Verifying that a network management policy used by a computer system can be satisfied and is feasible for use

US 6,301,613 B1
Filed: 12/03/1998
Issued: 10/09/2001
Est. Priority Date: 12/03/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of verifying a policy used by a management system that manages a computer system, comprising the computer-implemented steps of:

receiving configuration information that identifies one or more devices in the computer system and one or more characteristics of each of the devices;

verifying that the computer system can satisfy the policy, based on the configuration information;

verifying that the policy is feasible for use with the computer system, based on the configuration information;

verifying that conditions and consequent actions of the policy may be applied to the computer system, based on the configuration information; and

applying the policy to the computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for verifying policies that govern a policy-based system. The method and apparatus may be implemented as a policy verifier that acts upon one or more policies. Each policy comprises a condition and a consequent. The policy verifier acquires configuration information about the system under management, thereby acquiring an understanding of the system. The policy verifier determines whether all the policies can be satisfied by the system, and if not, reports problems or errors in the policies that cause the policies to be non-satisfiable. The policy verifier determines whether all the policies are feasible for the system, and if not, reports problems or errors that cause the policies to be non-feasible. The policy verifier also verifies that a configuration required by a particular policy consequent can be actually carried out by the managed system. In one embodiment, the policy verifier operates on network management policies, of a policy-based network management system. As a result, the invention improves the accuracy and safety of policies prepared for a network that previously did not use policy-based management.

Citations

17 Claims

1. A method of verifying a policy used by a management system that manages a computer system, comprising the computer-implemented steps of:
- receiving configuration information that identifies one or more devices in the computer system and one or more characteristics of each of the devices;
  
  verifying that the computer system can satisfy the policy, based on the configuration information;
  
  verifying that the policy is feasible for use with the computer system, based on the configuration information;
  
  verifying that conditions and consequent actions of the policy may be applied to the computer system, based on the configuration information; and
  
  applying the policy to the computer system.

2. A method of a verifying a policy used by a management system that manages a network, comprising the steps of:
- (A) receiving information identifying a configuration of a network under management and for converting the configuration information into a standard format;
  
  (B) receiving information defining the policy, the policy comprising a condition and a consequent to be applied to the network when the condition is true;
  
  (C) comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
  
  (D) comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
  
  (E) generating information that identifies whether the policy is satisfiable and feasible.
- View Dependent Claims (3, 4, 5)
- - 3. The method recited in claim 2, wherein step (C) further comprises the steps of reporting whether, and if not why not, the policy can be applied to the network.
  - 4. The method recited in claim 2, wherein step (D) further comprises the steps of reporting whether, and if not why not, the policy is unfeasible as applied to the network.
  - 5. The method recited in claim 2, wherein step (E) further comprises the steps of comparing requirements, constraints and configurations specified by policies with the actual configurations of equipment or services of the network.

6. A computer-readable medium carrying one or more sequences of instructions for verifying a policy used by a management system that manages a network, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- (A) receiving information identifying a configuration of a network under management and for converting the configuration information into a standard format;
  
  (B) receiving information defining at least one policy, comprising a condition and a consequent to be applied to the network when the condition is true;
  
  (C) comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
  
  (D) comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
  
  (E) informing the network or a user thereof whether the policy is satisfiable and feasible.
- View Dependent Claims (7, 8, 9)
- - 7. The computer-readable medium recited in claim 6, wherein step (C) further comprises the steps of reporting whether, and if not why not, the policy can be applied to the network.
  - 8. The computer-readable medium recited in claim 6, wherein step (D) further comprises the steps of reporting whether, and if not why not, the policy is unfeasible as applied to the network.
  - 9. The computer-readable medium recited in claim 6, wherein step (E) further comprises the steps of comparing requirements, constraints and configurations specified by policies with the actual configurations of equipment or services of the network.

10. A network management policy verification apparatus, comprising:
- first means for reading information identifying a configuration of a network under management and for converting the configuration information into a standard format;
  
  information defining at least one policy, comprising a condition and a consequent to be applied to the network when the condition is true;
  
  second means for comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
  
  third means for comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
  
  fourth means for informing the network or a user thereof whether the policy is satisfiable and feasible.
- View Dependent Claims (11, 12, 13)
- - 11. The apparatus recited in claim 10, wherein the second means further comprises means for reporting whether, and if not why not, the policy can be applied to the network.
  - 12. The apparatus recited in claim 10, wherein the third means further comprises means for reporting whether, and if not why not, the policy is unfeasible as applied to the network.
  - 13. The apparatus recited in claim 10, wherein the fourth means further comprises means to compare the requirements, constraints and configurations specified by policies with the actual configurations of equipment or services of the network.

14. An apparatus for verifying a policy used by a management system that manages a network, comprising:
- a network interface;
  
  a processor coupled to the network interface and receiving information from the network interface;
  
  a computer-readable medium accessible by the processor and comprising one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  (A) receiving information identifying a configuration of a network under management and for converting the configuration information into a standard format;
  
  (B) receiving information defining the policy, the policy comprising a condition and a consequent to be applied to the network when the condition is true;
  
  (C) comparing the policy with the configuration information to determine whether the network can satisfy the condition and the consequent of the policy;
  
  (D) comparing the policy with the configuration information to determine whether the policy is feasible when applied to the network; and
  
  (E) generating information that identifies whether the policy is satisfiable and feasible.
- View Dependent Claims (15, 16, 17)
- - 15. The apparatus recited in claim 14, wherein step (C) further comprises the steps of reporting whether, and if not why not, the policy can be applied to the network.
  - 16. The apparatus recited in claim 14, wherein step (D) further comprises the steps of reporting whether, and if not why not, the policy is unfeasible as applied to the network.
  - 17. The apparatus recited in claim 14, wherein step (E) further comprises the steps of comparing requirements, constraints and configurations specified by policies with the actual configurations of equipment or services of the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Schleimer, Stephen I., Ahlstrom, John K.
Primary Examiner(s)
WILEY, DAVID ARMAND

Application Number

US09/205,833
Time in Patent Office

1,041 Days
Field of Search

709/220-226, 707/4-5, 707/104, 370/254
US Class Current

709/223
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0873   Checking configuration conf...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/12   Discovery or management of ...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Verifying that a network management policy used by a computer system can be satisfied and is feasible for use

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying that a network management policy used by a computer system can be satisfied and is feasible for use

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links