NETCONF/DMI-based secure network device discovery
First Claim
1. A method comprising:
- determining, by a processor, data associated with devices that are manageable by a management system,the data identifying;
one or more brands of the devices that are manageable by the management system, andone or more types of the devices that are manageable by the management system;
receiving, by the processor, discovery rule inputs that include a plurality of network addresses and simple network management protocol (SNMP) parameters;
filtering, by the processor and based on the SNMP parameters, the plurality of network addresses to remove a first network address of the plurality of network addresses,the first network address being associated with the one or more of;
a broadcast address,a multicast address,a loop back address, ora previously discovered device;
obtaining, by the processor and based on the discovery rule inputs, information for a network device associated with a second network address, of the plurality of network addresses, that differs from the first network address,the information identifying;
a particular brand associated with the network device, anda particular device type associated with the network device;
determining, by the processor, that the network device is manageable by the management system based on a comparison of the information to the data associated with devices that are manageable by the management system,determining that the network device is manageable by the management system including;
determining that the particular brand, associated with the network device, is included in the one or more brands of the devices that are manageable by the management system, anddetermining that the particular device type, associated with the network device, is included in the one or more types of the devices that are manageable by the management system; and
identifying, by the processor and to the management system, the network device based on determining that the network device is manageable by the management system,the management system obtaining device configuration information associated with the network device and managing the network device using the device configuration information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system receives discovery rule inputs that include addresses, verifies one or more device identifiers for one or more addresses, obtains device information from each verified device associated with the one or more verified device identifiers, determines whether each verified device is a discovered device based on the device information, and automatically adds each verified device as a discovered device to a management system without human intervention when it is determined that the verified device is discovered. The system further creates device configuration information, creates an identifier and password, provides device configuration information, the identifier, and the password, to each of the discovered devices based on the NETCONF or the Device Management Interface standards, waits for a connection from the discovered devices, imports device configuration information from the discovered devices when the connection has been established, and indicates that the discovered devices are managed devices.
18 Citations
17 Claims
-
1. A method comprising:
-
determining, by a processor, data associated with devices that are manageable by a management system, the data identifying; one or more brands of the devices that are manageable by the management system, and one or more types of the devices that are manageable by the management system; receiving, by the processor, discovery rule inputs that include a plurality of network addresses and simple network management protocol (SNMP) parameters; filtering, by the processor and based on the SNMP parameters, the plurality of network addresses to remove a first network address of the plurality of network addresses, the first network address being associated with the one or more of; a broadcast address, a multicast address, a loop back address, or a previously discovered device; obtaining, by the processor and based on the discovery rule inputs, information for a network device associated with a second network address, of the plurality of network addresses, that differs from the first network address, the information identifying; a particular brand associated with the network device, and a particular device type associated with the network device; determining, by the processor, that the network device is manageable by the management system based on a comparison of the information to the data associated with devices that are manageable by the management system, determining that the network device is manageable by the management system including; determining that the particular brand, associated with the network device, is included in the one or more brands of the devices that are manageable by the management system, and determining that the particular device type, associated with the network device, is included in the one or more types of the devices that are manageable by the management system; and identifying, by the processor and to the management system, the network device based on determining that the network device is manageable by the management system, the management system obtaining device configuration information associated with the network device and managing the network device using the device configuration information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A device comprising:
-
a memory; and one or more processors to; store, in the memory, data associated with devices that are manageable by a management system, the data identifying; one or more brands of the devices that are manageable by the management system, and one or more types of the devices that are manageable by the management system; receive inputs that include addresses, public key parameters, and simple network management protocol (SNMP) parameters that include privacy and authentication parameters; filter the addresses to remove a first address, of the address, the first address being associated with the one or more of; a broadcast address, a multicast address, a loop back address, or a previously discovered device; verify, based on the SNMP parameters, a device identifier associated with a second address included in the filtered addresses, the one or more processors, when verifying the device identifier, being further to; perform public key verification of the second address based on the public key parameters; obtain information related to a network device associated with the second address; determine, based on the information, whether the network device is manageable by the management system, the network device being determined as manageable by the management system when; a particular brand, associated with the network device, is included in the one or more brands of the devices that are manageable by the management system, and a particular device type, associated with the network device, is included in the one or more types of the devices that are manageable by the management system; and forward, to the management system, the information, the management system using the information to manage the network device. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-readable memory device to store instructions, the instructions comprising:
-
one or more instructions, which when executed by a processor, cause the processor to store data identifying devices that are manageable by a management system, the data including; first data identifying one or more brands of the devices that are manageable by the management system, and second data identifying one or more types of the devices that are manageable by the management system; one or more instructions, which when executed by the processor, cause the processor to receive discovery rule inputs that include at least one of a range of addresses or subnet masks; one or more instructions, which when executed by the processor, cause the processor to filter the at least one of the range of addresses or the subnet masks to remove at least one of an address or a subnet mask when the at least one of the address or the subnet mask is associated with; a broadcast, a multicast, a loop back, or a previously discovered device; one or more instructions, which when executed by the processor, cause the processor to verify one or more device identifiers associated with the filtered at least one of the range of addresses or the subnet masks, the one or more instructions to verify the one or more device identifiers including; one or more instructions to verify the one or more device identifiers using simple network management protocol (SNMP); one or more instructions, which when executed by the processor, cause the processor to perform public key verification for one or more devices corresponding to the one or more verified device identifiers; one or more instructions, which when executed by the processor, cause the processor to obtain respective information from the one or more devices; one or more instructions, which when executed by the processor, cause the processor to determine, based on the respective information, whether the one or more devices are manageable by the management system, one or more instructions to determine whether the one or more devices are manageable by the management system including; the one or more instructions to determine that a device, of the one or more devices, is manageable by the management system when a particular brand, associated with the device, is included in the one or more brands of the devices that are manageable by the management system, and a particular device type, associated with the device, is included in the one or more types of the devices that are manageable by the management system; and one or more instructions, which when executed by the processor, cause the processor to provide, to the management system, the respective information when the one or more devices are manageable by the management system, the management system using the respective information to manage the one or more devices. - View Dependent Claims (16, 17)
-
Specification