Policy engine for modular generation of policy for a flat, per-device database
DCFirst Claim
1. A method for generating network management policies for a network, comprising:
- storing a hierarchical policy in a directory database;
transforming said hierarchical policy into a flat file format with device schema for devices comprising said network; and
storing said flat file format device schema in a configuration database.
13 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A policy engine in a policy-based, outsourced, network management system. In one embodiment, the management system is multi-layered, modular and stores device configuration data in non-device specific format, which are subsequently translated to device-specific format by lower layers of the management system. The non-device specific format is the same (e.g., XML) as that used to create the policies with the user GUI (e.g., browser) and transport them to the service center over the internet. A database stores a policy directory in a hierarchical format that is separate from a policy store (configuration store) for devices in a flat (non-hierarchical or parallel) format. In one embodiment, a policy engine develops policies in a hierarchical format, but then stores the device schema, or objects, in a low-level, flat database. Multiple hierarchical services which impact a single device have the characteristics related to that device knitted together, and then fed back to a policy store database as a flat file for that device, in a non-device specific format. Thus, instead of storing the policies separately, and in hierarchical linked format, the device descriptions are stored with the aspects of all policies that affect that device.
-
Citations
28 Claims
-
1. A method for generating network management policies for a network, comprising:
-
storing a hierarchical policy in a directory database; transforming said hierarchical policy into a flat file format with device schema for devices comprising said network; and storing said flat file format device schema in a configuration database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for generating network management policies for a network, comprising:
-
storing a hierarchical policy in a directory database; using a policy generator to transform said hierarchical policy into a flat file format with device schema for devices comprising said network by dividing a policy into a plurality of policy types, and providing each of said policy types to a COM server for one of said policy types, said COM server generating a flat file for each device corresponding to said policy, wherein said policy types include a virtual private network (VPM), a network address translation (NAT), a firewall and application management services (AMS); providing a flat file template to said COM servers for populating with data corresponding to said policy; and providing to said COM servers a server address for a server containing said directory; concatenating together device implementations of a plurality of policies for said devices; adding device attributes from said directory to said flat file; and storing said flat file format device schema in a configuration database. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method for creating a directory of a network, comprising:
-
providing a directory of device objects describing a plurality of devices in a network; organizing said directory in hierarchical form; and providing at least one policy object for application of a policy to a plurality of said devices. - View Dependent Claims (15)
-
-
16. A method for generating network management policies for a network, comprising:
-
dividing a policy into a plurality of policy types; and providing each of said policy types to a specialized process for one of said policy types, said specialized processes generating a flat file for each device corresponding to said policy. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer readable media having computer readable code embodied therein for providing a directory of network resources comprising:
-
a plurality of objects describing attributes of said network resources; and a plurality of objects describing attributes of network policy. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A method for generating policy descriptions with a policy service agent responsive to a policy generator comprising:
-
receiving an XML template, a policy rule description and a directory address from said policy generator; accessing a directory at said directory address for hierarchical data describing said policy rule; populating said XML template with data pertaining to said policy rule for a device identified in said XML template; returning a populated XML template to said policy generator. - View Dependent Claims (27, 28)
-
Specification