Methods and apparatus for scalable, distributed management of virtual private networks
First Claim
1. A group management system comprising:
- a plurality of interconnected nodes communicatively coupled with each other as member nodes of a virtual private network (“
VPN”
), wherein all communications between said interconnected nodes are encrypted by said interconnected nodes; and
a plurality of master nodes, different from the plurality of interconnected nodes, each of the master nodes controlling admission and departure in the VPN for an associated non-empty subset of the member nodes and further facilitating said communications between said plurality of interconnected nodes, wherein in the event one of the master nodes fails, the associated subset of member nodes will be automatically reassigned to one or more other of the master nodes,wherein a membership change in at least one of the subsets is performed without notifying all of the master nodes not associated with the changed subset.
4 Assignments
0 Petitions
Accused Products
Abstract
A groupware management system for collaborative groups is disclosed that is scalable to support large, dynamic, multiple, and other virtual VPNs. The system may introduce a graph (or hierarchical) structure to the VPN, providing multiple master nodes controlling membership in subsets of the collaborative group. Use of multiple master nodes in a graph-structured (or hierarchical) network topology often relaxes the need for a single, centralized, globally consistent view of VPN group membership, and enables distribution of the management burden among multiple master nodes. Membership in the VPN may be changed dynamically by the second master node for the member nodes of the second subset, without requiring the first master node to dynamically update its group membership records to reflect the change and in many cases without even having to notify the first master node (and vice versa), for example. In further embodiments, the use of multiple master nodes may increase the reliability and efficiency of VPNs, such as by enabling load balancing of master node tasks. Fail-over mechanisms may also be used to transparently re-route management tasks to an alternate master node especially in the case of failure of the current master node serving a given member node.
-
Citations
30 Claims
-
1. A group management system comprising:
-
a plurality of interconnected nodes communicatively coupled with each other as member nodes of a virtual private network (“
VPN”
), wherein all communications between said interconnected nodes are encrypted by said interconnected nodes; anda plurality of master nodes, different from the plurality of interconnected nodes, each of the master nodes controlling admission and departure in the VPN for an associated non-empty subset of the member nodes and further facilitating said communications between said plurality of interconnected nodes, wherein in the event one of the master nodes fails, the associated subset of member nodes will be automatically reassigned to one or more other of the master nodes, wherein a membership change in at least one of the subsets is performed without notifying all of the master nodes not associated with the changed subset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for managing a group, the method comprising:
-
providing a plurality of interconnected nodes communicatively coupled with each other as member nodes of a virtual private network (“
VPN”
), wherein all communications between said interconnected nodes are encrypted by said interconnected nodes; andproviding a plurality of master nodes, different from the plurality of interconnected nodes, each of the master nodes controlling admission and departure in the VPN for an associated non-empty subset of the member nodes and further facilitating said communications between said plurality of interconnected nodes, wherein in the event one of the master nodes fails, the associated subset of member nodes will be automatically reassigned to one or more other of the master nodes, wherein a membership change in at least one of the subsets is performed without notifying all of the master nodes not associated with the changed subset. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification