Cluster architecture and configuration for network security devices
First Claim
1. A non-transitory computer-readable storage medium comprising instructions configured to cause a computing device to perform a method for adding a computing device to a cluster of computing devices, the method comprising:
- discovering the computing device on a communication network;
transmitting a device-specific configuration to the computing device comprising cluster configuration data and a role assignment;
verifying that the computing device has implemented the device-specific configuration in response to transmitting the device-specific configuration;
cryptographically verifying a license of the computing device; and
verifying licensed services provided by the computing devices in the cluster by logically combining licensed services of the verified license of the computing device with licensed services of a license of another computing device in the cluster.
10 Assignments
0 Petitions
Accused Products
Abstract
A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.
42 Citations
31 Claims
-
1. A non-transitory computer-readable storage medium comprising instructions configured to cause a computing device to perform a method for adding a computing device to a cluster of computing devices, the method comprising:
-
discovering the computing device on a communication network; transmitting a device-specific configuration to the computing device comprising cluster configuration data and a role assignment; verifying that the computing device has implemented the device-specific configuration in response to transmitting the device-specific configuration; cryptographically verifying a license of the computing device; and verifying licensed services provided by the computing devices in the cluster by logically combining licensed services of the verified license of the computing device with licensed services of a license of another computing device in the cluster. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 29)
-
-
15. A system comprising:
-
a cluster comprising a plurality of computing devices; a cluster network interface, communicatively coupling the plurality of computing devices in the cluster; and a cluster management module implemented on one of the cluster computing devices, the cluster management module configured to, upon discovering a new computing device, determine a role of the new computing device in the cluster, transmit a device-specific configuration to the new computing device comprising a cluster configuration and the determined role, cryptographically verify a license of the new computing device, and to verify licensed services provided by the computing devices in the cluster by logically combining licensed services of the verified license of the new computing device with licensed services of another computing device in the cluster. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 30)
-
-
24. A method for adding a computing device to a cluster comprising a plurality of computing devices, each of the computing devices comprising a processor, memory, and communications interface communicatively coupled to a cluster network, the method comprising:
-
discovering a new computing device on the cluster network; receiving device-identifying information pertaining to the new computing device via the cluster network; generating a device-specific configuration for the new computing device using the device-identifying information; transmitting the device-specific configuration to the new computing device via the cluster network; verifying implementation of the device-specific configuration by the new computing device; cryptographically verifying a license of the new computing device; and verifying licensed services provided by the computing devices in the cluster by logically combining licensed services of the verified license of the new computing device with licensed services of a license of another computing device in the cluster. - View Dependent Claims (25, 26, 27, 28, 31)
-
Specification