Formalizing, diffusing, and enforcing policy advisories and monitoring policy compliance in the management of networks
First Claim
1. An apparatus for formalizing, diffusing and enforcing policy advisories and for monitoring policy compliance in the management of networks of computational devices, comprising:
- a unified management interface;
a plurality of distributed clients, each of which runs on a corresponding networked computational device, wherein each of said distributed clients determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of a computational device on which said distributed client runs;
a central server coupled to a central database, said central server for coordinating relay of information to and from individual computational devices, storing and retrieving information about individual computational devices and presenting information to a system administrator via said unified management interface, said central server comprising;
a registration server, wherein said registration server processes registration requests from distributed clients;
a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and
an action server, wherein said action server receives action requests from said management console serves them up to individual distributed clients;
at least one advice server providing a plurality of advisories directly to said distributed clients;
a protocol for diffusing queries across the network;
wherein said management interface conveys reports to said administrator received from said distributed clients via said central server; and
wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto.
4 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for centralized policy management of large-scale networks (221) of computational devices is disclosed. The apparatus includes a number of distributed clients (400) run on registered computers (201-203), gathering policy advisories (401) and reporting (405) relevance (403) to a system administrator (224). The system administrator may view the relevant messages (505) through a management interface (500) and deploy suggested actions to distributed clients (503), where the actions are executed to apply the solutions of the advisories (408).
69 Citations
26 Claims
-
1. An apparatus for formalizing, diffusing and enforcing policy advisories and for monitoring policy compliance in the management of networks of computational devices, comprising:
-
a unified management interface; a plurality of distributed clients, each of which runs on a corresponding networked computational device, wherein each of said distributed clients determines relevance of an advice message by evaluating a relevance clause of said advice message, while automatically retrieving properties of a computational device on which said distributed client runs; a central server coupled to a central database, said central server for coordinating relay of information to and from individual computational devices, storing and retrieving information about individual computational devices and presenting information to a system administrator via said unified management interface, said central server comprising; a registration server, wherein said registration server processes registration requests from distributed clients; a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and an action server, wherein said action server receives action requests from said management console serves them up to individual distributed clients; at least one advice server providing a plurality of advisories directly to said distributed clients; a protocol for diffusing queries across the network; wherein said management interface conveys reports to said administrator received from said distributed clients via said central server; and wherein said advisories formally target specific states of a computational device and formally specify actions to take in response thereto. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A communication method for managing network policy for networks of computational device, comprising the steps of:
-
registering a plurality of computers to a central server by a plurality of distributed clients, each of said plurality of distributed clients running on one of said computers, said central server comprising; a registration server, wherein said registration server processes registration requests from distributed clients; a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and an action server, wherein said action server receives action requests from said management console serves them up to individual distributed clients; subscribing said distributed clients to a plurality of advice provider sites for each registered computer by a network administrator using a unified management interface; gathering by each of said plurality of clients a plurality of advisories from said advice provider sites for each registered computer, wherein each of said advisories comprises;
a relevance clause written in a formal descriptive language to specify criteria determining when said advisory is relevant;
a message providing explanatory material explaining said advisory; and
an action providing a solution which can be deployed by said central server from a management interface and executed;reporting relevance of said advisories from said advice provider sites for each registered computer to said network administrator using said unified management interface by means of said central server; viewing said advisories by a system administrator with a unified management interface; deploying selected actions to a selected group of computers by said system administrator to said central server with said management interface by means of said central server; and performing deployed actions by said distributed clients running on said registered computer to apply solutions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A distributed client for a computer in a network policy management system for networks of computational devices, comprising:
-
means for gathering advisories from a plurality of advice provider sites; means for determining relevance of said advisories, wherein each of said advisories comprises; a relevance clause written in a formal descriptive language to specify criteria determining when said advisory is relevant; a message providing explanatory material explaining said advisory; and an action providing a solution; means for reporting relevance to a central server coupled to a central database, said central server for coordinating relay of information to and from individual computational devices, storing and retrieving information about individual computational devices and presenting information to a system administrator via a unified management interface, said central server comprising; a registration server, wherein said registration server processes registration requests from distributed clients; a reporting server, wherein said reporting server process reports of relevance events from individual computers and passes them on to the central database; and an action server, wherein said action server receives action requests from said management console serves them up to individual distributed client; and means for gathering actions from said central server; wherein said distributed client gathers advisories from said plurality of advice provider sites with said means for gathering advisories, and wherein said distributed client determines relevance of said advisories with said means for determining relevance and wherein said distributed client may report relevant advisories by said means for reporting. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification