Systems and methods for management of nodes across disparate networks

US 8,555,371 B1
Filed: 07/17/2009
Issued: 10/08/2013
Est. Priority Date: 07/17/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a management system disposed within a first protected network, wherein the management system is operable to provide management operations with respect to a plurality of network nodes, the management operations comprising at least one management operation selected from the group consisting of scheduling use of a network node, updating software of a network node, and configuring a network node;

at least one network node disposed within a second protected network;

a router device communicatively coupled with said second protected network, wherein said router device identifies one or more of the at least one network node for which management permission is granted to the management system; and

a manager support device disposed within the first protected network, wherein the manager support device receives identification of said one or more network nodes for which management permission is granted to the management system and assigns each of said one or more network nodes of the second protected network a localized address on the first protected network such that the one or more network nodes appear to the management system as residing on the first protected network and are accessible to the management system via their respective localized addresses assigned by the manager support device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed generally to systems and methods for management of nodes, such as multimedia communication endpoints and/or intermediary devices, residing across disparate networks. Embodiments of the present invention provide systems and methods for managing by a centralized management system nodes residing on disparate protected networks, such as for managing such operations as scheduling, configuring, updating software, etc., nodes such as multimedia communication endpoints (e.g., videoconferencing endpoint devices and/or other multimedia communication devices) and/or intermediary devices (e.g., routers, switches, hubs, etc.). Further, embodiments of the present invention provide systems and methods for transmitting management data between a centralized management system and nodes on disparate protected networks without sacrificing security desired by each network and in a manner that is not administratively burdensome.

Citations

29 Claims

1. A system comprising:
- a management system disposed within a first protected network, wherein the management system is operable to provide management operations with respect to a plurality of network nodes, the management operations comprising at least one management operation selected from the group consisting of scheduling use of a network node, updating software of a network node, and configuring a network node;
  
  at least one network node disposed within a second protected network;
  
  a router device communicatively coupled with said second protected network, wherein said router device identifies one or more of the at least one network node for which management permission is granted to the management system; and
  
  a manager support device disposed within the first protected network, wherein the manager support device receives identification of said one or more network nodes for which management permission is granted to the management system and assigns each of said one or more network nodes of the second protected network a localized address on the first protected network such that the one or more network nodes appear to the management system as residing on the first protected network and are accessible to the management system via their respective localized addresses assigned by the manager support device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1 wherein said one or more network nodes comprise at least one videoconferencing endpoint device.
  - 3. The system of claim 1 wherein the manager support device is configured to receive communication from said management system that is directed to a localized address of said one or more network nodes.
  - 4. The system of claim 3 wherein the manager support device is configured to transmit the received communication to a centralized controller device that resides outside said first protected network;
    - and wherein said centralized controller device directs said communication to said router device.
  - 5. The system of claim 3 wherein the manager support device is configured to encapsulate the received communication into a single-port communication protocol, thereby resulting in an encapsulated communication, and wherein the manager support device is configured to transmit the encapsulated communication.
  - 6. The system of claim 5 wherein said single-port communication protocol is acceptable by a TCP port.
  - 7. The system of claim 5 wherein said single-port communication protocol is acceptable by any of a plurality of different TCP ports.
  - 8. The system of claim 5 wherein said encapsulated communication traverses a firewall of the second protected network.
  - 9. The system of claim 1 wherein the manager support device is configured to convert the received communication into a proprietary protocol that is recognized by the manager support device and the router device.
  - 10. The system of claim 9 wherein the manager support device is configured to encapsulate the converted communication into a single-port communication protocol, thereby resulting in an encapsulated communication, and wherein the manager support device is configured to transmit the encapsulated communication.
  - 11. The system of claim 9 wherein the manager support device is configured to encrypt the converted communication and encapsulate the encrypted communication into a single-port communication protocol, thereby resulting in an encapsulated communication, and wherein the manager support device is configured to transmit the encapsulated communication.

12. A method for communicating management information between a centralized management system residing on a first network and network nodes residing on disparate protected networks, the method comprising:
- identifying, by router devices residing on as plurality of disparate protected networks, one or more network nodes on the disparate protected networks for which management permission is granted to a centralized management system, wherein the centralized management system is operable to provide management operations with respect to the one or more network nodes, the management operations comprising at least one management operation selected from the group consisting of scheduling use of a network node, updating software of a network node, and configuring as network node;
  
  determining, by a manager support device residing on a same network as the centralized management system, a localized address for each of the identified network nodes so that the identified, network nodes appear to the centralized management system as though they reside on the same network as the centralized management system and are accessible to the centralized management system via their respective localized addresses assigned by the manager support device;
  
  receiving, by the manager support device, communication from the centralized management system that is directed to a localized address of one of the identified network nodes;
  
  identifying one of the router devices that resides on the disparate protected network on which the network node to which the received communication is directed resides; and
  
  transmitting the communication to the identified router device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 13. The method of claim 12 wherein said identifying one of the router devices comprises:
    - identifying by the endpoint manager device, said one of the router devices.
  - 14. The method of claim 12 further comprising:
    - transmitting from the manager support device to a centralized controller that resides outside said first network the communication received by the manager support device from the centralized management system; and
      
      wherein said identifying one of the router devices comprises identifying, by the centralized controller, said one of the router devices.
  - 15. The method of claim 12 wherein said transmitting comprises:
    - transmitting the communication from the manager support device to a centralized controller that resides outside said first network; and
      
      transmitting the communication from the centralized controller to the identified router device.
  - 16. The method of claim 12 further comprising:
    - converting, by the manager support device, the received communication into a proprietary protocol that is known by the manager support device and the identified router device;
      
      encrypting, by the manager support device, the converted communication; and
      
      encapsulating, by the manager support device, the encrypted communication into a single-port communication protocol that is acceptable by a single TCP port.
  - 17. The method of claim 16 further comprising:
    - receiving, at the identified router device, the encapsulated communication.
  - 18. The method of claim 17 further comprising:
    - decapsulating, by the identified router device, the received encapsulated communication;
      
      decrypting, by the identified router device, the encrypted communication; and
      
      converting, by the identified router device, the decrypted communication from the proprietary protocol into an original protocol used by the centralized management system.
  - 19. The method of claim 12 further comprising:
    - sending the communication from the identified router to the network node to which the communication was directed by the management system.
  - 20. The method of claim 12 further comprising:
    - encapsulating, by the manager support device, the received communication into a single-port communication protocol that is acceptable by a single TCP port.
  - 21. The method of claim 20 wherein the encapsulated communication is transmitted from the manager support device to the identified router device in said transmitting operation.
  - 22. The method of claim 21 wherein said encapsulated communication traverses one or more firewalls.
  - 23. The method of claim 22 further comprising:
    - receiving, at the identified router device, the encapsulated communication.
  - 24. The method of claim 23 further comprising:
    - decapsulating, by the identified router device, the encapsulated communication.
  - 25. The method of claim 24 further comprising:
    - sending the decapsulated communication from the identified router to the endpoint device to which the communication was directed by the management system.

26. A system comprising:
- an endpoint manager device residing on a first protected network to which a centralized management system is also communicatively coupled, wherein the centralized management system is operable to provide management operations with respect to a plurality of communication endpoint devices, the management operations comprising at least one management operation selected from the group consisting of scheduling use of a communication endpoint device, updating software of a communication endpoint device, and configuring a communication endpoint device;
  
  wherein the endpoint manager device is configured to receive identification of one or more communication endpoint devices residing on one or more disparate protected networks for which management permission is granted to the centralized management system; and
  
  wherein said endpoint manager device is configured to assigns each of said one or more communication endpoint devices a localized address on the first protected network such that the one or more communication endpoint devices appear to the centralized management system as residing on the first protected network and are accessible to the centralized management system via their respective localized addresses assigned by the endpoint manager device.
- View Dependent Claims (27, 28, 29)
- - 27. The system of claim 26 further comprising:
    - a router device communicatively coupled with one of said one or more disparate protected networks, wherein said router device is configured to identify one or more communication endpoint devices residing on the same network as the router device for which management permission is granted to the centralized management system.
  - 28. The system of claim 27 further comprising:
    - a controller device communicatively coupled with said one or more disparate protected networks, wherein said controller device is configured to compile an inventory of said one or more communication endpoint devices residing on the one or more disparate protected networks for which management permission is granted to the centralized management system and communicate the compiled inventory to said endpoint manager device.
  - 29. The system of claim 27 wherein said endpoint manager device is further configured to receive communication from the centralized management system that is directed to a localized address of one of the communication endpoint devices, identify said router device that resides on the disparate protected network on which the endpoint device to which the received communication is directed resides, and transmit the communication to the identified router device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
directPacket Research, Inc.
Original Assignee
directPacket Research, Inc.
Inventors
Signaoff, Christopher S., Opsahl, Tom W., Riley, Edward M. III, Signaoff, Justin S.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tran, Tongoc

Application Number

US12/505,268
Time in Patent Office

1,544 Days
Field of Search

726/2, 726/3, 726/11, 726/12, 713/151, 370/356, 370/395.5, 370/401, 709/230, 709/467, 709/203, 709/232, 709/238, 709/247
US Class Current

726/12
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 41/082   the condition being updates...

H04L 61/106   across networks, e.g. mappi...

H04L 61/256   NAT traversal

H04L 61/2592   using tunnelling or encapsu...

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

Systems and methods for management of nodes across disparate networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for management of nodes across disparate networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links