Defining network rules based on remote device management attributes

US 9,860,279 B2
Filed: 11/01/2015
Issued: 01/02/2018
Est. Priority Date: 08/28/2015
Status: Active Grant

First Claim

Patent Images

1. A method of defining policies for network elements in a datacenter to enforce, the method comprising:

receiving a plurality of remote device management (RDM) attributes from a set of one or more RDM servers; and

generating a policy configuration pane for display, said pane comprising a plurality of user interface (UI) controls for specifying policies based on layer 2 to layer 4 data-message header attributes and based on received RDM attributes,wherein the network elements perform at least one service on data messages received from remote devices when the remote devices access resources of the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.

57 Citations

View as Search Results

20 Claims

1. A method of defining policies for network elements in a datacenter to enforce, the method comprising:
- receiving a plurality of remote device management (RDM) attributes from a set of one or more RDM servers; and
  
  generating a policy configuration pane for display, said pane comprising a plurality of user interface (UI) controls for specifying policies based on layer 2 to layer 4 data-message header attributes and based on received RDM attributes,wherein the network elements perform at least one service on data messages received from remote devices when the remote devices access resources of the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 further comprising receiving, from the RDM server set, a plurality of operators for interrelating two or more RDM attributes in a policy that is specified through the policy configuration pane.
  - 3. The method of claim 2, wherein at least a set of the received operators is further for interrelating an RDM attribute to a set of possible values for this attribute in a policy that is specified through the policy configuration pane.
  - 4. The method of claim 2, wherein receiving the RDM attributes and operators comprises receiving a dictionary that defines the plurality of RDM attributes, acceptable values for the RDM attributes, and the operators.
  - 5. The method of claim 2, wherein the operators include two of AND, AND NOT and OR Boolean functions.
  - 6. The method of claim 1, wherein the RDM server set is for authenticating remote devices when the remote devices attempt to access resources of the network.
  - 7. The method of claim 6, wherein the RDM server set is further for provisioning remote devices to access resources of the network.
  - 8. The method of claim 1, wherein the RDM attribute set includes at least three of device identifier, user identifier, application identifier, application group identifier, remote device operating system, remote device location, remote device compliance status, remote device jail broken status, and Internet Protocol version used by the remote device.
  - 9. The method of claim 1, wherein the UI controls allow an RDM-based policy to be defined in terms of both a group of RDM attributes and one or more L2-L4 data-message header parameters.
  - 10. The method of claim 1, wherein the UI controls allow:
    - a first policy to be defined in terms of both one or more RDM attributes and one or more L2-L4 data-message header parameters;
      
      a second policy to be defined in terms of one or more RDM attributes and no L2-L4 data message header parameter; and
      
      a third policy to be defined in terms of one or more L2-L4 data message header parameters and no RDM attribute.
  - 11. The method of claim 1, wherein the service is one of a firewall service, a load balancing service, a logical network segmentation service, and a destination network address translation service on the remote-device data messages.
  - 12. The method of claim 11, wherein the network elements perform at least two of the firewall service, the load balancing service, the logical network segmentation service, and the destination network address translation service on the remote-device data messages.
  - 13. The method of claim 1, wherein at least one network element enforces RDM-attribute based policies, by analyzing RDM attribute sets associated with the remote-device data messages to perform the service on a plurality of remote-device data messages.

14. A method of defining policies for network elements in a datacenter to enforce, the method comprising:
- receiving a plurality of remote device management (RDM) attributes from a set of one or more RDM servers;
  
  generating a policy configuration pane for display, said pane comprising a plurality of user interface (UI) controls for specifying policies based on layer 2 to layer 4 data-message header attributes and based on received RDM attributes;
  
  converting RDM-attribute based policies that are defined through the policy configuration pane to RDM-attribute based rules for distribution to network elements; and
  
  distributing the RDM-attribute based rules to the network elements for the network elements to process in order to enforce the RDM-attribute based policies.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein converting RDM-attribute based policies comprises replacing high-level network element identifiers in the RDM-attribute based policies with lower-level network element identifiers.
  - 16. The method of claim 15, wherein at least each of a plurality of high-level network element identifiers identifies two or more network elements, while each low-level network element identifier specifies just one network element.
  - 17. The method of claim 15, wherein distributing the RDM-attribute based rules comprises using the lower-level network element identifiers to distribute RDM-attribute based rules to individual network elements identified by the lower-level network element identifiers.

18. A non-transitory machine readable medium storing a program for execution by at least one processing unit, the program for defining rules for network elements in a datacenter to enforce, the program comprising sets of instructions for:
- receiving a plurality of remote device management (RDM) attributes from a set of one or more RDM servers; and
  
  generating a rule configuration pane for display, said pane comprising a plurality of user interface (UI) controls for specifying rules based on layer 2 to layer 4 data-message header attributes and based on received RDM attributes,wherein the network elements perform at least one service on data messages received from remote devices when the remote devices access resources of the network.
- View Dependent Claims (19)
- - 19. The non-transitory machine readable medium of claim 18, wherein the program further comprises a set of instructions for receiving, from the RDM server set, a plurality of operators for interrelating two or more RDM attributes in a rule that is specified through the rule configuration pane.

20. A non-transitory machine readable medium storing a of program for execution by at least one processing unit for defining rules for network elements in a datacenter to enforce, the program comprising sets of instructions for:
- receiving a plurality of remote device management (RDM) attributes from a set of one or more RDM servers;
  
  generating a rule configuration pane for display, said pane comprising a plurality of user interface (UI) controls for specifying rules based on layer 2 to layer 4 data-message header attributes and based on received RDM attributes;
  
  converting RDM-attribute based policies that are defined through the policy configuration pane to RDM-attribute based rules for distribution to network elements; and
  
  distributing the RDM-attribute based rules to the network elements for the network elements to process in order to enforce the RDM-attribute based policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Nicira Incorporated (Broadcom, Inc.)
Inventors
Jain, Jayant, Sengupta, Anirban, Nimmagadda, Srinivas, Tiagi, Alok S., Kumar, Kausum
Primary Examiner(s)
McNally, Michael S

Application Number

US14/929,400
Publication Number

US 20170063928A1
Time in Patent Office

793 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 16/9024   Graphs; Linked lists G06F16...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/5045   Making service definitions ...

H04L 61/256   NAT traversal

H04L 61/2571   for identification, e.g. fo...

H04L 61/2585   through application level g...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/1004   Server selection for load b...

H04L 67/1097   for distributed storage of ...

H04L 69/22   Parsing or analysis of headers

H04W 12/08   Access security

H04W 76/12   Setup of transport tunnels

Defining network rules based on remote device management attributes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Defining network rules based on remote device management attributes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links