Device plug-in system for configuring network device over a public network
First Claim
1. A method for remotely configuring a customer network device from a service center computer, comprising:
- receiving a network policy description from a first customer at the service center computer, the service center computer configured to receive network policy descriptions from at least the first customer and a second customer;
identifying a network device of the first customer to configure according to the network policy description, the network device being part of a first customer network that is independent of network devices of a second customer network;
downloading a bootstrap partial configuration from the service center computer to the network device over a public network, the bootstrap partial configuration enabling establishment of a secure channel according to a capability of the network device;
establishing a secure channel between the service center computer and the network device over said public network said bootstrap partial configuration; and
downloading full configuration data to said network device using the secure channel.
12 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides device configuration and policy configuration data to network devices over a public network, e.g., the internet. A secure communication link is first established over the public network to the network device. Next, policy and configuration information is downloaded to the network device using that secure communication link. In one embodiment, the communication link is an IPSec tunnel. In particular, the network policy may include a virtual private network (VPN) policy. The invention addresses the secure downloading of configuration and policy information, which has not been an issue in prior art devices where there was an ability to provide such information internally to a network, without the need to go over the internet.
70 Citations
18 Claims
-
1. A method for remotely configuring a customer network device from a service center computer, comprising:
-
receiving a network policy description from a first customer at the service center computer, the service center computer configured to receive network policy descriptions from at least the first customer and a second customer; identifying a network device of the first customer to configure according to the network policy description, the network device being part of a first customer network that is independent of network devices of a second customer network; downloading a bootstrap partial configuration from the service center computer to the network device over a public network, the bootstrap partial configuration enabling establishment of a secure channel according to a capability of the network device; establishing a secure channel between the service center computer and the network device over said public network said bootstrap partial configuration; and downloading full configuration data to said network device using the secure channel. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of configuring a customer network device from a service center computer, comprising:
-
generating an event at the service center computer responsive to a change of policy for a first customer network; retrieving information about the first customer from a storage area of the service center computer, the storage area containing information about a plurality of customers and the networks of said plurality of customers; selecting a device plug-in for configuring a network device of the first customer network according to the changed policy, the device plug-in being selected according to the type of the network device; establishing a communication channel between the service center computer and the network device over a public network; downloading a bootstrap partial configuration from the service center computer to the network device; using the bootstrap partial configuration to form a secure channel between the service center computer and the network device; and sending full configuration data from the service center computer to the network device using the secure channel. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method of configuring as customer network device from a service center computer, comprising:
-
detecting a change in policy associated with a first customer network at the service center computer; retrieving information about the first customer from a storage area of the service center computer, the storage area containing information about a plurality of customers and the networks of said plurality of customers; identifying a network device of the first customer to configure using information retrieved from the storage area, the network device being part of a first customer network that is independent of network devices of a second customer network; establishing a communication channel over a public network for sending configuration data from the service center computer to the network device; downloading a bootstrap partial configuration from the service center computer to the network device over the public network; using the bootstrap partial configuration to form a secure channel between the service center computer and the network device; and sending full configuration data from the service center computer to the network device using the secure channel. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification