MANAGING COMMAND COMPLIANCE IN INTERNETWORKING DEVICES

US 20110099255A1
Filed: 12/10/2009
Published: 04/28/2011
Est. Priority Date: 10/27/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

one or more network interfaces configured to couple to a data network for sending and receiving one or more packets;

one or more processors;

a switching system and packet forwarding logic, wherein the switching system is coupled to the one or more processors, wherein the switching system and packet forwarding logic are configured to send and receive packets on the one or more network interfaces;

a computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform;

receiving a command to configure the apparatus or perform an operation on the apparatus;

sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command;

receiving a compliance response from the compliance server;

in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, an internetworking device is configured with compliance proxy logic that is configured for sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes the command; receiving a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies. Thus the device can determine actively whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device.

32 Citations

View as Search Results

28 Claims

1. An apparatus, comprising:
- one or more network interfaces configured to couple to a data network for sending and receiving one or more packets;
  
  one or more processors;
  
  a switching system and packet forwarding logic, wherein the switching system is coupled to the one or more processors, wherein the switching system and packet forwarding logic are configured to send and receive packets on the one or more network interfaces;
  
  a computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform;
  
  receiving a command to configure the apparatus or perform an operation on the apparatus;
  
  sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command;
  
  receiving a compliance response from the compliance server;
  
  in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 28)
- - 2. The apparatus of claim 1 wherein the compliance server is a compliance server computer that is separate from the apparatus.
  - 3. The apparatus of claim 1, further comprising instructions which when executed cause forming the request according to an authentication, authorization and access (AAA) protocol and sending the request to a AAA server;
    - wherein the receiving comprises receiving the compliance response from the AAA server.
  - 4. The apparatus of claim 3, wherein the compliance server is hosted within the AAA server.
  - 5. The apparatus of claim 1, wherein the compliance server is configured to execute, in response to receiving the request, any one or more of:
    - posture validation operations on the apparatus, diagnostic commands on the apparatus, or one or more other compliance checks on the apparatus.
  - 6. The apparatus of claim 5, wherein the compliance server is configured to download a copy of a then-currently running configuration from the apparatus before performing the posture validation operations, diagnostic commands, or other compliance checks, and to use the copy of the running configuration to determine whether the command would conform to the compliance policies when applied to the running configuration.
  - 7. The apparatus of claim 1, further comprising instructions which when executed cause blocking execution of the command when the compliance response indicates that the command conforms to the one or more compliance policies, and performing a responsive action.
  - 8. The apparatus of claim 7, further comprising instructions which when executed cause any one or more of:
    - generating a user notification of non-compliance in a command line interface of the apparatus;
      
      creating and storing a log record relating to the non-compliance;
      
      or generating one or more events or alerts relating to the non-compliance.
  - 9. The apparatus of claim 1, wherein the computer-readable storage medium comprises compliance proxy logic integrated into an operating system.
  - 28. The apparatus of claim 1, wherein each of the compliance policies comprises a rule specifying, for a particular associated command, one or more other required device commands or parameters that must be configured on the device prior to execution of the associated command.

10. A computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform:
- receiving a command to configure an internetworking device or perform an operation on the device;
  
  sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command;
  
  receiving a compliance response from the compliance server;
  
  in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-readable storage medium of claim 10 wherein the compliance server is a compliance server computer that is separate from the internetworking device.
  - 12. The computer-readable storage medium of claim 10, further comprising instructions which when executed cause forming the request according to an authentication, authorization and access (AAA) protocol and sending the request to a AAA server;
    - wherein the receiving comprises receiving the compliance response from the AAA server.
  - 13. The computer-readable storage medium of claim 12, wherein the compliance server is hosted within the AAA server.
  - 14. The computer-readable storage medium of claim 10, wherein the compliance server is configured to execute, in response to receiving the request, any one or more of:
    - posture validation operations on the internetworking device, diagnostic commands on the internetworking device, or one or more other compliance checks on the internetworking device.
  - 15. The computer-readable storage medium of claim 14, wherein the compliance server is configured to download a copy of a then-currently running configuration from the internetworking device before performing the posture validation operations, diagnostic commands, or other compliance checks, and to use the copy of the running configuration to determine whether the command would conform to the compliance policies when applied to the running configuration.
  - 16. The computer-readable storage medium of claim 10, further comprising instructions which when executed cause blocking execution of the command when the compliance response indicates that the command conforms to the one or more compliance policies, and performing a responsive action.
  - 17. The computer-readable storage medium of claim 16, further comprising instructions which when executed cause any one or more of:
    - generating a user notification of non-compliance in a command line interface of the apparatus;
      
      creating and storing a log record relating to the non-compliance;
      
      or generating one or more events or alerts relating to the non-compliance.
  - 18. The computer-readable storage medium of claim 10, wherein the computer-readable storage medium comprises compliance proxy logic integrated into an operating system.

19. An apparatus, comprising:
- one or more processors;
  
  means for receiving a command to configure the apparatus or perform an operation on the apparatus;
  
  means for sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes all or part of the command;
  
  means for receiving a compliance response from the compliance server;
  
  means for executing the command, in response to determining whether the compliance response indicates success, only when the compliance response indicates that the command conforms to the one or more compliance policies.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 27)
- - 20. The apparatus of claim 19 wherein the compliance server is a compliance server computer that is separate from the apparatus.
  - 21. The apparatus of claim 19, further comprising instructions which when executed cause forming the request according to an authentication, authorization and access (AAA) protocol and sending the request to a AAA server;
    - wherein the receiving comprises receiving the compliance response from the AAA server.
  - 22. The apparatus of claim 21, wherein the compliance server is hosted within the AAA server.
  - 23. The apparatus of claim 19, wherein the compliance server is configured to execute, in response to receiving the request, any one or more of:
    - posture validation operations on the apparatus, diagnostic commands on the apparatus, or one or more other compliance checks on the apparatus.
  - 24. The apparatus of claim 23, wherein the compliance server is configured to download a copy of a then-currently running configuration from the apparatus before performing the posture validation operations, diagnostic commands, or other compliance checks, and to use the copy of the running configuration to determine whether the command would conform to the compliance policies when applied to the running configuration.
  - 25. The apparatus of claim 19, further comprising instructions which when executed cause blocking execution of the command when the compliance response indicates that the command conforms to the one or more compliance policies, and performing a responsive action.
  - 27. The apparatus of claim 19, wherein the computer-readable storage medium comprises compliance proxy logic integrated into an operating system.

26. The apparatus of claim 26, further comprising instructions which when executed cause any one or more of:
- generating a user notification of non-compliance in a command line interface of the apparatus;
  
  creating and storing a log record relating to the non-compliance;
  
  or generating one or more events or alerts relating to the non-compliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Srinivasan, Shyam Sundar, Jayaraman, Rajagopal

Granted Patent

US 8,856,292 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/221
CPC Class Codes

H04L 41/0856   by backing up or archiving ...

H04L 41/0866   Checking the configuration

H04L 63/0281   Proxies

H04L 63/0892   by using authentication-aut...

H04L 63/20   for managing network securi...

MANAGING COMMAND COMPLIANCE IN INTERNETWORKING DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING COMMAND COMPLIANCE IN INTERNETWORKING DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links