Secure cluster configuration data set transfer protocol
First Claim
1. A method of managing the secure mutual configuration of a plurality of servers interconnected by a communications network, said method comprising the steps of:
- a) routinely exchanging status messages between said plurality of servers wherein said status messages identify changes in the mutual configuration of said plurality of servers, wherein each said status message includes encrypted validation data and wherein said plurality of servers stores respective configuration data including respective sets of data identifying the servers known to the respective servers as constituting said plurality of servers;
b) validating status messages as respectively received by said plurality of servers against the respective configuration data stored by said plurality of servers wherein status messages are determined valid when originating from a first server as determined known relative to the respective configuration data of a second server; and
c) selectively modifying the respective configuration data of said second server.
1 Assignment
0 Petitions
Accused Products
Abstract
Communications between server computer systems of a cluster routinely exchange notice of configuration status and, on demand, transmit updated configuration data sets. Each status message identifies any change in the local configuration of a servers and, further, includes encrypted validation data. Each of the servers stores respective configuration data including respective sets of data identifying the servers known to the respective servers as participating in the cluster. Each status message, as received, is validating against the respective configuration data stored by the receiving server. A status message is determined valid only when originating from a server as known by the receiving server, as determined from the configuration data held by the receiving server. Where a validated originating server identifies updated configuration data, the receiving server requests a copy of the updated configuration data set, which must also be validated, to equivalently modify the locally held configuration data. The configuration of the cluster thus converges on the updated configuration.
-
Citations
82 Claims
-
1. A method of managing the secure mutual configuration of a plurality of servers interconnected by a communications network, said method comprising the steps of:
-
a) routinely exchanging status messages between said plurality of servers wherein said status messages identify changes in the mutual configuration of said plurality of servers, wherein each said status message includes encrypted validation data and wherein said plurality of servers stores respective configuration data including respective sets of data identifying the servers known to the respective servers as constituting said plurality of servers;
b) validating status messages as respectively received by said plurality of servers against the respective configuration data stored by said plurality of servers wherein status messages are determined valid when originating from a first server as determined known relative to the respective configuration data of a second server; and
c) selectively modifying the respective configuration data of said second server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of securely distributing configuration data over a communications network to a plurality of computer systems, each computer system operating to evaluate configuration data, as stored in respective configuration data stores, in response to service requests to determine respective responses, said method comprising:
-
a) receiving, by a computer system, a version message from said communications network;
b) verifying said version message using verification encryption data securely held by said computer system;
c) determining, based on said version message, to retrieve updated configuration data from a configuration data source server identified relative to said a version number message; and
d) installing updated configuration data to the configuration data store of said computer system as retrieved from said configuration data source server, wherein said updated configuration data is retrieved as an encrypted data block and wherein said step of installing includes locating predetermined configuration data within said encrypted data block and decrypting said predetermined configuration data. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method of securely distributing configuration information through a communications network among a cluster of computer systems providing a network service, wherein configuration information modifications are distributed from a computer system participating in the cluster and mutually coordinated in installation in the participating cluster computer systems to enable a consistent configuration information versioned operation of said cluster of computer systems, said method comprising:
-
a) receiving a modified configuration data set having a predetermined configuration version;
b) preparing an encrypted configuration data set by encrypting said modified configuration data set using predetermined encryption keys corresponding to encryption key data included in said modified configuration data set;
c) sending a configuration version message, referencing said predetermined configuration version, over the communications network connecting the cluster of computer systems;
d) servicing requests to retrieve a copy of said encrypted configuration data set; and
e) coordinating, among the cluster of computer systems, installation of said modified configuration data set as the operative configuration data set of the computer systems of the cluster. - View Dependent Claims (18, 19, 20)
-
-
21. A method of securely distributing configuration data sets among server computer systems of a server cluster, wherein an operative configuration data set is used by an individual server computer system to define the parameters for executing a network service by that server computer system, said method comprising the steps of:
-
a) identifying, by a first server computer system of said server cluster, a revised configuration data set held by a second server computer system of said server cluster;
b) retrieving, by said first server computer system, said revised configuration data set from said second server computer system;
c) decrypting said revised configuration data set for installation as a current configuration data set for said first server computer system, said revised configuration data set having been uniquely encrypted for decryption by said first server computer system;
d) verifying, by said first server computer system, that each server computer system of said server cluster has said current configuration data set; and
e) installing said current configuration data set on said first server computer system as the operative configuration data for said first server computer system. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A server computer system coupleable through a communications network as part of a computer system cluster to support performance of a network service on behalf of a client computer system, said server computer system comprising:
-
a) a processor operative to execute control programs; and
b) a service program operative, through execution by said processor as a control program, to generate responses to predetermined client requests, wherein responses are generated based on an evaluation of an installed configuration data set, said service program being further operative to implement a secure network protocol, interactive with said computer system cluster, to identify and receive an updated configuration data set for installation as said installed configuration data set, said service program including a unique private encryption key, wherein said secure network protocol provides for the transfer of an encrypted configuration data block including a plurality of encrypted updated configuration data sets, a respective one of said plurality of encrypted updated data sets being decryptable using said unique private encryption key. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method of securely constraining participation of select computer systems in the cooperative operation of a server cluster to insure the integrity of the information transactions among the computer systems of said server cluster, said method comprising the steps of:
-
a) receiving, by a first computer system of a server cluster, a request for the transfer of first specified data, held in a first secure memory store of said first computer system, to a second computer system of said server cluster;
b) transmitting, by said first computer system, encrypted information including said first specified data to said second computer system, wherein said encrypted information, as prepared by said first computer system, is further encoded to include a first secure discrete reference;
c) verifying said first secure discrete reference against a second secure discrete reference determinable from second specified data stored in a second secure memory store of said second computer system;
d) locating, by said second computer system with respect to said first secure discrete reference, a predetermined subset of said encrypted information decryptable by said second computer system to recover said first specified data; and
e) installing said first specified data in said second secure memory store of said second computer system. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A method of distributing configuration control data among a cluster of computer systems to ensure consistent operation of the cluster in response to network requests received from host computers, wherein each computer system maintains a local control data set that, in active use, determines the functional operation of the respective computer system, and wherein said cluster of computer systems and said host computers are interconnected by a communications network, said method comprising the steps of:
-
a) storing, in a first computer system of a cluster of computer systems, a first local control data set having a predetermined version number;
b) transmitting a cluster message including said predetermined version number from said first computer system to said cluster of computer systems;
c) transferring said first local control data set to requesting computer systems of said cluster of computer systems; and
d) synchronizing with said requesting computer systems the installation of said first local control data set for active use by said requesting computer systems. - View Dependent Claims (54, 55, 56, 57, 58)
-
-
59. A method of enabling the secure, consistent, single-point management of the individual computer system configurations within a cluster of computer systems provided to perform a common network service in response to network requests provided by host computers, wherein said cluster of computer systems and said host computers are interconnected by a communications network, said method comprising the steps of:
-
a) providing each of said computer systems of said cluster with a active configuration data set that operatively defines the respective operation of said computer system with respect to network requests received from host computers, wherein said active configuration data sets are represented by predefined version values;
b) transmitting, mutually among said computer systems of said cluster, cluster messages including respective representations of said predefined version values;
c) supporting, with respect to a predetermined computer system of said cluster, provision of a updated configuration data set for installation as said active configuration data set, said updated configuration data set having an updated version value, and wherein said cluster messages transmitted by said predetermined computer system reflect said updated version value;
d) propagating said updated configuration data set from said predetermined computer system among said computer systems of said cluster; and
e) coordinating the installation of said updated configuration data set as said active configuration data set in each of said computer systems of said cluster. - View Dependent Claims (60, 61, 62, 63, 64)
-
-
65. A method of securely establishing consistent operation of a networked cluster of computer systems to provide a network service on behalf of host computer systems, said method comprising the steps of:
-
a) enabling distribution of an updated configuration data set among a cluster of computer systems, wherein each said computer system is operative against a respective active configuration data set, and wherein respective instances of said updated configuration data set are received and held by said cluster of computer systems pending installation as said respective active configuration data sets;
b) determining, by each said computer system, when a predetermined installation criteria is met with respect to each said computer system; and
c) installing said respective instances of said updated configuration data set as said respective active configuration data sets. - View Dependent Claims (70, 71, 72)
-
-
66. The method of claim 66 wherein said step of enabling distribution includes a step of transmitting a message to said cluster of computer systems and wherein said message is encrypted so as to be readable only by those computer systems of said cluster that are predetermined valid participants in said cluster.
-
67. The method of claim 67 wherein said message, as prepared by a first computer systems of said cluster, is encrypted so as to be readable only by second computer systems of said cluster that are preestablished to said first computer system as valid participants of said cluster.
-
68. The method of claim 68 further comprising the step of preparing, by said first computer system, said message utilizing encryption codes respectively corresponding to said second computer systems.
-
69. The method of claim 69 wherein said first computer system securely stores a preestablished set of public key encryption codes corresponding to said second computer systems and wherein said second computer systems are only responsive to said message where said message stores a secure representation of the respective public key encryption code of a corresponding one of said second computer systems that receives said message.
-
73. A method of securely constraining participation of select computer systems in the operation of a server cluster, interconnected by a communications network, to insure the security of configuration information distributed among the computer systems of said server cluster, said method comprising the steps of:
-
a) storing, by a first computer system of a server cluster, first specified data within a secure memory store, said first specified data being identified by a first version identifier;
b) receiving, by said first computer system, a cluster message including a second version identifier and verification data from a second computer system of said server cluster;
c) verifying, by said first computer system, said cluster message by evaluation of said verification data relative to said first specified data;
d) obtaining, from said second computer system, dependent on a successful verification of said verification data, encrypted information including second specified data corresponding to said second version identifier;
e) decrypting said second specified data from said encrypted information; and
f) incorporating said second specified data into said secure memory store of said first computer system, whereby the operation configuration of said first computer system is securely made consistent with that of said second computer system. - View Dependent Claims (74, 75, 76, 77, 78)
-
-
79. A computer system operable as a participant in a cluster of computer systems providing a network service in response to network requests received from host computer systems through a communications network, the cluster computer systems interoperating to ensure the security and secure exchange of configuration data in response to a single point secure administrative modification of configuration data on any computer system of the cluster, said computer system comprising:
-
a) a computer memory providing for the storage of configuration data including a set of identifications of computer systems participating in a preestablished computer system cluster;
b) a processor coupled to said computer memory and operative to execute a control program that defines performance of a predetermined network service in response to network requests as received from host computers, wherein performance of said predetermined network service is controlled by said configuration data;
c) an administrative interface coupled to said processor, wherein said control program further enables secure performance of local administrative modifications to said configuration data through said administrative interface; and
d) a communications interface coupled to said processor and coupleable to said preestablished computer system cluster, wherein said control program further enables secure synchronization of said configuration data among said computer system and said preestablished computer system cluster, said control program limiting the transfer of said configuration data between said computer system, as a first computer system, and a second computer system securely matching a identification preexisting in said set of identifications. - View Dependent Claims (80, 81, 82)
-
Specification