Operating System

Windows Management Instrumentation and Simple Network Protocol Management

White Paper

Abstract

This paper presents an overview of the Microsoft® Windows® Management Instrumentation (WMI) technology, an implementation of the Distributed Management Force’s (DMTF) Web-Based Enterprise Management (WBEM) initiative, and concentrates on WMI’s support for Simple Network Management Protocol (SNMP). This information is intended for IT professionals who are interested in SNMP and WMI.

© 2000 Microsoft Corporation. All rights reserved.

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, ActiveX, JScript, Visual Basic, Win32, Windows, the Windows logo, and WindowsNT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA

0200

Contents

Introduction

Windows Management Instrumentation Technology

WMI Architecture Overview

Simple Network Management Protocol Overview

SNMP Messages

WMI SDK support for SNMP

SNMP Providers

Security

SNMP Information Module Compiler

Conclusion

For More Information

Introduction

The Microsoft® Windows® Management Instrumentation (WMI) technology is the Microsoft implementation of the Distributed Management Task Force (DMTF) Web-Based Enterprise Management (WBEM) initiative that extends the Common Information Model (CIM) to represent management objects in Windows-based management environments. The Common Information Model, also a DMTF standard, is an extensible data model for logically organizing management objects in a consistent, unified manner in a managed environment.

Based on the Common Information Model, WBEM is a DMTF initiative and technology that establishes management infrastructure standards and provides a standardized way to access information from various hardware and software management systems in an enterprise environment. Using WBEM standards, developers can create tools and technologies that reduce the complexity and costs of enterprise management. By providing such standards, WBEM contributes to industry-wide efforts to lower total cost of ownership (TCO). TCO refers to the administrative costs associated with computer hardware and software purchases, deployment and configuration, hardware and software updates, training, maintenance, and technical support.

WBEM provides a point of integration through which data from management sources can be accessed, and it complements and extends existing management protocols and instrumentation such as Simple Network Management Protocol (SNMP), Desktop Management Interface (DMI), and Common Management Information Protocol (CMIP).

The WBEM initiative results from the cooperative efforts of Microsoft, BMC Software, Cisco Systems, Compaq Computer, and Intel, as well as many other member companies active in the DMTF.

This paper presents a brief overview of WMI (the Microsoft implementation of the WBEM standard) and its architecture and goes on to provide detailed information about the WMI provider interfaces and aspects of programming WMI providers.

Windows Management Instrumentation Technology

The Windows Management Instrumentation (WMI) technology is a management infrastructure that supports the syntax of CIM, the Managed Object Format (MOF), and a common programming interface. The MOF syntax defines the structure and contents of the CIM schema in human and machine-readable form. Windows Management Instrumentation offers a powerful set of services, including query-based information retrieval and event notification. These services and the management data are accessed through a Component Object Model (COM) programming interface. The WMI scripting interface also provides scripting support.

The WMI technology provides:

  • Access to monitor, command, and control any managed object through a common, unifying set of interfaces, regardless of the underlying instrumentation mechanism. WMI is an access mechanism.
  • A consistent model of Windows 2000 operating system operation, configuration, and status.
  • A COM Application Programming Interface (API) that supplies a single point of access for all management information.
  • Interoperability with other Windows 2000 management services. This approach can simplify the process of creating integrated, well-architected management solutions.
  • A flexible, extensible architecture. Developers can extend the information model to cover new devices, applications, and so on, by writing code modules called WMI providers, described later in this document.
  • Extensions to the Windows Driver Model (WDM) to capture instrumentation data and events from device drivers and kernel-side components.
  • A powerful event architecture. This allows management information changes to be identified, aggregated, compared, and associated with other management information. These changes can also be forwarded to local or remote management applications.
  • A rich query language that enables detailed queries of the information model.
  • A scriptable API which developers can use to create management applications. The scripting API supports several languages, including Microsoft Visual Basic®; Visual Basic for Applications (VBA); Visual Basic, Scripting Edition (VBScript); Microsoft JScript® development software. Besides VBScript and JScript, developers can use any scripting language implementation that supports Microsoft ActiveX® scripting technologies with this API (for example, a Perl scripting engine). Additionally, you can use the Windows Script Host or Microsoft Internet Explorer to write scripts using this interface. Windows Script Host, like Internet Explorer, serves as a controller engine of ActiveX scripting engines. Windows Script Host supports scripts written in VBScript, and JScript.

The WMI technology architecture consists of the following:

  • A management infrastructure. This includes the CIM Object Manager, which provides applications with uniform access to management data and a central storage area for management data called the CIM Object Manager repository.
  • WMI Providers. These function as intermediaries between the CIM Object Manager and managed objects. Using the WMI APIs, providers supply the CIM Object Manager with data from managed objects, handle requests on behalf of management applications, and generate event notifications.

The management infrastructure consists of CIM Object Manager and the CIM Object Managerrepository. Applications depend on the Object Manager to handle the interface between management applications and data providers. WMI facilitates these communications by providing a common programming interface to Windows management services using COM. This COM API supplies event notification and query processing services, and can be used in several programming language environments such as C and C++. The CIM Object Manager repository holds the CIM and extension schemas, and data information or data source details. CIM Object Manager uses the schema data in this repository when servicing requests from management applications for managed objects.

Managed objects are either physical or logical enterprise components that are modeled using CIM. For example, a managed object can be hardware such as a cable, or software such as a database application. Management applications can access managed objects through CIM Object Manager.

Management applications are applications or Windows 2000 services that use or process information originating from managed objects. Management applications can access managed object information by making a request to CIM Object Manager through one of the methods in the WMI API.

WMI providers are standard COM and Distributed Component Object Model (DCOM) servers that function as mediators between managed objects and the CIM Object Manager. If the CIM Object Manager receives a request from a management application for data that is not available from the CIM Object Manager repository or for event notifications that are not supported by the CIM Object Manager, it forwards the request to a WMI provider. Providers supply data and event notifications for managed objects that are specific to their particular domain. Figure 1 illustrates the three layer model WMI uses, which consists of providers, the CIM Object Manager, and consumers of WMI information.

Figure 1. Model that WMI uses

To implement a provider, you should use one of the following supported server types:

  • Microsoft Windows 2000 services, local or remote.
  • Standard executables (.exe files), local or remote.
  • In-process dynamic-link libraries (DLLs).

Note that local or remote Windows 2000 services and standard executables are recommended server types.

WMI ships with built-in providers (or standard providers) that supply data from sources such as the system registry. The built-in providers include:

  • Active Directory Provider—Acts as a gateway to all the information stored in the Active Directory™ service. Allows information from both WMI and Active Directory to be accessed using a single API.
  • Windows Installer Provider—Allows complete control of Windows Installer and installation of software through WMI. Also supplies information about any application installed with Windows Installer.
  • Performance CounterProvider—Exposes the raw performance counter information used to compute the performance values shown in the System Monitor tool. Any performance counters installed on a system will automatically be visible through this provider. Supported by Windows 2000.
  • Registry Provider—Allows Registry keys to be created, read, and written. WMI events can be generated when specified Registry keys are modified
  • SNMP Provider—Acts as a gateway to systems and devices that use the Simple Network Management Protocol (SNMP) for management. SNMP MIB object variables can be read and written. SNMP traps can be automatically mapped to WMI events.
  • Event Log Provider—Provides access to data and event notifications from the Windows 2000 Event Log.
  • Win32® Provider—Provides information about the operating system, computer system, peripheral devices, file systems and security information.
  • WDM Provider—Supplies low level Windows Driver Model driver information for user input devices, storage devices, network interfaces, and communications ports.
  • View Provider—Allows new aggregated classes to be built up from existing classes. Source classes can be filtered for only the information of interest, information from multiple classes can be combined into a single class and data from multiple machines can be aggregated into a single view.

The WMI technology also provides support for third party custom providers. Custom providers can be used to service requests related to managed objects that are environment-specific. Providers typically use the MOF language to define and create classes. Providers use the WMI API to access the CIM Object Manager repository, and to respond to CIM Object Manager requests made initially by applications.

Additional technical papers on WMI are available on the MicrosoftWeb site.

Simple Network Management Protocol Overview

Simple Network Management Protocol (SNMP) is a network management standard that defines a strategy for managing TCP/IP and, more recently, Internet Packet Exchange (IPX) networks.

SNMP uses a distributed architecture that includes:

  • Multiple managed nodes, each with an SNMP entity called an agent which provides remote access to management instrumentation.
  • At least one SNMP entity referred to as a manager which runs management applications to monitor and control managed elements. Managed elements are devices such as hosts, routers, and so on; they are monitored and controlled by accessing their management information.
  • A management protocol, SNMP, is used to convey management information between the management stations and agents. Management information refers to a collection of managed objects that reside in a virtual information store called a Management Information Base (MIB).

SNMP Messages

To communicate host information, management systems and agents use SNMP messages. These messages are sent using the User Datagram Protocol (UDP) and are routed between the management system and host by using the Internet Protocol (IP).

A Management Information Base contains the information requested by the management system. The MIB for a networked computer may include information on the configuration and performance of the network interface card, the available hard drive space, the version of drivers and applications, and so on. Additional MIBs may be written and loaded, to expose the data that is specified for collection, as long as the system itself supports the collection of the requested information.

Processing Information Requests

When a management system requests information, the following sequence occurs:

  • A management system sends a request to an agent using the agent’s IP or IPX address.
  • The agent forms an SNMP datagram that contains an SNMP message and the community name to which the management system belongs.
  • The SNMP agent receives the datagram and confirms the community name. If the community name is valid, the SNMP agent retrieves the appropriate data. Otherwise, if the community name is invalid, the request is rejected. If the agent has been configured to send an authentication trap, a trap message is sent.
  • The SNMP datagram is returned to the management system with the requested information.

Messages

The following SNMP message types are used:

  • Get—This is a request message. SNMP management systems use Get messages to request information about a MIB entry on an SNMP agent.
  • Getnext—A type of request message that can be used to browse an entire tree of managed objects.
  • Getbulk—A type of request that specifies that the agent transfer as much data as possible, within the limits of message size.
  • Set—This is used to send and assign an updated MIB value to an agent.
  • Notify (or Trap)—This is an unsolicited message that an agent sends to a SNMP management system when it detects a certain type of event has occurred locally on the managed host.

SNMP events (or traps) are sent unsolicited to a management station that filters the events; therefore, network traffic is involved. With WMI, the events are filtered locally and only those passing the filter criteria are sent over the network, thus reducing the required bandwidth for events of interest.

The next sections highlight the WMI SDK SNMP supporting features.

WMI SDK support for SNMP

The SNMP Provider includes the following components:

  • Class, instance, and event Providers that integrate the SNMP information modeling and processing into WMI. These SNMP providers map collections of object values to property values of CIM class instances.
  • An SNMP information module compiler that compiles native SNMP schema information into the format that CIM uses.

The following sections briefly discuss these components.

SNMP Providers

The SNMP Providers return dynamic information. You can specify the set of classes that the instance Provider will operate against in one of two ways:

  • Statically—By creating classes in the CIM object repository namespace associated with the proxy device.
  • Dynamically—By using the SNMP class Provider, which returns the set of classes located within the SNMP Module Information Repository (SMIR) namespace.

Additionally, you can also specify whether or not to use correlation for the set of classes returned from the SMIR namespace. Correlated classes define the set of classes that a given SNMP agent is known to support at the time the enumeration occurs. Noncorrelated enumeration returns all classes present within the SMIR namespace, regardless of whether the agent device supports them or not.

The SNMP Providers include:

  • SNMP class and instance providers, which applications use to access and modify data pertaining to SNMP devices.
  • SNMP event providers, which generate events from SNMP traps and notifications. These report the same types of events, but in different formats: Encapsulated and Referent. Encapsulated means that the event class has simple properties describing the information mapped directly from the TRAP-TYPE and NOTIFICATION-TYPE macros, described in the next section. Referent classes abstract the information present within the macros so that properties which share the same class and instance are presented as embedded objects. This allows extraction of the __RELPATH so that the unique instance to which the trap is associated can be retrieved after the receipt of the event. To choose a format, consumers register for a particular class of events.

Mapping Device Data to CIM Classes

The SNMP Providers map device data to CIM classes through the following methods::

  • Enumerating SNMP ClassDefinitions. To enumerate a set of class definitions, applications can call IWbemServices::CreateClassEnum or IWbemServices::CreateClassEnumAsync.

MIB objects are mapped to SNMP CIM classes using the OBJECT-TYPE macro; events are mapped to classes using the TRAP-TYPE and NOTIFICATION-TYPE macros.