Virtual private network management

US 8,019,850 B2
Filed: 07/29/2009
Issued: 09/13/2011
Est. Priority Date: 10/05/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing Virtual Private Network (VPN) devices, the method comprising:

maintaining in a first centralized VPN Information Provider (VIP), multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device,providing, from the first centralized VIP to a first VPN device belonging to the first VPN, VPN configuration of at least one other VPN device of another organization participating in the first VPN, the VPN configuration being one of said multiple VPN configurations, andmanaging a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a centralized VPN management of a plurality of VPN sites by means of a VPN Information Provider (VIP). Management of a VPN device is distributed so that at least part of the VPN configuration is centrally managed without giving away control of the firewall rulebase or other critical local configuration used in the VPN device.

39 Citations

View as Search Results

25 Claims

1. A method for managing Virtual Private Network (VPN) devices, the method comprising:
- maintaining in a first centralized VPN Information Provider (VIP), multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device,providing, from the first centralized VIP to a first VPN device belonging to the first VPN, VPN configuration of at least one other VPN device of another organization participating in the first VPN, the VPN configuration being one of said multiple VPN configurations, andmanaging a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said VPN configuration of at least one other VPN device is provided from the centralized VIP to said first VPN device via said at least one other management system.
  - 3. The method of claim 1, wherein said VPN configuration of at least one other VPN device is provided from the centralized VIP directly to said first VPN device.
  - 4. The method of claim 1, further comprising:
    - defining said VPN configurations of said VPN devices belonging to the first VPN in said at least one other management system, andproviding said VPN configurations to the first centralized VIP for maintenance.
  - 5. The method of claim 1, further comprising:
    - defining said VPN configurations of said VPN devices belonging to the first VPN in the first centralized VIP, andproviding said VPN configurations to respective VPN devices.
  - 6. The method of claim 1, wherein the providing of VPN configuration of at least one other VPN device belonging to the first VPN comprises:
    - sending to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the first centralized VIP,receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device belonging to the first VPN, andsending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request.
  - 7. The method of claim 6, wherein said information about the VPN configurations maintained in the first centralized VIP is a set of addresses included in the first VPN, said request from the first VPN device comprises an address included in the first VPN, and said other VPN device is identified in the first centralized VIP by finding a VPN device related to said address.
  - 8. The method of claim 6, wherein said information about the VPN configurations maintained in the first centralized VIP is a set of addresses included in the first VPN, and said information is sent after a change in the set of addresses included in the first VPN, or after a predefined time has elapsed since the information was sent the last time.
  - 9. The method of claim 1, wherein the providing of VPN configuration of at least one other VPN device belonging to the first VPN comprises:
    - sending to VPN devices belonging to the first VPN, VPN configurations maintained in the first centralized VIP.
  - 10. The method of claim 9, wherein said VPN configurations maintained in the first centralized VIP are sent after a new VPN configuration has been added to the VIP, after an old VPN configuration has been removed from the first centralized VIP, after a VPN configuration of at least one VPN device has been changed in the first centralized VIP, or after a predefined time has elapsed since the configurations were sent the last time.

11. A method for managing Virtual Private Network (VPN) devices, the method comprising:
- maintaining in a first centralized VPN Information Provider (VIP), multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device,maintaining in a second VPN Information Provider (VIP) VPN configurations of VPN devices belonging to a second VPN,providing to a first VPN device belonging to the first and second VPNs, VPN configuration of at least one other VPN device belonging to the first centralized VPN from the first VIP and VPN configuration of at least one other VPN device belonging to the second VPN from the second VIP, andmanaging a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein said configuration of at least one other VPN device is provided to said first VPN device via at least one other management system.
  - 13. The method of claim 11, wherein said configuration of at least one other VPN device is provided directly to said first VPN device.
  - 14. The method of claim 11, further comprising:
    - defining said VPN configurations of said VPN devices belonging to the first and second VPNs in at least one other management system, andproviding said VPN configurations to the VIPs for maintenance.
  - 15. A method of claim 11, further comprising:
    - defining said VPN configurations of said VPN devices belonging to the first VPN in the first centralized VIP and said VPN configurations of said VPN devices belonging to the second VPN in the second VIP, andproviding said VPN configurations to respective VPN devices.
  - 16. The method of claim 11, wherein the providing of VPN configuration of at least one other VPN device belonging to the first VPN from the first VIP and VPN configuration of at least one other VPN device belonging to the second VPN from the second VIP comprises:
    - sending to VPN devices belonging to a VPN, information about the VPN configurations maintained in the respective VIP,receiving from a first VPN device belonging to the VPN, a request for VPN configuration of another VPN device belonging to the VPN, andsending to said first VPN device belonging to the VPN, the VPN configuration of the other VPN device as a response to the request.
  - 17. The method of claim 16, wherein said information about the VPN configurations maintained in the VIP is a set of addresses included in the first VPN, said request from the first VPN device comprises an address included in the first VPN, and said other VPN device is identified in the VIP by finding a VPN device related to said address.
  - 18. The method of claim 16, wherein said information about the VPN configurations maintained in the first centralized VIP is a set of addresses included in the first VPN, and said information is sent after a change in the set of addresses included in the first VPN, or after a predefined time has elapsed since the information was sent the last time.
  - 19. The method of claim 11, wherein the providing of VPN configuration of at least one other VPN device belonging to the first VPN from the first centralized VIP and VPN configuration of at least one other VPN device belonging to the second VIP comprises sending to VPN devices belonging to a VPN, VPN configurations maintained in the respective VIP.
  - 20. A method of claim 19, wherein said VPN configurations maintained in the first centralized VIP are sent after a new VPN configuration has been added to the first centralized VIP, after an old VPN configuration has been removed from the first centralized VIP, after a VPN configuration of at least one VPN device has been changed in the first centralized VIP, or after a predefined time has elapsed since the configurations were sent the last time.

21. A method for handling Virtual Private Network (VPN) configuration, the method comprising:
- maintaining in a first centralized VPN Information Provider, VIP, multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device,providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the first centralized VIP,receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device of another organization participating in the first VPN,sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request, andmanaging a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.

22. A system for managing Virtual Private Network (VPN) devices, the system comprising:
- at least two VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in said VPN with at least one device,a first centralized VPN Information Provider (VIP) system maintaining VPN configurations of VPN devices belonging to the first VPN,at least one other management system separate from the first centralized VIP managing a subset of security aspects of said VPN devices belonging to the first VPN, when said a subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN, whilethe VPN devices are adapted to receive from the at least one other management system, a first part of VPN configuration, and from the VIP, a second part of VPN configuration, which comprises VPN configuration of at least one other VPN device of another organization participating in the first VPN.
- View Dependent Claims (23)
- - 23. The system of claim 22, wherein the first part of configuration comprises VPN configuration and/or access rule configuration.

24. A Virtual Private Network (VPN) Information Provider (VIP) apparatus comprising:
- a mechanism for maintaining VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in said VPN with at least one device,a mechanism for providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the VIP,a mechanism for receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device of another organization participating in the first VPN,a mechanism for sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request, anda mechanism for managing a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.

25. A computer-readable memory device, comprising program code which, when executed on a computer device, causes the computer device to provide a Virtual Private Network (VPN) Information Provider (VIP) functionality comprising:
- maintaining in a first centralized VIP, multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device,providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the first centralized VIP,receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device of another organization participating in the first VPN,sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device of the other organization as a response to the request, andmanaging a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Stonesoft Corporation
Inventors
Jalava, Mika
Primary Examiner(s)
Boutah; Alina N.

Application Number

US12/511,124
Publication Number

US 20090287810A1
Time in Patent Office

776 Days
Field of Search

709/223, 709/201, 709/229
US Class Current

709/223
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/00   Arrangements for maintenanc...

H04L 41/40   using virtualisation of net...

H04L 63/0272   Virtual private networks

Virtual private network management

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network management

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links