Method and apparatus for configuring servers

US 7,454,483 B2
Filed: 05/14/2003
Issued: 11/18/2008
Est. Priority Date: 05/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining a role that a target server will perform;

identifying at least one security policy associated with the role, wherein identifying the at least one security policy includes;

accessing a knowledge base containing security parameters associated with roles that a server might perform; and

identifying services and communication ports used by roles that a server might perfom;

configuring the target server to implement the identified security policy, wherein configuring the target server includes;

generating a target server policy based on the role and the security policy associated with the role; and

applying the target server policy to the target server.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process determines a role that a target server will perform. The process also identifies at least one security policy associated with the role. The target server is then configured to implement the identified security policies.

26 Citations

View as Search Results

29 Claims

1. A method comprising:
- determining a role that a target server will perform;
  
  identifying at least one security policy associated with the role, wherein identifying the at least one security policy includes;
  
  accessing a knowledge base containing security parameters associated with roles that a server might perform; and
  
  identifying services and communication ports used by roles that a server might perfom;
  
  configuring the target server to implement the identified security policy, wherein configuring the target server includes;
  
  generating a target server policy based on the role and the security policy associated with the role; and
  
  applying the target server policy to the target server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as recited in claim 1 further comprising identifying the target server prior to determining a role that the target server will perform.
  - 3. A method as recited in claim 2 wherein the role is a file server.
  - 4. A method as recited in claim 1 further comprising determining a plurality of roles that the target server will perform.
  - 5. A method as recited in claim 4 wherein the role is a web server.
  - 6. A method as recited in claim 1 wherein the role is a domain controller.
  - 7. A method as recited in claim 1 wherein the role has a plurality of associated ports.
  - 8. A method as recited in claim 1 further comprising identifying operating characteristics associated with the role.
  - 9. A method as recited in claim 8 wherein the role has a plurality of associated services.
  - 10. A method as recited in claim 1 wherein configuring the target system includes configuring a plurality of target systems.
  - 11. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 1.

12. A method comprising:
- identifying a target server;
  
  determining at least one role that the target server is able to perform;
  
  identifying operating characteristics associated with the role that the target server is able to perform, wherein identifying the operating characteristics includes;
  
  identifying security services used by the role; and
  
  identifying communication ports used by the role;
  
  identifying a particular role to be performed by the target server; and
  
  configuring the target server based on the particular role to be performed by the target server and the operating characteristics associated with the particular role.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A method as recited in claim 12 wherein the operating characteristics associated with the role that the target server is able to perform are security characteristics.
  - 14. A method as recited in claim 12 wherein identifying operating characteristics associated with the role that the target server is able to perform includes tagging operating characteristics retrieved from a knowledge base.
  - 15. A method as recited in claim 12 wherein the knowledge base contains security parameters associated with the at least one role that the target server is able to perform.
  - 16. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 12.

17. A method comprising:
- identifying a target server;
  
  identifying operating characteristics associated with possible server roles;
  
  tagging operating characteristics associated with one or more roles that the target server is capable of performing;
  
  identifying a role that the target server will perform; and
  
  configuring the target server to perform the identified role, wherein configuring the target server includes;
  
  generating a target server policy based on the identified role; and
  
  applying the target server policy to the target server.
- View Dependent Claims (18, 19, 20, 21)
- - 18. A method as recited in claim 17 wherein configuring the target server to perform the identified role is based on the operating characteristics associated with the identified role.
  - 19. A method as recited in claim 17 wherein identifying operating characteristics associated with possible server roles includes accessing a knowledge base containing security parameters associated with the possible server roles.
  - 20. A method as recited in claim 17 wherein identifying operating characteristics associated with possible server roles includes identifying services used by possible server roles.
  - 21. A method as recited in claim 17 wherein identifying operating characteristics associated with possible server roles includes identifying communication ports used by possible server roles.

22. An apparatus comprising:
- means for determining one or more roles that a target server is able to perform;
  
  means for identifying operating characteristics associated with the plurality of roles that the target server is able to perform;
  
  means for identifying a particular role to be performed by the target server;
  
  means for configuring the target server based on the particular role to be performed by the target server and operating characteristics associated with the particular role;
  
  means for identifying a plurality of services associated with the particular role; and
  
  means for identifying a plurality of ports associated with the particular role.
- View Dependent Claims (23)
- - 23. An apparatus as recited in claim 22 wherein the operating characteristics include security-related characteristics.

24. An apparatus comprising:
- a knowledge base containing characteristics associated with a plurality of server roles;
  
  a pre-processor coupled to the knowledge base and configured to identify characteristics of a target server coupled to the pre-processor; and
  
  a configuration engine coupled to the pre-processor, the configuration engine is to apply configuration information to the target server, and wherein the configuration information includes at least one service associated with a server role to be performed by the target server and at least one port associated with a server role to be performed by the target server.
- View Dependent Claims (25, 26, 27)
- - 25. An apparatus as recited in claim 24 wherein the pre-processor is further configured to identify server roles enabled on the target server.
  - 26. An apparatus as recited in claim 24 further comprising a user interface application coupled to the pre-processor, wherein the user interface application generates data used by the configuration engine to configure the target server.
  - 27. An apparatus as recited in claim 24 wherein the knowledge base is an XML document.

28. One or more computer-readable media having stored thereon a computer program that, when executed by one or more processors, causes the one or more processors to:
- retrieve data associated with one or more server roles from a knowledge base;
  
  determine one or more roles that a target server is capable of performing,wherein the one or more roles that the target server is capable of performing have;
  
  at least one associated service; and
  
  at least one associated port;
  
  obtain user preferences regarding at least one role to be implemented by the target server; and
  
  configure the target server based on data associated with the at least one role.
- View Dependent Claims (29)
- - 29. One or more computer-readable media as recited in claim 28 wherein the data associated with the one or more roles that a target server is capable of performing includes security services used by the one or more roles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ServiceNow Incorporated
Original Assignee
Microsoft Corporation
Inventors
Garg, Praerit, Soluk, Kirk, Huang, Jin, Patankar, Vishnu A., Wu, Xiaohong
Primary Examiner(s)
Jean; Frantz B.

Application Number

US10/438,290
Publication Number

US 20040230639A1
Time in Patent Office

2,015 Days
Field of Search

709/220, 709/226, 706/12, 706/14, 706/16, 706/46, 706/45, 706/50, 706/59
US Class Current

709/220
CPC Class Codes

H04L 41/0266   using meta-data, objects or...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Method and apparatus for configuring servers

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for configuring servers

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links