OPSAWG H. Asai Internet-Draft Y. Sekiya Intended status: Standards Track The University of Tokyo Expires: January 31, 2013 K. Shima IIJ Innovation Institute Inc. H. Esaki The University of Tokyo July 30, 2012 Management Information Base for the Virtual Machine Manager draft-asai-vmm-mib-00 Abstract This document defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, this specifies managed objects that are used for virtual machine managers (a.k.a. hypervisors) and virtual machines running on them. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 31, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect Asai, et al. Expires January 31, 2013 [Page 1] Internet-Draft Virtual Machine Manager MIB July 2012 to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. The SNMP Network Management Framework . . . . . . . . . . . . 4 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 5. Security Considerations . . . . . . . . . . . . . . . . . . . 25 6. Normative References . . . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29 Asai, et al. Expires January 31, 2013 [Page 2] Internet-Draft Virtual Machine Manager MIB July 2012 1. Introduction This document defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, this specifies managed objects that are used for virtual machine managers (a.k.a. hypervisors) and virtual machines running on them. A virtual machine manager manages multiple virtual machines on a single physical machine by allocating resources to each virtual machine using virtualization technologies. Thus, the MIB objects include information on virtual CPUs, virtual storages, and virtual netwrok interfaces of virtual machines as well as hypervisor's hardware and software information. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. Asai, et al. Expires January 31, 2013 [Page 3] Internet-Draft Virtual Machine Manager MIB July 2012 2. The SNMP Network Management Framework The SNMP Network Management Framework presently consists of three major components; o An overall architecture, described in RFC 3411 [RFC3411] o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 3417 [RFC3417]. The third version of the message protocol is called SNMPv3 and described in RFC 3412 [RFC3412], RFC 3414 [RFC3414] and RFC 3417 [RFC3417]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 3416 [RFC3416]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This document specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the Asai, et al. Expires January 31, 2013 [Page 4] Internet-Draft Virtual Machine Manager MIB July 2012 MIB. Asai, et al. Expires January 31, 2013 [Page 5] Internet-Draft Virtual Machine Manager MIB July 2012 3. Definitions VMM-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, TimeTicks, Counter32, Integer32, mib-2 FROM SNMPv2-SMI DisplayString, TEXTUAL-CONVENTION FROM SNMPv2-TC InterfaceIndexOrZero FROM IF-MIB; VirtualMachineIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual machine in the managed hypervisor. The value for each virtual machine must remain constant at least from one re-initialization of the entity's hypervisor to the next re-initialization." SYNTAX Integer32 (1..2147483647) VirtualMachineUUID ::= TEXTUAL-CONVENTION DISPLAY-HINT "8X-4X-4X-4X-12X" STATUS current DESCRIPTION "A unique value, a 128-bit value guaranteed to be unique over both space and time represented as a hyphen-punctuated ASCII string of the form `8X-4X-4X-4X-12X', for each virtual machine in the managed hypervisor. See [RFC4122]." SYNTAX DisplayString (SIZE (36)) HypervisorCPUIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero, for each physical CPU on a hypervisor. For the indexes, sequential values are usually used." SYNTAX Integer32 (1..2147483647) VirtualCPUIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION Asai, et al. Expires January 31, 2013 [Page 6] Internet-Draft Virtual Machine Manager MIB July 2012 "A unique value, greater than zero, for each virtual CPU on a virtual machine. For the indexes, sequential values are usually used." SYNTAX Integer32 (1..2147483647) VirtualStorageIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual storage on a virtual machine. The value for each virtual storage must remain constant at least from one re-initialization of the entity's virtual machine to the next re-initialization." SYNTAX Integer32 (1..2147483647) VirtualInterfaceIndex ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual network interface on a virtual machine. For the indexes, sequential values are usually used." SYNTAX Integer32 (1..2147483647) vmm-mib MODULE-IDENTITY LAST-UPDATED "201207300000Z" -- 30 July 2012 ORGANIZATION "IETF Operations and Management Area Working Group" CONTACT-INFO " Hirochika Asai The University of Tokyo 7-3-1 Hongo Bunkyo-ku, Tokyo 113-8656 Japan +81 3 5841 6748 panda@hongo.wide.ad.jp" DESCRIPTION "This MIB is for use in managing virtual machines on a hypervisor. The OID `TBD' must be assigned by IANA when this becomes an official document." ::= { mib-2 TBD } -- The hypervisor group -- Asai, et al. Expires January 31, 2013 [Page 7] Internet-Draft Virtual Machine Manager MIB July 2012 -- A collection of objects common to all hypervisors. -- hypervisor OBJECT IDENTIFIER ::= { vmm-mib 1 } hvSoftware OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the hypervisor software. This value should not include its version, and it should be included in `hvSersion'." ::= { hypervisor 1 } hvVersion OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the version of the hypervisor software." ::= { hypervisor 2 } hvObjectID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor's authoritative identification of the hypervisor software contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1). Note that this is different from sysObjectID in the SNMPv2-MIB [RFC3418] because sysObjectID is not the identification of the hypervisor software but the device, firmware, or management operating system." ::= { hypervisor 3 } hvUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The time (in centi-seconds) since the hypervisor was last re-initialized. Note that this is different from sysUpTime in the SNMPv2-MIB [RFC3418] and hrSystemUptime in the HOST-RESOURCES-MIB [RFC2790] because sysUpTime is the uptime of the network management portion of the Asai, et al. Expires January 31, 2013 [Page 8] Internet-Draft Virtual Machine Manager MIB July 2012 system, and hrSystemUptime is the uptime of the management operating system but not the hypervisor software." ::= { hypervisor 4 } -- Physical CPUs hvCpuNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of physical CPUs (cores) on this hypervisor." ::= { hypervisor 5 } hvCpuTable OBJECT-TYPE SYNTAX SEQUENCE OF HvCpuEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of hypervisor's CPU entries. The number of entries is given by the value of hvCpuNumber." ::= { hypervisor 6 } hvCpuEntry OBJECT-TYPE SYNTAX VmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing management information applicable to a particular CPU on this hypervisor." INDEX { hvCpuIndex } ::= { hvCpuTable 1 } HvCpuEntry ::= SEQUENCE { hvCpuIndex HypervisorCPUIndex, hvCpuDeviceIndex Integer32, hvCpuClockRate Integer32 } hvCpuIndex OBJECT-TYPE SYNTAX HypervisorCPUIndex MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value, greater than zero, for each physical CPU on this hypervisor. It is recommended that values are assigned contiguously starting from 1." Asai, et al. Expires January 31, 2013 [Page 9] Internet-Draft Virtual Machine Manager MIB July 2012 ::= { hvCpuEntry 1 } hvCpuDeviceIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of hrDeviceIndex which corresponds to this CPU. If this device is not represented in the hvProcessorTable, then this value shall be zero." ::= { hvCpuEntry 2 } hvCpuClockRate OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The clock rate (i.e., frequency) of a CPU in KHz. If this property is not available, the value shall be zero." ::= { hvCpuEntry 3 } -- The virtual machine group -- -- A collection of objects common to all virtual machines. -- vms OBJECT IDENTIFIER ::= { vmm-mib 2 } vmNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of virtual machines (regardless of their current state) present on this hypervisor." ::= { vms 1 } vmTableLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime at the time of the last creation or deletion of an entry in the vmTable." ::= { vms 2 } vmTable OBJECT-TYPE Asai, et al. Expires January 31, 2013 [Page 10] Internet-Draft Virtual Machine Manager MIB July 2012 SYNTAX SEQUENCE OF VmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of virtual machine entries. The number of entries is given by the value of vmNumber." ::= { vms 3 } vmEntry OBJECT-TYPE SYNTAX VmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing management information applicable to a particular virtual machine." INDEX { vmIndex } ::= { vmTable 1 } VmEntry ::= SEQUENCE { vmIndex VirtualMachineIndex, vmName DisplayString, vmUUID VirtualMachineUUID, vmOSType DisplayString, vmAdminState Integer32, vmState Integer32, vmVcpuNumber Integer32, vmCpuTime Counter64, vmMemUnit Integer32, vmMaxMem Integer32, vmMinMem Integer32, vmCurMem Integer32, vmStorageNumber Integer32, vmIfNumber Integer32, vmAutoStart Integer32, vmPersistent Integer32 } vmIndex OBJECT-TYPE SYNTAX VirtualMachineIndex MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual machine. It is recommended that values are assigned contiguously starting from 1. The value for each virtual machine must remain constant at least from one re-initialization of the entity's hypervisor to the next Asai, et al. Expires January 31, 2013 [Page 11] Internet-Draft Virtual Machine Manager MIB July 2012 re-initialization." ::= { vmEntry 1 } vmName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing information about the virtual machine name." ::= { vmEntry 2 } vmUUID OBJECT-TYPE SYNTAX VirtualMachineUUID MAX-ACCESS read-only STATUS current DESCRIPTION "A textual hyphen-punctuated ASCII string of the virtual machine's 128-bit UUID." ::= { vmEntry 3 } vmOSType OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing operating system information running on the virtual machine." ::= { vmEntry 4 } vmAdminState OBJECT-TYPE SYNTAX Integer32 { unknown(0), -- unknown on(1), -- power on off(2), -- power off pause(3) -- hibernate / suspend } MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative power state of the virtual machine. Note that a virtual machine is supposed to be resumed when vmAdminState of the virtual machine is changed from pause(3) to on(1)." ::= { vmEntry 5 } vmState OBJECT-TYPE SYNTAX Integer32 { Asai, et al. Expires January 31, 2013 [Page 12] Internet-Draft Virtual Machine Manager MIB July 2012 unknown(0), -- unknown state noState(1), -- no state running(2), -- running blocked(3), -- blocked on resource paused(4), -- paused by user shutdown(5), -- being shutdown shutoff(6), -- shutoff crashed(7) -- crashed } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the virtual machine." ::= { vmEntry 6 } vmVcpuNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of virtual CPUs on the virtual machine." ::= { vmEntry 7 } vmCpuTime OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total CPU utilization time in nanosecond. If the number of virtual CPUs is larger than 1, vmCpuTime may exceed real time." ::= { vmEntry 8 } vmMemUnit OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The multiplication unit for vmMaxMem, vmMinMem, and vmCurMem. For example, when this value is 4096, the memory size unit for vmMaxMem, vmMinMem, and vmCurMem is KiB." ::= { vmEntry 9 } vmMaxMem OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current Asai, et al. Expires January 31, 2013 [Page 13] Internet-Draft Virtual Machine Manager MIB July 2012 DESCRIPTION "The maximum memory size defined to the virtual machine in the unit designated by vmMemUnit." ::= { vmEntry 10 } vmMinMem OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The minimum memory size defined to the virtual machine in the unit designated by vmMemUnit." ::= { vmEntry 11 } vmCurMem OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The current memory size allocated to the virtual machine in the unit designated by vmMemUnit." ::= { vmEntry 12 } vmStorageNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of storage devices attached to the virtual machine." ::= { vmEntry 13 } vmIfNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of network interfaces attached to the virtual machine." ::= { vmEntry 14 } vmAutoStart OBJECT-TYPE SYNTAX Integer32 { unknown(0), -- unknown enable(1), -- enabled disable(2) } MAX-ACCESS read-write Asai, et al. Expires January 31, 2013 [Page 14] Internet-Draft Virtual Machine Manager MIB July 2012 STATUS current DESCRIPTION "The autostart configuration of the virtual machine." ::= { vmEntry 15 } vmPersistent OBJECT-TYPE SYNTAX Integer32 { unknown(0), -- unknown persistent(1), -- persistent transient(2) -- transient } MAX-ACCESS read-only STATUS current DESCRIPTION "This value indicates whether the virtual machine has a persistent configuration which means the virtual machine will still exist after shutting down." ::= { vmEntry 16 } -- The virtual CPU group -- -- A collection of objects common to all virtual CPUs. -- vcpus OBJECT IDENTIFIER ::= { vms 4 } vcpuTable OBJECT-TYPE SYNTAX SEQUENCE OF VcpuEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of virtual CPUs associated with virtual machines. The number of entries for each virtual machine is given by the value of vmCpusNumber." ::= { vcpus 1 } vcpuEntry OBJECT-TYPE SYNTAX VcpuEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing virtual CPU information associated with a particular virtual machine." INDEX { vmIndex, vcpuIndex } ::= { vcpuTable 1 } VcpuEntry ::= SEQUENCE { Asai, et al. Expires January 31, 2013 [Page 15] Internet-Draft Virtual Machine Manager MIB July 2012 vcpuIndex VirtualCPUIndex, vcpuCpuTime Counter64 } vcpuIndex OBJECT-TYPE SYNTAX VirtualCPUIndex MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual CPU. It is recommended that values are assigned contiguously starting from 1." ::= { vcpuEntry 1 } vcpuCpuTime OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The total CPU utilization time of this virtual CPU in nanosecond." ::= { vcpuEntry 2 } -- Affinity vcpuAffinityTable OBJECT-TYPE SYNTAX SEQUENCE OF VcpuAffinityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of CPU affinity entries of a virtual CPU." ::= { vcpus 2 } vcpuAffinityEntry OBJECT-TYPE SYNTAX VcpuAffinityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing CPU affinity associated with a particular virtual machine." INDEX { vmIndex, vcpuIndex, vcpuHvCpuIndex } ::= { vcpuAffinityTable 1 } VcpuAffinityEntry ::= SEQUENCE { vcpuHvCpuIndex HypervisorCPUIndex, vcpuAffinity Integer32, vcpuHvCpuTime Counter64 } Asai, et al. Expires January 31, 2013 [Page 16] Internet-Draft Virtual Machine Manager MIB July 2012 vcpuHvCpuIndex OBJECT-TYPE SYNTAX HypervisorCPUIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The value of hvCpuIndex which corresponds to this virtual CPU. Note that this device must be represented in the hvCpuTable." ::= { vcpuAffinityEntry 1 } vcpuAffinity OBJECT-TYPE SYNTAX Integer32 { unknown(0), -- unknown enable(1), -- enabled diable(2) -- disabled } MAX-ACCESS read-write STATUS current DESCRIPTION "The CPU affinity to the physical CPU represented by vcpuHvCpuIndex of this virtual CPU." ::= { vcpuAffinityEntry 2 } vcpuHvCpuTime OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The CPU utilization time of this virtual CPU corresponding to this hypervisor's CPU in nanosecond. This shall be zero if the hypervisor does not maintain such information." ::= { vcpuAffinityEntry 3 } -- The virtual storage group -- -- A collection of objects common to all virtual storage devices. -- This document defines some overlapped objects with hrStorage in -- HOST-RESOURCES-MIB [RFC2790], because virtual storage shall be an -- image file, which is not the `host resource', on the hypervisor's -- filesystem, which is the `host resource'. -- vstorage OBJECT IDENTIFIER ::= { vms 5 } vstorageTable OBJECT-TYPE SYNTAX SEQUENCE OF VstorageEntry MAX-ACCESS not-accessible Asai, et al. Expires January 31, 2013 [Page 17] Internet-Draft Virtual Machine Manager MIB July 2012 STATUS current DESCRIPTION "A list of virtual storage devices associated with virtual machines. The number of entries for each virtual machine is given by the value of vmStorageNumber." ::= { vstorage 1 } vstorageEntry OBJECT-TYPE SYNTAX VStorageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing virtual storage information associated with a particular virtual machine." INDEX { vmIndex, vstorageIndex } ::= { vstorageTable 1 } VstorageEntry ::= SEQUENCE { vstorageIndex VirtualStorageIndex, vstorageName DisplayString, vstorageType Integer32, vstorageTypeHint DisplayString, vstorageResourceID DisplayString, vstorageSizeUnit Integer32, vstorageDefinedSize Integer32, vstorageAllocatedSize Integer32 } vstorageIndex OBJECT-TYPE SYNTAX VirtualStorageIndex MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual storage. It is recommended that values are assigned contiguously starting from 1 to recognize the order of virtual storage devices allocated to the virtual machine." ::= { vstorageEntry 1 } vstorageName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing the virtual storage Asai, et al. Expires January 31, 2013 [Page 18] Internet-Draft Virtual Machine Manager MIB July 2012 device." ::= { vstorageEntry 2 } vstorageType OBJECT-TYPE SYNTAX Integer32 { unknown(0), -- unknown format block(1), -- block device raw(2), -- raw file sparse(3), -- sparse file network(4) -- network } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the virtual storage." ::= { vstorageEntry 3 } vstorageTypeHint OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string of the virtual storage type. For example, this represents the specific format name of the sparse file." ::= { vstorageEntry 4 } vstorageResourceID OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string that represents the resource identifier of the virtual storage. For example, this contains the path to the disk image file that corresponds to the virtual storage." ::= { vstorageEntry 5 } vstorageSizeUnit OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The multiplication unit for vstorageSize. For example, when this value is 1048576, the storage size unit for vstorageDefinedSize and vstorageAllocatedSize is MiB." ::= { vstorageEntry 6 } Asai, et al. Expires January 31, 2013 [Page 19] Internet-Draft Virtual Machine Manager MIB July 2012 vstorageDefinedSize OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The defined virtual storage size defined in the unit designated by vstorageSizeUnit. If this information is not available, this value shall be zero." ::= { vstorageEntry 7 } vstorageAllocatedSize OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The storage size allocated to the virtual storage from a physical storage in the unit designated by vstorageSizeUnit. When the virtual storage is block device or raw file, this value and vstorageDefinedSize are supposed to equal. If this information is not available, this value shall be zero." ::= { vstorageEntry 8 } -- The virtual network interface group -- -- A collection of objects common to all virtual network interfaces. -- vif OBJECT IDENTIFIER ::= { vms 6 } vifTable OBJECT-TYPE SYNTAX SEQUENCE OF VifEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of virtual network interfaces associated with virtual machines. The number of entries for each virtual machine is given by the value of vmIfNumber." ::= { vif 1 } vifEntry OBJECT-TYPE SYNTAX VifEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing virtual network interface information associated with a particular virtual machine." Asai, et al. Expires January 31, 2013 [Page 20] Internet-Draft Virtual Machine Manager MIB July 2012 INDEX { vmIndex, vifIndex } ::= { vifTable 1 } VifEntry ::= SEQUENCE { vifIndex VirtualInterfaceIndex, vifNetworkIndex InterfaceIndexOrZero, vifName DisplayString, vifModel DisplayString } vifIndex OBJECT-TYPE SYNTAX VirtualInterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "A unique value, greater than zero, for each virtual network interface. It is recommended that values are assigned contiguously starting from 1 to recognize the order of virtual network interfaces allocated to the virtual machine." ::= { vifEntry 1 } vifNetworkIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The value of ifIndex which corresponds to this virtual network interface. If this device is not represented in the ifTable, then this value shall be zero." ::= { vifEntry 2 } vifName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual string containing the virtual network interface." ::= { vifEntry 3 } vifModel OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION Asai, et al. Expires January 31, 2013 [Page 21] Internet-Draft Virtual Machine Manager MIB July 2012 "A textual string containing the (emulated) model of virtual network interface." ::= { vifEntry 4 } vifPhysAddress OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The MAC address of virtual network interface." ::= { vifEntry 5 } -- Conformance vmConformance OBJECT IDENTIFIER ::= { vms 7 } vmGroups OBJECT IDENTIFIER ::= { vmConformance 1 } vmCompliances OBJECT IDENTIFIER ::= { vmConformance 2 } -- Compliance statement vmCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities which have virtual machines." MODULE MANDATORY-GROUPS { vmNotificationGroup } ::= { vmCompliances 1 } vmNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { vmAdminStateChange } STATUS current DESCRIPTION "The notifications which indicate specific changes in the value of vmAdminState." ::= { vmGroups 1 } -- Trap vmTrap OBJECT IDENTIFIER ::= { vms 8 } vmAdminStateChange NOTIFICATION-TYPE OBJECTS { vmIndex, vmName, vmUUID, vmAdminState, vmState } STATUS current DESCRIPTION "A vmAdminStateChange trap signifies that the SNMP entity, acting in an agent role, has detected the changes in the value of vmAdminState object." Asai, et al. Expires January 31, 2013 [Page 22] Internet-Draft Virtual Machine Manager MIB July 2012 END Asai, et al. Expires January 31, 2013 [Page 23] Internet-Draft Virtual Machine Manager MIB July 2012 4. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- vmm-mib { mib-2 TBD } Asai, et al. Expires January 31, 2013 [Page 24] Internet-Draft Virtual Machine Manager MIB July 2012 5. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on virtual machine manager and virtual machine operations. There are a number of managed objects in this MIB that may contain sensitive information. The objects in the hvSoftware and hvVersion list information about the virtual machine manager's software and version. Some may wish not to disclose to others which software they are running. Further, an inventory of the running software and versions may be helpful to an attacker who hopes to exploit software bugs in certain applications. Moreover, the objects in the vmTable, vstorage, and vif list information about the virtual machines, and their resources. Some may wish not to disclose to others how many and what virtual machines they are operating. It is thus important to control even GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. It is recommended that attention be specifically given to implementing the MAX-ACCESS clause in a number of objects, including vmAdminState, vmMaxMem, vmMinMem, vmAutoStart, and vcpuAffinity in scenarios that DO NOT use SNMPv3 strong security (i.e. authentication and encryption). Extreme caution must be used to minimize the risk of cascading security vulnerabilities when SNMPv3 strong security is not used. When SNMPv3 strong security is not used, these objects should have access of read-only, not read-create. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/ SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 3414 [RFC3414] and the View- based Access Control Model RFC 3415 [RFC3415] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/ Asai, et al. Expires January 31, 2013 [Page 25] Internet-Draft Virtual Machine Manager MIB July 2012 create/delete) them. Asai, et al. Expires January 31, 2013 [Page 26] Internet-Draft Virtual Machine Manager MIB July 2012 6. Normative References [RFC1155] Rose, M. and K. McCloghrie, "Structure and identification of management information for TCP/IP-based internets", STD 16, RFC 1155, May 1990. [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol (SNMP)", STD 15, RFC 1157, May 1990. [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB definitions", STD 16, RFC 1212, March 1991. [RFC1215] Rose, M., "Convention for defining traps for use with the SNMP", RFC 1215, March 1991. [RFC1901] Case, J., McCloghrie, K., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMP Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2790] Waldbusser, S. and P. Grillo, "Host Resources MIB", RFC 2790, March 2000. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Asai, et al. Expires January 31, 2013 [Page 27] Internet-Draft Virtual Machine Manager MIB July 2012 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC3412] Case, J., Harrington, D., Presuhn, R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3412, December 2002. [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. [RFC3415] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3415, December 2002. [RFC3416] Presuhn, R., "Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3416, December 2002. [RFC3417] Presuhn, R., "Transport Mappings for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3417, December 2002. [RFC3418] Presuhn, R., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002. [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, July 2005. Asai, et al. Expires January 31, 2013 [Page 28] Internet-Draft Virtual Machine Manager MIB July 2012 Authors' Addresses Hirochika Asai The University of Tokyo 7-3-1 Hongo Bunkyo-ku, Tokyo 113-8656 JP Phone: +81 3 5841 6748 Email: panda@hongo.wide.ad.jp Yuji Sekiya The University of Tokyo 2-11-16 Yayoi Bunkyo-ku, Tokyo 113-8658 JP Email: sekiya@wide.ad.jp Keiichi Shima IIJ Innovation Institute Inc. 1-105 Kanda-Jinbocho Chiyoda-ku, Tokyo 101-0051 JP Email: keiichi@iijlab.net Hiroshi Esaki The University of Tokyo 7-3-1 Hongo Bunkyo-ku, Tokyo 113-8656 JP Phone: +81 3 5841 6748 Email: hiroshi@wide.ad.jp Asai, et al. Expires January 31, 2013 [Page 29]