Server resource management, analysis, and intrusion negotiation

US 9,391,863 B2
Filed: 05/06/2014
Issued: 07/12/2016
Est. Priority Date: 11/08/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

monitoring a plurality of resources associated with a network server, the plurality of resources including a communication interface of the network server and a processor of the network server, wherein monitoring the plurality of resources includes determining a number of open network connections using the communication interface of the network server;

comparing activity levels of the plurality of resources to predetermined threshold activity levels; and

reducing usage of one of the plurality of resources when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level associated therewith, wherein reducing usage of the one of the plurality of resources includes;

reducing the number of open network connections to obtain a first number of open network connections by closing open network connections based on a priority of the open network connections, shutting down an open but inactive network connection, and refusing to open new network connections;

comparing the first number of open network connections with a number of open network connections threshold; and

in the event that the first number of open network connections is greater than or equal to the number of open network connections threshold, randomly close an open network connection.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A console host and intrusion negation system (CHAINS) includes a host component and a console component. The host component monitors resources at a server. Resources that are becoming overloaded can be throttled back. Reports relating to resource usage may be transmitted to the console component. At the console component, resource reports from multiple host components may be viewed and managed.

68 Citations

19 Claims

1. A method comprising:
- monitoring a plurality of resources associated with a network server, the plurality of resources including a communication interface of the network server and a processor of the network server, wherein monitoring the plurality of resources includes determining a number of open network connections using the communication interface of the network server;
  
  comparing activity levels of the plurality of resources to predetermined threshold activity levels; and
  
  reducing usage of one of the plurality of resources when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level associated therewith, wherein reducing usage of the one of the plurality of resources includes;
  
  reducing the number of open network connections to obtain a first number of open network connections by closing open network connections based on a priority of the open network connections, shutting down an open but inactive network connection, and refusing to open new network connections;
  
  comparing the first number of open network connections with a number of open network connections threshold; and
  
  in the event that the first number of open network connections is greater than or equal to the number of open network connections threshold, randomly close an open network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein monitoring the plurality of resources includes determining usage of the processor of the network server, and wherein reducing usage of the one of the plurality of resources includes reducing a load on the processor by shutting down an inactive process and/or shutting down lower priority processes.
  - 3. The method of claim 1, wherein the plurality of resources includes a storage device associated with the network server, and wherein monitoring the plurality of resources includes determining usage of the storage device associated with the network server.
  - 4. The method of claim 1, wherein the plurality of resources includes a storage device associated with the network server, wherein monitoring the plurality of resources includes determining usage of the storage device associated with the network server, and wherein reducing usage of the one of the plurality of resources includes redirecting future disk write commands to a monitor and/or compressing log files.
  - 5. The method of claim 1, wherein the plurality of resources includes a memory associated with the network server, and wherein monitoring the plurality of resources includes determining usage of the memory associated with the network server.
  - 6. The method of claim 1, wherein the plurality of resources includes a memory associated with the network server, wherein monitoring the plurality of resources includes determining usage of the memory associated with the network server, and wherein reducing usage of the one of the plurality of resources includes reducing the usage of the memory by shutting down inactive processes.
  - 7. The method of claim 1, further comprising alerting a user when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level.
  - 8. The method of claim 1, further comprising alerting a user when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level, wherein alerting the user includes transmitting an alert to a remote computer.
  - 9. The method of claim 1, wherein the predetermined threshold activity levels are received from a remote computer.
  - 10. The method of claim 1, wherein the reducing of the number of open network connections to obtain a first number of open network connections comprises:
    - performing the closing of the open network connections based on the priority of the open network connection before the shutting down of the open but inactive network connection.

11. A system comprising:
- a communication interface of a network server;
  
  a processor of the network server; and
  
  a host component executed on the processor for;
  
  monitoring a plurality of resources associated with the network server, the plurality of resources including the communication interface of the network server and the processor of the network server, wherein monitoring the plurality of resources includes determining a number of open network connections using the communication interface of the network server;
  
  comparing activity levels of the plurality of resources to predetermined threshold activity levels; and
  
  reducing usage of one of the plurality of resources when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level associated therewith, wherein reducing usage of the one of the plurality of resources includes;
  
  reducing the number of open network connections to obtain a first number of open network connections by closing open network connections based on a priority of the open network connections, shutting down an open but inactive network connection, and refusing to open new network connections;
  
  comparing the first number of open network connections with a number of open network connections threshold; and
  
  in the event that the first number of open network connections is greater than or equal to the number of open network connections threshold, randomly close an open network connection.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system recited in claim 11, wherein monitoring the plurality of resources includes determining usage of the processor of the network server, and wherein reducing usage of the one of the plurality of resources includes reducing a load on the processor by shutting down an inactive process and/or shutting down lower priority processes.
  - 13. The system recited in claim 11, further comprising a storage device associated with the network server, wherein the plurality of resources includes the storage device associated with the network server, and wherein monitoring the plurality of resources includes determining usage of the storage device associated with the network server.
  - 14. The system recited in claim 11, further comprising a storage device associated with the network server, wherein the plurality of resources includes the storage device associated with the network server, wherein monitoring the plurality of resources includes determining usage of the storage device associated with the network server, and wherein reducing usage of the one of the plurality of resources includes redirecting future disk write commands to a monitor and/or compressing log files.
  - 15. The system recited in claim 11, further comprising a memory associated with the network server, wherein the plurality of resources includes the memory associated with the network server, and wherein monitoring the plurality of resources includes determining usage of the memory associated with the network server.
  - 16. The system recited in claim 11, further comprising a memory associated with the network server, wherein the plurality of resources includes the memory associated with the network server, wherein monitoring the plurality of resources includes determining usage of the memory associated with the network server, and wherein reducing usage of the one of the plurality of resources includes reducing the usage of the memory by shutting down inactive processes.
  - 17. The system recited in claim 11, further comprising the host component executed on the processor for alerting a user when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level.
  - 18. The system recited in claim 11, further comprising the host component executed on the processor for alerting a user when the activity level associated with the one of the plurality of resources increases above the predetermined threshold activity level, wherein alerting the user includes transmitting an alert to a remote computer.
  - 19. The system recited in claim 11, wherein the predetermined threshold activity levels are received from a remote computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Sample, Char
Primary Examiner(s)
Simitoski, Michael

Application Number

US14/271,264
Publication Number

US 20140365643A1
Time in Patent Office

798 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3409   for performance assessment

G06F 11/3495   for systems

G06F 2201/81   Threshold

G06F 9/5016   the resource being the memory

H04L 41/50   Network service management,...

H04L 43/00   Arrangements for monitoring...

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/16   Threshold monitoring

H04L 63/1458   Denial of Service

H04L 67/1008   based on parameters of serv...

H04L 67/1012   based on compliance of requ...

H04L 69/162   involving adaptations of so...

Server resource management, analysis, and intrusion negotiation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Server resource management, analysis, and intrusion negotiation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others