Methods and Apparatus for Providing Adaptive Private Network Centralized Management System Discovery Processes

US 20160182305A1
Filed: 12/17/2015
Published: 06/23/2016
Est. Priority Date: 06/11/2009
Status: Active Grant

First Claim

Patent Images

1. A method for discovery of nodes in an adaptive private network (APN), the method comprising:

configuring an APN with a central server and a network control node (NCN) operating as a single point of control of the APN, wherein the APN comprises a plurality of client nodes and the NCN at a configured management IP address is separate from each client node and administers and controls the plurality of client nodes within the APN;

receiving in the NCN a management IP address from each client node of the plurality of client nodes for storage in the NCN; and

querying the NCN by the central server for the management IP addresses of the plurality of client nodes to provide APN topology information by a single point of access to the APN.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and techniques are described for a centralized management system operating within a virtual machine which configures, monitors, analyzes, and manages an adaptive private network (APN) to provide a discovery process that learns about changes to the APN through a network control node (NCN) that is a single point of control of the APN. The discovery process automatically learns a new topology of the network without relying on configuration information of nodes in the APN. Network statistics are based on a timeline of network operations that a user selected to review. Such discovery and timeline review is separate from stored configuration information. If there was a network change, the changes either show up or not show up in the discovery process based on the selected time line. Configuration changes can be made from the APN VM system by loading the latest configuration on the APN under control of the NCN.

73 Citations

View as Search Results

22 Claims

1. A method for discovery of nodes in an adaptive private network (APN), the method comprising:
- configuring an APN with a central server and a network control node (NCN) operating as a single point of control of the APN, wherein the APN comprises a plurality of client nodes and the NCN at a configured management IP address is separate from each client node and administers and controls the plurality of client nodes within the APN;
  
  receiving in the NCN a management IP address from each client node of the plurality of client nodes for storage in the NCN; and
  
  querying the NCN by the central server for the management IP addresses of the plurality of client nodes to provide APN topology information by a single point of access to the APN.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - sending a public security certificate for use in the APN to the NCN; and
      
      sending from the NCN the public security certificate to each client node in the APN.
  - 3. The method of claim 1, wherein the step of polling the client nodes further comprises:
    - sending a request for network management Internet protocol (IP) addresses to the NCN; and
      
      returning a list of node management IP information structures containing information from each client node.
  - 4. The method of claim 3, wherein the information structures comprise management network IP addresses of each client node in the APN.
  - 5. The method of claim 3, wherein the information structures comprise client node IDs with each client node ID specifying status of a client node as a primary node or a secondary node in a high availability (HA) pair of client nodes.
  - 6. The method of claim 3 wherein the information structures are transferred by a shared memory transfer operation between each client node and the NCN.

7. A method for providing security in a network, the method comprising:
- configuring a first network manager in a first server with a first private key and a first public security certificate for an adaptive private network (APN) having a network control node (NCN) and a plurality of client nodes and, wherein the NCN is separate from each client node and administers and controls a plurality of client nodes within the APN;
  
  transferring, under control of a first network administrator, the first public security certificate from the first network manager to the NCN for installation on the NCN, wherein the first public security certificate contains a first public key corresponding to the first private key;
  
  automatically distributing by the NCN a first certificate file including the first public security certificate and an associated first hash of the first certificate file to the client nodes, wherein the first public security certificate and first public key are stored in each of the client nodes; and
  
  verifying in each client node of the one or more client nodes that a generated hash of the distributed first certificate file matches the associated first hash to verify the first public security certificate was properly received, wherein the first server manages the APN.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - configuring a second network manager of a second server with a second private key and a second public security certificate for the APN including the NCN and the plurality of client nodes;
      
      transferring, under control of the network administrator, the second public security certificate from the second network manager to the NCN for installation on the NCN, wherein the second public security certificate contains a second public key corresponding to the second private key;
      
      automatically distributing by the NCN a second certificate file including the second public security certificate and an associated second hash of the second certificate file to the client nodes, wherein the second public security certificate and second public key are verified in each of the client nodes and wherein the first server and the second server manage the APN.
  - 9. The method of claim 8, further comprising:
    - providing the second network manager of the second server to the NCN with credentials signed by the second private key to the client nodes;
      
      checking by the NCN the credentials with the first public security certificate and with the second public security certificate that have been installed; and
      
      permitting the first server, upon finding a match with the first public security certificate, or the second server, upon finding a match with the second public security certificate, to make requests to the client nodes.
  - 10. The method of claim 7, further comprising:
    - receiving a new public key at a client node; and
      
      terminating security connections to the client node that use the first public key.
  - 11. The method of claim 7, further comprising:
    - discovering that a new client node has been added to the APN creating a new configuration of the APN;
      
      exporting the new configuration to the NCN for installation; and
      
      automatically sending the public security certificate by the NCN to the new client node after the new configuration has been installed.
  - 12. The method of claim 11, further comprising:
    - automatically polling for operating statistics of the new configuration of the APN including the new client node.

13. A method to discover operating statistics for an adaptive private network (APN), the method comprising:
- configuring an APN with a centralized management virtual machine (VM) system, the APN VM system, a network control node at a specified management Internet protocol (IP) address, and a plurality of client nodes, wherein the NCN is separate from each client node and is a single point of control of the plurality of client nodes within the APN;
  
  requesting, by the APN VM system, a list of each client node at an associated management IP address of the plurality of client nodes from the single point of control NCN; and
  
  contacting, by the APN VM system, each client node at the associated management IP address that was returned by the NCN to gather client node information including connectivity information between client nodes in the APN.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13, wherein a discovery process operating separately from configuration information of the APN, determines a topology of the APN currently in operation has at least one additional client node than a previously operating topology and wherein the discovery process determines operating characteristics of the currently operating topology from the gathered client node information of each client node in the APN including the one additional client node and its interconnection links.
  - 15. The method of claim 13, wherein a discovery process operating separately from configuration information of the APN, determines a topology of the APN currently in operation has at least one less client node than a previously operating topology and wherein the discovery process determines operating characteristics of the currently operating topology from the gathered client node information of each remaining client node in the APN.
  - 16. The method of claim 13, wherein the client node information includes operating statistics of the client node and associated connections.
  - 17. The method of claim 13, further comprising:
    - storing operating statistics gathered by the APN VM system from each site in the APN into a statistics database associated with the APN VM system for analysis and display.
  - 18. The method of claim 13, further comprising:
    - requesting the NCN to poll each appliance to reply with a name and a network management IP address assigned to the appliance.
  - 19. The method of claim 13, further comprising:
    - requesting each client node in the APN to gather statistics data, wherein the statistics data includes software revision, registry timestamp, and connectivity information.
  - 20. The method of claim 13 further comprises:
    - sending a request for network management IP addresses to the NCN; and
      
      returning a list of network management IP information structures from the NCN, the information structures containing information from selected client nodes in the APN.
  - 21. The method of claim 20, wherein the information structures comprise:
    - network management IP addresses of a newly added site in the APN.
  - 22. The method of claim 13 further comprising:
    - automatically pushing a secure sockets layer (SSL) certificate from the NCN to a site that has been added to the APN, wherein the added site and interconnection links to the added site are included in the gathered client node information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Talari Networks Incorporated (Oracle Corporation)
Original Assignee
Talari Networks Incorporated (Oracle Corporation)
Inventors
Martin, Todd, Rovner, Sonia Kiang, Patterson, Justin Allen

Granted Patent

US 10,476,765 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 43/04   Processing captured monitor...

H04L 43/065   related to network devices

H04L 43/067   using time frame reporting

H04L 43/0817   by checking functioning

H04L 43/0829   Packet loss

H04L 43/0894   Packet rate

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/103   with adaptive polling, i.e....

H04L 45/00   Routing or path finding of ...

H04L 45/76   Routing in software-defined...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/12   Access point controller dev...

Methods and Apparatus for Providing Adaptive Private Network Centralized Management System Discovery Processes

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and Apparatus for Providing Adaptive Private Network Centralized Management System Discovery Processes

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links