Group policy object management of external network resources

US 10,412,118 B1
Filed: 03/04/2019
Issued: 09/10/2019
Est. Priority Date: 03/04/2019
Status: Active Grant

First Claim

Patent Images

1. An Active Directory Bridge Group Policy Object system for managing an external network resource from an internal network, the system comprising:

an Active Directory (AD) Bridge Gateway device residing in a first network for managing networked devices via Group Policy Objects, the AD Bridge Gateway device including a memory and a processor;

an AD Bridge Gatekeeper device residing in a second network, the second network external to the first network, the AD Bridge Gatekeeper device in networked communication with the AD Bridge Gateway device; and

an AD Bridge Agent residing on an external network resource in a third network, the third network external to the second network and to the first network, the external network resource unable to directly join the first network;

wherein the AD Bridge Gateway device processor is configured to;

connect the external network resource to the AD Bridge Gateway device in the first network;

generate a Group Policy Object for the external network resource, the Group Policy Object including a configuration change for the external network resource; and

send the Group Policy Object to the external network resource to apply the configuration change to the external network resource; and

wherein;

the AD Bridge Gatekeeper device is in networked communication with the AD Bridge Gateway device through a first network boundary;

the AD Bridge Agent is in networked communication with the AD Bridge Gatekeeper device through a second network boundary; and

the first network boundary provides greater network security than the second network boundary.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Active Directory Bridge (AD Bridge) provides the ability to register, represent, and manage external network resources on an internal network using Group Policy Objects (GPOs). The AD bridge provides the ability to create GPOs in native Active Directory, where the settings are managed within the GPO and can be associated with Active Directory Organizational Units. The AD bridge provides the ability to manage, monitor, and enforce these settings for external cloud resources by Group Policy. The GPOs may be read from the Domain Controller (e.g., Sysvol) by the AD bridge, then translated and delivered to the cloud resource being managed. As GPOs are updated and deployed, the settings are detected and delivered to the cloud resource. When the cloud resource settings are changed outside of the GPO, the AD bridge monitors and reacts to any changes, making Group Policy the enforcement mechanism for the cloud resources.

20 Citations

View as Search Results

17 Claims

1. An Active Directory Bridge Group Policy Object system for managing an external network resource from an internal network, the system comprising:
- an Active Directory (AD) Bridge Gateway device residing in a first network for managing networked devices via Group Policy Objects, the AD Bridge Gateway device including a memory and a processor;
  
  an AD Bridge Gatekeeper device residing in a second network, the second network external to the first network, the AD Bridge Gatekeeper device in networked communication with the AD Bridge Gateway device; and
  
  an AD Bridge Agent residing on an external network resource in a third network, the third network external to the second network and to the first network, the external network resource unable to directly join the first network;
  
  wherein the AD Bridge Gateway device processor is configured to;
  
  connect the external network resource to the AD Bridge Gateway device in the first network;
  
  generate a Group Policy Object for the external network resource, the Group Policy Object including a configuration change for the external network resource; and
  
  send the Group Policy Object to the external network resource to apply the configuration change to the external network resource; and
  
  wherein;
  
  the AD Bridge Gatekeeper device is in networked communication with the AD Bridge Gateway device through a first network boundary;
  
  the AD Bridge Agent is in networked communication with the AD Bridge Gatekeeper device through a second network boundary; and
  
  the first network boundary provides greater network security than the second network boundary.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein:
    - the AD Bridge Gatekeeper Device includes a Group Policy controller; and
      
      the AD Bridge Gateway device provides the Group Policy Object through the Group Policy controller to the AD Bridge Agent on the external network resource.
  - 3. The system of claim 1, wherein the AD Bridge Gateway device processor is further configured to:
    - receive an external network resource policy, the external network resource policy including data representative of Group Policy Object policies applied by the external network resource; and
      
      verify the external network resource policy implements the Group Policy Object.
  - 4. The system of claim 1, wherein the AD Bridge Gateway device includes a software as a service provider to provide the Group Policy Object to the AD Bridge Gateway device.
  - 5. The system of claim 1, wherein the AD Bridge Gateway device includes at least one of an Internet of Things device, a Software-as-a-Service application, a cloud-hosted virtual machine, and a cloud-hosted computer.
  - 6. The system of claim 1, wherein the first network boundary includes a network perimeter device to prohibit at least a portion of network traffic traversing the first network boundary.

7. An Active Directory Bridge Group Policy Object method for managing an external network resource from an internal network, the method comprising:
- connecting an Active Directory (AD) Bridge Agent on an external network resource through an AD Bridge Gatekeeper to an AD Bridge Gateway device,the AD Bridge Gateway device residing in a first network, the external network resource unable to directly join the first network,the AD Bridge Gatekeeper device residing in a second network external to the first network, the AD Bridge Gatekeeper device in networked communication with the AD Bridge Gateway device through a first network boundary,the AD Bridge Agent residing on the external network resource in a third network external to the second network and to the first network, the AD Bridge Agent in networked communication with the AD Bridge Gatekeeper device through a second network boundary, the first network boundary providing greater network security than the second network boundary;
  
  generating a Group Policy Object for the external network resource, the Group Policy Object including a configuration change for the external network resource; and
  
  sending the Group Policy Object to the external network resource to apply the configuration change to the external network resource.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein:
    - the AD Bridge Gatekeeper Device includes a Group Policy controller; and
      
      the AD Bridge Gateway device provides the Group Policy Object through the Group Policy controller to the AD Bridge Agent on the external network resource.
  - 9. The method of claim 7, further including:
    - receiving an external network resource policy, the external network resource policy including data representative of Group Policy Object policies applied by the external network resource; and
      
      verifying the external network resource policy implements the Group Policy Object.
  - 10. The method of claim 7, wherein the AD Bridge Gateway device includes a software as a service provider to provide the Group Policy Object to the AD Bridge Gateway device.
  - 11. The method of claim 7, wherein the AD Bridge Gateway device includes at least one of an Internet of Things device, a Software-as-a-Service application, a cloud-hosted virtual machine, and a cloud-hosted computer.
  - 12. The method of claim 7 wherein the first network boundary includes a network perimeter device to prohibit at least a portion of network traffic traversing the first network boundary.

13. At least one non-transitory machine-readable storage medium, comprising a plurality of instructions that, responsive to being executed with processor circuitry of a computer-controlled device, cause the computer-controlled device to:
- connect an Active Directory (AD) Bridge Agent on an external network resource through an AD Bridge Gatekeeper to an AD Bridge Gateway device,the AD Bridge Gateway device residing in a first network, the external network resource unable to directly join the first network,the AD Bridge Gatekeeper device residing in a second network external to the first network, the AD Bridge Gatekeeper device in networked communication with the AD Bridge Gateway device through a first network boundary,the AD Bridge Agent residing on the external network resource in a third network external to the second network and to the first network, the AD Bridge Agent in networked communication with the AD Bridge Gatekeeper device through a second network boundary, the first network boundary providing greater network security than the second network boundary;
  
  generate a Group Policy Object for the external network resource, the Group Policy Object including a configuration change for the external network resource; and
  
  send the Group Policy Object to the external network resource to apply the configuration change to the external network resource.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory machine-readable storage medium of claim 13, wherein:
    - the AD Bridge Gatekeeper Device includes a Group Policy controller; and
      
      the AD Bridge Gateway device provides the Group Policy Object through the Group Policy controller to the AD Bridge Agent on the external network resource.
  - 15. The non-transitory machine-readable storage medium of claim 13, the instructions further causing the computer-controlled device to:
    - receive an external network resource policy, the external network resource policy including data representative of Group Policy Object policies applied by the external network resource; and
      
      verify the external network resource policy implements the Group Policy Object.
  - 16. The non-transitory machine-readable storage medium of claim 13, wherein the AD Bridge Gateway device includes a software as a service provider to provide the Group Policy Object to the AD Bridge Gateway device.
  - 17. The non-transitory machine-readable storage medium of claim 13, wherein the AD Bridge Gateway device includes at least one of an Internet of Things device, a Software-as-a-Service application, a cloud-hosted virtual machine, and a cloud-hosted computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FullArmor Corporation
Original Assignee
FullArmor Corporation
Inventors
Davis, Charles A., Kim, Danny, Manlief, Michael Hilton, Dixson-Boles, Christopher Ryan
Primary Examiner(s)
Schwartz, Darren B

Application Number

US16/291,946
Time in Patent Office

190 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 45/04   Interdomain routing, e.g. h...

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/56   Provisioning of proxy servi...

Group policy object management of external network resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Group policy object management of external network resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links