Updating configuration information to a perimeter network

US 8,726,020 B2
Filed: 05/31/2006
Issued: 05/13/2014
Est. Priority Date: 05/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method of automatically establishing communication between a trusted network and a perimeter network outside the trusted network;

said method comprising;

identifying one or more edge servers residing in the perimeter network that are located on a same site as a trusted server residing in the trusted network;

attempting, by the trusted server residing in the trusted network, to establish an exclusive lease over communication with one of the identified edge servers in the perimeter network, wherein said exclusive lease prevents other trusted servers residing in the trusted network from communicating with the identified edge server during a hold period for the exclusive lease, said exclusive lease reserving the right of the trusted server to communicate exclusively with the one of the identified edge servers;

establishing communication between the trusted server and the one of the identified edge servers for the hold period when the trusted server can establish the exclusive lease over communication therewith; and

in response to establishing communication with the trusted server, replicating server configuration information from the trusted network to the edge server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automatically sending configuration information from a trusted network to a perimeter network. Master servers residing in the trusted network are adapted for administering a distributed directory service containing configuration information. Edge servers residing in the perimeter network are adapted for using a local directory service local to each edge server. Edge-connected bridgehead servers residing in the trusted network are adapted for replicating the configuration information from the trusted network to the perimeter network. Replicating the configuration information to the perimeter network by trusted servers acquiring leases on edge servers is also disclosed.

57 Citations

View as Search Results

16 Claims

1. A method of automatically establishing communication between a trusted network and a perimeter network outside the trusted network;
- said method comprising;
  
  identifying one or more edge servers residing in the perimeter network that are located on a same site as a trusted server residing in the trusted network;
  
  attempting, by the trusted server residing in the trusted network, to establish an exclusive lease over communication with one of the identified edge servers in the perimeter network, wherein said exclusive lease prevents other trusted servers residing in the trusted network from communicating with the identified edge server during a hold period for the exclusive lease, said exclusive lease reserving the right of the trusted server to communicate exclusively with the one of the identified edge servers;
  
  establishing communication between the trusted server and the one of the identified edge servers for the hold period when the trusted server can establish the exclusive lease over communication therewith; and
  
  in response to establishing communication with the trusted server, replicating server configuration information from the trusted network to the edge server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as set forth in claim 1 further comprising:
    - attempting, by the trusted server, to establish the exclusive lease over communication with another one of the identified edge servers when the trusted server cannot establish the exclusive lease over communication with the one of the identified edge servers with which the trusted server previously attempted to communicate; and
      
      establishing communication between the trusted server and the other one of the identified edge servers when the trusted server can establish the exclusive lease over communication therewith.
  - 3. A method as set forth in claim 2 wherein said attempting comprises attempting, by the trusted server, to establish the exclusive lease over communication with another one of the identified edge servers when the one of the identified edge servers with which the trusted server previously attempted to communicate has at least one of a currently unexpired lease and no lease.
  - 4. A method as set forth in claim 1 wherein said replicating comprises replicating configuration information from a distributed directory service administered within the trusted network to a local directory service used locally by the edge server having established communication with the trusted server within the perimeter network;
    - andwherein said attempting to establish an exclusive lease over communication comprises attempting to establish an exclusive lease over communication at least one of periodically, when the configuration information on the trusted network is updated, and when manually selected.
  - 5. A method as set forth in claim 1 wherein said replicating configuration information comprises replicating only changes to the configuration information from the trusted network to the edge server having established communication with the trusted server.
  - 6. A method as set forth in claim 1 wherein said identifying comprises determining which of the edge servers are located in substantial physical proximity to the trusted server.
  - 7. A method as set forth in claim 1 wherein said establishing communication between the trusted server and the one edge server further comprises determining that the one edge server has a current lease to another trusted server and determining that said current lease has expired;
    - andwherein said establishing communication between the trusted server and the one edge server further comprises updating the currently-expired lease.
  - 8. A method as set forth in claim 7 wherein said updating the currently-expired lease comprises deleting the currently-expired lease and replacing the currently-expired lease with a new lease to the trusted server.
  - 9. A method as set forth in claim 8 further comprising replacing the new lease with a second new lease before the new lease term expires.

10. A system for automatically sending configuration information from a trusted network to a perimeter network outside the trusted network, said system comprising:
- one or more master servers residing in the trusted network, said master servers being adapted for administering a distributed directory service containing configuration information related to the trusted network;
  
  one or more edge servers residing in the perimeter network outside the trusted network, each of said edge servers adapted for locally using a local directory service; and
  
  one or more edge-connected bridgehead servers residing in the trusted network and adapted for establishing an exclusive lease over communication with the one or more master servers, wherein said one or more edge-connected bridgehead servers are adapted to automatically establish said exclusive lease over communication with one of the one or more edge servers residing in the perimeter network outside the trusted network during a hold period for the exclusive lease, said exclusive lease reserving the right of the one or more bridgehead servers to communicate exclusively with the one or more edge servers,wherein said one or more edge-connected bridgehead servers and said one or more edge servers are located on a same site, wherein said one or more edge-connected bridgehead servers and said one or more edge servers are located in substantial physical proximity to one another, said edge-connected bridgehead servers being adapted for replicating the configuration information from the distributed directory service administered by the one or more master servers within the trusted network to the local directory service used by each of the one or more edge servers within the perimeter network.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A system as set forth in claim 10 wherein each of the master servers being adapted for administering the distributed directory service contain the same configuration information related to the trusted network.
  - 12. A system as set forth in claim 10 further comprising at least two sites, at least one of said sites comprising at least one edge server and at least one of the edge-connected bridgehead servers.
  - 13. A system as set forth in claim 10 wherein said one or more edge servers are adapted for communicating with a network outside the perimeter network.
  - 14. A system as set forth in claim 13 further comprising an exterior firewall separating the one or more edge servers on the perimeter network from the network outside the perimeter network.
  - 15. A system as set forth in claim 10 further comprising an interior firewall separating the one or more master servers and the one or more edge-connected bridgehead servers residing in the trusted network from the one or more edge servers residing in the perimeter network and the network outside the perimeter network.

16. A method of automatically establishing communication between a trusted server residing in a trusted network and one or more edge servers residing in a perimeter network outside the trusted network;
- said method comprising;
  
  attempting, by the trusted server residing in the trusted network, to establish an exclusive lease over communication with the edge server in the perimeter network, wherein said exclusive lease prevents other trusted servers residing in the trusted network from communicating with the edge server during a hold period for the exclusive lease, said exclusive lease reserving the right of the trusted server to communicate exclusively with the edge server;
  
  establishing communication between the trusted server and the edge server when the trusted server can establish the exclusive lease over communication therewith;
  
  attempting, by the trusted server, to establish the exclusive lease over communication with another one of the edge servers when the trusted server cannot establish the exclusive lease over communication with the one edge server with which the trusted server previously attempted to communicate, said exclusive lease reserving the right of the trusted server to communicate exclusively with the one edge server; and
  
  establishing communication between the trusted server and the other one of the edge servers when the trusted server can establish the exclusive lease over communication therewith.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Warman, Leon, Pearson, Malcolm E., Kuznetsov, Andrei, Waddoups, Nathan F., Tribble, Eric D.
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US11/421,408
Publication Number

US 20070283148A1
Time in Patent Office

2,904 Days
Field of Search

713165-168, 713/188, 713/189, 709/223, 726 4- 6
US Class Current

713/168
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

Updating configuration information to a perimeter network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Updating configuration information to a perimeter network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others