Virtual private network management

US 20030069958A1
Filed: 05/21/2002
Published: 04/10/2003
Est. Priority Date: 10/05/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing VPN devices, the method comprising the steps of maintaining in a VPN Information Provider (VIP) VPN configurations of VPN devices belonging to a first VPN, providing from the VIP to a first VPN device belonging to the first VPN, VPN configuration of at least one other VPN device belonging to the first VPN, and managing certain aspects of said first VPN device belonging to the first VPN from at least one other management system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a centralized VPN management of a plurality of VPN sites by means of a VPN Information Provider (VIP). Management of a VPN device is distributed so that at least part of the VPN configuration is centrally managed without giving away control of the firewall rulebase or other critical local configuration used in the VPN device.

Citations

29 Claims

1. A method for managing VPN devices, the method comprising the steps of maintaining in a VPN Information Provider (VIP) VPN configurations of VPN devices belonging to a first VPN, providing from the VIP to a first VPN device belonging to the first VPN, VPN configuration of at least one other VPN device belonging to the first VPN, and managing certain aspects of said first VPN device belonging to the first VPN from at least one other management system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as claimed in claim 1, wherein said configuration of at least one other VPN device is provided to said first VPN device via said at least one other management system.
  - 3. A method as claimed in claim 1, wherein said configuration of at least one other VPN device is provided directly to said first VPN device.
  - 4. A method as claimed in claim 1, further comprising defining said VPN configurations of said VPN devices belonging to the first VPN in said at least one other management system, and providing said VPN configurations to the VIP for maintenance.
  - 5. A method as claimed in claim 1, further comprising defining said VPN configurations of said VPN devices belonging to the first VPN in the VIP, and providing said VPN configurations to respective VPN devices.
  - 6. A method as claimed in claim 1, wherein the step of providing comprises sending to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the VIP, receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device belonging to the first VPN, and sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request.
  - 7. A method as claimed in claim 6, wherein said information about the VPN configurations maintained in the VIP is a set of addresses included in the first VPN, said request from the first VPN device comprises an address included in the first VPN, and said other VPN device is identified in the VIP by finding a VPN device related to said address.
  - 8. A method as claimed in claim 6, wherein said information about the VPN configurations maintained in the VIP is a set of addresses included in the first VPN, and said information is sent after a change in the set of addresses included in the first VPN, or after a predefined time has elapsed since the information was sent the last time.
  - 9. A method as claimed in claim 1, wherein the step of providing comprises sending to VPN devices belonging to the first VPN, VPN configurations maintained in the VIP.
  - 10. A method as claimed in claim 9, wherein said VPN configurations maintained in the VIP are sent after a new VPN configuration has been added to the VIP, after an old VPN configuration has been removed from the VIP, after a VPN configuration of at least one VPN device has been changed in the VIP, or after a predefined time has elapsed since the configurations were sent the last time.

11. A method for managing VPN devices, the method comprising the steps of maintaining in a first VPN Information Provider (VIP) VPN configurations of VPN devices belonging to a first VPN, maintaining in a second VPN Information Provider (VIP) VPN configurations of VPN devices belonging to a second VPN, and providing to a first VPN device belonging to the first and second VPNs, VPN configuration of at least one other VPN device belonging to the first VPN from the first VIP and VPN configuration of at least one other VPN device belonging to the second VPN from the second VIP.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A method as claimed in claim 11, wherein said configuration of at least one other VPN device is provided to said first VPN device via at least one other management system.
  - 13. A method as claimed in claim 11, wherein said configuration of at least one other VPN device is provided directly to said first VPN device.
  - 14. A method as claimed in claim 11, further comprising defining said VPN configurations of said VPN devices belonging to the first and second VPNs in at least one other management system, and providing said VPN configurations to the VIPs for maintenance.
  - 15. A method as claimed in claim 11, further comprising defining said VPN configurations of said VPN devices belonging to the first VPN in the first VIP and said VPN configurations of said VPN devices belonging to the second VPN in the second VIP, and providing said VPN configurations to respective VPN devices.
  - 16. A method as claimed in claim 11, wherein the step of providing comprises sending to VPN devices belonging to a VPN, information about the VPN configurations maintained in the respective VIP, receiving from a first VPN device belonging to the VPN, a request for VPN configuration of another VPN device belonging to the VPN, and sending to said first VPN device belonging to the VPN, the VPN configuration of the other VPN device as a response to the request.
  - 17. A method as claimed in claim 16, wherein said information about the VPN configurations maintained in the VIP is a set of addresses included in the first VPN, said request from the first VPN device comprises an address included in the first VPN, and said other VPN device is identified in the VIP by finding a VPN device related to said address.
  - 18. A method as claimed in claim 16, wherein said information about the VPN configurations maintained in the VIP is a set of addresses included in the first VPN, and said information is sent after a change in the set of addresses included in the first VPN, or after a predefined time has elapsed since the information was sent the last time.
  - 19. A method as claimed in claim 11, wherein the step of providing comprises sending to VPN devices belonging to a VPN, VPN configurations maintained in the respective VIP.
  - 20. A method as claimed in claim 19, wherein said VPN configurations maintained in the VIP are sent after a new VPN configuration has been added to the VIP, after an old VPN configuration has been removed from the VIP, after a VPN configuration of at least one VPN device has been, changed in the VIP, or after a predefined time has elapsed since the configurations were sent the last time.

21. A method for handling VPN configuration in a VPN device, the method comprising receiving a packet directed to a destination address in a first VPN, requesting and receiving VPN configuration for a VPN device related to said address from a VPN Information Provider (VIP) administering the first VPN, and using said VPN configuration for establishing a VPN tunnel to said VPN device related to said destination address for reaching said destination address.

22. A method for handling VPN configuration in a VPN Information Provider (VIP), the method comprising maintaining VPN configurations of VPN devices belonging to a first VPN, providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the VIP, receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device belonging to the first VPN, and sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request.

23. An arrangement for managing VPN devices comprising at least two VPN devices belonging to a first VPN, a VPN Information Provider (VIP) maintaining VPN configurations of VPN devices belonging to the first VPN, at least one other management system managing certain aspects of said VPN devices belonging to the first VPN, while the VPN devices are adapted to receive from the at least one other management system, a first part of configuration, and from the VIP, a second part of configuration, which comprises VPN configuration of at least one other VPN device belonging to the first VPN.
- View Dependent Claims (24)
- - 24. An arrangement as claimed in claim 23, wherein the first part of configuration comprises VPN configuration and/or access rule configuration.

25. An arrangement for managing VPN devices comprising at least two VPN Information Providers (VIP), a first one maintaining VPN configurations of VPN devices belonging to a first VPN and a second one maintaining VPN configurations of VPN devices belonging to a second VPN, and a VPN device belonging to the first and second VPNs and receiving VPN configuration information from the first and second VIPs.

26. A VPN device comprising a mechanism for receiving a packet directed to a destination address in a first VPN, mechanisms for requesting and receiving VPN configuration for a VPN device related to said address from a VPN Information Provider (VIP) administering the first VPN, and a mechanism for using said VPN configuration for establishing a VPN tunnel to said VPN device related to said destination address for reaching said destination address.

27. A VPN Information Provider (VIP) comprising a mechanism for maintaining VPN configurations of VPN devices belonging to a first VPN, a mechanism for providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the VIP, a mechanism for receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device belonging to the first VPN, and a mechanism for sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request.

28. A computer-readable medium, comprising program code which, when executed on a computer device, causes the computer device to provide a VPN device functionality comprising receiving a packet directed to a destination address in a first VPN, requesting and receiving VPN configuration for a VPN device related to said address from a VPN Information Provider (VIP) administering the first VPN, and using said VPN configuration for establishing a VPN tunnel to said VPN device related to said destination address for reaching said destination address.

29. A computer-readable medium, comprising program code which, when executed on a computer device, causes the computer device to provide a VPN Information Provider (VIP) functionality comprising maintaining VPN configurations of VPN devices belonging to a first VPN, providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the VIP, receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device belonging to the first VPN, and sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stonesoft Corporation
Original Assignee
Stonesoft Corporation
Inventors
Jalava, Mika

Application Number

US10/151,319
Publication Number

US 20030069958A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/00   Arrangements for maintenanc...

H04L 41/40   using virtualisation of net...

H04L 63/0272   Virtual private networks

Virtual private network management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links