Method and apparatus for network wide policy-based analysis of configurations of devices
First Claim
1. A computer implemented method performed by an analysis platform including a processor and a memory programmed to perform the method, the method comprising:
- determining by the analysis platform a plurality of network devices within a network arranged in a network topology, wherein the plurality of network devices includes a first application server hosting a first application; and
a client computer hosting a client application;
receiving by the analysis platform a policy for the network, wherein the policy comprises requirements; and
wherein the requirements include a description of a first set of required network traffic associated with the first application server, the first application, the client computer and the client application;
receiving by the analysis platform a plurality of configuration files associated with the plurality of network devices in the processor;
building by the analysis platform an internal software configuration model of the network using the plurality of configuration files, the model comprising a plurality of network paths between at least one network gateway, the first application server and the client computer;
analyzing the software network configuration model against the network policy, comprising;
simulating, by the analysis platform, actions of the at least one network gateway relating to packets relating to the first set of required network traffic, comprising a request sent from the first client computer to the first application server; and
simulating, by the analysis platform, a configuration of the first application server by preparing a response to the request and simulating the actions of the at least one network gateway when the response is sent from the fist application server to the first client computerdetermining by the analysis platform when the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy; and
generating by the analysis platform a report indicating whether the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy.
9 Assignments
0 Petitions
Accused Products
Abstract
A method for a computer system includes determining network devices within a network topology, wherein the network devices includes a first application server hosting a first application, receiving a policy for the network comprising requirements of a first application server including a description of a set of required network traffic, receiving a plurality of configuration files associated with the plurality of network devices, determining a network configuration model in response to the plurality of configuration files, computing network traffic on all network paths to and from the first application server to determine a plurality of computed paths, determining if the network traffic includes at least the set of required network traffic associated with the first server, and generating a report indicating whether the network traffic includes at least the set of required network traffic.
-
Citations
29 Claims
-
1. A computer implemented method performed by an analysis platform including a processor and a memory programmed to perform the method, the method comprising:
-
determining by the analysis platform a plurality of network devices within a network arranged in a network topology, wherein the plurality of network devices includes a first application server hosting a first application; and
a client computer hosting a client application;receiving by the analysis platform a policy for the network, wherein the policy comprises requirements; and
wherein the requirements include a description of a first set of required network traffic associated with the first application server, the first application, the client computer and the client application;receiving by the analysis platform a plurality of configuration files associated with the plurality of network devices in the processor; building by the analysis platform an internal software configuration model of the network using the plurality of configuration files, the model comprising a plurality of network paths between at least one network gateway, the first application server and the client computer; analyzing the software network configuration model against the network policy, comprising; simulating, by the analysis platform, actions of the at least one network gateway relating to packets relating to the first set of required network traffic, comprising a request sent from the first client computer to the first application server; and simulating, by the analysis platform, a configuration of the first application server by preparing a response to the request and simulating the actions of the at least one network gateway when the response is sent from the fist application server to the first client computer determining by the analysis platform when the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy; and generating by the analysis platform a report indicating whether the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An analysis platform comprising:
-
a memory storing a network topology of a network including a plurality of network devices, wherein the plurality of network devices includes a first application on a first application host, a client application on a client computer and wherein the memory stores a policy associated with the network, wherein the policy comprises requirements, wherein the requirements include a description of a first required set of network traffic associated with the first application, the first application server, the client application and the client computer and wherein the memory stores a plurality of configuration data for at least some of the plurality of network devices; and a processor coupled to the memory, wherein the processor is configured to; build an internal software configuration model of the network using the plurality of configuration data, the model comprising a plurality of network paths between at least one network gateway, the first application server and the client computer; analyze the software network configuration model against the network policy, comprising;
simulating actions of the at least one network gateway relating to packets relating to the first set of required network traffic, comprising a request sent from the first client computer to the first application server; and
simulating a configuration of the first application server by preparing a response to the request and simulating the actions of the at least one network gateway when the response is sent from the fist application server to the first client computerdetermine when the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy; and generate a report indicating whether the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product embodied in a non-transitory medium for a computer system including a memory comprising:
-
code that directs a processor to determine a network topology in response to a network topology and in response to user input; code that directs the processor to determine a plurality of network devices within a network arranged in the network topology, wherein the plurality of network devices includes a first application on a first application server, and a client computer hosting a client application; code that directs the processor to receive a policy for the network, wherein the policy comprises requirements associated with the first application server, wherein the requirements include a description of a first set of required network traffic; code that directs the processor to receive a plurality of configuration data associated with the plurality of network devices; code that directs the processor to build an internal software configuration model of the network using the plurality of configuration data, the model comprising a plurality of network paths between at least one network gateway, the first application server and the client computer; code that directs the processor to analyze the software network configuration model against the network policy, comprising;
simulating, by the analysis platform, actions of the at least one network gateway relating to packets relating to the first set of required network traffic, comprising a request sent from the first client computer to the first application server; and
simulating, by the analysis platform, a configuration of the first application server by preparing a response to the request and simulating the actions of the at least one network gateway when the response is sent from the fist application server to the first client computer;code that directs the processor to determine when the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy; and code that directs the processor to generate a report indicating whether the simulated actions of the plurality of network gateways processed the set of required network traffic as required by the policy. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification