The Automated Management Implementation of the Distributed Information Systems’ Communication Infrastructure

The intensive introduction of virtualization technologies, the transition to software-oriented methods and the active use of universal tools make it possible to provide comprehensive automation of the processes of managing the communication infrastructures of a modern enterprise. The use of modern methods for creating network resources and network management tools makes it possible to find solutions for many problems that arise during the construction or modernization of distributed information systems. This paper presents an example of the implementation of the concept of "Infrastructure as Code", the use of a set of virtualization platforms and network management tools in the construction of a distributed laboratory complex of an educational institution. The paper shows how the use of modern methods and tools provides comprehensive automation of the management of network resources of a distributed laboratory complex, which makes it possible to combine disparate laboratory resources of an educational institution into a single software-controlled complex, intensify the learning process and instill in students practical skills in building modern data transmission systems.


Introduction
The vast majority of modern information systems fall under the definition of distributed [1]. A distributed system is a collection of autonomous computing elements that appears to its users as a single coherent system. This is due to the peculiarities of the current stage of development of information technology. A prerequisite for the construction of modern distributed systems is to ensure the required level of reliability and the possibility of further development (scalability) of these systems [1]. Most modern information systems are implemented on existing communication infrastructures, the limited resources of which must be divided between various applications, which places increased demands on both communication infrastructure management systems and their components. The fulfillment of these requirements in modern communication infrastructures is achieved through the use of the concept of overlay networks. The implementation of this concept allows you to "split" the existing communication infrastructure into a set of layers, each of which is a virtual infrastructure capable of meeting the specified quality of service requirements for a dedicated group of distributed applications [2]. The application of this concept makes it possible to satisfy a set of often conflicting requirements of various applications, however, it makes it almost impossible to continue using traditional schemes and methods of managing communication infrastructures [3] and, therefore, presupposes the use of new approaches and tools for software configuration management to achieve these goals. First of all, these include the concept of "Infrastructure as Code" (IaC), which involves the description of the infrastructure configuration in the form of program code [4]. An important aspect is the absence of a human factor in the infrastructure management process (zero-touch).
In this paper, the application of these approaches and tools is considered when building a control system for a distributed laboratory complex of a higher educational institution.

Description of Approaches to Building a Control System for DLC Components of an Educational Institution
The laboratory complex of a modern educational institution is a distributed information system, which includes software or hardware laboratory stands located, as a rule, in various classrooms or buildings of an educational institution. Control systems for such complexes should ensure the implementation of the basic settings of the components of the complex before the start of the lesson, and / or the control of the process of completing the laboratory assignment by the students. The use of software-controlled distributed laboratory complexes (DLC) in the educational process allows instilling in students the skills of coordinated changes in the configurations of communication infrastructures that are especially relevant today, and also opens up the opportunity for building and researching self-organizing information systems capable of implementing a closed loop of network resource management using a complex of computer technologies. training [5]. The main feature of such information systems is the intensive use of the communication infrastructure of the educational institution to provide access (including remote) for students to the resources of the laboratory complex, as well as control the interaction of the distributed components of the complex. To implement all these possibilities in a modern university, the control system of such a DLC must meet as much as possible a set of specific requirements, among which, first of all, one should highlight: • the possibility of implementation on the existing communication infrastructure of the educational institution and the use of existing laboratory equipment; • the ability to use HTML user interface to control the DLC and access its components; • the possibility of increasing the functional content of the information system without radically changing it; • the possibility of using promising approaches and tools for managing system components.

Methods for DLC organizing
Among the basic approaches that can be used to build a control system for a distributed laboratory complex, one should highlight the use of hypervisors and the use of emulation systems using cloud or local resources.
Hypervisors are designed to separate physical resources by deploying virtual network components. Provides the possibility of information interaction between virtual and physical components of communication infrastructures [6]. Software emulators allow you to create virtual network objects and combine them into network infrastructures that can be implemented as a cloud service or a local application.

Features of DLC management
After organizing laboratory stands, the task of setting up and managing these stands arises. It is necessary to manage both the configurations of the information and communication structures on which the laboratory stands are based and the topologies of the stands themselves. Also, an important aspect of managing laboratory stands used in universities for conducting practical exercises with students is the organization of safe and reliable access to the equipment of the stands with the possibility of restoring the original configuration of the equipment.
For control, the approach discussed in previous publications [7] was chosen to automate the management of the deployment of laboratory benches, based on the description of the required state of the infrastructure in the form of code. An additional advantage of this approach is the abstraction from the way of organizing the laboratory complex -the management of a virtual, physical, and hybrid laboratory complex does not have any fundamental differences.

Access to the DLC scenarios
The events of the COVID-19 pandemic revealed the shortcomings of the existing training format in the face of a sudden transition to distance learning. In particular, classrooms for conducting classes on networking technologies did not provide the ability to remotely access laboratory equipment. In the process of designing the DLC, remote access scenarios were formulated: • access to the control network of the complex; • access to the graphical interface of the complex.
These scenarios are complementary. Access to the control network is basic and implemented using Remote Access VPN or Site-to-site VPN. This scenario is applicable to accessing static addressable physical hardware. Access to the graphical interface is auxiliary and provides additional capabilities for controlling the DLC.
The use of a web application that supports authentication is considered as the optimal approach for organizing access to the stands. This approach allows you to fine-tune the access rights to the system of each user and display only the stands and data available to him. It is possible to attach teaching materials to each laboratory stand. In this case, the student account sees only those topologies to which it has access.

DLC implementation
The approaches considered above make it possible to implement a universal virtual DLC with an integrated control system. The DLC diagram is shown in figure 1.
The presented solution is an alternative to the existing NDG NETLAB+ service for Cisco Networking Academy courses. The implementation of our own solution is justified by the impossibility of using the NETLAB+ service on the territory of the Russian Federation. And also the high cost of using this service.
In the implemented version, the laboratory complex combines two classrooms. In the classroom, marked in the figure as "R-344", there is computing power for organizing a control system, storing a database and virtualizing additional laboratory stands. In the room "R-224" there are physical laboratory stands "switch-router", which are integrated into the system being implemented.
The classrooms are connected by a tunnel at the data link layer, which allows equipment from different classrooms to be connected as if it were operating on the same local network.  The tunnel is organized on top of the IRIT-RTF infrastructure using Pseudo-wire technology using L2_router_344 and Edge_router_224 border routers, which are DHCP clients of the radio faculty server.
Edge routers Edge_router_224 and Edge_router_344 also perform NAT sessions. In particular, access from the radio faculty network to the physical laboratory stands of the R-224 room is carried out using the Static NAT (Network Address Translation) technology through the Edge_router_224 router, and the access of the virtual equipment of the R-344 room to the Internet is provided by the Edge_router_344 router using the PAT (Port Address Translation) technology.
The rest of the equipment, which requires access from external networks, receives a control address from the IRIT-RTF network using the DHCP protocol. Access to the DLC is carried out from the UrFU network both from workstations of classrooms and from personal computers of students. Remote access is provided to students by connecting to RAS VPN servers of UrFU.
To manage the configurations of the DLC and prepare the equipment for laboratory work, the program code has been prepared and presented in the repository on GitHub [8]. The code is a set of instructions that allows you to set initial settings on laboratory equipment, get the state of the equipment, and restore configurations to their original state. Thanks to this approach, it becomes possible to automatically reconfigure the laboratory complex to meet the necessary requirements. The execution of the program code is carried out from the virtual machine using the configuration management tool Ansible [9]. The DLC control system is based on the free distributed emulator EVE-NG [10]. This emulator performs the following functions: user access with differentiation of rights to the resources of the complex; storage of teaching materials and user credentials; providing an interface for interacting with physical equipment that does not support the web interface.
Access to laboratory stands is implemented as a web interface. The differentiation of rights is carried out by separating user groups. The "Teachers" group has full access to the information system. Teachers manage the rest of the users, existing laboratory stands, teaching materials. The "Students" group is limited in terms of access rights to laboratory stands. This allows each student to define their own independent laboratory bench, as well as protect the existing configuration and content of the DLC from changes. The interface for interacting with the system is shown in figure 2.

DLC testing
Testing of the DLC performance was carried out during trial sessions within the framework of the "Computer networks" discipline with the participation of volunteers among second and third year students. During the preparation of the lessons, the current methodological instructions were revised and a collection of new laboratory works performed at the DLC was prepared [11].
During the testing process, shortcomings of the current system were identified and corrected. A significant drawback when working with physical equipment is the inability to MATEC Web of Conferences 346, 03047 (2021) ICMTMTE 2021 https://doi.org/10.1051/matecconf /202134603047 manage through the console port. This circumstance is a forced necessity due to the lack of a free console terminal.
At the suggestions of students, the functionality of the DLC was expanded by adding the ability to perform laboratory work on fully virtual equipment. It also became possible to use computational resources in a limited format to organize "sandboxes" -such laboratory stands in which the topology and configuration are determined by the students themselves.

Prospective directions of development of DLC
Our educational institution is licensed by the Cisco Networking Academy. The discipline "Computer Networks" is mostly focused on the Cisco CCNA course. At the last Cisco Netacad forum in 2021, in the report "How to easily and profitably equip a network laboratory" [12], the next changes in the courses offered for teaching were announced. In particular, requirements are presented for the conversion of existing network laboratories into softwarecontrolled laboratories (SD-academies). Cisco's obvious motivation is to promote and sell its products, both software and hardware. Commercialization is done on a subscription basis.
The use of commercial products not only incurs additional costs, but also directs the consumer to use the products of only one company without alternative. The Red Hat company in its reports [13] notes that 90% of IT leaders use open-source solutions in production. Moreover, managers note the higher quality of such products compared to proprietary ones. The approaches described in the previous chapters allow organizing training using a variety of technologies and products that are not on the market, but are in demand in the IT community.
All the listed features of the considered implementation of the DLC provide a wide range of options for teaching students. There is a possibility of both traditional configuration of equipment using console management and configuration using automated configuration management tools. On the other hand, the DLC under consideration allows you to move away from studying the principles of administration and delve into the study of information flows of data arising from the interaction of both physical infrastructure elements and virtual ones. Direct access in real time to information streams transmitted as part of the DLC makes it possible to use machine learning tools to analyze the transmitted data in order to monitor the efficiency of the use of network resources or identify information security threats.
These factors are prerequisites for organizing not only an DLC on the basis of an educational institution, but also for the preparation of an educational platform containing readymade training courses in the field of computer networks and communications. The technical equipment of the courses is the DLC. Courses can be either free or commercially. The possibility of both full-time and remote mastering of the curriculum is assumed. Guided by an instructor or automated progress assessment.
At the moment, in this direction, work is underway to implement monitoring of the implementation of laboratory work with the ability to interact with the system and receive a feedback from the system. The system, in the process of performing laboratory work by the user, shows the user the requirements for implementation, the current progress of implementation, errors and tips for their correction.

Conclusion
The use of modern methods for creating network resources and network management tools makes it possible to find solutions for many problems that arise during the construction or modernization of distributed information systems. This paper shows how the implementation of the IaC concept, the use of universal tools and software applications capable of reconfiguring components in real time, allows you to transfer the solution of control problems for the DLC infrastructure to a qualitatively new level. The implementation of integrated solutions based on virtualization technologies of network components, universal protocols and network management tools allows transforming traditional laboratory classes into distributed hardware and software systems, where students can conduct not only laboratory classes, but also independent research [14]. The use of such complexes in the educational process allows you to continue the effective use of the equipment available to educational institutions and, in addition, makes it possible to smoothly transition from the traditional (CLI-based) method to software management of network equipment. The paper presents an example of building a similar LC and the experience of organizing laboratory classes on it to study the basics of building software-controlled communication infrastructures.