Security policy management for network devices
First Claim
Patent Images
1. A method for automatically provisioning a plurality of computing devices in accordance with established policies, the method comprising the steps of:
- creating a plurality of templates reflecting said policies;
expanding at least one template at a central location to create a document comprising expanded information; and
sending from the central location the document comprising the expanded information to said plurality of computing deviceswherein each of the plurality of templates includes a conditional statement that determines whether a template is to be expanded with predetermined information on the basis of whether or not the computing device to which said expanded information is to be provided meets the condition.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for use within a computer network that allows for automated provisioning, configuration, and maintenance of the servers and other devices connected to a computer network in accordance with established policies. This system and method make use of templates which represent security polices which are applicable to all devices within the system, a subset of the devices, or a particular type of device. In addition, the template structure includes conditional statements which allows for flexibility in defining the policies.
17 Citations
34 Claims
-
1. A method for automatically provisioning a plurality of computing devices in accordance with established policies, the method comprising the steps of:
-
creating a plurality of templates reflecting said policies; expanding at least one template at a central location to create a document comprising expanded information; and sending from the central location the document comprising the expanded information to said plurality of computing devices wherein each of the plurality of templates includes a conditional statement that determines whether a template is to be expanded with predetermined information on the basis of whether or not the computing device to which said expanded information is to be provided meets the condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for automatically provisioning a plurality of computing devices in accordance with established policies, the system comprising:
-
a database system which stores a plurality of templates which reflect said polices; a plurality of agents which are respectively resident on each of said plurality of computing devices, and which communicate with said database system to obtain information with regard to provisioning and maintenance of the respective computing devices; and a communications gateway through which communication messages are exchanged between said agents and said database system, wherein said communications gateway is configured to; retrieve individual ones of the plurality of templates; expand the retrieved templates to create respective documents containing combined template information and expanded information; and provide the documents containing the combined template information and expanded information to said plurality of agents; wherein at least one of the templates are configured to selectably incorporate a policy defined only by a different template. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of controlling user access to networked computing devices, comprising the steps of:
-
storing a plurality of templates that identify user-access policies for respective ones of said devices, at least one of said templates including a reference to information that is external to the template; retrieving a template that pertains to a given one of said devices and creating a document at a central location comprising a listing of users identified in said template and users identified by any externally referenced information; and sending said document from said central location to the given one of said devices; configuring at least one of the templates to selectably incorporate a policy defined only by a different template. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for controlling user access to networked computing devices, comprising the steps of:
-
storing a plurality of templates that identify user-access policies for respective ones of said devices, at least one of said templates including a conditional statement; retrieving a template that pertains to a given one of said devices and creating a document at a central location comprising a listing of users identified in said template, and users identified in any conditional statement if said given device meets the condition; and sending said document from said central location to the given one of said devices; configuring at least one of the templates to selectably incorporate a policy defined only by a different template. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification