TECHNIQUES FOR AUTOMATIC DISCOVERY AND UPDATE OF CLIENT ENVIRONMENTAL INFORMATION IN A VIRTUAL PRIVATE NETWORK (VPN)
First Claim
Patent Images
1. A machine-implemented method, comprising:
- monitoring a third-party vendor for information on a software product;
parsing the information from the third-party vendor to detect an update to the software product;
constructing a policy rule for the update; and
updating a policy store for the policy rule, wherein the policy rule is subsequently pushed to an agent on a client during initial virtual private network (VPN) negotiation for the agent to gather client information relating to the policy rule and report that client information back to a VPN connection manager during the VPN negotiation.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for automatic discovery and update of client environmental information in a virtual private network (VPN) are provided. Vendor adapters dynamically monitor information produced by software vendors for change information associated with software products. The change information is transformed into policy rules that are dynamically pushed to client agents on clients. The client agents acquire client information for the policy rules from their clients and report back to a VPN server. The VPN server in cooperation with the client agents then decide whether VPN sessions are permissible between the clients and the VPN server.
-
Citations
25 Claims
-
1. A machine-implemented method, comprising:
-
monitoring a third-party vendor for information on a software product; parsing the information from the third-party vendor to detect an update to the software product; constructing a policy rule for the update; and updating a policy store for the policy rule, wherein the policy rule is subsequently pushed to an agent on a client during initial virtual private network (VPN) negotiation for the agent to gather client information relating to the policy rule and report that client information back to a VPN connection manager during the VPN negotiation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-implemented method, comprising:
-
dynamically pushing updated configuration information to an agent on a client during initial virtual private network (VPN) negotiation for a VPN session between the client and a server, wherein the updated configuration information identifies client information that the agent is to check for and report back on during the VPN negotiation between the client and the server; and evaluating the client information returned from the agent to determine whether a software environment of the client permits creation of the VPN session and when it does creating the VPN session for the client and when it does not denying the creation of the VPN session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A machine-implemented system, comprising:
-
a policy enforcer implemented in a machine-accessible and computer-readable medium on a server machine of a network; and a vendor plugin adapter implemented in a machine-accessible and computer-readable medium on the server machine or another machine of the network; wherein the vendor plugin adapter dynamically and in real time monitors a vendor for changes to a software product distributed by the vendor, and wherein when a change is detected, the vendor plugin adapter gathers change information for the software product and produces a policy rule that is communicated to the policy enforcer, the policy enforcer then dynamically and in real time pushes the policy rule to a client agent during a virtual private network (VPN) negotiation between the a client and a server, the client agent gathers information for the software product on the client in accordance with the policy rule and returns it to the policy enforcer, the policy enforcer then instructs the client agent whether it is permissible or not permissible for a VPN session to be established between the client and the server. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A machine-implemented system, comprising:
-
a virtual private network (VPN) server implemented in a machine-accessible and computer-readable medium and to process on a server machine of a network; and a client agent implemented in a machine-accessible and computer-readable medium and to process on a client machine of the network; wherein the VPN server interacts with one or more vendor adapters, each vendor adapter dynamically and in real time monitors a particular software vendor for information on changes to software products distributed by that particular software vendor, each vendor adapter also produces new or updated policy rules that are communicated to the VPN sever, the VPN server pushes the new or updated policy rules to the client agent, the client agent gathers client information that comports with the new or updated policy rules during VPN negotiation between the client machine and the server machine and supplies the client information back to the VPN server, the VPN server then instructs the client agent to permit or deny the creation of a VPN session between the client machine and the server machine in response to evaluation of the client information. - View Dependent Claims (22, 23, 24, 25)
-
Specification