System, security and network management using self-organizing communication orbits in distributed networks

US 10,136,415 B2
Filed: 01/22/2016
Issued: 11/20/2018
Est. Priority Date: 12/21/2012
Status: Active Grant

First Claim

Patent Images

1. A method of managing a network comprising a non-static collection of machines, comprising:

at a first client node coupled to the network, the first client node being a first machine among the non-static collection of machines;

obtaining, from a server of the network, contact information of one or more potential neighbor nodes for the first client node, the one or more potential neighbor nodes comprising machines coupled to the network and distinct from the server, the one or more potential neighbor nodes including a downstream neighbor node of the first client node that comprises a live succeeding node among the one or more potential neighbor nodes, and an upstream neighbor node of the first client node that comprises a live preceding node among the one or more potential neighbor nodes; and

in accordance with the obtained contact information, proactively constructing and maintaining a respective local segment of a linear communication orbit in the network;

wherein the respective local segment includes the first client node and four distinct communication channels each originating from or terminating at the first client node, including respective receiving and reporting communication channels between the first node and the upstream neighbor node of the first client node, and respective collection and propagation communication channels between the first node and the downstream neighbor node of the first client node;

wherein the proactive constructing and maintaining comprises;

proactively establishing, in accordance with a respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node upon detecting that said respective propagation channel to the downstream neighbor node does not already exist; and

proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node upon detecting that said respective reporting channel to the upstream neighbor node does not already exist; and

wherein the linear communication orbit includes a linear sequence of nodes configured to sequentially convey each message, in a plurality of messages, through the linear communication orbit, to a plurality of respective nodes in the linear communication orbit, the linear sequence of nodes in the linear communication orbit including, in sequence, the upstream neighbor node, the first client node, and the downstream neighbor node.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, machines in a managed network implements a set of rules that cause individual machines to directly interact with only a small number of machines in the network (i.e., a local neighborhood within the network), while the independent local actions of the individual machines collectively cause the individual machines to be self-organized into one or more communication orbits without any global control or coordination by a server or an administrator. The communication orbits are used for supporting network, security and system management communications in the managed network.

87 Citations

View as Search Results

48 Claims

1. A method of managing a network comprising a non-static collection of machines, comprising:
- at a first client node coupled to the network, the first client node being a first machine among the non-static collection of machines;
  
  obtaining, from a server of the network, contact information of one or more potential neighbor nodes for the first client node, the one or more potential neighbor nodes comprising machines coupled to the network and distinct from the server, the one or more potential neighbor nodes including a downstream neighbor node of the first client node that comprises a live succeeding node among the one or more potential neighbor nodes, and an upstream neighbor node of the first client node that comprises a live preceding node among the one or more potential neighbor nodes; and
  
  in accordance with the obtained contact information, proactively constructing and maintaining a respective local segment of a linear communication orbit in the network;
  
  wherein the respective local segment includes the first client node and four distinct communication channels each originating from or terminating at the first client node, including respective receiving and reporting communication channels between the first node and the upstream neighbor node of the first client node, and respective collection and propagation communication channels between the first node and the downstream neighbor node of the first client node;
  
  wherein the proactive constructing and maintaining comprises;
  
  proactively establishing, in accordance with a respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node upon detecting that said respective propagation channel to the downstream neighbor node does not already exist; and
  
  proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node upon detecting that said respective reporting channel to the upstream neighbor node does not already exist; and
  
  wherein the linear communication orbit includes a linear sequence of nodes configured to sequentially convey each message, in a plurality of messages, through the linear communication orbit, to a plurality of respective nodes in the linear communication orbit, the linear sequence of nodes in the linear communication orbit including, in sequence, the upstream neighbor node, the first client node, and the downstream neighbor node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the one or more potential neighbor nodes are identified based on proximity of respective unique machine identifiers of the one or more potential neighbor nodes to a respective unique machine identifier of the first client node.
  - 3. The method of claim 2, wherein the downstream neighbor node comprises a closest live succeeding node among the one or more potential neighbor nodes and the upstream neighbor node comprises a closest live preceding node among the one or more potential neighbor nodes.
  - 4. The method of claim 3, wherein the first client node is a new node to be inserted into the linear communication orbit.
  - 5. The method of claim 3, wherein the first client node is an existing head node of the linear communication orbit.
  - 6. The method of claim 3, wherein the first client node is an existing tail node of the linear communication orbit.
  - 7. The method of claim 3, wherein proactively establishing, in accordance with the respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node further comprises:
    - monitoring responsiveness of a receiving end of an existing propagation channel of the first client node;
      
      upon detecting that the receiving end of the existing propagation channel of the first client node has ceased to be responsive, contacting at least one of the one or more potential neighbor nodes to identify the downstream neighbor node; and
      
      proactively establishing, in accordance with the respective network communication protocol, a new propagation channel from the first client node to the downstream neighbor node that has been identified.
  - 8. The method of claim 3, wherein proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node further comprises:
    - monitoring responsiveness of a receiving end of an existing reporting channel of the first client node;
      
      upon detecting that the receiving end of the existing reporting channel of the first client node has ceased to be responsive, contacting at least one of the one or more potential neighbor nodes to identify the upstream neighbor node; and
      
      proactively establishing, in accordance with the respective network communication protocol, a new reporting channel from the first client node to the upstream neighbor node that has been identified.
  - 9. The method of claim 1, wherein obtaining, from the server, the contact information of the one or more potential neighbor nodes comprises:
    - submitting a respective registration message to the server of the network according to a predetermined maintenance schedule, the registration message including a respective unique machine identifier of the first client node; and
      
      receiving the contact information of the one or more potential neighbor nodes from the server, wherein the one or more potential neighbor nodes have been identified by the server for the first client node.
  - 10. The method of claim 1, wherein the proactive constructing and maintaining further comprises:
    - upon establishing the respective propagation channel from the first client node to the downstream neighbor node, terminating a previous propagation channel from the first client node to another succeeding node.
  - 11. The method of claim 1, wherein the proactive constructing and maintaining further comprises:
    - upon establishing the respective reporting channel from the first client node to the upstream neighbor node, terminating a previous reporting channel from the first client node to another preceding node.
  - 12. The method of claim 1, wherein the proactive constructing and maintaining further comprises:
    - allowing the respective receiving channel from the upstream neighbor node to the first client node to be established in accordance with the respective network communication protocol upon a request by the upstream neighbor node, wherein the request has been generated by the upstream neighbor node in accordance with the respective network communication protocol to establish a respective propagation channel thereof.
  - 13. The method of claim 1, wherein the proactive constructing and maintaining further comprises:
    - allowing the respective collection channel from the downstream neighbor node to the first client node to be established in accordance with the respective network communication protocol upon a request by the downstream neighbor node, wherein the request has been generated by the downstream neighbor node in accordance with the respective network communication protocol to establish a respective reporting channel thereof.
  - 14. The method of claim 1 wherein:
    - the downstream neighbor node also performs said method with the first client node as its respective upstream neighbor node and thereby proactively establishes a respective reporting channel from the downstream neighbor node to the first client node, the respective reporting channel from the downstream neighbor node to the first client node comprising the respective collection channel of the first client node, andthe upstream neighbor node also performs said method with the first client node as its respective downstream neighbor node and thereby proactively establishes a respective propagation channel from the upstream neighbor node to the first client node, the respective propagation channel from the upstream neighbor node to the first client node comprising the respective receiving channel of the first client node.
  - 15. The method of claim 1, whereinthe linear sequence of nodes includes the respective local segment of the linear communication orbit and is configured to sequentially transmit messages, including the plurality of messages, from a head node in the linear sequence of nodes to an ordered sequence of one or more intermediate nodes in the linear sequence of nodes and then to a tail node in the linear sequence of nodes.
  - 16. The method of claim 1, whereinthe plurality of messages include a management message for providing instructions to a plurality of nodes, including the first client node, in the linear communication orbit, the management message being forwarded, in sequence, to respective nodes in the linear communication orbit for processing by each node, including the first client node, in the plurality of nodes.

17. A non-transitory computer-readable medium, having instructions stored thereon, which when executed by one or more processors cause the processors to perform operations comprising:
- at a first client node coupled to a network comprising a non-static collection of machines, the first client node being a first machine among the non-static collection of machines;
  
  obtaining, from a server of the network, contact information of one or more potential neighbor nodes for the first client node, the one or more potential neighbor nodes comprising machines coupled to the network and distinct from the server, the one or more potential neighbor nodes including a downstream neighbor node of the first client node that comprises a live succeeding node among the one or more potential neighbor nodes, and an upstream neighbor node of the first client node that comprises a live preceding node among the one or more potential neighbor nodes; and
  
  in accordance with the received contact information, proactively constructing and maintaining a respective local segment of a linear communication orbit in the network;
  
  wherein the respective local segment includes the first client node and four distinct communication channels each originating from or terminating at the first client node, including respective receiving and reporting communication channels between the first node and the upstream neighbor node of the first client node, and respective collection and propagation communication channels between the first node and the downstream neighbor node of the first client node;
  
  wherein the proactive constructing and maintaining comprises;
  
  proactively establishing, in accordance with a respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node upon detecting that said respective propagation channel to the downstream neighbor node does not already exist; and
  
  proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node upon detecting that said respective reporting channel to the upstream neighbor node does not already exist; and
  
  wherein the linear communication orbit includes a linear sequence of nodes configured to sequentially convey each message, in a plurality of messages, through the linear communication orbit, to a plurality of respective nodes in the linear communication orbit, the linear sequence of nodes in the linear communication orbit including, in sequence, the upstream neighbor node, the first client node, and the downstream neighbor node.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The computer-readable medium of claim 17, wherein the one or more potential neighbor nodes are identified based on proximity of respective unique machine identifiers of the one or more potential neighbor nodes to a respective unique machine identifier of the first client node.
  - 19. The computer-readable medium of claim 18, wherein the downstream neighbor node comprises a closest live succeeding node among the one or more potential neighbor nodes and the upstream neighbor node comprises a closest live preceding node among the one or more potential neighbor nodes.
  - 20. The computer-readable medium of claim 19, wherein proactively establishing, in accordance with the respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node further comprises:
    - monitoring responsiveness of a receiving end of an existing propagation channel of the first client node;
      
      upon detecting that the receiving end of the existing propagation channel of the first client node has ceased to be responsive, contacting at least one of the one or more potential neighbor nodes to identify the downstream neighbor node; and
      
      proactively establishing, in accordance with the respective network communication protocol, a new propagation channel from the first client node to the downstream neighbor node that has been identified.
  - 21. The computer-readable medium of claim 19, wherein proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node further comprises:
    - monitoring responsiveness of a receiving end of an existing reporting channel of the first client node;
      
      upon detecting that the receiving end of the existing reporting channel of the first client node has ceased to be responsive, contacting at least one of the one or more potential neighbor nodes to identify the upstream neighbor node; and
      
      proactively establishing, in accordance with the respective network communication protocol, a new reporting channel from the first client node to the upstream neighbor node that has been identified.
  - 22. The computer-readable medium of claim 19, wherein the first client node is a new node to be inserted into the linear communication orbit.
  - 23. The computer-readable medium of claim 19, wherein the first client node is an existing head node of the linear communication orbit.
  - 24. The computer-readable medium of claim 19, wherein the first client node is an existing tail node of the linear communication orbit.
  - 25. The computer-readable medium of claim 17, whereinthe linear sequence of nodes includes the respective local segment of the linear communication orbit and is configured to sequentially transmit messages, including the plurality of messages, from a head node in the linear sequence of nodes to an ordered sequence of one or more intermediate nodes in the linear sequence of nodes and then to a tail node in the linear sequence of nodes.
  - 26. The computer-readable medium of claim 17, whereinthe plurality of messages include a management message for providing instructions to a plurality of nodes, including the first client node, in the linear communication orbit, the management message being forwarded, in sequence, to respective nodes in the linear communication orbit for processing by each node, including the first client node, in the plurality of nodes.
  - 27. The computer-readable medium of claim 17, wherein obtaining, from the server, the contact information of the one or more potential neighbor nodes comprises:
    - submitting a respective registration message to the server of the network according to a predetermined maintenance schedule, the registration message including a respective unique machine identifier of the first client node; and
      
      receiving the contact information of the one or more potential neighbor nodes from the server, wherein the one or more potential neighbor nodes have been identified by the server for the first client node.
  - 28. The computer-readable medium of claim 17, wherein the proactive constructing and maintaining further comprises:
    - upon establishing the respective propagation channel from the first client node to the downstream neighbor node, terminating a previous propagation channel from the first client node to another succeeding node.
  - 29. The computer-readable medium of claim 17, wherein the proactive constructing and maintaining further comprises:
    - upon establishing the respective reporting channel from the first client node to the upstream neighbor node, terminating a previous reporting channel from the first client node to another preceding node.
  - 30. The computer-readable medium of claim 17, wherein the proactive constructing and maintaining further comprises:
    - allowing the respective receiving channel from the upstream neighbor node to the first client node to be established in accordance with the respective network communication protocol upon a request by the upstream neighbor node, wherein the request has been generated by the upstream neighbor node in accordance with the respective network communication protocol to establish a respective propagation channel thereof.
  - 31. The computer-readable medium of claim 17, wherein the proactive constructing and maintaining further comprises:
    - allowing the respective collection channel from the downstream neighbor node to the first client node to be established in accordance with the respective network communication protocol upon a request by the downstream neighbor node, wherein the request has been generated by the downstream neighbor node in accordance with the respective network communication protocol to establish a respective reporting channel thereof.
  - 32. The computer-readable medium of claim 17 wherein:
    - the downstream neighbor node also performs said method with the first client node as its respective upstream neighbor node and thereby proactively establishes a respective reporting channel from the downstream neighbor node to the first client node, the respective reporting channel from the downstream neighbor node to the first client node comprising the respective collection channel of the first client node, andthe upstream neighbor node also performs said method with the first client node as its respective downstream neighbor node and thereby proactively establishes a respective propagation channel from the upstream neighbor node to the first client node, the respective propagation channel from the upstream neighbor node to the first client node comprising the respective receiving channel of the first client node.

33. A system, comprising:
- one or more processors; and
  
  memory having instructions stored thereon, which when executed by the one or more processors cause the processors to perform operations comprising;
  
  at a first client node coupled to a network comprising a non-static collection of machines, the first client node being a first machine among the non-static collection of machines;
  
  obtaining, from a server of the network, contact information of one or more potential neighbor nodes for the first client node, the one or more potential neighbor nodes comprising machines coupled to the network and distinct from the server, the one or more potential neighbor nodes including a downstream neighbor node of the first client node that comprises a live succeeding node among the one or more potential neighbor nodes, and an upstream neighbor node of the first client node that comprises a live preceding node among the one or more potential neighbor nodes; and
  
  in accordance with the received contact information, proactively constructing and maintaining a respective local segment of a linear communication orbit in the network;
  
  wherein the respective local segment includes the first client node and four distinct communication channels each originating from or terminating at the first client node, including respective receiving and reporting communication channels between the first node and the upstream neighbor node of the first client node, and respective collection and propagation communication channels between the first node and the downstream neighbor node of the first client node;
  
  wherein the proactive constructing and maintaining comprises;
  
  proactively establishing, in accordance with a respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node upon detecting that said respective propagation channel to the downstream neighbor node does not already exist; and
  
  proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node upon detecting that said respective reporting channel to the upstream neighbor node does not already exist; and
  
  wherein the linear communication orbit includes a linear sequence of nodes configured to sequentially convey each message, in a plurality of messages, through the linear communication orbit, to a plurality of respective nodes in the linear communication orbit, the linear sequence of nodes in the linear communication orbit including, in sequence, the upstream neighbor node, the first client node, and the downstream neighbor node.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 34. The system of claim 33, wherein the one or more potential neighbor nodes are identified based on proximity of respective unique machine identifiers of the one or more potential neighbor nodes to a respective unique machine identifier of the first client node.
  - 35. The system of claim 34, wherein the downstream neighbor node comprises a closest live succeeding node among the one or more potential neighbor nodes and the upstream neighbor node comprises a closest live preceding node among the one or more potential neighbor nodes.
  - 36. The system of claim 35, wherein proactively establishing, in accordance with the respective network communication protocol, the respective propagation channel from the first client node to the downstream neighbor node further comprises:
    - monitoring responsiveness of a receiving end of an existing propagation channel of the first client node;
      
      upon detecting that the receiving end of the existing propagation channel of the first client node has ceased to be responsive, contacting at least one of the one or more potential neighbor nodes to identify the downstream neighbor node; and
      
      proactively establishing, in accordance with the respective network communication protocol, a new propagation channel from the first client node to the downstream neighbor node that has been identified.
  - 37. The system of claim 35, wherein the first client node is a new node to be inserted into the linear communication orbit.
  - 38. The system of claim 35, wherein the first client node is an existing head node of the linear communication orbit.
  - 39. The system of claim 35, wherein the first client node is an existing tail node of the linear communication orbit.
  - 40. The system of claim 35, wherein proactively establishing, in accordance with the respective network communication protocol, the respective reporting channel from the first client node to the upstream neighbor node further comprises:
    - monitoring responsiveness of a receiving end of an existing reporting channel of the first client node;
      
      upon detecting that the receiving end of the existing reporting channel of the first client node has ceased to be responsive, contacting at least one of the one or more potential neighbor nodes to identify the upstream neighbor node; and
      
      proactively establishing, in accordance with the respective network communication protocol, a new reporting channel from the first client node to the upstream neighbor node that has been identified.
  - 41. The system of claim 33, whereinthe downstream neighbor node also performs said method with the first client node as its respective upstream neighbor node and thereby proactively establishes a respective reporting channel from the downstream neighbor node to the first client node, the respective reporting channel from the downstream neighbor node to the first client node comprising the respective collection channel of the first client node, andthe upstream neighbor node also performs said method with the first client node as its respective downstream neighbor node and thereby proactively establishes a respective propagation channel from the upstream neighbor node to the first client node, the respective propagation channel from the upstream neighbor node to the first client node comprising the respective receiving channel of the first client node.
  - 42. The system of claim 33, whereinthe linear sequence of nodes includes the respective local segment of the linear communication orbit and is configured to sequentially transmit messages, including the plurality of messages, from a head node in the linear sequence of nodes to an ordered sequence of one or more intermediate nodes in the linear sequence of nodes and then to a tail node in the linear sequence of nodes.
  - 43. The system of claim 33, whereinthe plurality of messages include a management message for providing instructions to a plurality of nodes, including the first client node, in the linear communication orbit, the management message being forwarded, in sequence, to respective nodes in the linear communication orbit for processing by each node, including the first client node, in the plurality of nodes.
  - 44. The system of claim 33, wherein obtaining, from the server, the contact information of the one or more potential neighbor nodes comprises:
    - submitting a respective registration message to the server of the network according to a predetermined maintenance schedule, the registration message including a respective unique machine identifier of the first client node; and
      
      receiving the contact information of the one or more potential neighbor nodes from the server, wherein the one or more potential neighbor nodes have been identified by the server for the first client node.
  - 45. The system of claim 33, wherein the proactive constructing and maintaining further comprises:
    - upon establishing the respective propagation channel from the first client node to the downstream neighbor node, terminating a previous propagation channel from the first client node to another succeeding node.
  - 46. The system of claim 33, wherein the proactive constructing and maintaining further comprises:
    - upon establishing the respective reporting channel from the first client node to the upstream neighbor node, terminating a previous reporting channel from the first client node to another preceding node.
  - 47. The system of claim 33, wherein the proactive constructing and maintaining further comprises:
    - allowing the respective receiving channel from the upstream neighbor node to the first client node to be established in accordance with the respective network communication protocol upon a request by the upstream neighbor node, wherein the request has been generated by the upstream neighbor node in accordance with the respective network communication protocol to establish a respective propagation channel thereof.
  - 48. The system of claim 33, wherein the proactive constructing and maintaining further comprises:
    - allowing the respective collection channel from the downstream neighbor node to the first client node to be established in accordance with the respective network communication protocol upon a request by the downstream neighbor node, wherein the request has been generated by the downstream neighbor node in accordance with the respective network communication protocol to establish a respective reporting channel thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tanium Inc.
Original Assignee
Tanium Inc.
Inventors
Hindawi, David, Hindawi, Orion, Lippincott, Lisa, Lincroft, Peter
Primary Examiner(s)
Crutchfield, Christopher M

Application Number

US15/004,757
Publication Number

US 20160143021A1
Time in Patent Office

1,033 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/04   Network management architec...

H04L 41/044   comprising hierarchical man...

H04L 41/082   the condition being updates...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/12   Discovery or management of ...

H04L 41/344   Out-of-band transfers

H04L 43/02   Capturing of monitoring data

H04L 43/04   Processing captured monitor...

H04L 43/0817   by checking functioning

H04L 43/10   Active monitoring, e.g. hea...

H04L 45/02   Topology update or discovery

H04L 61/00   Network arrangements, proto...

H04L 63/00   Network architectures or ne...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1046   Joining mechanisms

H04L 67/1048   Departure or maintenance me...

H04L 67/1063   Discovery through centralis...

H04L 67/1065 : Discovery involving distrib...

H04L 67/1072 : Discovery involving ranked ...

H04W 24/02 : Arrangements for optimising...

H04W 48/16 : Discovering, processing acc...

H04W 72/20 : Control channels or signall...

H04W 8/005 : Discovery of network device...

H04W 84/18 : Self-organising networks, e...

View All

System, security and network management using self-organizing communication orbits in distributed networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

System, security and network management using self-organizing communication orbits in distributed networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links