Enterprise console
First Claim
1. In a system for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of a network of computational devices, said system comprising a plurality of distributed clients, each of which runs on a corresponding networked computational device, an apparatus comprising:
- an enterprise console comprising a centrally managed advisory diffusion mechanism and a protocol for diffusing said advisories across said network of computational devices;
a plurality of advisories specifying relevance criteria and an action, at least one advisory describing a problem that has been discovered on a client computational device;
wherein said distributed clients running on said associated computational devices gather said advisories and process said advisories; and
wherein each of said distributed clients, each running on an associated computational device, determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of the computational device on which said client runs;
wherein said advisories formally target specific states of a computational device associated with a client running thereon and formally specify actions to take in response thereto;
wherein said client implements associated actions received from said console.
2 Assignments
0 Petitions
Accused Products
Abstract
A console for an enterprise suite is disclosed. The enterprise suite addresses the increasingly complex problem of keeping critical systems updated, compatible, and free of security holes. It uses Fixlet® technology to identify vulnerable computers on the network and then allows authorized personnel to correct problems across any subset of the network with a few simple mouse-clicks. The enterprise suite helps keep the networked computers updated and properly patched, all from a central console which, along with supporting architectural enhancements, is the subject matter of this document. The invention allows rolling out a security patch in minutes instead of months, thus allowing an administrator to stay ahead of potential hacker attacks. The invention also makes it possible to track the progress of each computer as updates are applied, thus making it simple to gauge the level of compliance across the entire enterprise.
95 Citations
65 Claims
-
1. In a system for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of a network of computational devices, said system comprising a plurality of distributed clients, each of which runs on a corresponding networked computational device, an apparatus comprising:
-
an enterprise console comprising a centrally managed advisory diffusion mechanism and a protocol for diffusing said advisories across said network of computational devices; a plurality of advisories specifying relevance criteria and an action, at least one advisory describing a problem that has been discovered on a client computational device; wherein said distributed clients running on said associated computational devices gather said advisories and process said advisories; and wherein each of said distributed clients, each running on an associated computational device, determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of the computational device on which said client runs; wherein said advisories formally target specific states of a computational device associated with a client running thereon and formally specify actions to take in response thereto; wherein said client implements associated actions received from said console. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An enterprise management apparatus, comprising:
-
a centrally managed advisory diffusion server for gathering advisories from an advisory site, wherein an advisory comprises relevance criteria and an action, and wherein an advisory identifies relevant computers on a network of computational devices and allows authorized personnel to monitor, modify, and maintain said computers across any subset of said network; a console in communication with said server for displaying any of changes and new knowledge about said network of computational devices; and a plurality of clients, each running on an associated computational device, associated with said network of computational devices, each client processing said advisories based upon a relevance determination, inspecting said associated computational device, and reporting any relevance determination and actions to said server; wherein each of said clients, each running on an associated computational device, determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of the computational device on which said client runs; wherein said client implements associated actions received from said console. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. In a network comprising a plurality of managed computers, an enterprise management apparatus, comprising:
-
a console for providing a system-wide view of said network of managed computers, along with specific characteristics of each computer and associated actions and for distributing information only to those computers for which said information is relevant; a client running on and associated with each managed computer for accessing a collection of messages comprising said information, which messages identify relevant computer characteristics, wherein if said characteristics are identified, said client running on and associated with a computer implements associated actions received from said console on said associated computer, wherein each client determines relevance of a message by evaluating a relevance clause of said message, while automatically retrieving properties of the managed computer on which said client runs; and a server for coordinating information flow to and from individual clients, each client running on and associated with a networked computer, and for storing results in a database. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. In a system for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of a network of computational devices, said system comprising a plurality of distributed clients, each of which runs on a corresponding networked computational device, and a server for coordinating information flow to and from individual clients, an apparatus comprising:
-
at least one relay for offloading a download burden from said server, wherein said clients download from a designated relay; wherein said server distributes each advisory once to said relay, which in turn distributes said advisory to said clients; and wherein overhead on said server is reduced by a ratio of relays to clients. - View Dependent Claims (25, 26, 27, 28)
-
-
29. In a system for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of a network of computational devices, said system comprising a plurality of distributed clients, each of which runs on a corresponding networked computational device, a method comprising the steps of:
-
providing a centrally managed advisory diffusion mechanism and a protocol for diffusing said advisories across said network of computational devices; providing a plurality of advisories specifying relevance criteria and an action, at least one advisory describing a problem that has been discovered on a client computational device, said advisory comprising a short, clear explanation of said problem; wherein said distributed clients, each client running on and associated with a networked computational device, gather said advisories and process said advisories; each of said distributed clients determining relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of the computational device on which said client runs and with which it is associated; and wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. An enterprise management method, comprising the steps of:
-
gathering advisories from an advisory site with a centrally managed advisory diffusion server, wherein each advisory comprises relevance criteria and an action, and wherein each advisory identifies relevant computers on a network and allows authorized personnel to monitor, modify, and maintain said computers across any subset of said network; displaying any of changes and new knowledge about said network with a console in communication with said server; and providing a plurality of clients, each client associated with and running on a networked computational device, associated with said network, each client processing said advisories based upon a relevance determination, inspecting its associated computer, and reporting any relevance determination and actions to said server. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. An enterprise management method for a network comprising a plurality of managed computers, comprising the steps of:
-
providing a system-wide view of said network of managed computers, along with specific characteristics thereof and associated actions, and for distributing information only to those computers for which said information is relevant; providing a client running on and associated with each managed computer for accessing a collection of messages comprising said information that identify relevant computer characteristics, wherein if said characteristics are identified, said client implements associated actions received from said console, wherein each of said clients determines relevance of a message by evaluating a relevance clause of said message, while automatically retrieving properties of the computer on which said client runs; and coordinating information flow to and from individual clients and for storing results in a database. - View Dependent Claims (46, 47, 48, 49, 50, 51)
-
-
52. In a system for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of a network of computational devices, said system comprising a plurality of distributed clients, each of which is associated with and runs on a corresponding networked computational device, and a server for coordinating information flow to and from individual clients, a method comprising the steps of:
-
offloading a download burden from said server with a relay, wherein said clients download from a designated relay; said server distributing each advisory once to said relay, which in turn distributes said advisory to said clients; and reducing overhead on said server a ratio of relays to clients. - View Dependent Claims (53, 54, 55, 56)
-
-
57. In a system for formalizing, diffusing, and enforcing policy advisories and for monitoring policy compliance in the management of a network of computational devices, said system comprising:
- a plurality of distributed clients, each of which is associated with and runs on a corresponding networked computational device, a server for coordinating information flow to and from individual clients, and a plurality of relays, each of which aggregates and mediates communication between said distributed clients and said server, an apparatus comprising;
means associated with each said client for evaluating a relevance clause;
identifying a file or group of files to upload to said server from its associated computational device;means associated with each said client for aggregating a file or group of files resident on its associated computational device into a file collection; wherein a relay offloads an upload burden from said server; and wherein said clients upload said file collection to said server via a designated relay; and means associated with each said client for distributing each file collection once to said relay, which in turn distributes said file collection to said server. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65)
- a plurality of distributed clients, each of which is associated with and runs on a corresponding networked computational device, a server for coordinating information flow to and from individual clients, and a plurality of relays, each of which aggregates and mediates communication between said distributed clients and said server, an apparatus comprising;
Specification