Method and apparatus for automatic configuration and management of a virtual private network
First Claim
1. A method and apparatus for automatic configuration and management of a virtual private network operating over a public data network or insecure private network including a plurality of virtual private network gateways or devices (“
- clients”
) so that communications within the virtual private network are channeled through the virtual private network gateways or directly to client devices, with secure delivery of configuration information to devices capable of using that information to automatically configure their own virtual private network and subnetwork characteristics, or using insecure delivery but enabled by the presence of a separate security device, the method comprising;
centralized configuration of the characteristics and operational parameters of a virtual private network, assigning subnetwork connection parameters on a host system and the corresponding network and subnetwork connection parameters on one or more client systems, and verifying that conflicts do not exist between defined subnetworks used by various client networks or subnetworks, and reconfiguring one or more client networks or subnetworks based on the result of certain verification checks;
reconfiguring the carrier devices or other security devices among participants in a secure VPN connection, thus changing the characteristics of one or more associated sessions, and potentially with time-restricted access to the VPN;
reconfiguring the carrier devices or other security devices among participants in a secure VPN connection, with a specified time for the configuration parameters to take effect, or upon the occurrence of a an agreed-upon specific event, such as inability to reach a particular VPN node (such as the corporate node), perhaps because that node has specifically been reconfigured by some other process;
inclusion of general network services or “
points of interest”
(if any) available to VPN clients, such as printers, network storage devices, software programs, or other network-accessible functions which may be of interest or benefit to VPN clients, including but not limited to device addresses, names, configuration settings, access-control information, and other data necessary for the VPN client device to automatically configure the VPN client system so that it may access and use such devices and services;
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method and apparatus for automatic configuration and management of a virtual private network operating over a public data network, and a method and apparatus for delivery of the configuration parameters to client interface equipment participating in the virtual private network. The system defines allowed connections between client and server gateway devices, and the parameters associated with the virtual private network. The system defines methods and apparatus for automatic startup, configuration, and shutdown of nodes of the resulting virtual private network based on factors such as the presence of a configuration carrier device. The present invention also describes a class of pseudo-interface mechanism that can hide the complexity of the underlying system from client devices incorporating the present invention, via a conventional network device interface.
434 Citations
9 Claims
-
1. A method and apparatus for automatic configuration and management of a virtual private network operating over a public data network or insecure private network including a plurality of virtual private network gateways or devices (“
- clients”
) so that communications within the virtual private network are channeled through the virtual private network gateways or directly to client devices, with secure delivery of configuration information to devices capable of using that information to automatically configure their own virtual private network and subnetwork characteristics, or using insecure delivery but enabled by the presence of a separate security device, the method comprising;
centralized configuration of the characteristics and operational parameters of a virtual private network, assigning subnetwork connection parameters on a host system and the corresponding network and subnetwork connection parameters on one or more client systems, and verifying that conflicts do not exist between defined subnetworks used by various client networks or subnetworks, and reconfiguring one or more client networks or subnetworks based on the result of certain verification checks;
reconfiguring the carrier devices or other security devices among participants in a secure VPN connection, thus changing the characteristics of one or more associated sessions, and potentially with time-restricted access to the VPN;
reconfiguring the carrier devices or other security devices among participants in a secure VPN connection, with a specified time for the configuration parameters to take effect, or upon the occurrence of a an agreed-upon specific event, such as inability to reach a particular VPN node (such as the corporate node), perhaps because that node has specifically been reconfigured by some other process;
inclusion of general network services or “
points of interest”
(if any) available to VPN clients, such as printers, network storage devices, software programs, or other network-accessible functions which may be of interest or benefit to VPN clients, including but not limited to device addresses, names, configuration settings, access-control information, and other data necessary for the VPN client device to automatically configure the VPN client system so that it may access and use such devices and services;
- View Dependent Claims (2, 3, 4, 5, 6)
- clients”
-
7. A method and apparatus using the previous methods and claims, defining a new topology of managed VPN network wherein there is no corporate LAN per-se, but rather, a single server which configures and manages all of the clients or branch LAN members of a VPN providing the concept of a Virtual Office, existing only within the Virtual Private Network, the connected client machines and subnetworks, and the Public Network (or insecure Private Network) cloud. When used in such a configuration, the VPN Control system becomes a Virtual Office Server, potentially providing company services such as web presence, email servers, related services, connections between distributed workers including individuals or groups of workers, and providing those workers with additional, private services of various types;
- 8. A method for configuration service provided by a trusted third-party, such as a certified service agency. Such services may be available anywhere, using established certification procedures. An example of such an operation might be a trusted security company with worldwide presence, who can challenge and verify potential VPN participants, certify their identity, and provide programming for the security device to be used in the VPN, thus simplifying access to new and remote employees, agents, representatives, or other personnel who may require access to a specific VPN.
Specification