An IPSOFilterEntry is used to match traffic based on the IP Security Options header values (ClassificationLevel and ProtectionAuthority) as defined in RFC1108. This type of FilterEntry is used to adjust the IPsec encryption level according to the IPSO classification of the traffic (e.g., secret, confidential, restricted, etc.). | Qualifiers:Version ( "2.8.0" ) MappingStrings { "IPSP Policy Model.IETF|IPSOFilterEntry" } | Parameters (local in grey) | | Values { "Other" , "No Filtering on Classification Level" , "Top Secret" , "Secret" , "Confidential" , "Unclassified" , "DMTF Reserved" , "Vendor Reserved" } Required ModelCorrespondence { "CIM_IPSOFilterEntry.MatchConditionType" , "CIM_IPSOFilterEntry.OtherClassificationLevel" } ValueMap { "1" , "2" , "3" , "4" , "5" , "6" , ".." , "0x8000.." } MappingStrings { "IPSP Policy Model.IETF|" "IPSOFilterEntry.MatchConditionValue" , "RFC1108.IETF|Section 2.3" } uint16 ClassificationLevel ; This is the value to be matched when MatchConditionType is 1 or 3 - meaning that 'Classification Level' should be filtered. In RFC1108, the following semantics are specified: TopSecret, Secret, Confidential, and Unclassified. Note that this enumeration's values are different than the RFC list and the IETF's IPSP Policy Model since those lists are simply bit maps, and do not include specific values for 'Other' or 'No Filtering'. | ModelCorrespondence { "CIM_IPSOFilterEntry.ProtectionAuthorities" } string OtherProtectionAuthorities [ ] ; Description of the authority when the value 1 ('Other') is specified for the property, ProtectionAuthorities. | ModelCorrespondence { "CIM_IPSOFilterEntry.ClassificationLevel" } string OtherClassificationLevel ; Description of the level when the value 1 ('Other') is specified for the property, ClassificationLevel. | Values { "Classification Level" , "Protection Authority" , "Both Classification Level and Protection Authority" } Required ModelCorrespondence { "CIM_IPSOFilterEntry.ClassificationLevel" , "CIM_IPSOFilterEntry.ProtectionAuthorities" } ValueMap { "2" , "3" , "4" } MappingStrings { "IPSP Policy Model.IETF|" "IPSOFilterEntry.MatchConditionType" } uint16 MatchConditionType ; MatchConditionType specifies whether to match based on traffic classification level, protection authority or both. Note that this enumeration is modified from its definition in the IETF's IPSP Policy Model to allow for both classification level and protection authority checking, and to allow the enumerated value, 'Other', to be added in the future. | Values { "Other" , "No Filtering on Protection Authority" , "GENSER" , "SIOP-ESI" , "SCI" , "NSA" , "DOE" , "DMTF Reserved" , "Vendor Reserved" } Required ModelCorrespondence { "CIM_IPSOFilterEntry.MatchConditionType" , "CIM_IPSOFilterEntry.OtherProtectionAuthorities" } ValueMap { "1" , "2" , "3" , "4" , "5" , "6" , "7" , ".." , "0x8000.." } MappingStrings { "IPSP Policy Model.IETF|" "IPSOFilterEntry.MatchConditionValue" , "RFC1108.IETF|Section 2.4" } uint16 ProtectionAuthorities [ ] ; These are the values to be matched when MatchConditionType is 2 or 3 - meaning that 'Protection Authority' should be filtered. In RFC1108, the following authorities are specified: GENSER, SIOP-ESI, SCI, NSA and DOE. Note that multiple authorities may be specified. This enumeration is modified from its definition in the RFC and IETF's IPSP Policy Model. Those lists are simply bit maps, and do not include specific values for 'Other' or 'No Filtering'. | Propagated ( "CIM_ComputerSystem.Name" ) MaxLen ( 256 ) Key string SystemName ; The scoping ComputerSystem's Name. | boolean IsNegated ; Boolean indicating that the match condition described in the properties of the FilterEntryBase subclass should be negated. This property is defined for ease of use when filtering on simple negations - for example, to select all source ports except 162. It is not recommended that this Boolean be set to True when filtering on multiple criteria, such as defining an IPHeadersFilter based on source/destination addresses, ports, and DiffServ Code Points. | MaxLen ( 256 ) Override ( "Name" ) Key string Name ; The Name property defines the label by which the Filter Entry is known and uniquely identified. | Propagated ( "CIM_ComputerSystem.CreationClassName" ) MaxLen ( 256 ) Key string SystemCreationClassName ; The scoping ComputerSystem's CreationClassName. | MaxLen ( 256 ) Key string CreationClassName ; CreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified. | ModelCorrespondence { "CIM_ManagedSystemElement.OperationalStatus" } ArrayType ( "Indexed" ) string StatusDescriptions [ ] ; Strings describing the various OperationalStatus array values. For example, if 'Stopping' is the value assigned to OperationalStatus, then this property may contain an explanation as to why an object is being stopped. Note that entries in this array are correlated with those at the same array index in OperationalStatus. | Values { "Unknown" , "Other" , "OK" , "Degraded" , "Stressed" , "Predictive Failure" , "Error" , "Non-Recoverable Error" , "Starting" , "Stopping" , "Stopped" , "In Service" , "No Contact" , "Lost Communication" , "Aborted" , "Dormant" , "Supporting Entity in Error" , "Completed" , "Power Mode" , "DMTF Reserved" , "Vendor Reserved" } ModelCorrespondence { "CIM_ManagedSystemElement.StatusDescriptions" } ValueMap { "0" , "1" , "2" , "3" , "4" , "5" , "6" , "7" , "8" , "9" , "10" , "11" , "12" , "13" , "14" , "15" , "16" , "17" , "18" , ".." , "0x8000.." } ArrayType ( "Indexed" ) uint16 OperationalStatus [ ] ; Indicates the current status(es) of the element. Various health and operational statuses are defined. Many of the enumeration's values are self- explanatory. However, a few are not and are described in more detail. 'Stressed' indicates that the element is functioning, but needs attention. Examples of 'Stressed' states are overload, overheated, etc. 'Predictive Failure' indicates that an element is functioning nominally but predicting a failure in the near future. 'In Service' describes an element being configured, maintained, cleaned, or otherwise administered. 'No Contact' indicates that the monitoring system has knowledge of this element, but has never been able to establish communications with it. 'Lost Communication' indicates that the ManagedSystem Element is known to exist and has been contacted successfully in the past, but is currently unreachable. 'Stopped' and 'Aborted' are similar, although the former implies a clean and orderly stop, while the latter implies an abrupt stop where the element's state and configuration may need to be updated. 'Dormant' indicates that the element is inactive or quiesced. 'Supporting Entity in Error' describes that this element may be 'OK' but that another element, on which it is dependent, is in error. An example is a network service or endpoint that cannot function due to lower layer networking problems. 'Completed' indicates the element has completed its operation. This value should be combined with either OK, Error, or Degraded so that a client can till if the complete operation passed (Completed with OK), and failure (Completed with Error). Completed with Degraded would imply the operation finished, but did not complete OK or report an error. 'Power Mode' indicates the element has additional power model information contained in the Associated PowerManagementService association. OperationalStatus replaces the Status property on ManagedSystemElement to provide a consistent approach to enumerations, to address implementation needs for an array property, and to provide a migration path from today's environment to the future. This change was not made earlier since it required the DEPRECATED qualifier. Due to the widespread use of the existing Status property in management applications, it is strongly RECOMMENDED that providers/instrumentation provide BOTH the Status and OperationalStatus properties. Further, the first value of OperationalStatus SHOULD contain the primary status for the element. When instrumented, Status (since it is single-valued) SHOULD also provide the primary status of the element. | MappingStrings { "MIF.DMTF|ComponentID|001.5" } datetime InstallDate ; A datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed. | MaxLen ( 10 ) Deprecated { "CIM_ManagedSystemElement.OperationalStatus" } ValueMap { "OK" , "Error" , "Degraded" , "Unknown" , "Pred Fail" , "Starting" , "Stopping" , "Service" , "Stressed" , "NonRecover" , "No Contact" , "Lost Comm" , "Stopped" } string Status ; A string indicating the current status of the object. Various operational and non-operational statuses are defined. This property is deprecated in lieu of OperationalStatus, which includes the same semantics in its enumeration. This change is made for 3 reasons: 1) Status is more correctly defined as an array. This overcomes the limitation of describing status via a single value, when it is really a multi-valued property (for example, an element may be OK AND Stopped. 2) A MaxLen of 10 is too restrictive and leads to unclear enumerated values. And, 3) The change to a uint16 data type was discussed when CIM V2.0 was defined. However, existing V1.0 implementations used the string property and did not want to modify their code. Therefore, Status was grandfathered into the Schema. Use of the Deprecated qualifier allows the maintenance of the existing property, but also permits an improved definition using OperationalStatus. | MaxLen ( 64 ) string Caption ; The Caption property is a short textual description (one- line string) of the object. | string Description ; The Description property provides a textual description of the object. | string ElementName ; A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. |
| | | | |
|