Secure access to managed network objects using a configurable platform-independent gateway providing individual object-level access control
First Claim
1. A network management system, comprising:
- a gateway which is coupled between a plurality of managed objects and a plurality of proxy agent managers; and
which is configured to deliver one or more events generated by the managed objects to one or more managers and to deliver one or more requests generated by the managers to one or more of the managed objects, wherein each of the events and each of the requests include a user identification, wherein the user identification identifies the respective manager to which the event or the request belongs;
a platform-independent interface to the gateway, wherein the gateway is configured to communicate with the one or more managers through the platform-independent interface to deliver the one or more events or the one or more requests, wherein the managers share a singleton Request Service Access Point (Request SAP) object;
wherein the gateway is configured to provide object-level access control between the one or more managers and the managed objects to receive the one or more events from or to send the one or more requests to the managed objects, wherein said object-level access control is provided by the Request SAP object at an individual object level so that one of the one or more managers is granted access to one of the managed objects while being prevented from interfacing with a different one of the managed objects.
2 Assignments
0 Petitions
Accused Products
Abstract
A gateway between client manager applications and an enterprise manager may be provided to manage various networked objects. In one embodiment, CORBA-based TMN manager applications may be communicatively coupled to a CORBA Object Request Broker (ORB) and may be operable to send Interface Definition Language (IDL) requests to, and receive IDL responses and CORBA events from, managed objects through the CORBA ORB. The client manager may first be authenticated to the gateway by username and password, or other validation information associated with the client manager, which may be represented in a user profile. Once the initial client authentication is accomplished, the gateway may provide object-level access control between manager applications and managed objects at an individual object level so that one of the managers is granted access to one of the managed objects while being prevented from interfacing with a different one of the managed objects.
-
Citations
57 Claims
-
1. A network management system, comprising:
-
a gateway which is coupled between a plurality of managed objects and a plurality of proxy agent managers; and
which is configured to deliver one or more events generated by the managed objects to one or more managers and to deliver one or more requests generated by the managers to one or more of the managed objects, wherein each of the events and each of the requests include a user identification, wherein the user identification identifies the respective manager to which the event or the request belongs;a platform-independent interface to the gateway, wherein the gateway is configured to communicate with the one or more managers through the platform-independent interface to deliver the one or more events or the one or more requests, wherein the managers share a singleton Request Service Access Point (Request SAP) object; wherein the gateway is configured to provide object-level access control between the one or more managers and the managed objects to receive the one or more events from or to send the one or more requests to the managed objects, wherein said object-level access control is provided by the Request SAP object at an individual object level so that one of the one or more managers is granted access to one of the managed objects while being prevented from interfacing with a different one of the managed objects. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A network management method, comprising:
-
sending an identity of a user of a manager application to a gateway, wherein the gateway is configured to communicate with the manager application through a platform-independent interface, wherein the gateway is coupled between a plurality of managed objects and the manager application; determining at a managed object level whether or not the manager application is allowed to receive an event generated by one of a plurality of managed objects or to send a request to the one of the plurality of managed objects as a function of the identity of the user of the manager application, wherein the event and the request include a user identification, wherein the user identification identifies the manager application to which the event or the request belongs; whereby access for the manager application to receive the event or send the request is approved or denied for said one of the plurality of managed objects by a singleton Request Service Access Point (Request SAP) at an individual object level so that the manager application is granted access to one of the plurality of managed objects while being prevented from interfacing with a different one of the plurality of managed objects; and delivering the event to the manager application or the request to the managed object if the manager access is approved. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A tangible, computer-readable storage medium, comprising program instructions for network management, wherein the program instructions are computer-executable to perform:
-
sending an identity of a user of a manager application to a gateway, wherein the gateway is configured to communicate with the manager application through a platform-independent interface, wherein the gateway is coupled between a plurality of managed objects and the manager application; determining at a managed object level whether or not the manager application is allowed to receive an event generated by one of a plurality of managed objects or to send a request to the one of the plurality of managed objects as a function of the identity of the user of the manager application, wherein the event and the request include a user identification, wherein the user identification identifies the manager application to which the event or the request belongs; whereby access for the manager application to receive the event or send the request is approved or denied for said one of the plurality of managed objects by a singleton Request Service Access Point (Request SAP) at an individual object level so that the manager application is granted access to one of the plurality of managed objects while being prevented from interfacing with a different one of the plurality of managed objects; and delivering the event to the manager application or the request to the managed object if the manager access is approved. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
Specification