Computer system with update-based quarantine
First Claim
1. A method of operating a computer system having a client, a first service and a second service, the method comprising:
- a) receiving with the first service a request for network access from the client;
b) in response to the request for network access, sending a request for status from the first service to the second service, the request for status identifying the client;
c) receiving at the first service information about the status of the client from the second service; and
d) making a determination relating to network access for the client, the determination being based at least in part on the received information about the status.
2 Assignments
0 Petitions
Accused Products
Abstract
A managed network with a quarantine enforcement policy based on the status of installed updates for software on each client seeking access to the managed network. To determine whether a client requesting access has up-to-date software, an access server may communicate directly with an update server to determine the update status of the client requesting access. Information from the update server allows the update server to determine which update the client requesting access is missing. The access server may also receive an indication of the severity of the updates missing from the client requesting access. The access server may use the severity information to apply a quarantine enforcement policy, thereby avoiding the need for either the client or access server to be programmed to identify specific software updates that must be installed for a client to comply with a quarantine enforcement policy. To reduce network congestion and delays seeking access to the network, the quarantine enforcement policy includes a deadline by which updates must be installed. Establishing a deadline allows a grace period during which clients may download new updates and avoids network congestion from multiple clients downloading updates simultaneously.
-
Citations
20 Claims
-
1. A method of operating a computer system having a client, a first service and a second service, the method comprising:
-
a) receiving with the first service a request for network access from the client;
b) in response to the request for network access, sending a request for status from the first service to the second service, the request for status identifying the client;
c) receiving at the first service information about the status of the client from the second service; and
d) making a determination relating to network access for the client, the determination being based at least in part on the received information about the status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of operating a computer system having a client and a server, the method comprising:
-
a) sending a request for network access from the client to the server;
b) in response to the request for access, identifying a category of software update available but not installed on the client, the category of software update being one of an enumerated set of software update classifications; and
c) making a determination relating to network access for the client based on the category of the software update. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of operating a computer system having a client, a first service and a second service, the method comprising:
-
a) receiving with the first service a request for network access from the client, the request for network access including a first time value indicative of the time at which the client was updated;
b) receiving with the first service information from the second service a second time value indicating when an update for the client was available; and
c) making a determination relating to network access for the client based at least in part on the first time value and second time value. - View Dependent Claims (18, 19, 20)
-
Specification