Thinking Inside the Box—

Web Services and XML Management

BRKDEV-1181

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1
 “Web Services are self-contained, modular
applications that can be described, published,
located, and invoked over a network, generally, the
Web ”
Web.

Developer Guide
IBM

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
 Web Services is the Way to Go
• W3C/OASIS
• SOAP4J
• XERCES
Open • Apache Axis
• HTTP/REST

• WebSphere
Industrial • BEA WebLogix
• Microsoft
Mi ft .NET
NET
Strength

• WSDL
Self-
S lf • UDDI
• Google…
describing

• XML
• SAX
Simple • Expat
• DOM

• SSH
• TLS
Secure • HTTPs/SSL

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3
 Web Services Overview

 Embedded Web Server in IOS is called Web Services

Management Agents (WSMA)
 First release – Config, Exec, File System, Notify Agents
 Extensible via plugins
 Each agent conforms to a schema published and
maintained
i t i db by Ci
Cisco

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 4
 Web Services Architecture
IOS Device

WSMA

FileSys Config Exec Notify Future

Management Station

XML (WSMA
Schema)

WSMA Profiles
WSMA Applications
Listeners Initiators
WSMA App
WSMA-SDK
SOAP Message
with XML Body

Transports

SSH HTTP/(S) Transport x

Net

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5
 WSMA Modes
WSMA
WSMA
Application
pp
Initiator
Agent
g

Must be open
WSMA inbound WSMA Listener
Agent Application

• Listener is good for traditional Web Services methods

• Initiator is good for situations needing to traverse
firewall and NAT
BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 6
 WSMA Agents

 Currently shipping
Config Agent
Exec Agent
File System Agent
Notify Agent

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 7
 Config Agent
WSMA Config Agent Exec Agent
File System Agent
Notify Agent
 Encapsulates CLI
 Three data models currently
block – tag block of commands
cmd – line by line tagging
edi – encoding C2X, X2C

 Treats a set of CLI commands as an atomic operation

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 8
 Config Agent
WSMA Config Options Exec Agent
File System Agent
Notify Agent

 TEST:
TEST try
t but
b t nott apply.
l All CLI are individually
i di id ll
validated.
 APPLY: apply to running config and deal with runtime
errors, recovery modes
continue : do anything valid
stop : abort at first failure
rollback : restore config to pre-attempt at first failure.

 PERSIST: copy the running config to

persistant storage

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 9
 Config Agent
Config Request Example Exec Agent
File System Agent
Notify Agent

<SOAP:Envelope
xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Body>
<request correlator="4
correlator 4.77" xmlns
xmlns="urn:cisco:wsma-config"
urn:cisco:wsma config >
<configApply details="all"> <config-data> <cli-config-data>
<cmd>no cns config partial mixy</cmd>
<cmd>no
d d
dog</cmd>
/ d
<cmd>no cns exec 80 </cmd>
</cli-config-data> </config-data> </configApply>
</request>
</SOAP:Body>
</SOAP:Envelope>]]>]]>

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 10
 Config Agent
Config Response Example Exec Agent
File System Agent
Notify Agent

p
<SOAP:Envelope
xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP:Body>
<response xmlns="urn:cisco:wsma-config" correlator="4.7"
success="1">
<resultEntry lineNumber="1" cliString="no cns config
partial mixy"><success change="NO_CHANGE" mode="IMMEDIATE"
/ /
/></resultEntry>
y
<resultEntry lineNumber="2" cliString="no dog"><failure
errorType="TEMPORARY" errorCode="PARSE_ERROR_NOMATCH"
/></resultEntry>
<resultEntry lineNumber="3" cliString="no cns exec 80
"><success change="NO_CHANGE" mode="IMMEDIATE" /></resultEntry>
</response>
</SOAP:Body>
</SOAP:Envelope>]]>]]>

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 11
 Config Agent
WSMA Exec Agent Exec Agent
File System Agent
Notify Agent
 Any Exec Command (show, copy, ping)
 Interactive commands have a script language
 Max bytes
y or Max time termination
 Show output can be tagged in XML seamlessly using
transforms to customize your own XML mapping

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 12
 Config Agent
WSMA Exec Request Example Exec Agent
File System Agent
Notify Agent

<SOAP:Envelope
xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" >
<SOAP:Body>
<request xmlns="urn:cisco:wsma-exec" correlator="14">
<execCLI format="disk2:/spec.odm“ > <cmd> show arp</cmd>
</execCLI>
</request>
</SOAP:Body>
</SOAP:Envelope>]]>]]>

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 13
 Config Agent
WSMA Response Example Exec Agent
File System Agent
Notify Agent

p xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
<SOAP:Envelope p p g p p >
<SOAP:Body> <response xmlns="urn:cisco:wsma-exec" correlator="14"
success="1“ > <execLog> <dialogueLog><sent> show arp</sent> <received>
<ShowArp xmlns="ODM://disk2:/spec.odm//show_arp">
<SpecVersion>1.0.0</SpecVersion>
<ARPTable>
<entry>
<Protocol>Internet</Protocol>
<Address>2.1.1.1</Address>
<Age>0</Age>
<MAC>0001.42df.59e2</MAC>
<Type>ARPA</Type>
<Interface>GigabitEthernet0/1</Interface>
</entry>
<ARPTable>
</ShowArp></received></dialogueLog></execLog></response>
</SOAP:Body> </SOAP:Envelope>]]>]]>

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 14
 Config Agent
WSMA File System Exec Agent
File System Agent
Notify Agent
 directory listing
 copy local to remote and vice-versa
 additional validation info in requests
q
filesize, md5 checksum

 overwrite or erase existing

g files
 delete files

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 15
 Config Agent
WSMA File System Example Exec Agent
File System Agent
Notify Agent
<SOAP:Envelope
xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP "http://schemas xmlsoap org/soap/envelope/" >
<SOAP:Body>
<request xmlns="urn:cisco:wsma-filesystem" correlator="9">
<fileCopy erase="0" overwrite="1" filesize="131739">
<srcURL>spec.odm</srcURL> <dstURL>foo</dstURL> </fileCopy>
</request>
</SOAP:Body></SOAP:Envelope>]]>]]>
/ d / l ]] ]]

<SOAP:Envelope
xmlns:SOAP "http://schemas xmlsoap org/soap/envelope/" >
xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
<SOAP:Body> <response xmlns="urn:cisco:wsma-filesystem"
correlator="9" success="1“ >
<fileCopyStatus> </fileCopyStatus>
</response> </SOAP:Body></SOAP:Envelope>]]>]]>

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 16
 Config Agent
WSMA Notify Overview Exec Agent
File System Agent
Notify Agent
 Currently Config Change Events
• Any configuration change generates a WSMA change event
• Includes, who did the change, when, and before and after CLI
snapshots
• Useful for synchronizing the configuration with off-box systems

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 17
 Config Agent
WSMA Notify Example Exec Agent
<notification xmlns="urn:cisco:wsma-notify"> File System Agent
Notify Agent
<configChange> <sequence>3</sequence>
<changeInfo> <user>cisco</user>
<telnet><srcIP>mixy.cisco.com</srcIP><vtyName>vty_1</vtyName>
</telnet> <when><absoluteTime>2008-11-
11T12:03:38.466Z</absoluteTime></when> </changeInfo>
<changeData> <changeItem><context></context>
<enteredCommand><cmd>ip host steve
2.2.2.2</cmd></enteredCommand>
<oldConfigState>
ldC fi St t
<cmd>ip host mixy.cisco.com 2.3.1.4</cmd>
</oldConfigState>
<newConfigState>
<cmd>ip host mixy.cisco.com 2.3.1.4</cmd>
<cmd>ip host steve 2.2.2.2</cmd>
</newConfigState> </changeItem> </changeData> </configChange>
</notification>
BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 18
 WSMA Profile

 IOS allows new type of management interface,

WSMA Profile
define encapsulation – soap11, soap12
d fi ttransportt - one off SSH,
define SSH HTTP,
HTTP TLS
define security
point to point

 Multiple WSMA profiles can be configured concurrently

with different characteristics

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 19
 WSMA Profile

 Listens for any XML

 Framing delimiter ]]>]]> for SSH (compatible with IETF
RFC 4741)
 Checks the XML is SOAP
 Validates User credentials using WSSE and AAA to
enforce
f security
it
 directs request to the correct WSMA agent

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 20
 WSMA Profiles Example

wsma profile listener foo

transport ssh
wsma profile listener foo2
transport ssh subsys wsma2
wsma agent config profile foo
wsma agent exec profile foo2

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 21
 Why is WSMA Easier to Program?
Before After
Figure out the CLI commands needed Same
to automate a task
Determine the IP, user name, Refer to the WSDL for the transaction
password, IOS version of box, etc.
Log in with SSH, check to see if it Write a Web Service program to send
succeeded the entire block of commands
Send a CLI command to the box Run it
Check to see if it succeeded
Send another command
Check for success
Send another command
Oops, command failed
T k corrective
Take ti action
ti

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 22
 WSMA Roadmap
Component
Various Component
File License New Legacy
Component
CLI/Parser Events component
p
sys agentt f t
feature C
Component
t
s

Component
config
fi E
Exec Fil
File N tif
Notify Li
License I
Inventory
t F t
Future
adapter

WSMA

Lib Lib Lib Lib Lib Lib Lib Lib

Lib
Lib
WSMA SDK
XML
Primitives

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 23
 Summary

 XML-centric
 Encrypted, secure
 Phone-home ((initiator mode))
 Industry standard
 Lots of tools and expertise available
 Foundation for future manageability
 Leverages existing web services tools and expertise
Steve Giles
Product Line Manager
E b dd d M
Embedded Managementt
stgiles@cisco.com

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 24
 Complete Your Online
Session Evaluation
 Give us your feedback and you
could win fabulous prizes
prizes.
Winners announced daily.
 Receive 20 Passport points for
each session evaluation you
complete.
 Complete your session
evaluation online now ((open a
browser through our wireless
network to access our portal) or
visit one of the Internet stations
throughout the Convention
Don’t forget
f to activate your
Center.
Cisco Live Virtual account for access to
all session material, communities, and
on-demand and live activities throughout
the
h year. AActivate
i your account at the
h
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25
BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 26
 WSMA Config Request

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27
 WSMA Config Response

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 28
 WSMA Exec Request

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 29
 WSMA Exec Response

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 30
 WSMA File System Request

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 31
 WSMA File System Response

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 32
 WSMA Notify Request

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 33
 WSMA Notify Response

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 34
 WSMA Notify Config Change

BRKDEV-1181 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 35