ENTERPRISE MANAGEMENT FOR SECURE NETWORK COMMUNICATIONS OVER IPSEC

US 20150381597A1
Filed: 04/16/2015
Published: 12/31/2015
Est. Priority Date: 01/31/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing a secure enterprise comprising a plurality of communicatively interconnected endpoints, the method comprising:

initiating a management service at a server within the secure enterprise, the management service including a web interface providing administrative access to configuration settings associated with the secure enterprise, the management service initializing a secure communications protocol and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights;

initiating an object management service at the server, the object management service defining an interface to a configuration database, the configuration database storing;

configuration settings included in one or more configuration profiles for the enterprise network; and

one or more interface definitions useable by the web interface to provide administrative access to the configuration settings;

accessing, via the object management service, the configuration database to obtain data defining a configuration of the enterprise according to a configuration profile; and

applying one or more configuration settings to the secure enterprise based on the data defining the configuration of the secure enterprise.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for managing a secure enterprise are disclosed. One method includes initiating a management service at a server within the secure enterprise, the management service including a web interface providing administrative access to configuration settings associated with the secure enterprise, the management service initializing a secure communications protocol and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights. The method includes initiating an object management service at the server defining an interface to a configuration database, and accessing the configuration database to obtain data defining a configuration of the enterprise according to a configuration profile. The method includes applying configuration settings to the secure enterprise based on the data defining the configuration of the secure enterprise.

Citations

20 Claims

1. A method of managing a secure enterprise comprising a plurality of communicatively interconnected endpoints, the method comprising:
- initiating a management service at a server within the secure enterprise, the management service including a web interface providing administrative access to configuration settings associated with the secure enterprise, the management service initializing a secure communications protocol and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights;
  
  initiating an object management service at the server, the object management service defining an interface to a configuration database, the configuration database storing;
  
  configuration settings included in one or more configuration profiles for the enterprise network; and
  
  one or more interface definitions useable by the web interface to provide administrative access to the configuration settings;
  
  accessing, via the object management service, the configuration database to obtain data defining a configuration of the enterprise according to a configuration profile; and
  
  applying one or more configuration settings to the secure enterprise based on the data defining the configuration of the secure enterprise.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the web interface includes a plurality of portlets, each of the plurality of portlets defining a management user interface.
  - 3. The method of claim 2, wherein the web interface is managed by a portlet manager, the portlet manager providing access to the management user interface to a user based on authentication of the user as an administrator.
  - 4. The method of claim 3, wherein the portlet manager defines a plurality of administrator roles providing access to the management user interface, each of the plurality of administrator roles having different access rights to the plurality of portlets.
  - 5. The method of claim 2, wherein the plurality of portlets include portlets selected from the group consisting of:
    - an administrative portlet;
      
      a monitoring portlet;
      
      a configuration portlet;
      
      a logging portlet;
      
      an alerts portlet;
      
      a software installation portlet;
      
      a jobs portlet;
      
      a provisioning portlet;
      
      a filters portlet; and
      
      a locking portlet.
  - 6. The method of claim 1, wherein the web interface is accessible to a user of a remote computing system via a secure HTTP connection.

7. An enterprise management system executable on a computing system included within a secure enterprise including a network comprising a plurality of communicatively interconnected secured endpoints, the enterprise management system comprising:
- a configuration database storing configuration settings included in one or more configuration profiles of an enterprise network and one or more interface definitions;
  
  a management service executable by the computing system to provide access to a web interface, the web interface providing administrative access to configuration settings associated with the secure enterprise according to the one or more configuration profiles;
  
  an object management service communicatively connected to the management service and executable by the computing system, the object management service defining an interface to the configuration database; and
  
  a credential store managed by the management service and including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The enterprise management system of claim 7, wherein the web interface managed by the management service is hosted by a portal management service, the portal management service hosting a plurality of portlets, each of the plurality of portlets providing access to one or more configuration options.
  - 9. The enterprise management system of claim 8, wherein the portlets are defined based on a user role of an accessing user and provide access to configuration options based on the user role associated with each portlet.
  - 10. The enterprise management system of claim 8, wherein the portal management service executes on a second computing system communicatively connected to the computing system.
  - 11. The enterprise management system of claim 7, wherein the computing system comprises a virtual computing system hosted on a network of distributed computing systems.
  - 12. The enterprise management system of claim 7, further comprising a third computing system within the network, the second computing system implementing a redundant enterprise management system.

13. A secured enterprise comprising a network including a plurality of servers and a plurality of secured endpoints, the secured enterprise comprising:
- an enterprise management server hosting;
  
  a management service providing access to a web interface to administrative users and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights; and
  
  an object management service defining an interface to a configuration database hosted on the enterprise management server;
  
  a user interface server communicatively connected to the enterprise management server, the user interface server providing the web interface hosting a plurality of portlets; and
  
  an authorization server accessible to each of the secured endpoints, the authorization server providing credentials to authenticated secured endpoints associated with one or more of the communities of interest defined using the management service.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The secured enterprise of claim 13, further comprising a security appliance communicatively connected to the enterprise management server, the security appliance including a monitoring service and a dynamic licensing service.
  - 15. The secured enterprise of claim 13, further comprising a mobile device gateway communicatively connected to the enterprise management server, the mobile device gateway providing a location at which a mobile device connects and authenticates a user of a mobile device external to the network as a member of a community of interest, thereby allowing secure communications with one or more of the plurality of secured endpoints within the network via the mobile device gateway.
  - 16. The secured enterprise of claim 13, further comprising a licensing server communicatively connected to the enterprise management server and controlling licenses to secured endpoints based on a licensing file configured by the management service.
  - 17. The secured enterprise of claim 16, wherein the licensing file is stored at one of the enterprise management server and the authorization server.
  - 18. The secured enterprise of claim 13, further comprising a second enterprise management server hosting a redundant management service and a redundant object management service.
  - 19. The secured enterprise of claim 13, wherein the management service provides an administrative management interface useable by an administrative user to define user roles, communities of interest, and user memberships within the communities of interest.
  - 20. The secured enterprise of claim 13, wherein the configuration database maintains an object model of objects and users associated with the secured enterprise, the object model useable to manage accounts within the secured enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Johnson, Robert A, Dodgson, David S, Keiser, Daniel, Bharatia, Jawahar

Application Number

US14/688,348
Publication Number

US 20150381597A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 41/0843   based on generic templates

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/30   Profiles

ENTERPRISE MANAGEMENT FOR SECURE NETWORK COMMUNICATIONS OVER IPSEC

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ENTERPRISE MANAGEMENT FOR SECURE NETWORK COMMUNICATIONS OVER IPSEC

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links