Managing command compliance in internetworking devices
First Claim
1. An apparatus, comprising:
- one or more processors;
a non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform;
receiving, from a device over a network, a request to determine whether a command to configure the device received by the device conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein the one or more compliance policies indicate one or more required device commands or parameters that must be configured on the device before executing the command;
determining, based at least in part on a copy of a running configuration for the device, whether the command would conform to the one or more compliance policies when applied to the running configuration for the device;
in response to determining that the command would conform to the compliance policies, sending, over the network to the device, a compliance response indicating that the command conforms to the one or more compliance policies.
0 Assignments
0 Petitions
Accused Products
Abstract
In an embodiment, an internetworking device is configured with compliance proxy logic that is configured for sending, to a compliance server, a request to determine whether the command conforms to one or more compliance policies, wherein the request includes the command; receiving a compliance response from the compliance server; in response to determining whether the compliance response indicates success, executing the command only when the compliance response indicates that the command conforms to the one or more compliance policies. Thus the device can determine actively whether a proposed user command or configuration change will violate established standards or policies, before the command or change is applied to the device.
14 Citations
20 Claims
-
1. An apparatus, comprising:
-
one or more processors; a non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform; receiving, from a device over a network, a request to determine whether a command to configure the device received by the device conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein the one or more compliance policies indicate one or more required device commands or parameters that must be configured on the device before executing the command; determining, based at least in part on a copy of a running configuration for the device, whether the command would conform to the one or more compliance policies when applied to the running configuration for the device; in response to determining that the command would conform to the compliance policies, sending, over the network to the device, a compliance response indicating that the command conforms to the one or more compliance policies. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing one or more stored sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
receiving, from a device over a network, a request to determine whether a command to configure the device received by the device conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein the one or more compliance policies indicate one or more required device commands or parameters that must be configured on the device before executing the command; determining, based at least in part on a copy of a running configuration for the device, whether the command would conform to the one or more compliance policies when applied to the running configuration for the device; in response to determining that the command would conform to the compliance policies, sending, over the network to the device, a compliance response indicating that the command conforms to the one or more compliance policies. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, from a device over a network, a request to determine whether a command to configure the device received by the device conforms to one or more compliance policies, wherein the request includes all or part of the command and wherein the one or more compliance policies indicate one or more required device commands or parameters that must be configured on the device before executing the command; determining, based at least in part on a copy of a running configuration for the device, whether the command would conform to the one or more compliance policies when applied to the running configuration for the device; in response to determining that the command would conform to the compliance policies, sending, over the network to the device, a compliance response indicating that the command conforms to the one or more compliance policies. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification