Formalizing, diffusing, and enforcing policy advisories and monitoring policy compliance in the management of networks

US 7,607,572 B2
Filed: 11/12/2002
Issued: 10/27/2009
Est. Priority Date: 03/19/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for formalizing, diffusing and enforcing policy advisories and for monitoring policy compliance in the management of networks of computational devices, comprising:

a unified management interface;

a plurality of distributed clients, each of which runs on a corresponding networked computational device, wherein each of said distributed clients determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of a computational device on which said distributed client runs;

a central server coupled to a central database, said central server for coordinating relay of information to and from individual computational devices, storing and retrieving information about individual computational devices and presenting information to a system administrator via said unified management interface, said central server comprising;

a registration server, wherein said registration server processes registration requests from distributed clients;

a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and

an action server, wherein said action server receives action requests from said management console serves them up to individual distributed clients;

at least one advice server providing a plurality of advisories directly to said distributed clients;

a protocol for diffusing queries across the network;

wherein said management interface conveys reports to said administrator received from said distributed clients via said central server; and

wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for centralized policy management of large-scale networks (221) of computational devices is disclosed. The apparatus includes a number of distributed clients (400) run on registered computers (201-203), gathering policy advisories (401) and reporting (405) relevance (403) to a system administrator (224). The system administrator may view the relevant messages (505) through a management interface (500) and deploy suggested actions to distributed clients (503), where the actions are executed to apply the solutions of the advisories (408).

69 Citations

View as Search Results

26 Claims

1. An apparatus for formalizing, diffusing and enforcing policy advisories and for monitoring policy compliance in the management of networks of computational devices, comprising:
- a unified management interface;
  
  a plurality of distributed clients, each of which runs on a corresponding networked computational device, wherein each of said distributed clients determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of a computational device on which said distributed client runs;
  
  a central server coupled to a central database, said central server for coordinating relay of information to and from individual computational devices, storing and retrieving information about individual computational devices and presenting information to a system administrator via said unified management interface, said central server comprising;
  
  a registration server, wherein said registration server processes registration requests from distributed clients;
  
  a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and
  
  an action server, wherein said action server receives action requests from said management console serves them up to individual distributed clients;
  
  at least one advice server providing a plurality of advisories directly to said distributed clients;
  
  a protocol for diffusing queries across the network;
  
  wherein said management interface conveys reports to said administrator received from said distributed clients via said central server; and
  
  wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, further comprising:
    - a mirror server that collects advice contents of advice provider sites from a global network, wherein each of said distributed clients gathers relevant advisories from said mirror server.
  - 3. The apparatus of claim 1, wherein said relevance clause is written in a formal descriptive language.
  - 4. The apparatus of claim 1, wherein said management interface further comprises:
    - means for adding, modifying, or canceling a subscription of said distributed clients to one or more advice provider sites.
  - 5. The apparatus of claim 4, wherein said management interface further comprises:
    - means for selecting a group of computational devices, specifying action messages, scheduling, and controlling execution when deploying actions proposed by relevant advice messages.
  - 6. The apparatus of claim 5, wherein said management interface further comprises:
    - means for securely deploying actions of relevant advice messages to a selected group of said distributed clients.
  - 7. The apparatus of claim 6, wherein said management interface further comprises:
    - means for monitoring status of deployed actions.
  - 8. The apparatus of claim 7, wherein said management interface further comprises:
    - means for stopping previously deployed actions which have not finished running.
  - 9. The apparatus of claim 8, wherein said management interface further comprises:
    - means for monitoring status of each computational device while actions are being deployed and executed.
  - 10. The apparatus of claim 9, wherein said means for monitoring allows said system administrator to define and retrieve customized properties of computational devices using a formal descriptive language.

11. A communication method for managing network policy for networks of computational device, comprising the steps of:
- registering a plurality of computers to a central server by a plurality of distributed clients, each of said plurality of distributed clients running on one of said computers, said central server comprising;
  
  a registration server, wherein said registration server processes registration requests from distributed clients;
  
  a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and
  
  an action server, wherein said action server receives action requests from said management console serves them up to individual distributed clients;
  
  subscribing said distributed clients to a plurality of advice provider sites for each registered computer by a network administrator using a unified management interface;
  
  gathering by each of said plurality of clients a plurality of advisories from said advice provider sites for each registered computer, wherein each of said advisories comprises;
  
  a relevance clause written in a formal descriptive language to specify criteria determining when said advisory is relevant;
  
  a message providing explanatory material explaining said advisory; and
  
  an action providing a solution which can be deployed by said central server from a management interface and executed;
  
  reporting relevance of said advisories from said advice provider sites for each registered computer to said network administrator using said unified management interface by means of said central server;
  
  viewing said advisories by a system administrator with a unified management interface;
  
  deploying selected actions to a selected group of computers by said system administrator to said central server with said management interface by means of said central server; and
  
  performing deployed actions by said distributed clients running on said registered computer to apply solutions.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising the step of:
    - monitoring status of said deployed actions by said system administrator using said management interface.
  - 13. The method of claim 11, further comprising the step of:
    - monitoring status of each registered computer by said system administrator using said management interface.
  - 14. The method of claim 11, further comprising the step of:
    - managing subscription of advice provider sites to each registered computer by said system administrator using said management interface.
  - 15. The method of claim 11, wherein said action is only applied when said advisory is determined relevant to said computer.
  - 16. The method of claim 11, wherein said action can be scheduled so that it is only applied at a certain time of day.
  - 17. The method of claim 11, wherein said action is signed digitally when deployed from said central server.
  - 18. The method of claim 11, wherein said action is any of the group comprising:
    - deleting, moving, or copying specific files;
      
      setting of deleting registry entries;
      
      executing script commands;
      
      deleting, adding, or committing various DLL modules;
      
      deleting, closing, or restoring an advisory;
      
      subscribing or unsubscribing an advice provider site;
      
      changing a gathering schedule or forcing an immediate gathering; and
      
      forcing an immediate relevance evaluation of advisories.
  - 19. The method of claim 11, wherein said action is only applied when said advisory is determined relevant to said computer.
  - 20. The method of claim 11, wherein said action can be constrained so that it may be executed when a computationally verifiable condition is met.

21. A distributed client for a computer in a network policy management system for networks of computational devices, comprising:
- means for gathering advisories from a plurality of advice provider sites;
  
  means for determining relevance of said advisories, wherein each of said advisories comprises;
  
  a relevance clause written in a formal descriptive language to specify criteria determining when said advisory is relevant;
  
  a message providing explanatory material explaining said advisory; and
  
  an action providing a solution;
  
  means for reporting relevance to a central server coupled to a central database, said central server for coordinating relay of information to and from individual computational devices, storing and retrieving information about individual computational devices and presenting information to a system administrator via a unified management interface, said central server comprising;
  
  a registration server, wherein said registration server processes registration requests from distributed clients;
  
  a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and
  
  an action server, wherein said action server receives action requests from said management console serves them up to individual distributed client; and
  
  means for gathering actions from said central server;
  
  wherein said distributed client gathers advisories from said plurality of advice provider sites with said means for gathering advisories, andwherein said distributed client determines relevance of said advisories with said means for determining relevance and wherein said distributed client may report relevant advisories by said means for reporting.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The distributed client of claim 21, further comprising:
    - means for executing said actions;
      
      wherein said distributed client retrieves said actions from said central server with said means for gathering and performs said actions using said means for executing.
  - 23. The distributed client of claim 21, wherein said action is only applied when said advisory is determined relevant to said computer.
  - 24. The distributed client of claim 21, wherein said action can be constrained so that it may be executed when a computationally verifiable condition is met.
  - 25. The distributed client of claim 21, wherein said action is signed digitally when deployed from said management interface.
  - 26. The distributed client of claim 21, wherein said action is any of the group comprising:
    - deleting, moving, or copying specific files;
      
      setting or deleting registry entries;
      
      executing script commands;
      
      deleting, adding, or committing various DLL modules;
      
      deleting, closing, or restoring an advisory;
      
      subscribing or unsubscribing to an advice provider site;
      
      changing a gathering schedule or forcing an immediate gathering; and
      
      forcing an immediate relevance evaluation of advisories.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
BigFix, Inc. (International Business Machines Corporation)
Inventors
Lincroft, Peter, Loer, Peter Benjamin, Lippincott, Lisa Ellen, Hindawi, Orion Yosef, Brown, James Milton, Donoho, David Leigh, Hindawi, David Salim, Goodrow, Dennis S.
Primary Examiner(s)
Le; Thien M.
Assistant Examiner(s)
Mai; Thien T

Application Number

US10/495,109
Publication Number

US 20040243696A1
Time in Patent Office

2,541 Days
Field of Search

235/375, 235/376, 235/385, 709/206, 709/207, 709/223, 709/203, 709/204, 709/205, 715/853, 715/234, 707/3, 707/10, 707/200
US Class Current

235/376
CPC Class Codes

H04L 41/0893 Assignment of logical group...

H04L 41/0894 Policy-based network config...

Formalizing, diffusing, and enforcing policy advisories and monitoring policy compliance in the management of networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Formalizing, diffusing, and enforcing policy advisories and monitoring policy compliance in the management of networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links