Trusted Computing Group

Every spring and fall, the TNC WG holds an interoperability test event called a PlugFest, where we bring together implementations of TNC interfaces and verify that they play well with others. Any implementation of any TNC interface - open source or commercial, production or alpha code - can participate; representatives can attend in person or remotely; and we always come away with new insight into our products, our standards, and the real-world scenarios in which they are used.

The name of the game at this PlugFest - held a couple weeks ago at the Infoblox MAP Lab in Santa Clara, CA - was variety. All of the products at this PlugFest were implementations of the TNC IF-MAP Binding for SOAP, but that was often the only thing they had in common! We had commercial and open-source products; MAP clients and servers; PDPs, sensors, flow controllers, and new visualization tools. We had products that have been at the PlugFest since IF-MAP 1.0 was published, and products that were brand-new to this PlugFest. We tested implementations of IF-MAP 1.1, IF-MAP 2.0, and compatibility mode between the two. It was quite an adventure!

One of the big lessons from this PlugFest is that time is critical. Specifically, synchronized time is critical! A MAP client and server establishing an SSL connection have to be within 2 minutes of each other; some products require even tighter time sync, since they might only act on events that happened in the past 30 seconds. So Network Time Protocol (NTP) is your friend... And, as with people, understanding your friend can make communication a lot easier. :)

Case in point: just turning on NTP is not a silver bullet! If you enable NTP on a system where the local time is significantly different from canonical time, NTP will adjust the time in steps, a few seconds each, until the local time is accurate. This can take quite a while, if the local time is several hours off! And if the delay is large enough, NTP may terminate rather than trying to correct it. So to quickly resolve large time disparities, it's not enough just to enable NTP; you need to first manually reset the time to be accurate within a few minutes, and then turn on NTP. That way NTP has less work to do, and communication between IF-MAP-enabled devices will be more likely to work on the first try.

Once we hammered out our time differences, then the real fun started. As usual at a PlugFest, some things worked on the first try, and others took a little tweaking. We hit what I call the "PlugFest Trifecta" - we found room for improvement in the products, the spec itself, and even the interoperability test plan! As usual for a PlugFest, developers were patching code on the fly, standards editors were discussing how to clarify ambiguity, and test plan authors were taking notes on useful new tests to formalize (which can also drive changes in the specs, since our test plan is based on the MUSTs in the standards themselves). We made a lot of progress in just a couple days - by the end of the PlugFest, all of our tests were successful!

If you have a product that runs IF-MAP, come play with us! Our next PlugFest will be held in Spring 2011, and all are welcome. For more information, please drop us a line at tnc-plugfest-coordinator@trustedcomputinggroup.org.

Lisa Lorenzin
TNC PlugFest Coordinator
Juniper Networks