System for management of equipment deployed behind firewalls

US 20060077988A1
Filed: 10/12/2004
Published: 04/13/2006
Est. Priority Date: 10/12/2004
Status: Active Grant

First Claim

Patent Images

8. An element management system for enabling a network management server to provide a variable value to a management information base of a managed device independent of whether the managed device is coupled to a private network and served by a network address translation firewall, the system comprising:

an SNMP message manager communicatively coupled to each of the network management server and a public network interface of the network address translation firewall; and

a device SNMP gateway communicatively coupled to a private network interface of the network address translation firewall and communicatively coupled to an SNMP object;

the SNMP object comprising systems for receiving an SNMP Set sent by the SNMP gateway to a predefined SNMP port number and writing a variable value within the SNMP set to the management information base;

the SNMP message manager;

receiving periodic heart beat frames on a heart beat channel, each heart beat frame being initiated by the managed device and translated by the network address translating firewall, the heart beat channel comprising a translated source socket and a destination socket of the heart beat frame;

storing identification of the heart bet channel in association with identification of the managed device in a registration table;

uniquely associating an assigned UDP port of the element management server with the managed device;

providing the unique association of the assigned UDP port and the managed device to the network management server;

receiving an SNMP Set from the network management server embodied as an IP frame addressed to the assigned UDP port; and

sending the SNMP Set to the managed device using the heartbeat channel; and

the device SNMP gateway comprising;

a heart beat module periodically sending a heart beat IP frame to a socket associated with the SNMP message manager to maintain the heart beat channel through the network address translation firewall; and

a message handling module;

receiving the SNMP Set;

sending the SNMP Set to the SNMP object as a UDP/IP message addressed to the predefined SNMP port number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An element management system enables a network management server to provide a variable value to a management information base of a managed device independent of whether the managed device is served by a network address translation firewall. The element management system comprises an SNMP message manager which receives periodic heart beat frames from the managed device and stored identification of a heart beat channel in association with identification of the managed device in a registration table. The heart beat channel comprises the source socket and destination socket of the heart beat frame. The SNMP message manager further uniquely associates an assigned UDP port number with the managed device and provides the unique association of the assigned UDP port and the managed device to the network management server. The SNMP message manager further receives an SNMP Set from the network management server embodied as an IP frame addressed to the assigned UDP port number, looks up the managed device associated with the assigned UDP port number, and sends the SNMP Set to the managed device using the heartbeat channel.

61 Citations

View as Search Results

20 Claims

8. An element management system for enabling a network management server to provide a variable value to a management information base of a managed device independent of whether the managed device is coupled to a private network and served by a network address translation firewall, the system comprising:
- an SNMP message manager communicatively coupled to each of the network management server and a public network interface of the network address translation firewall; and
  
  a device SNMP gateway communicatively coupled to a private network interface of the network address translation firewall and communicatively coupled to an SNMP object;
  
  the SNMP object comprising systems for receiving an SNMP Set sent by the SNMP gateway to a predefined SNMP port number and writing a variable value within the SNMP set to the management information base;
  
  the SNMP message manager;
  
  receiving periodic heart beat frames on a heart beat channel, each heart beat frame being initiated by the managed device and translated by the network address translating firewall, the heart beat channel comprising a translated source socket and a destination socket of the heart beat frame;
  
  storing identification of the heart bet channel in association with identification of the managed device in a registration table;
  
  uniquely associating an assigned UDP port of the element management server with the managed device;
  
  providing the unique association of the assigned UDP port and the managed device to the network management server;
  
  receiving an SNMP Set from the network management server embodied as an IP frame addressed to the assigned UDP port; and
  
  sending the SNMP Set to the managed device using the heartbeat channel; and
  
  the device SNMP gateway comprising;
  
  a heart beat module periodically sending a heart beat IP frame to a socket associated with the SNMP message manager to maintain the heart beat channel through the network address translation firewall; and
  
  a message handling module;
  
  receiving the SNMP Set;
  
  sending the SNMP Set to the SNMP object as a UDP/IP message addressed to the predefined SNMP port number.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The element management system of claim 8, wherein:
    - the SNMP object further comprising systems for receiving an SNMP Get sent by the SNMP gateway to the predefined SNMP port number and returning an SNMP Response to the source socket from which the SNMP Get was sent;
      
      the SNMP message manager further provides for;
      
      receiving an SNMP Get from the network management server embodied as an IP frame addressed to the assigned UDP port;
      
      assigning a unique sequence number to the SNMP Get and recording the unique sequence number in a message table;
      
      i) in association with identification of the managed device associated with the assigned UDP port on which the SNMP Get was received; and
      
      ii) in association with the source socket of the network management server from which the SNMP Get was sent; and
      
      sending the SNMP Get in combination with the unique sequence number to the managed device using the heartbeat channel;
      
      receiving an SNMP Response in combination with the sequence number;
      
      obtaining the source socket of the network management server corresponding to the sequence number in the message table; and
      
      sending the SNMP Response to the source socket of the network management server;
      
      the device SNMP gateway further provides for;
      
      receiving the SNMP get in combination with the unique sequence number;
      
      assigning a message specific socket from which the device SNMP gateway sends the SNMP Get to the SNMP object and associating the message specific socket with the unique sequence number in a local response table;
      
      sending the SNMP Get to the SNMP object from the message specific socket and receiving an SNMP Response addressed to the message specific socket from the SNMP object;
      
      obtaining the sequence number associated with the message specific socket from the local response table; and
      
      sending the SNMP Response in combination with the sequence number to the SNMP message manager.
  - 10. The element management system of claim 9, wherein:
    - the SNMP message manager sends the SNMP Get in combination with the unique sequence number as an SNMP packaged message, the SNMP packaged message comprising the SNMP Get as encrypted payload and the unique sequence number as a header; and
      
      SNMP Response is embodiment in an SNMP packaged message, the SNMP packaged message comprising the SNMP Response as encrypted payload and the sequence number as a header.
  - 11. The element management system of claim 8, further comprising:
    - a TCP/IP gateway for enabling a first client to establish a session to an object server of the managed device, the TCP/IP gateway;
      
      uniquely associating a client port with a relay port in a relay table;
      
      identifying the relay port to the element management server;
      
      establishing a relay connection with the managed device upon initiation of the connection by the managed device through the network address translation firewall;
      
      establishing a first client connection with the first client upon initiation of the connection by the first client on a first socket that comprises the client port;
      
      relaying data packets between the first client connection and the managed device through the relay connection; and
      
      wherein, the element management server further provides for receiving identification of the relay port from the TCP/IP gateway and providing the relay port to the managed device using the heart beat channel.
  - 12. The element management system of claim 11, wherein:
    - element management server provides the relay port to the managed device using the heart beat channel by;
      
      embodying the identification of the relay port within an SNMP Set;
      
      sending the SNMP Get to the device SNMP gateway using the heartbeat channel;
      
      the message handling module of the device SNMP gateway further providing for;
      
      receiving the SNMP Set;
      
      sending the SNMP Set to the SNMP object;
      
      the SNMP object providing for;
      
      writing the identification of the relay port to the management information base; and
      
      the object server obtains identification of the relay port from the management information base and establishing the relay connection to the TCP/IP gateway.
  - 13. The element management system of claim 11, wherein relaying data packets between the first client connection and the managed device comprises:
    - with respect to data packets being sent from the first client to the object server;
      
      receiving a data packet on a client socket from the client;
      
      looking up;
      
      i) a session ID number that is uniquely associated with the client; and
      
      ii) the relay connection that is uniquely associated with the client port of the client socket in a relay table;
      
      building a packaged frame comprising the session number and an encrypted representation of the data packet;
      
      sending the packaged frame on the relay connection; and
      
      with respect to data packets being sent form the object server to the first client;
      
      receiving a packaged frame on the relay connection;
      
      recovering a session ID and the data packet from the packaged frame; and
      
      sending the data packet on the client socket that is uniquely associated with the session ID recovered from the packaged frame.
  - 14. The element management system of claim 13, wherein relaying data packets between the first client connection and the managed device further comprises:
    - with respect to additional TCP/IP connections established by the first client;
      
      establishing a new TCP/IP connection upon initiation by the first client using a second client socket comprising the client port;
      
      assigning a unique session ID to the second client socket and associating the session ID to the second client socket in the relay table;
      
      sending a new session message and the session ID to the managed device using the relay connection that is associated with the client port;
      
      with respect to additional TCP/IP connections established by the server object;
      
      receiving a new session message and a session ID from the managed device on the relay connection;
      
      establishing a new TCP/IP connection to the first client using a second client socket comprising the client port; and
      
      associating the session ID with the second client socket in the relay table.

15. A method of operating an element management system for enabling a network management server to provide a variable value to a management information base of a managed device independent of whether the managed device is coupled to a private network and served by a network address translation firewall, the system comprising:
- receiving periodic heart beat frames on a heart beat channel, each heart beat frame being initiated by the managed device and translated by the network address translating firewall, the heart beat channel comprising a translated source socket and a destination socket of the heart beat frame;
  
  storing identification of the heart beat channel in association with identification of the managed device in a registration table;
  
  uniquely associating an assigned UDP port of the element management server with the managed device;
  
  providing the unique association of the assigned UDP port and the managed device to the network management server;
  
  receiving an SNMP Set from the network management server embodied as an IP frame addressed to the assigned UDP port; and
  
  sending the SNMP Set to the managed device using the heartbeat channel.
- View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 16, 17, 18, 19, 20)
- - 1. An element management system for enabling a network management server to provide a variable value to a management information base of a managed device independent of whether the managed device is coupled to a private network and served by a network address translation firewall, the system comprising:
    - a network interface system enabling the exchange of IP frames between each of the network management server and a public network interface of the network address translation firewall; and
      
      an SNMP message manager;
      
      receiving periodic heart beat frames on a heart beat channel, each heart beat frame being initiated by the managed device and translated by the network address translating firewall, the heart beat channel comprising a translated source socket and a destination socket of the heart beat frame;
      
      storing identification of the heart beat channel in association with identification of the managed device in a registration table;
      
      uniquely associating an assigned UDP port of the element management server with the managed device;
      
      providing the unique association of the assigned UDP port and the managed device to the network management server;
      
      receiving an SNMP Set from the network management server embodied as an IP frame addressed to the assigned UDP port; and
      
      sending the SNMP Set to the managed device using the heartbeat channel.
  - 2. The element management system of claim 1 wherein the SNMP message manager further provides for:
    - receiving an SNMP Get from the network management server embodied as an IP frame addressed to the assigned UDP port;
      
      assigning a unique sequence number to the SNMP Get and recording the unique sequence number in a message table;
      
      i) in association with identification of the managed device associated with the assigned UDP port to which the SNMP Get was addressed; and
      
      ii) in association with the source socket of the network management server from which the SNMP Get was sent; and
      
      sending the SNMP Get in combination with the unique sequence number to the managed device using the heartbeat channel;
      
      receiving an SNMP Response in combination with the sequence number;
      
      obtaining the source socket of the network management server corresponding to the sequence number in the message table; and
      
      sending the SNMP Response to the source socket of the network management server.
  - 3. The element management system of claim 2, wherein:
    - the element management server sends the SNMP Get in combination with the unique sequence number as an SNMP packaged message, the SNMP packaged message comprising the SNMP Get as encrypted payload and the unique sequence number as a header; and
      
      SNMP Response is embodiment in an SNMP packaged message, the SNMP packaged message comprising the SNMP Response as encrypted payload and the sequence number as a header.
  - 4. The element management system of claim 1, further comprising:
    - a TCP/IP gateway for enabling a first client to establish a session to an object server of the managed device, the TCP/IP gateway;
      
      uniquely associating a client port with a relay port;
      
      identifying the relay port to the element management server;
      
      establishing a relay connection with the managed device upon initiation of the connection by the managed device through the network address translation firewall;
      
      establishing a first client connection with the first client upon initiation of the connection from the first client on a first socket that comprises the client port;
      
      relaying data packets between the first client connection and the managed device through the relay connection; and
      
      wherein, the element management server further provides for receiving identification of the relay port from the TCP/IP gateway and providing the relay port to the managed device using the heart beat channel.
  - 5. The element management system of claim 4, wherein:
    - the element managements server provides the relay port to the managed device using the heart beat channel by;
      
      embodying the identification of the relay port within an SNMP Set;
      
      sending the SNMP Get to the device SNMP gateway using the heartbeat channel;
      
      the message handling module of the device SNMP gateway further provides for;
      
      receiving the SNMP Set;
      
      sending the SNMP Set to the SNMP object;
      
      the SNMP object further provides for;
      
      writing the identification of the relay port to the management information base; and
      
      the object server obtains identification of the relay port from the management information base and establishes the relay connection the TCP/IP gateway using the relay port.
  - 6. The element management system of claim 4, wherein relaying data packets between the first client connection and the managed device comprises:
    - with respect to data packets being sent from the first client to the object server;
      
      receiving a data packet on a client socket from the client;
      
      looking up;
      
      i) a session ID number that is uniquely associated with the client; and
      
      ii) the relay connection that is uniquely associated with the client port of the client socket in a relay table;
      
      building a packaged frame comprising the session number and an encrypted representation of the data packet;
      
      sending the packaged frame on the relay connection; and
      
      with respect to data packets being sent form the object server to the first client;
      
      receiving a packaged frame on the relay connection;
      
      recovering a session ID and the data packet from the packaged frame; and
      
      sending the data packet on the client socket that is uniquely associated with the session ID recovered from the packaged frame.
  - 7. The element management system of claim 6, wherein relaying data packets between the first client connection and the managed device further comprises:
    - with respect to additional TCP/IP connections established by the first client;
      
      establishing a new TCP/IP connection upon initiation by the first client using a second client socket comprising the client port;
      
      assigning a unique session ID to the second client socket and associating the session ID to the second client socket in the relay table;
      
      sending a new session message and the session ID to the managed device using the relay connection that is associated with the client port;
      
      with respect to additional TCP/IP connections established by the server object;
      
      receiving a new session message and a session ID from the managed device on the relay connection;
      
      establishing a new TCP/IP connection to the first client using a second client socket comprising the client port; and
      
      associating the session ID with the second client socket in the relay table.
  - 16. The method of operating an element management system of claim 15, further comprising:
    - receiving an SNMP Get from the network management server embodied as an IP frame addressed to the assigned UDP port;
      
      assigning a unique sequence number to the SNMP Get and recording the unique sequence number in a message table;
      
      i) in association with identification of the managed device associated with the assigned UDP port to which the SNMP Get was addressed; and
      
      ii) in association with the source socket of the network management server from which the SNMP Get was sent; and
      
      sending the SNMP Get in combination with the unique sequence number to the managed device using the heartbeat channel;
      
      receiving an SNMP Response in combination with the sequence number;
      
      obtaining the source socket corresponding to the sequence number in the message table; and
      
      sending the SNMP Response to the source socket of the network management server.
  - 17. The method of operating an element management system of claim 16, wherein:
    - the SNMP Get in combination with the unique sequence number is sent as an SNMP packaged message, the SNMP packaged message comprising the SNMP Get as encrypted payload and the unique sequence number as a header; and
      
      SNMP Response is embodied in an SNMP packaged message, the SNMP packaged message comprising the SNMP Response as encrypted payload and the sequence number as a header.
  - 18. The method of operating an element management system of claim 15, further comprising relaying a TCP/IP session between a client and an object server of the managed device, by:
    - associating a client port with a relay port;
      
      identifying the relay port to the element management server;
      
      establishing a relay connection with the managed device upon initiation of the connection by the managed device through the network address translation firewall;
      
      establishing a first client connection with the client upon initiation of the connection by the client on a socket that comprises the client port;
      
      relaying data packets between the first client connection and the managed device through the relay connection; and
      
      wherein, the element management server further provides for receiving identification of the relay port form the TCP/IP gateway and providing the relay port to the managed device using the heart beat channel.
  - 19. The method of operating an element management system of claim 18, wherein:
    - providing the relay port to the managed device using the heart beat channel comprises;
      
      embodying the identification of the relay port within an SNMP Set;
      
      sending the SNMP Get to the device SNMP gateway using the heartbeat channel.
  - 20. The method of operating an element management system of claim 18, wherein relaying data packets between the first client connection and the managed device comprises:
    - with respect to data packets being sent from the first client to the object server;
      
      receiving a data packet on a client socket from the client;
      
      looking up;
      
      i) a session ID number that is uniquely associated with the client; and
      
      ii) the relay connection that is uniquely associated with the client port of the client socket in a relay table;
      
      building a packaged frame comprising the session number and an encrypted representation of the data packet;
      
      sending the packaged frame on the relay connection; and
      
      with respect to data packets being sent form the object server to the first client;
      
      receiving a packaged frame on the relay connection;
      
      recovering a session ID and the data packet from the packaged frame; and
      
      sending the data packet on the client socket that is uniquely associated with the session ID recovered from the packaged frame.

18-1. The method of operating an element management system of claim 17, wherein relaying data packets between the first client connection and the managed device further comprises:
- with respect to additional TCP/IP connections established by the first client;
  
  establishing a new TCP/IP connection upon initiation by the first client using a second client socket comprising the client port;
  
  assigning a unique session ID to the second client socket and associating the session ID to the second client socket in the relay table;
  
  sending a new session message and the session ID to the managed device using the relay connection that is associated with the client port;
  
  with respect to additional TCP/IP connections established by the server object;
  
  receiving a new session message and a session ID from the managed device on the relay connection;
  
  establishing a new TCP/IP connection to the first client using a second client socket comprising the client port; and
  
  associating the session ID with the second client socket in the relay table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innomedia Pte Ltd
Original Assignee
Innomedia Pte Ltd
Inventors
Mahurin, Don, Zhu, Yuesheng, Chang, Chen-Huei, Cheng, Shih-An

Granted Patent

US 7,492,764 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/50   Testing arrangements

H04L 61/00   Network arrangements, proto...

H04L 61/2564   for a higher-layer protocol...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

System for management of equipment deployed behind firewalls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System for management of equipment deployed behind firewalls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others