Networking as a service

US 8,763,084 B2
Filed: 09/04/2012
Issued: 06/24/2014
Est. Priority Date: 01/17/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

discovering local devices, network services, and an uplink carrier associated with a network;

configuring the network using a business wizard and a library of network configurations;

forming and maintaining the network as a secure network;

monitoring networking devices of the network using a heartbeat process;

auto-upgrading software implemented in the network;

authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service;

receiving a Web request from a user associated with the Web service and the networking device;

fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device;

receiving a request at the Web service login server;

generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server;

sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form;

validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE;

receiving an HTTP POST of the generated NONCE at the captive portal;

handshaking between a heartbeat daemon and a heartbeat server over HTTPS;

receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password;

wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates.

Citations

19 Claims

1. A method comprising:
- discovering local devices, network services, and an uplink carrier associated with a network;
  
  configuring the network using a business wizard and a library of network configurations;
  
  forming and maintaining the network as a secure network;
  
  monitoring networking devices of the network using a heartbeat process;
  
  auto-upgrading software implemented in the network;
  
  authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service;
  
  receiving a Web request from a user associated with the Web service and the networking device;
  
  fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device;
  
  receiving a request at the Web service login server;
  
  generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server;
  
  sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form;
  
  validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE;
  
  receiving an HTTP POST of the generated NONCE at the captive portal;
  
  handshaking between a heartbeat daemon and a heartbeat server over HTTPS;
  
  receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password;
  
  wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising ensuring the networking devices are running one and only one version of networking software.
  - 3. The method of claim 1, further comprising maintaining one version of software on a hub.
  - 4. The method of claim 1, further comprising enabling modification of network as a service solutions at multiple system levels.
  - 5. The method of claim 1, further comprising delivering network management applications as a multi-tenant hosted software as a service.
  - 6. The method of claim 1, further comprising developing, designing, and delivering network management software applications from a multi-tenant software as a service model using Web services that are distributed across the Internet.
  - 7. The method of claim 1, further comprising providing network management functions via one or more Web pages through which users can configure and monitor the networking devices.
  - 8. The method of claim 7, further comprising providing re-configuration of the networking devices through a separate Web-based service.
  - 9. The method of claim 7, further comprising providing performance statistics through a separate Web-based service.
  - 10. The method of claim 7, further comprising serving Web pages from a Web user interface server in a stateless fashion to a user associated with management of the network.
  - 11. The method of claim 1, further comprising:
    - receiving at a heartbeat server periodically from a first networking device of the networking devices a packet including all logs since a last, acknowledged, heartbeat communication;
      
      responding with one packet containing a user ID of a latest configuration file that the first networking device should be running, and a build number of a software image that the first networking device should be running, wherein the response packet from the heartbeat server is implicitly an acknowledgement that the logs have been accepted so the networking device knows to purge applicable values from memory;
      
      wherein when the first networking device is not running the latest configuration file or the software image, the first networking device fetches the latest configuration file or the software image via a secure transport method.
  - 12. The method of claim 1, further comprising:
    - registering by a first networking device of the networking devices that the first networking device is running stale code;
      
      fetching by the first networking device a newer image, wherein a delay in fetching the newer image is added between each block fetched so as to not saturate a limited WAN link;
      
      burning the newer image into a memory partition on the first networking device for active software, wherein the memory partition does not hold a currently running stale image;
      
      rebooting the first networking device into the memory partition;
      
      wherein if the newer image does not successfully receive a heartbeat reply in an amount of time after reboot, the first networking device reverts to the stale image.
  - 13. The method of claim 1, further comprising:
    - receiving an instruction to publish a modified configuration through a Web page interface;
      
      generating at a Web user interface server new configuration files for one or more of the networking devices;
      
      copying the new configuration files to each of the servers where the new configuration files are stored in a short term monitoring database of the heartbeat server;
      
      updating by the Web user interface server the short term monitoring database with a user ID associated with the new configuration files for each of the one or more of the networking devices;
      
      wherein on a next heartbeat, the one or more of the networking devices receives the user ID for an applicable one of the new configuration files and, recognizing they have a stale configuration, fetches the applicable one of the new configuration files via a secure transport method.
  - 14. The method of claim 13, further comprising distilling and pushing data to a long term database from the short term database.
  - 15. The method of claim 1, wherein the cryptographic hash of the password is an MD5 hash or an equivalent cryptographic hash function.
  - 16. The method of claim 15, further comprising locking down the networking device with access to only DNS and the Web service.

17. A system comprising:
- at least one processor;
  
  a memory storing instructions configured to instruct the at least one processor to perform;
  
  discovering local devices, network services, and an uplink carrier associated with a network;
  
  configuring the network using a business wizard and a library of network configurations;
  
  forming and maintaining the network as a secure network;
  
  monitoring networking devices of the network using a heartbeat process;
  
  auto-upgrading software implemented in the network;
  
  authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service;
  
  receiving a Web request from a user associated with the Web service and the networking device;
  
  fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device;
  
  receiving a request at the Web service login server;
  
  generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server;
  
  sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form;
  
  validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE;
  
  receiving an HTTP POST of the generated NONCE at the captive portal;
  
  handshaking between a heartbeat daemon and a heartbeat server over HTTPS;
  
  receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password;
  
  wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein the instructions further instruct the at least one processor to perform delivering network management applications as a multi-tenant hosted software as a service.
  - 19. The system of claim 17, wherein the cryptographic hash of the password is an MD5 hash or an equivalent cryptographic hash function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Mower, Carl Steven, Palmer, Matthew Alan, Mayhew, Steven Couch
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US13/603,272
Publication Number

US 20120331524A1
Time in Patent Office

658 Days
Field of Search

726/3, 726/9, 713/153, 713/168, 713/176, 709/220, 709/226
US Class Current

726/3
CPC Class Codes

H04L 43/10   Active monitoring, e.g. hea...

H04L 67/025   for remote control or remot...

H04L 67/125   involving control of end-de...

Networking as a service

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Networking as a service

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links