×

Automated configuration of network devices administered by policy enforcement

  • US 8,458,301 B1
  • Filed: 10/29/2010
  • Issued: 06/04/2013
  • Est. Priority Date: 10/30/2009
  • Status: Active Grant
First Claim
Patent Images

1. A system for automated configuration of devices within a network by policy enforcement comprising:

  • A server having;

    a configuration module located at said server for initialization and configuration of a network;

    a discovery module located at said server for discovery initialization of network infrastructure devices (NIDs) on said network;

    an action module located at said server for action management of NIDs on said network;

    a role module located at said server for role management characterizing said NIDs, interfaces, users, and endpoints on said network;

    a profiling module located at said server for device profiling, identifying types of said endpoints connected to said NIDs on said network;

    an external policy module located at said server for external policy notification whereby systems external to said network are configured to inform said system with events and alerts;

    a compliance module located at said server for compliance of endpoints on said network by agent security policy; and

    a correlation engine module located at said server for determining actions to apply to said NI Ds when trigger events occur, wherein said correlation comprises;

    gathering connection time, endpoint status, identity of user logged into said endpoint, identity of endpoint owner and point of access NID or port role;

    if said NID is configured for interface-based actions, most secure status representing all endpoints connected to said interface is computed, and if statusor role has action defined, and endpoint NID has same action applied, no action is taken;

    if said NID is configured for said interface-based actions, said most secure status representing all said endpoints connected to said interface is computed, and if said status or role has action defined, and said endpoint NID does not have same action applied, and if said endpoint NID does not have previous action applied, set action is executed and undo action parameters are saved;

    if said NID is configured for said interface-based actions, said most secure status representing all said endpoints connected to said interface is computed, and if said status or role has action defined, and said endpoint NID does not have same action applied, and if said endpoint NID does have previous action applied, undo action is executed using saved parameters, and set action is executed and undo action parameters are saved;

    if said NID is configured for said interface-based actions, said most secure status representing all endpoints connected to said interface is computed, andif neither said status nor role has action defined, and said endpoint NID does not have previous action applied, no action is taken;

    if said NID is configured for said interface-based actions, said most secure status representing all said endpoints connected to said interface is computed, and if neither said status nor role has action defined, and said endpoint NID does have previous action applied, undo action is executed using saved parameters;

    if said NID is configured for client-based actions, use individual endpoint status and if status or role has action defined, and endpoint NID has same action applied, no action is taken;

    if said NID is configured for said client-based actions, said individual endpoint status is used and if said status or role has action defined, and said endpoint NID does not have same action applied, and if said endpoint NID doesnot have previous action applied, set action is executed and undo action parameters are saved;

    if said NID is configured for said client-based actions, said individual endpoint status is used and if said status or role has action defined, and said endpoint NID does not have same action applied, and if said endpoint NID does have previous action applied, undo action is executed using saved parameters, and set action is executed and undo action parameters are saved;

    if said NID is configured for said client-based actions, use said individual endpoint status and if neither said status nor said role has action defined, and said endpoint NID does not have previous action applied, no action is taken; and

    if said NID is configured for said client-based actions, use said individual endpoint status and if neither said status nor said role has action defined, and said endpoint NID does have previous action applied, undo action is executed using saved parameters;

    whereby said system controls connections between said endpoint devices and users with network infrastructure and information technology (IT) resources of said network.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×