Secure management protocol

US 7,506,041 B1
Filed: 08/01/2003
Issued: 03/17/2009
Est. Priority Date: 08/01/2003
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a workstation communicatively coupled to a network; and

a switch managed appliance communicatively coupled to the network to couple the workstation to a selected one of plural devices connected to the switch managed appliance so the workstation can control processing by the selected one of the plural devices;

wherein the workstation operatively initiates a management session with the managed appliance by (A) establishing a secure sockets layer connection on a predefined Transmission Control Protocol (TCP) port number with the managed appliance and then issuing a login request to the managed appliance and (B) the switch managed appliance authenticates the workstation based on the login request, andwherein the workstation uses the established secure sockets layer connection on the predefined TCP port number and only the established secure sockets layer connection to execute Simple Network Management Protocol (SNMP) commands to the switch managed appliance to control the switch managed appliance using a secure sockets layer communication protocol and the switch managed appliance responds to the SNMP commands only if the switch managed appliance first authenticates the workstation based on the login input identifier.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for securely managing managed appliances such as keyboard/video/mouse (KVM) switches using a network communication protocol is described. A client workstation initiates a management session by establishing a secure sockets layer connection with the appliance over a predefined TCP port number. This secure management protocol is used to manage appliances that support SNMP by tunneling SNMP protocol requests through the presently-described protocol. The protocol includes a login sequence to enhance the security of data transmitted according to the protocol. The workstation can read and set object identifiers in the managed appliance. The workstation can also read and write files to and from the managed appliance. In addition, a single managed appliance can have multiple management sessions open at one time.

Citations

16 Claims

1. A system comprising:
- a workstation communicatively coupled to a network; and
  
  a switch managed appliance communicatively coupled to the network to couple the workstation to a selected one of plural devices connected to the switch managed appliance so the workstation can control processing by the selected one of the plural devices;
  
  wherein the workstation operatively initiates a management session with the managed appliance by (A) establishing a secure sockets layer connection on a predefined Transmission Control Protocol (TCP) port number with the managed appliance and then issuing a login request to the managed appliance and (B) the switch managed appliance authenticates the workstation based on the login request, andwherein the workstation uses the established secure sockets layer connection on the predefined TCP port number and only the established secure sockets layer connection to execute Simple Network Management Protocol (SNMP) commands to the switch managed appliance to control the switch managed appliance using a secure sockets layer communication protocol and the switch managed appliance responds to the SNMP commands only if the switch managed appliance first authenticates the workstation based on the login input identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the login request is a message that includes a user name and a password corresponding to a workstation user.
  - 3. The system of claim 1, wherein the switch managed appliance responds to the login request by transmitting a login reply across the network.
  - 4. The system of claim 3, wherein the login reply is a message that includes status data reflecting the status of the login request.
  - 5. The system of claim 1, wherein, during the management session, the workstation requests object identifier data from the switch managed appliance.
  - 6. The system of claim 5, wherein the switch managed appliance transmits object identifier data to the workstation.
  - 7. The system of claim 1, wherein, during the management session, the workstation sets the value of an object identifier in the switch managed appliance.
  - 8. The system of claim 1, wherein, during the management session, the workstation writes a file to the switch managed appliance.
  - 9. The system of claim 8, wherein the workstation transmits a request message to the switch managed appliance containing a name of the file and a size of the file.
  - 10. The system of claim 9, wherein the switch managed appliance transmits a reply message to the workstation in response to the request message.
  - 11. The system of claim 1, wherein, during the management session, the workstation reads a file from the switch managed appliance.
  - 12. The system of claim 11, wherein workstation transmits to the switch managed appliance an identification of a name of the file to be read.
  - 13. The system of claim 12, wherein the switch managed appliance transmits blocks of data comprising the file to the workstation, said blocks of data being transmitted one at a time.
  - 14. The system of claim 1, wherein the workstation transmits a broadcast message to the switch managed appliance.
  - 15. The system of claim 1, wherein the switch managed appliance is a KVM (keyboard, video, mouse) switch.
  - 16. The system of claim 1, wherein the switch managed appliance is a serial device switch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vertiv IT Systems, Inc. (Vertiv Holdings Co.)
Original Assignee
Avocent Corporation (Vertiv Holdings Co.)
Inventors
Clark, Steven, Shelton, James
Primary Examiner(s)
Etienne; Ario
Assistant Examiner(s)
SALL, EL HADJI MALICK

Application Number

US10/632,098
Time in Patent Office

2,055 Days
Field of Search

703223-229, 726/3
US Class Current

709/223
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 63/168   above the transport layer

H04L 69/16   Implementation or adaptatio...

H04L 69/162   involving adaptations of so...

Secure management protocol

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Secure management protocol

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links