System and process for maintaining a plurality of remote security applications using a modular framework in a distributed computing environment
First Claim
1. A system for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment, comprising:
- a centralized broker executing on a designated system within the distributed computing environment;
a console interface exposed by the centralized broker, the console interface implementing a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components;
a namespace snap-in component comprising a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment;
a namespace interface exposed by the namespace snap-in component, the namespace interface implementing a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker;
a repository comprising a plurality of storages corresponding to each remote system and which each comprise a set of attributes describing each such remote security application defined within the namespace snap-in component;
an agent executed on the remote system, the agent interfacing with the at least one remote security application;
an agent communication service associated with the centralized broker as a snap-in component, the centralized broker and the at least one remote security application communicating packets that are exchanged directly between the agent and the agent communication service;
a local security application interfaced with the centralized broker as a snap-in component, the local security application providing controls corresponding to the at least one remote security application;
configuration settings from the local security application for the remote security application sent via the agent communication service; and
results from the remote security application for the local security application sent via the agent.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and a process for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment are described. A centralized broker is executed on a designated system within the distributed computing environment. A console interface from the centralized broker is exposed. The console interface implements a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components. A namespace snap-in component is defined and includes a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment. A namespace interface from the namespace snap-in component is exposed. The namespace interface implements a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker. A repository including a plurality of storages corresponding to each remote system is formed. Each storage includes a set of attributes describing each such remote security application defined within the namespace snap-in component.
257 Citations
19 Claims
-
1. A system for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment, comprising:
-
a centralized broker executing on a designated system within the distributed computing environment;
a console interface exposed by the centralized broker, the console interface implementing a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components;
a namespace snap-in component comprising a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment;
a namespace interface exposed by the namespace snap-in component, the namespace interface implementing a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker;
a repository comprising a plurality of storages corresponding to each remote system and which each comprise a set of attributes describing each such remote security application defined within the namespace snap-in component;
an agent executed on the remote system, the agent interfacing with the at least one remote security application;
an agent communication service associated with the centralized broker as a snap-in component, the centralized broker and the at least one remote security application communicating packets that are exchanged directly between the agent and the agent communication service;
a local security application interfaced with the centralized broker as a snap-in component, the local security application providing controls corresponding to the at least one remote security application;
configuration settings from the local security application for the remote security application sent via the agent communication service; and
results from the remote security application for the local security application sent via the agent. - View Dependent Claims (2, 3, 4, 5, 6, 7)
an authenticated connection between the centralized broker and each such remote security application.
-
-
3. A system according to claim 2, wherein the authenticated connection comprises at least one of a DCOM-compliant interface, a WBEM-compliant interface, and a Sockets-based interface.
-
4. A system according to claim 2, further comprising:
encrypted packets exchanged between the local security application and each such remote security application through the centralized broker over the authenticated connection.
-
5. A system according to claim 1, further comprising:
the namespace snap-in component referencing the storage corresponding to a target remote system through the namespace snap-in component, retrieving the attributes for each remote security application installed on the target remote system from the storage and determining the remote security applications installed on the target remote system.
-
6. A system according to claim 5, further comprising:
-
at least one remote security application stored in the repository; and
the namespace snap-in component retrieving the at least one remote security application from the repository and installing the at least one remote security application on the target remote system.
-
-
7. A system according to claim 1, wherein the set of communication interfaces is COM-compliant.
-
8. A process for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment, comprising:
-
executing a centralized broker on a designated system within the distributed computing environment;
exposing a console interface from the centralized broker, the console interface implementing a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components;
defining a namespace snap-in component comprising a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment;
exposing a namespace interface from the namespace snap-in component, the namespace interface implementing a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker;
forming a repository comprising a plurality of storages corresponding to each remote system and which each comprise a set of attributes describing each such remote security application defined within the namespace snap-in component;
executing an agent on the remote system, the agent interfacing with the at least one remote security application;
defining an agent communication service associated with the centralized broker as a snap-in component;
communicating packets between the centralized broker and the at least one remote security application with the packets being exchanged directly between the agent and the agent communication service;
interfacing a local security application with the centralized broker as a snap-in component, the local security application providing controls corresponding to the at least one remote security application;
sending configuration settings for the remote security application from the local security application via the agent communication service; and
reporting results for the local security application from the remote security application via the agent. - View Dependent Claims (9, 10, 11, 12, 13, 14)
forming an authenticated connection between the centralized broker and each such remote security application.
-
-
10. A process according to claim 9, wherein the authenticated connection comprises at least one of a DCOM-compliant interface, a WBEM-compliant interface, and a Sockets-based interface.
-
11. A process according to claim 9, further comprising:
exchanging encrypted packets between the local security application and each such remote security application through the centralized broker over the authenticated connection.
-
12. A process according to claim 8, further comprising:
-
referencing the storage corresponding to a target remote system through the namespace snap-in component;
retrieving the attributes for each remote security application installed on the target remote system from the storage; and
determining the remote security applications installed on the target remote system.
-
-
13. A process according to claim 12, further comprising:
-
storing at least one remote security application in the repository;
retrieving the at least one remote security application from the repository; and
installing the at least one remote security application on the target remote system.
-
-
14. A process according to claim 8, wherein the set of communication interfaces is COM-compliant.
-
15. A computer-readable storage medium holding code for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment, comprising:
-
executing a centralized broker on a designated system within the distributed computing environment;
exposing a console interface from the centralized broker, the console interface implementing a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components;
defining a namespace snap-in component comprising a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment;
exposing a namespace interface from the namespace snap-in component, the namespace interface implementing a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker;
forming a repository comprising a plurality of storages corresponding to each remote system and which each comprise a set of attributes describing each such remote security application defined within the namespace snap-in component;
executing an agent on the remote system, the agent interfacing with the at least one remote security application;
defining an agent communication service associated with the centralized broker as a snap-in component;
communicating packets between the centralized broker and the at least one remote security application with the packets being exchanged directly between the agent and the agent communication service;
interfacing a local security application with the centralized broker as a snap-in component, the local security application providing controls corresponding to the at least one remote security application;
sending configuration settings for the remote security application from the local security application via the agent communication service; and
reporting results for the local security application from the remote security application via the agent. - View Dependent Claims (16, 17, 18, 19)
forming an authenticated connection between the centralized broker and each such remote security application.
-
-
17. A storage medium according to claim 16, further comprising:
exchanging encrypted packets between the local security application and each such remote security application through the centralized broker over the authenticated connection.
-
18. A storage medium according to claim 15, further comprising:
-
referencing the storage corresponding to a target remote system through the namespace snap-in component;
retrieving the attributes for each remote security application installed on the target remote system from the storage; and
determining the remote security applications installed on the target remote system.
-
-
19. A storage medium according to claim 18, further comprising:
-
storing at least one remote security application in the repository;
retrieving the at least one remote security application from the repository; and
installing the at least one remote security application on the target remote system.
-
Specification