Method and apparatus for centralized policy programming and distributive policy enforcement
First Claim
Patent Images
1. A method for generating distributable network policy definitions, the method comprising:
- executing instructions stored at a memory, wherein the execution of the instructions by a hardware processor;
receives a first network policy parameter from a user, the first network policy parameter including one or more rules that govern network activity,receives a second network policy parameter from the user, the second network policy parameter including information about a first set of one or more network devices to which the one or more rules of the first network policy parameter apply,receives a third network policy parameter from the user, the third network policy parameter including a rule trigger event, the rule trigger event indicating to a network policy generator that a network policy configuration should be generated based on the first, second, and third network policy parameters, wherein the network policy configuration associates a plurality of different vendors with one or more software program versions to be installed on the first set of one or more network devices,identifies the first, second, and third network policy parameters as collectively forming a network policy definition associated with a first subscriber and stored at a globally accessible server, wherein the network policy definition requires the one or more software versions to be consistent with the network policy configuration that associates the plurality of different vendors with the one or more software program versions, andstoring the second network policy definition in the globally accessible server, wherein the second network policy definition is associated with a configuration associated with a second set of one or more network devices and at least a second subscriber that is different from the first subscriber.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for centralized policy programming and distributive policy enforcement is described. A method comprises centrally maintaining a plurality of policy definitions for one or more subscribers, generating policy configurations using the plurality of policy definitions, each of the policy configurations being specific to one of the plurality of policy definitions, and disseminating the policy configurations to the appropriate ones of the subscribers'"'"' networks.
16 Citations
20 Claims
-
1. A method for generating distributable network policy definitions, the method comprising:
executing instructions stored at a memory, wherein the execution of the instructions by a hardware processor; receives a first network policy parameter from a user, the first network policy parameter including one or more rules that govern network activity, receives a second network policy parameter from the user, the second network policy parameter including information about a first set of one or more network devices to which the one or more rules of the first network policy parameter apply, receives a third network policy parameter from the user, the third network policy parameter including a rule trigger event, the rule trigger event indicating to a network policy generator that a network policy configuration should be generated based on the first, second, and third network policy parameters, wherein the network policy configuration associates a plurality of different vendors with one or more software program versions to be installed on the first set of one or more network devices, identifies the first, second, and third network policy parameters as collectively forming a network policy definition associated with a first subscriber and stored at a globally accessible server, wherein the network policy definition requires the one or more software versions to be consistent with the network policy configuration that associates the plurality of different vendors with the one or more software program versions, and storing the second network policy definition in the globally accessible server, wherein the second network policy definition is associated with a configuration associated with a second set of one or more network devices and at least a second subscriber that is different from the first subscriber. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. An apparatus for generating distributable network policy definitions, the apparatus comprising:
-
a network interface that; receives a first network policy parameter from a user, the first network policy parameter including one or more rules that govern network activity, receives a second network policy parameter from the user, the second network policy parameter including information about a first set of one or more network devices to which the one or more rules of the first network policy parameter apply, and receives a third network policy parameter from the user, the third network policy parameter including a rule trigger event, the rule trigger event indicating to a network policy generator that a network policy configuration should be generated based on the first, second, and third network policy parameters, wherein the network policy configuration associates a plurality of different vendors associated with one or more specific software program versions that should be installed on the first set of one or more network devices; a memory; and a computer processor executing instructions out of the memory, wherein the execution of the instructions by the computer processor identifies that the first, second, and third network policy parameters as collectively forming a network policy definition associated with a first subscriber and stored at a globally accessible server, wherein the network policy definition requires the one or more software versions to be consistent with the network policy configuration that associates the plurality of different vendors with the one or more software program versions, and wherein the second network policy definition is also stored in the globally accessible server, wherein the second network policy definition is associated with a configuration associated with a second set of one or more network devices and at least a second subscriber that is different from the first subscriber. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification