model at each level of abstraction is presented below. Functional Purpose The functional purpose of a VPN is to give users a secure way to access corporate network resources over the Internet or other public or shared networks. Because private data travels over public or shared lines and equipment, such as the Internet, concerns regarding performance and security become a central issue in the deployment and management of VPNs. Since not all elements of the network are under the corporate enterprise s control, security measures must be in place to prevent unauthorized access or illegal intrusions from other parties sharing the same resources. Likewise, reliability and performance also become a major concern, since Internet-based VPNs are subject to the same performance problems that Internet traffic experiences. Specifically, performance problems may be viewed in terms of network availability (or uptime), round-trip transmission delay (or latency), and amount of data loss during transmission. All of these factors must be carefully considered and managed by the network manager to ensure that the communication services over these networks are functioning as expected. In this regard, service level agreements (SLAs) are an increasingly popular method for documenting expectations as to what level of network performance a service provider is able to provide. For the purposes of structuring and understanding the work domain, the functional purpose of a VPN is stated in terms of the outputs of the system. In this case, two of the most important issues involved in its deployment, namely security and performance management, are described according to their functional objectives. By stating the problem in terms of a desired goal, such as minimizing unauthorized access or maximizing network availability, a framework is provided for structuring the rest of the elements in the work domain. In this way, one can observe how each of the important objectives in the work domain are achieved by moving down through the various levels of the hierarchy and identifying progressively more concrete representations or views of the domain. Abstract Function The abstract function layer provides a view of the causal structure of the system. At this level, VPN management could be described in terms of information flow from one point to another. Information is generated at some source, representing the originator or sender of the information, and is transferred through some medium to the intended recipient, or sink for that information. To ensure proper delivery, the transfer mechanism must not only ensure that there are available paths to connect the source and sinks of the information flow, but it must also ensure that the information is preserved or conserved as it travels through the public, shared medium. While this conservation principle has a different meaning than that applied to mass and energy flow systems, it is nevertheless useful to describe network systems in these terms. Just as conservation of mass and energy would apply to physical systems, conservation of information needs to take place to make the VPN (or indeed any communication) system work. Thus, the information generated by Source A must be transferred unseen and unaltered to its intended recipient at Sink A; similarly, information from Source B must pass unseen and altered to Sink B, and so on. If the information from Source A were somehow directed to a sink other than Sink A, for instance, then the security constraint of the system would be compromised. Similarly, a security risk is involved if Sink A receives unwanted information or worse yet, unauthorized access requests from an unknown source that is masquerading as Source A.

The abstract functions here could be described in terms of path availability and path integrity. Path availability refers to whether there are paths with sufficient capacity leading from the source to the intended sink. The capacity of these paths must be sufficient in order to transfer the information from source to sink at an acceptable rate; otherwise, these paths could not be considered available. Obviously, the larger the capacity of these pipes, the faster the information could flow through them, which connects with the performance criteria located at the functional purpose level. Similarly, path integrity refers to whether the information that is entering one side of the virtual pipe is coming out the corresponding end on the other side. In other words, the information must not have been redirected to another sink, and only the intended recipient receives the information. Thus, the integrity of the path needs to be preserved in order to satisfy the security criteria located at the functional purpose level. Generalized Function At the generalized function level, the representation of the work domain changes to a view of the processes by which the abstract functions are carried out. For example, path availability is achieved through the traffic routing process of the underlying system. Since multiple paths are available in transferring information from one point to another, the performance of a network will mostly be determined by how efficiently the traffic is routed through to its destination, given the current traffic load on the system. Thus, the traffic routing process will, in large part, determine path availability and the overall speed of transmission over the public backbone. Path integrity, on the other hand, is achieved through various processes tunneling, encryption, authentication, and access control all of which are designed to keep information that is sent over the shared backbone private. The overall purpose of these processes is to separate and insulate each customer s traffic such that other parties cannot access or compromise the confidentiality of the data. Tunneling and data encryption techniques achieve this feat by essentially establishing end-to-end pipes or tunnels across the Internet or service provider s IP backbone and then encrypting the information within those tunnels to prevent anyone from being able to read it, even if the data is intercepted during transport. The authentication process is also important to guarantee that the person at the other end of a network connection is who they say they are. Unless users, services, and networks can be reliably authenticated, it will be impossible to control access to corporate resources and to preserve the path integrity of the data in transit. Physical Function The physical function layer deals with the actual components and physical or logical implementations of the processes described above. These include the actual physical routers, switches, hubs and lines that comprise the backbone infrastructure over which the company data is sent. It also includes the security gateways, policy servers and firewalls at the corporate or customer sites, which are necessary to implement the security processes described at the generalized function layer. In addition, software protocols are also described at this layer since it represents the logical implementations that make the transfer of information and provision of security across a network possible. Physical Form At the physical form level, components in the domain are described with respect to their appearance, location, and physical condition. This will include, for instance, the relative locations of the various sites that need to be interconnected. Such information could be important in determining the cost savings that can be achieved through implementation of a VPN, which would not be dependent on mileage charges in the same way that traditional private leased lines are. 4. DESIGN RECOMMENDATIONS Based on information gathered for each of the different levels in the abstraction hierarchy model that was developed here, several general recommendations have been made with respect to designing an interface to support the task of VPN management. These recommendations include the following: Design an interface that allows administrators to easily monitor how closely they are achieving overall system objectives. Since overall system objectives, as indicated in the functional purpose of the abstraction hierarchy, are tied directly to performance level guarantees that are outlined in an SLA, these targets should be clearly displayed in relation to actual performance levels being achieved. This way, the network administrator can easily track whether performance levels are being met as expected. If actual levels fall dangerously close to or below these targets, the administrator can focus his attention in those areas that need to be fixed to correct the situation and maintain overall performance objectives. Display logical tunnels and information paths that allow administrators to see the overall flows within the system. A graphical representation of the overall system should be provided that shows where information originates (source) and terminates (sink), as shown in the abstract function level of the hierarchy. Ideally, the display should show the correct paths of information flow as configured by the administrator, and any deviations from this path created by path diversion or intrusion from an outside source should be made apparent. Should this scenario occur, the display should also be designed to

support the administrator in locating the source of the security leak. Provide the ability to monitor and/or control the various processes that support the performance and security objectives of the system. system, the administrator can more easily track how changes that are made at lower levels of the abstraction hierarchy contribute to overall system objectives. TABLE 2. Design requirements generated from an abstraction hierarchy. Generally, there will be times (e.g. at a testing stage) when the administrator will want to know whether the general processes of the system, such as tunneling, encryption, authentication, and routing are operating or performing as expected. Such processes, found at the generalized function level, should be displayed in such a way as to allow the administrator to easily check if they are functioning as configured. The result of any changes to such configurations should be made immediately visible or known to the administrator from the display. Provide an efficient way for the administrator to monitor and control the settings and configurations of the equipment and components in the system. Typically, a VPN setup consists of a large number of point-to-point tunnels between various sites, which need to be individually configured and managed between their respective end points. Consequently, very large meshed configuration topologies become virtually impossible to maintain and control, unless an automated configuration process was in place. Indeed, what may be needed is a centralized provisioning of information for large-scale networks that allows for a policy-driven automation of security and topology configurations [5]. In this way, network and security parameters can be configured only once rather than multiple times to accommodate each location, which would definitely help to simplify the management tasks for a particular VPN setup. Display a topological view of the network to show locations of different sites and equipment and how they are connected. Clearly, the administrator must have an idea of where everything is in the system (physical form) and how they are each connected together in order to be able to locate different problem areas in the system. In a problemsolving situation, a geographical representation of the network showing the locations of various physical equipment on different sites can help the administrator in quickly finding the correct equipment or component which needs to be fixed or replaced. These design recommendations are summarized in Table 2, which shows how they relate to each of the levels in the abstraction hierarchy. This structure is particularly useful in relating VPN configuration tasks to the overall purpose and goals of the system, which is to ensure that the performance levels as outlined in an SLA are being achieved while maintaining network security. By linking the low-level configuration aspects of the VPN equipment with the high-level functional purposes of the Level Functional Purpose Abstract Function Generalized Function Physical Function Physical Form Design Requirement Performance target views Information flow paths and tunnel configuration views Routing, tunneling, and encryption process views Setup and configuration of equipment and components Topological network views, component locations 5. COMPARISON WITH PROCESS CONTROL MODELS Traditionally, work domain analysis has been performed in process control domains, such as in nuclear power plants or petrochemical systems, which are governed by familiar mass and energy conservation principles. For example, these systems usually deal with some form of mass and energy conversion or transfer process, which can easily be characterized by precise mathematical equations that ultimately determine the constraints and behavior of the system. As well, these systems usually have well-defined, centralized physical components with specific functions that do not constantly change or need to be upgraded to maintain overall performance. Using the EID approach, the work domain can thus be structured to reveal problems within the system through higher-order relations, even in unanticipated situations. For example, the failure of one physical component can result in performance anomalies in several related processes in the system. The effects of the failure can thus be easily seen, as they will be manifested in changes in higher order relationships. Diagnosis of which component has failed then becomes a relatively simple task of tracing these changes to the source of the problem via the structural links provided by the abstraction hierarchy. Although the domain of VPN management shares some characteristics with that of process control systems, there are key differences in this domain that present some interesting challenges to the application of this technique. In contrast to process control systems, computer networks represent domains that are characterized by rapid technological change, extreme decentralization, and the existence of abstract processes or components which are difficult to quantify. For, example, although it is possible to use available bandwidth capacity, latency, packet loss, and so on as a measure of network performance, it is not so easy to

quantify network security. No quantitative value can be associated with security, and yet it is a vital component to VPNs. Thus, one major challenge in this domain is determining how to represent such abstract concepts in relation with other elements in the domain. In addition, components of a VPN system are subject to constant changes in terms of their capabilities. Though routers, hubs, and the like are not often prone to failure, they usually have a short life cycle due to rapid advances in technology. New upgrades of various VPN hardware and software products are constantly incorporating more and more features and functionality, which may provide benefits in terms of increased performance or security, but may also adversely affect system manageability. Thus, another challenge is figuring out how to capture the dynamic variability of information in the domain, which traditionally has never needed to be addressed. Even though the domain of VPN management represents a relatively new and different domain than those that have been analyzed previously, much of the same principles and benefits of performing a work domain analysis still apply. In particular, the new challenges that have come up as a result of the different characteristics of this domain can still be addressed, because they do not represent a limitation of the technique. For instance, domain variables identified in the abstraction hierarchy do not always need to be associated with a quantitative variable [2]. Qualitative elements that represent abstract concepts, such as network security, are equally important and integral to the system model, because operators can still use qualitative concepts in their reasoning process. Thus, the challenge of representing abstract concepts in the abstraction hierarchy can be overcome. As well, despite the dynamic nature of elements in the lower levels, the abstraction hierarchy is still well suited to structuring the information in the domain in a way that supports operator tasks. Because the basic purposes of the various components do not change, the higher level functions represented in the abstraction hierarchy are seldom modified by new technology. These changes are manifested only in lower levels which deal with the physical components of the system or their particular capabilities and configurations. This particular property of the work domain model has strong implications for its application to different VPN situations. If differences between multiple VPN setups lie primarily at the physical form and function levels of abstraction, then the higher levels of abstraction are likely to remain relatively consistent. This, of course, suggests that once an abstraction hierarchy is developed for a particular VPN setup, it can be adapted to other situations by modifying only the lower levels of the hierarchy. Thus, the flexibility afforded by the abstraction hierarchy makes it a very viable technique for analyzing the domain of VPN management. 6. CONCLUSION This work presents the first WDA conducted in the domain of network management, representing a large shift from closed-loop process control systems, in which this method of analysis has traditionally been applied. Several general design recommendations have been made as a result of this study, which focus on simplifying VPN configuration, fault diagnosis, and coping with dynamic system variability. One of the new concepts introduced in this study is the modeling of information flow as a conservation principle, which leads to a very useful model of the work domain. Unlike traditional process control systems, however, VPNs are characterized by rapid technological change and extreme decentralization. Consequently, a major challenge in applying the EID approach to this domain is coping with the dynamic variability of components within the system. Nevertheless, the nature of the problem-solving task, the complexity of the work domain, and the physical nature of the system make this domain an excellent candidate for ecological interface design. ACKNOWLEDGEMENTS This research has been supported by a grant from Nortel Networks Canada and a contract from CITO, Communications and Information Technology Ontario. REFERENCES [1] Hajdukiewicz, J. R., Doyle, D. J. Milgram, P., Vicente, K. J. & Burns, C. M. (1998). A work domain analysis of patient monitoring in the operating room. Proceedings of the Human Factors and Ergonomics Society 42 nd Annual Meeting, pp. 1038-1042. [2] Jamieson, G. A. & Vicente, K. J. (1998). Modeling techniques to support abnormal situation management in the petrochemical processing industry. CSME Forum SCGM, Vol. 3, pp. 249-256. [3] Kosiur, D. (1999). Building and Managing Virtual Private Networks, New York: John Wiley & Sons. [4] Rasmussen, J. (1985). The role of hierarchical knowledge representation in decisionmaking and system management. IEEE Transactions on Systems, Man, and Cybernetics. SMC-15, pp. 234-243. [5] Salamone, S. (1998). VPN Alliance White Paper. [6] Vicente, K. J. (1999). Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-based Work. Mahwah, NJ: Lawrence Erlbaum. [7] Vicente, K. J. & Rasmussen, J. (1992). Ecological interface design: theoretical foundations. IEEE Transactions on Systems, Man, & Cybernetics. SMC-22, pp. 589-606. [8] VPNet Technologies Inc. (1999). Managed VPN Services: Marketing Opportunities and Paths for Implementation White Paper.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback