Systems and methods for provisioning, configuring, diagnosing, and maintaining out-of band management of computing devices
First Claim
1. A method of provisioning an out-of-band system comprising:
- establishing, by a management engine of a server of a first domain, a network tunnel with a device on a second domain different from the first domain, the network tunnel comprising at least one of a virtual private network (“
VPN”
) or a secure socket shell (“
SSH”
) configured to route one or more communication ports of the device for provisioning;
modifying, by the management engine subsequent to establishing the network tunnel, via a dynamic host configuration protocol (“
DHCP”
) server on the second domain, the second domain to a modified domain including a fixed subdomain of the first domain, the fixed subdomain corresponding to a provisioning engine of the first domain;
receiving, by the provisioning engine from the device via the network tunnel established by the server of the first domain, responsive to the device obtaining the fixed subdomain of the first domain from the DHCP server, a provisioning request to initiate a provisioning cycle comprising at least one of configuring the device, diagnosing the device, or maintaining the device;
transmitting, by the provisioning engine to the device via the network tunnel established by the server of the first domain, a certificate configured with the first domain, the device configured to validate the certificate based on the certificate matching the modified domain obtained from the DHCP server;
reverting, by the management engine, responsive to completion of the provisioning cycle by the device, the modified domain to the second domain; and
terminating, by the management engine, responsive to reverting the modified domain to the second domain and the completion of the provisioning cycle, the network tunnel comprising the at least one of the VPN or the SSH established by the server of the first domain and used to provision the device.
11 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods of the present disclosure facilitate provisioning an out-of-band system. In some embodiments, the system includes a server of a first domain, which includes a management engine. The management engine can establish a network tunnel with a device on a second domain, and modify the domain on a DHCP server on the second domain to be the first domain. The device can use a fixed subdomain of the first domain to transmit a provisioning request for an OOB management system to a provisioning engine in the first domain, which can transmit a certificate including the first domain to the device. The device can validate the certificate by comparing the domain in the certificate to the domain from the DHCP server and verify that they match. The management engine can modify the DHCP server to have the original second domain.
20 Citations
18 Claims
-
1. A method of provisioning an out-of-band system comprising:
-
establishing, by a management engine of a server of a first domain, a network tunnel with a device on a second domain different from the first domain, the network tunnel comprising at least one of a virtual private network (“
VPN”
) or a secure socket shell (“
SSH”
) configured to route one or more communication ports of the device for provisioning;modifying, by the management engine subsequent to establishing the network tunnel, via a dynamic host configuration protocol (“
DHCP”
) server on the second domain, the second domain to a modified domain including a fixed subdomain of the first domain, the fixed subdomain corresponding to a provisioning engine of the first domain;receiving, by the provisioning engine from the device via the network tunnel established by the server of the first domain, responsive to the device obtaining the fixed subdomain of the first domain from the DHCP server, a provisioning request to initiate a provisioning cycle comprising at least one of configuring the device, diagnosing the device, or maintaining the device; transmitting, by the provisioning engine to the device via the network tunnel established by the server of the first domain, a certificate configured with the first domain, the device configured to validate the certificate based on the certificate matching the modified domain obtained from the DHCP server; reverting, by the management engine, responsive to completion of the provisioning cycle by the device, the modified domain to the second domain; and terminating, by the management engine, responsive to reverting the modified domain to the second domain and the completion of the provisioning cycle, the network tunnel comprising the at least one of the VPN or the SSH established by the server of the first domain and used to provision the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for provisioning an out-of-band system comprising:
-
a server of a first domain including a processor and memory; a management engine of the server that establishes a network tunnel with a device on a second domain different from the first domain, the network tunnel comprising at least one of a virtual private network (“
VPN”
) or a secure socket shell (“
SSH”
) configured to route one or more communication ports of the device for provisioning;the management engine modifies, subsequent to establishing the network tunnel, via a dynamic host configuration protocol (“
DHCP”
) server on the second domain, the second domain to a modified domain including a fixed subdomain of the first domain, the fixed subdomain corresponding to a provisioning engine of the first domain;the provisioning engine of the first domain that receives, from the device via the network tunnel established by the server of the first domain, responsive to the device obtaining the fixed subdomain of the first domain from the DHCP server, a provisioning request to initiate a provisioning cycle comprising at least one of configuring the device, diagnosing the device, or maintaining the device; the provisioning engine transmits, to the device via the network tunnel established by the server of the first domain, a certificate configured with the first domain, the device configured to validate the certificate based on the certificate matching the modified domain obtained from the DHCP server; the management engine reverts, responsive to completion of a provisioning cycle by the device, the modified domain to the second domain; and the management engine terminates, responsive to reverting the modified domain to the second domain and the completion of the provisioning cycle, the network tunnel comprising the at least one of the VPN or the SSH established by the server of the first domain and used to provision the device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification