Remote configuration of devices using a secure connection

US 7,975,030 B2
Filed: 05/09/2006
Issued: 07/05/2011
Est. Priority Date: 05/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method of configuring a remote device, said method comprising:

transmitting a device configuration request from said remote device to a remote server during a Mode-Config exchange between the remote device and the remote server,wherein the configuration request expands the Mode-Config exchange and is sent between phase 1 and phase 2 of the Mode-Config exchange during negotiation of a secure connection to the remote server comprising an Internet Key Exchange (IKE) to establish a Virtual Private Network (VPN) Tunnel,said configuration request comprising a request for two attributes comprising a location pointer independent of configuration commands and a configuration version identifier, wherein the location pointer points to a latest version of a device configuration file;

the configuration version identifier identifies the version of the device configuration file to which the location pointer is pointing;

wherein the configuration request is transparent to other remote server devices that do not recognize the configuration request;

in response to the device configuration request receiving a response at said remote device, in a Mode-Config reply, said configuration response comprising the location pointer independent of configuration commands wherein the configuration response is received using Mode-Config protocol in the Mode-Config reply;

retrieving said device configuration file from said location;

applying said device configuration file to said remote device to configure the remote device; and

responding to instructions from the remote server during the Mode-Config exchange to transmit additional present state data by sending a status update to the remote server including a version number of a device configuration currently running on a local operating system, resource availability and connected devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for configuring a remote device are described. In one embodiment, a method of configuring a remote device while negotiating a secure connection between the remote device and a central server is described. The method involves transmitting a configuration request from the remote device to the central server, including a request for a location to retrieve the latest configuration file from. The method also entails receiving a configuration response from the central server, with a pointer to such a location. The configuration file is retrieved from the indicated location, and applied to the remote device. The remote device sends general information about its configuration and status to the central server, using the secure connection.

37 Citations

View as Search Results

14 Claims

1. A method of configuring a remote device, said method comprising:
- transmitting a device configuration request from said remote device to a remote server during a Mode-Config exchange between the remote device and the remote server,wherein the configuration request expands the Mode-Config exchange and is sent between phase 1 and phase 2 of the Mode-Config exchange during negotiation of a secure connection to the remote server comprising an Internet Key Exchange (IKE) to establish a Virtual Private Network (VPN) Tunnel,said configuration request comprising a request for two attributes comprising a location pointer independent of configuration commands and a configuration version identifier, wherein the location pointer points to a latest version of a device configuration file;
  
  the configuration version identifier identifies the version of the device configuration file to which the location pointer is pointing;
  
  wherein the configuration request is transparent to other remote server devices that do not recognize the configuration request;
  
  in response to the device configuration request receiving a response at said remote device, in a Mode-Config reply, said configuration response comprising the location pointer independent of configuration commands wherein the configuration response is received using Mode-Config protocol in the Mode-Config reply;
  
  retrieving said device configuration file from said location;
  
  applying said device configuration file to said remote device to configure the remote device; and
  
  responding to instructions from the remote server during the Mode-Config exchange to transmit additional present state data by sending a status update to the remote server including a version number of a device configuration currently running on a local operating system, resource availability and connected devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said configuration request further comprises a request for a current version identifier related to said device configuration file.
  - 3. The method of claim 2, wherein said configuration response further comprises said current version identifier.
  - 4. The method of claim 3, further comprising:
    - comparing said current version identifier with one or more local version identifiers related to one or more local configuration profiles stored on said remote device.
  - 5. The method of claim 4, further comprising:
    - if said current version identifier matches one of said local version identifiers, applying said local configuration profile associated with said local version identifier.
  - 6. The method of claim 1, further comprising:
    - creating a checkpoint of a current configuration state of said remote device, before applying said device configuration file.

7. A system, comprising:
- a bus, for transmitting information;
  
  a processor coupled to said bus, for performing operations;
  
  an operating system running on said processor, for controlling said system;
  
  an external network connection coupled to said bus, for communicating with a remote server;
  
  a networking module, for negotiating a secure connection to the remote server during a Mode-Config negotiation, said operating system configured to;
  
  transmit a configuration request using Mode-Config protocol for a current device configuration file to said remote server to configure a local device, wherein the configuration request expands the Mode-Config negotiation and is sent between phase 1 and phase 2 of a Mode-Config exchange during the Mode-Config negotiation of the secure connection to the remote server comprising an Internet Key Exchange (IKE) to establish a Virtual Private Network (VPN) Tunnel, the configuration request comprising;
  
  a request for a location pointer independent of configuration commands that points to a latest version of a device configuration file; and
  
  a request for a configuration version identifier, the configuration version identifier for identifying the version of the device configuration file to which the location pointer is pointing; and
  
  said external network connection is configured to receive a pointer to said current device configuration file in response to the configuration request using the Mode-Config protocol during the Mode-Config exchange in a Mode-Config reply wherein the location pointer is independent of the configuration commands;
  
  said operating system is further configured to access a location indicated by said pointer, and respond to instructions from the remote server during the Mode-Config negotiation to transmit additional present state data by sending a status update to the remote server including a version number of a current device configuration, resource availability and connected devices;
  
  said external network connection is configured to receive said current device configuration file; and
  
  said processor is configured to perform one or more device configuration operations indicated by said current device configuration file;
  
  wherein the configuration request is transparent to other remote server devices that do not recognize the configuration request.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising:
    - a memory coupled to said bus, for storing a stored configuration profile, said stored configuration profile having an associated version number, wherein said external network connection receives a version identifier corresponding to said current device configuration file, and said processor compares said version identifier with said version number associated with said stored configuration profile.
  - 9. The system of claim 7, wherein said networking module is configured to establish a secure connection to said remote server.
  - 10. The system of claim 9, wherein said secure connection is in compliance with IPSec networking protocol.
  - 11. The system of claim 7, wherein said request is formatted as a Mode-Config parameter.
  - 12. The system of claim 7, wherein said pointer is formatted as a Mode-Config parameter.

13. A network hub for configuring a spoke device of a hub-spoke network, said network hub comprising:
- a receiver for receiving a discrete configuration request from the spoke device during a Mode-Config exchange to negotiate a secure connection between the spoke device and the network hub, the discrete request comprising a request for two attributes comprising a device configuration pointer and a description of a version of a device configuration corresponding to the pointer;
  
  wherein the discrete configuration request expands the Mode-Config exchange and is sent between phase 1 and phase 2 of the Mode-Config exchange during negotiation of the secure connection to the spoke device comprising an Internet Key Exchange (IKE) to establish a Virtual Private Network (VPN) Tunnel;
  
  a transmitter for transmitting the configuration pointer and the description of the version of the configuration from said network hub;
  
  wherein the secure connection is established independent of transmitting configuration commands as part of the negotiation of the secure connection;
  
  wherein the hub is further configured to send a request to the spoke device during the Mode-Config exchange for a status update including a version number of a device configuration currently running on a hub operating system, resource availability or connected devices, or combinations thereof;
  
  wherein the receiver is further configured for receiving a state report from said spoke device;
  
  wherein the state report includes a version number of a configuration currently running on the spoke device; and
  
  wherein the configuration request is transparent to other remote server devices that do not recognize the configuration request.
- View Dependent Claims (14)
- - 14. The network hub of claim 13, wherein said secure connection comprises an IPSec Virtual Private Network (VPN) connection between said network hub and said spoke device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Saeed, Arshad, Gohstand, Jonathan, Fanning, Scott
Primary Examiner(s)
Moore; Ian N
Assistant Examiner(s)
Huynh; Dung B

Application Number

US11/431,278
Publication Number

US 20070266121A1
Time in Patent Office

1,883 Days
Field of Search

None
US Class Current

709/220
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0806   for initial configuration o...

H04L 41/0843   based on generic templates

H04L 41/0846   based on copy from other el...

H04L 41/0859   by keeping history of diffe...

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

Remote configuration of devices using a secure connection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Remote configuration of devices using a secure connection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links