Formalizing, diffusing and enforcing policy advisories and monitoring policy compliance in the management of networks

US 20040243696A1
Filed: 05/06/2004
Published: 12/02/2004
Est. Priority Date: 03/19/1999
Status: Active Grant

First Claim

Patent Images

1. An apparatus for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of networks of computational devices, comprising:

a management interface;

a plurality of distributed clients, each of which runs on a corresponding networked computational device;

a plurality of advisories provided by a plurality of advisory provider sites; and

a protocol for diffusing said advisories across the network;

wherein said management interface conveys reports from said distributed clients;

wherein said distributed clients gather said advisories and process said advisories; and

wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for centralized policy management of large-scale networks (221) of computational devices is disclosed. The apparatus includes a number of distributed clients (400) run on registered computers (201-203), gathering policy advisories (401) and reporting (405) relevance (403) to a system administrator (224). The system administrator may view the relevant messages (505) through a management interface (500) and deploy suggested actions to distributed clients (503), where the actions are executed to apply the solutions of the advisories (408).

Citations

31 Claims

1. An apparatus for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of networks of computational devices, comprising:
- a management interface;
  
  a plurality of distributed clients, each of which runs on a corresponding networked computational device;
  
  a plurality of advisories provided by a plurality of advisory provider sites; and
  
  a protocol for diffusing said advisories across the network;
  
  wherein said management interface conveys reports from said distributed clients;
  
  wherein said distributed clients gather said advisories and process said advisories; and
  
  wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, further comprising:
    - a central server coupled to a central database, said central server storing data in and retrieving data from said central database.
  - 3. The apparatus of claim 2, further comprising:
    - a mirror server that collects advice contents of advice provider sites from a global network, wherein each of said distributed clients gathers relevant advisories from said mirror server.
  - 4. The apparatus of claim 3, wherein each of said distributed clients determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of a computational device on which said distributed client runs.
  - 5. The apparatus of claim 4, wherein said relevance clause is written in a formal descriptive language.
  - 6. The apparatus of claim 4, wherein said management interface further comprises:
    - means for adding, modifying, or canceling a subscription of said distributed clients to one or more advice provider sites.
  - 7. The apparatus of claim 6, wherein said management interface further comprises:
    - means for selecting a group of computational devices, specifying action messages, scheduling, and controlling execution when deploying actions proposed by relevant advice messages.
  - 8. The apparatus of claim 7, wherein said management interface further comprises:
    - means for securely deploying actions of relevant advice messages to a selected group of said distributed clients.
  - 9. The apparatus of claim 8, wherein said management interface further comprises:
    - means for monitoring status of deployed actions.
  - 10. The apparatus of claim 9, wherein said management interface further comprises:
    - means for stopping previously deployed actions which have not finished running.
  - 11. The apparatus of claim 10, wherein said management interface further comprises:
    - means for monitoring status of each computational device while actions are being deployed and executed.
  - 12. The apparatus of claim 11, wherein said means for monitoring allows said system administrator to define and retrieve customized properties of computational devices using a formal descriptive language.

13. An apparatus for formalizing, diffusing, and answering queries about the status of elements in a network of computational devices, comprising:
- a management console;
  
  a general-purpose language for formally expressing queries about the state of a computational device;
  
  a protocol for diffusing queries across the network;
  
  a plurality of distributed clients, each of which runs on a networked computational device;
  
  wherein any of said distributed clients gather queries and obtain answers to said queries; and
  
  wherein said management interface conveys reports from said distributed clients.

14. A distributed client for a computer in a network policy management system for networks of computational devices, comprising:
- means for gathering advisories from a plurality of advice provider sites;
  
  means for determining relevance of said advisories; and
  
  means for reporting relevance to a central server;
  
  wherein said distributed client gathers advisories from said plurality of advice provider sites with said means for gathering advisories; and
  
  wherein said distributed client determines relevance of said advisories with said means for determining relevance and wherein said distributed client may report relevant advisories by said means for reporting.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The distributed client of claim 14, further comprising:
    - means for gathering actions from said central server; and
      
      means for executing said actions;
      
      wherein said distributed client retrieves said actions from said central server with said means for gathering and performs said actions using said means for executing.
  - 16. The distributed client of claim 15, wherein each of said advisories comprises:
    - a relevance clause written in a formal descriptive language to specify criteria determining when said advisory is relevant;
      
      a message providing explanatory material explaining said advisory; and
      
      an action provides an solution.
  - 17. The distributed client of claim 15, wherein said action is only applied when said advisory is determined relevant to said computer.
  - 18. The distributed client of claim 15, wherein said action can be constrained so that it may be executed when a computationally verifiable condition is met.
  - 19. The distributed client of claim 15, wherein said action is signed digitally when deployed from a management interface.
  - 20. The distributed client of claim 15, wherein said action is any of the group comprising:
    - deleting, moving, or copying specific files;
      
      setting or deleting registry entries;
      
      executing script commands;
      
      deleting, adding, or committing various DLL modules;
      
      deleting, closing, or restoring an advisory;
      
      subscribing or unsubscribing to an advice provider site;
      
      changing a gathering schedule or forcing an immediate gathering; and
      
      forcing an immediate relevance evaluation of advisories.

21. A communication method for managing network policy for networks of computational devices, comprising the steps of:
- registering a plurality of computers to a central server by a plurality of distributed clients, each of said plurality of distributed clients running on one of said computers;
  
  subscribing said distributed clients to a plurality of advice provider sites for each registered computer;
  
  gathering a plurality of advisories from said advice provider sites by said distributed client for each registered computer;
  
  reporting relevance of said advisories determined by said distributed clients running on said registered computers to said central server;
  
  viewing said advisories by a system administrator with a management interface;
  
  deploying selected actions to a selected group of computers by said system administrator to said central server with said management interface; and
  
  performing deployed actions by said distributed clients running on said registered computer to apply solutions.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method of claim 21, further comprising the step of:
    - monitoring status of said deployed actions by said system administrator using said management interface.
  - 23. The method of claim 21, further comprising the step of:
    - monitoring status of each registered computer by said system administrator using said management interface.
  - 24. The method of claim 21, further comprising the step of:
    - managing subscription of advice provider sites to each registered computer by said system administrator using said management interface.
  - 25. The method of claim 21, wherein each of said advisories comprises:
    - a relevance clause written in a formal descriptive language to specify criteria determining when said advisory is relevant;
      
      a message providing explanatory material explaining said advisory; and
      
      an action providing an solution which can be deployed by said central server from a management interface and executed.
  - 26. The method of claim 21, wherein said action is only applied when said advisory is determined relevant to said computer.
  - 27. The method of claim 21, wherein said action can be scheduled so that it is only applied at a certain time of day.
  - 28. The method of claim 21, wherein said action is signed digitally when deployed from said central server.
  - 29. The method of claim 21, wherein said action is any of the group comprising:
    - deleting, moving, or copying specific files;
      
      setting of deleting registry entries;
      
      executing script commands;
      
      deleting, adding, or committing various DLL modules;
      
      deleting, closing, or restoring an advisory;
      
      subscribing or unsubscribing an advice provider site;
      
      changing a gathering schedule or forcing an immediate gathering; and
      
      forcing an immediate relevance evaluation of advisories.
  - 30. The method of claim 21, wherein said action is only applied when said advisory is determined relevant to said computer.
  - 31. The method of claim 21, wherein said action can be constrained so that it may be executed when a computationally verifiable condition is met.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
BigFix, Inc. (International Business Machines Corporation)
Inventors
Goodrow, Dennis G, Loer, Peter Benjamin, Lippincott, Lisa Ellen, Hindawi, Orion Yosef, Brown, James Milton, Donoho, David Leigh, Hindawi, David Salim, Lincroft, Peter

Granted Patent

US 7,607,572 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 41/0893 Assignment of logical group...

H04L 41/0894 Policy-based network config...

Formalizing, diffusing and enforcing policy advisories and monitoring policy compliance in the management of networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Formalizing, diffusing and enforcing policy advisories and monitoring policy compliance in the management of networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links