Method and apparatus for network wide policy-based analysis of configurations of devices
First Claim
1. A method for a computer system comprises:
- determining a plurality of network devices within a network arranged in a network topology, wherein the plurality of network devices includes a first application server hosting a first application;
receiving a policy for the network, wherein the policy comprises requirements associated with the first application server, wherein the requirements include a description of a first set of required network traffic and a first server associated with the first set of required network traffic;
receiving a plurality of configuration files associated with the plurality of network devices;
determining a network configuration model in response to the plurality of configuration files;
computing network traffic on all network paths from the first application server to the first server to determine a first plurality of computed paths;
determining if the network traffic that was computed includes at least the first set of required network traffic associated with the first server; and
generating a report indicating whether the network traffic includes at least the first set of required network traffic.
9 Assignments
0 Petitions
Accused Products
Abstract
A method for a computer system includes determining network devices within a network topology, wherein the network devices includes a first application server hosting a first application, receiving a policy for the network comprising requirements of a first application server including a description of a set of required network traffic, receiving a plurality of configuration files associated with the plurality of network devices, determining a network configuration model in response to the plurality of configuration files, computing network traffic on all network paths to and from the first application server to determine a plurality of computed paths, determining if the network traffic includes at least the set of required network traffic associated with the first server, and generating a report indicating whether the network traffic includes at least the set of required network traffic.
-
Citations
32 Claims
-
1. A method for a computer system comprises:
-
determining a plurality of network devices within a network arranged in a network topology, wherein the plurality of network devices includes a first application server hosting a first application;
receiving a policy for the network, wherein the policy comprises requirements associated with the first application server, wherein the requirements include a description of a first set of required network traffic and a first server associated with the first set of required network traffic;
receiving a plurality of configuration files associated with the plurality of network devices;
determining a network configuration model in response to the plurality of configuration files;
computing network traffic on all network paths from the first application server to the first server to determine a first plurality of computed paths;
determining if the network traffic that was computed includes at least the first set of required network traffic associated with the first server; and
generating a report indicating whether the network traffic includes at least the first set of required network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 26, 27, 28, 29, 30, 31, 32)
-
-
9. A computer system comprises:
-
a memory configured to store a network topology of a network including a plurality of network devices, wherein the plurality of network devices includes a first application on a first application host, wherein the memory is configured to store a policy associated with the network, wherein the policy comprise requirements associated with the first application, wherein the requirements includes a first required set of network traffic from the first application and a second application host associated with the first required set of network traffic, and wherein the memory is configured to store a plurality of configuration data from at least some of the plurality of network devices; and
a processor coupled to the memory, wherein the processor is configured to determine a network configuration model in response to the plurality of configuration data, and in response to the network topology, wherein the processor is configured to receive a query regarding the first application, wherein the processor is configured to compute network traffic on all network paths from the first application host to the second application host in response to the network configuration model, in response to the query, and in response to the policy associated with the network to form a first plurality of computed paths, and wherein the processor is configured to generate a report indicating whether the network traffic includes at least the first required set of network traffic;
wherein the memory is also configured to store the network configuration model. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for a computer system including a memory comprises:
-
code that directs the processor to determine a revised network topology in response to a network topology and in response to user input;
code that directs the processor to determine a plurality of network devices within a network arranged in the revised network topology, wherein the plurality of network devices includes a first application on a first application server;
code that directs the processor to receive a policy for the network, wherein the policy comprises requirements associated with the first application server, wherein the requirements include a description of a first set of required network traffic and a first server associated with the first set of required network traffic;
code that directs the processor to receive a plurality of configuration data associated with the plurality of network devices;
code that directs the processor to determine a network configuration model in response to the plurality of configuration data and to the revised network topology;
code that directs the processor to compute network traffic on all network paths from the first application server to the first server to determine a first plurality of computed paths;
code that directs the processor to determine whether the network traffic that was computed includes at least the first set of required network traffic; and
code that directs the processor to generate a report indicating whether the network traffic includes at least the first set of required network traffic;
wherein the codes reside on a tangible media. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
Specification