Verifying that a network management policy used by a computer system can be satisfied and is feasible for use
First Claim
1. A method of verifying a policy used by a management system that manages a computer system, comprising the computer-implemented steps of:
- receiving configuration information that identifies one or more devices in the computer system and one or more characteristics of each of the devices;
verifying that the computer system can satisfy the policy, based on the configuration information;
verifying that the policy is feasible for use with the computer system, based on the configuration information;
verifying that conditions and consequent actions of the policy may be applied to the computer system, based on the configuration information; and
applying the policy to the computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for verifying policies that govern a policy-based system. The method and apparatus may be implemented as a policy verifier that acts upon one or more policies. Each policy comprises a condition and a consequent. The policy verifier acquires configuration information about the system under management, thereby acquiring an understanding of the system. The policy verifier determines whether all the policies can be satisfied by the system, and if not, reports problems or errors in the policies that cause the policies to be non-satisfiable. The policy verifier determines whether all the policies are feasible for the system, and if not, reports problems or errors that cause the policies to be non-feasible. The policy verifier also verifies that a configuration required by a particular policy consequent can be actually carried out by the managed system. In one embodiment, the policy verifier operates on network management policies, of a policy-based network management system. As a result, the invention improves the accuracy and safety of policies prepared for a network that previously did not use policy-based management.
-
Citations
17 Claims
-
1. A method of verifying a policy used by a management system that manages a computer system, comprising the computer-implemented steps of:
-
receiving configuration information that identifies one or more devices in the computer system and one or more characteristics of each of the devices;
verifying that the computer system can satisfy the policy, based on the configuration information;
verifying that the policy is feasible for use with the computer system, based on the configuration information;
verifying that conditions and consequent actions of the policy may be applied to the computer system, based on the configuration information; and
applying the policy to the computer system.
-
-
2. A method of a verifying a policy used by a management system that manages a network, comprising the steps of:
-
(A) receiving information identifying a configuration of a network under management and for converting the configuration information into a standard format;
(B) receiving information defining the policy, the policy comprising a condition and a consequent to be applied to the network when the condition is true;
(C) comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
(D) comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
(E) generating information that identifies whether the policy is satisfiable and feasible. - View Dependent Claims (3, 4, 5)
-
-
6. A computer-readable medium carrying one or more sequences of instructions for verifying a policy used by a management system that manages a network, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
(A) receiving information identifying a configuration of a network under management and for converting the configuration information into a standard format;
(B) receiving information defining at least one policy, comprising a condition and a consequent to be applied to the network when the condition is true;
(C) comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
(D) comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
(E) informing the network or a user thereof whether the policy is satisfiable and feasible. - View Dependent Claims (7, 8, 9)
-
-
10. A network management policy verification apparatus, comprising:
-
first means for reading information identifying a configuration of a network under management and for converting the configuration information into a standard format;
information defining at least one policy, comprising a condition and a consequent to be applied to the network when the condition is true;
second means for comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
third means for comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
fourth means for informing the network or a user thereof whether the policy is satisfiable and feasible. - View Dependent Claims (11, 12, 13)
-
-
14. An apparatus for verifying a policy used by a management system that manages a network, comprising:
-
a network interface;
a processor coupled to the network interface and receiving information from the network interface;
a computer-readable medium accessible by the processor and comprising one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
(A) receiving information identifying a configuration of a network under management and for converting the configuration information into a standard format;
(B) receiving information defining the policy, the policy comprising a condition and a consequent to be applied to the network when the condition is true;
(C) comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
(D) comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
(E) generating information that identifies whether the policy is satisfiable and feasible. - View Dependent Claims (15, 16, 17)
-
Specification