Management system for distributed out-of-band security databases
First Claim
1. A system for managing distributed databases, each database associated with an out-of-band port of a wide area network element, said wide area network having a centralized security system for in-band security, said system for managing distributed databases comprising:
- an out-of-band security gate at each said network element, said security gate having a database receptor;
at least one security database capable of deposition within said database receptor of said security gate, said at least one security database, in turn, further comprising;
a plurality of security databases each providing an interrelated hierarchical series of authentication data for a different set with each successive one of said security databases being more restrictive as to access by remote users to said network elements thereby;
a distributed database manager for replicating and updating each said security database, said distributed database manager depositing a replicate of said security database at each said database receptor, and, upon changes to said security database, impressing such changes upon the deposited replicate.
1 Assignment
0 Petitions
Accused Products
Abstract
For use during maintenance of wide area networks, a management system is disclosed for distributing security databases to security gates at each maintenance port of each network element. A distributed database manager is provided to instantaneously update the databases and gather from each database transaction records. Central to the distributed database manager is a software program that polls the security databases located at each of the network elements, deposits updated databases, and formats various management reports from transaction records and from device failure records (generated by the program). The software program enables the database manager to communicate with the network elements through either an in-band channel or an out-of-band channel. By shifting authentication of access seekers to security databases resident at each console port, security is maintained even though the network server is not in service. Using existing technology, all communications between the distributed database manager and the security database is in encrypted form.
-
Citations
9 Claims
-
1. A system for managing distributed databases, each database associated with an out-of-band port of a wide area network element, said wide area network having a centralized security system for in-band security, said system for managing distributed databases comprising:
-
an out-of-band security gate at each said network element, said security gate having a database receptor;
at least one security database capable of deposition within said database receptor of said security gate, said at least one security database, in turn, further comprising;
a plurality of security databases each providing an interrelated hierarchical series of authentication data for a different set with each successive one of said security databases being more restrictive as to access by remote users to said network elements thereby;
a distributed database manager for replicating and updating each said security database, said distributed database manager depositing a replicate of said security database at each said database receptor, and, upon changes to said security database, impressing such changes upon the deposited replicate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
a list of network elements each having an out-of-band port, a security gate thereto, and a database receptor; and
,a polling program therewithin having the ability to step through said list of network elements and replace the security database with an updated security database.
-
-
3. A system for distributed database management as described in claim 2, wherein each said security database comprises:
-
a transaction register to record data of access request, grants, and denials; and
,wherein said polling program further comprises;
a data collection portion for receiving said record data from said transaction register at the time the security database is updated and for, upon receiving the data from the register, resetting he register to zero.
-
-
4. A system for distributed database management as described in claim 3, wherein said polling program further comprises:
a failure monitoring portion wherein each network element beyond the reach of said communication program is identified.
-
5. A system for distributed database management as described in claim 4, wherein said distributed database manager further comprises:
a report program to format the data received from said data collection portion and said failure monitoring portion.
-
6. A system for distributed database management as described in claim 1 wherein said distributed database manager further comprises:
-
a communication program therewithin with the default setting of an in-band connection to the security database; and
,said communication program, in turn, further comprising a communication channel selector to change to an out-of-band connection to the security database.
-
-
7. A system for distributed database management as described in claim 1, wherein said distributed database manager further comprises:
-
a communication program therewithin the out-of-band setting of an in-band connection to the security database; and
,said communication program, in turn, further comprising a communication channel selector to change to an in-band connection to the security database.
-
-
8. A system for distributed database management as described in claim 1, wherein said plurality of databases are an interrelated hierarchical series of authentication data with each successive one of said databases being more restrictive as to the accessibility of the network elements by said remote users.
-
9. A distributed database management device serving network elements of a wide area network having, for in-band access by a remote user a centralized security system, said distributed database management device comprising:
-
a central processing unit (CPU);
a list of network elements within said CPU each having an out-of-band port, a security gate thereto, and a database receptor;
a plurality of interrelated hierarchical series of authentication data within said CPU capable of being replicated by said CPU, and a selected one of said interrelated hierarchical series of authentication data providing deposited security databases in each said database receptor with each successive one of said security databases being more restrictive as to access by remote user to said network elements thereby; and
,a management program in said CPU capable of communicating with each network element through in-band and out-of-band connections and of depositing at the database receptors said replicated database.
-
Specification