Virtual private network management
First Claim
Patent Images
1. A method for managing Virtual Private Network (VPN) devices, the method comprising:
- maintaining in a first centralized VPN Information Provider (VIP), multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device,providing, from the first centralized VIP to a first VPN device belonging to the first VPN, VPN configuration of at least one other VPN device of another organization participating in the first VPN, the VPN configuration being one of said multiple VPN configurations, andmanaging a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.
8 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a centralized VPN management of a plurality of VPN sites by means of a VPN Information Provider (VIP). Management of a VPN device is distributed so that at least part of the VPN configuration is centrally managed without giving away control of the firewall rulebase or other critical local configuration used in the VPN device.
39 Citations
25 Claims
-
1. A method for managing Virtual Private Network (VPN) devices, the method comprising:
-
maintaining in a first centralized VPN Information Provider (VIP), multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device, providing, from the first centralized VIP to a first VPN device belonging to the first VPN, VPN configuration of at least one other VPN device of another organization participating in the first VPN, the VPN configuration being one of said multiple VPN configurations, and managing a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for managing Virtual Private Network (VPN) devices, the method comprising:
-
maintaining in a first centralized VPN Information Provider (VIP), multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device, maintaining in a second VPN Information Provider (VIP) VPN configurations of VPN devices belonging to a second VPN, providing to a first VPN device belonging to the first and second VPNs, VPN configuration of at least one other VPN device belonging to the first centralized VPN from the first VIP and VPN configuration of at least one other VPN device belonging to the second VPN from the second VIP, and managing a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for handling Virtual Private Network (VPN) configuration, the method comprising:
-
maintaining in a first centralized VPN Information Provider, VIP, multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device, providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the first centralized VIP, receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device of another organization participating in the first VPN, sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request, and managing a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.
-
-
22. A system for managing Virtual Private Network (VPN) devices, the system comprising:
-
at least two VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in said VPN with at least one device, a first centralized VPN Information Provider (VIP) system maintaining VPN configurations of VPN devices belonging to the first VPN, at least one other management system separate from the first centralized VIP managing a subset of security aspects of said VPN devices belonging to the first VPN, when said a subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN, while the VPN devices are adapted to receive from the at least one other management system, a first part of VPN configuration, and from the VIP, a second part of VPN configuration, which comprises VPN configuration of at least one other VPN device of another organization participating in the first VPN. - View Dependent Claims (23)
-
-
24. A Virtual Private Network (VPN) Information Provider (VIP) apparatus comprising:
-
a mechanism for maintaining VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in said VPN with at least one device, a mechanism for providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the VIP, a mechanism for receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device of another organization participating in the first VPN, a mechanism for sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device as a response to the request, and a mechanism for managing a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.
-
-
25. A computer-readable memory device, comprising program code which, when executed on a computer device, causes the computer device to provide a Virtual Private Network (VPN) Information Provider (VIP) functionality comprising:
-
maintaining in a first centralized VIP, multiple VPN configurations of VPN devices belonging to a first VPN, wherein more than one organization or VPN site is participating in the first VPN with at least one device, providing to VPN devices belonging to the first VPN, information about the VPN configurations maintained in the first centralized VIP, receiving from a first VPN device belonging to the first VPN, a request for VPN configuration of another VPN device of another organization participating in the first VPN, sending to said first VPN device belonging to the first VPN, the VPN configuration of the other VPN device of the other organization as a response to the request, and managing a subset of security aspects of said first VPN device belonging to the first VPN from at least one other management system separate from the first centralized VIP, wherein said subset of security aspects should not be shared by all organizations, VPN sites or VPN devices belonging to the first VPN.
-
Specification