US20150058456A1 - Systems and methods for managing a network - Google Patents

Systems and methods for managing a network Download PDF

Info

Publication number
US20150058456A1
US20150058456A1 US14/219,596 US201414219596A US2015058456A1 US 20150058456 A1 US20150058456 A1 US 20150058456A1 US 201414219596 A US201414219596 A US 201414219596A US 2015058456 A1 US2015058456 A1 US 2015058456A1
Authority
US
United States
Prior art keywords
network
management device
configuration
network management
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/219,596
Inventor
Robert T. Staats
Clifford H. Young
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Clearpath Networks Inc
Original Assignee
Clearpath Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=35242344&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=US20150058456(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Clearpath Networks Inc filed Critical Clearpath Networks Inc
Priority to US14/219,596 priority Critical patent/US20150058456A1/en
Publication of US20150058456A1 publication Critical patent/US20150058456A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • H04L41/0846Configuration by using pre-existing information, e.g. using templates or copying from other elements based on copy from other elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0866Checking the configuration
    • H04L41/0869Validating the configuration within one network element
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • This application discloses an invention that is related, generally and in various embodiments, to systems and methods for managing a network.
  • Some network environments provide companies with critical information technology (IT) services for installing, connecting, managing and securing their network environment.
  • IT critical information technology
  • traditional network implementations have required that network infrastructure capable of supporting computer applications be assembled using disparate hardware, software and systems that must be manually configured and managed. As a result, these traditional network implementations have been utilized primarily by large enterprises with large information technology (IT) budgets.
  • SMBs Small and medium businesses
  • SMBs Small and medium businesses
  • this application discloses a method of managing a network.
  • the method includes receiving an activation key automatically transmitted from a device connected to the network, automatically transmitting a configuration to the device, automatically maintaining the configuration of the device, and receiving log information from the device.
  • the method includes automatically setting a default configuration for the device, automatically generating an activation key associated with a device, and automatically transmitting a provisioned configuration to the device after the device is connected to the network.
  • the method includes periodically polling a device connected to the network, automatically determining whether a configuration of the device is current, automatically setting a new configuration for the device when the configuration is not current, and automatically transmitting the new configuration to the device.
  • the method includes receiving network traffic information from a device connected to the network, automatically correlating the information, and automatically determining network performance based on the information.
  • the method includes receiving credentials associated with a remote access user, automatically validating the credentials, automatically determining which devices connected to the network the remote access user is authorized to connect to, and automatically transmitting to a remote access client a list of devices the remote access user is authorized to connect to.
  • this application discloses a system for managing a network.
  • the system includes a device connected to the network and a management center in communication with the device via the Internet.
  • the device includes a processor and a memory.
  • the management center includes a first module for provisioning a configuration of the device, a second module for automatically transmitting the configuration to the device, and a third module for automatically maintaining the configuration of the device.
  • FIG. 1 illustrates various embodiments of a system for managing a network
  • FIG. 2 illustrates various embodiments of a device
  • FIG. 3 illustrates various embodiments of the device
  • FIG. 4 illustrates various embodiments of the device
  • FIG. 5 illustrates various embodiments of a management center
  • FIG. 6 illustrates various embodiments of a server
  • FIG. 7 illustrates various embodiments of a server
  • FIG. 8 illustrates various embodiments of a server
  • FIG. 9 illustrates various embodiments of a web-based management portal
  • FIG. 10 illustrates various embodiments of a method of managing a network
  • FIG. 11 illustrates various embodiments of a method of managing a network
  • FIG. 12 illustrates various embodiments of a method of managing a network
  • FIG. 13 illustrates various embodiments of a method of managing a network
  • FIG. 14 illustrates various embodiments of a method of managing a network.
  • FIG. 1 illustrates various embodiments of a system 10 for managing a network.
  • the system 10 may be utilized to provide a company with critical information technology (IT) services for installing, connecting, managing and securing their network environment without having to rely on several discrete systems.
  • IT critical information technology
  • the system 10 includes a management center 12 and at least one device 14 in communication with the management center 12 via the Internet 16 . Although only three devices 14 are shown in FIG. 1 , the system 10 may include any number of devices 14 in communication with the management center 12 via the Internet 16 . Each device 14 may be located at a different customer location, and each device 14 may be connected to a different local area network 18 .
  • FIGS. 2-4 illustrate various embodiments of the device 14 of FIG. 1 .
  • the device 14 includes a processor 20 and a memory 22 .
  • the device 14 may also include a first fast ethernet port 24 , a second fast ethernet port 26 , and a third fast ethernet port 28 .
  • the device 14 may be connected to a local area network 18 via the first fast ethernet port 24 , to a service provider wide area network 30 via the second fast ethernet port 26 , and to a demilitarized zone 32 via the third fast ethernet port 28 .
  • the device 14 may serve to act as a security device to protect the local area network 18 and the demilitarized zone 32 from outside threats originating from the wide area network 30 .
  • the device 14 may be connected to a redundant wide area network (not shown) via the third fast ethernet port 28 .
  • the local area network 18 may include network elements such as, for example, an ethernet switch 34 , a computer 36 , a wireless access point 38 , a printer 40 , a file server 42 and any other network elements known by those skilled in the art to comprise a portion of a local area network.
  • the demilitarized zone 32 may include network elements such as, for example, an ethernet switch 44 , an e-mail server 46 , a web server 48 and any other network elements known by those skilled in the art to comprise a portion of a demilitarized zone.
  • the device 14 may include a Linux based operating system and the following modules: an auto-provisioning module 50 , an auto-update module 52 , a firewall module 54 , an intrusion prevention module 56 , an anti-virus module 58 , a content filtering module 60 , an anti-spam module 62 , a VPN module 64 , a DHCP server module 66 , a distributed network management poller module 68 , an inline network performance monitoring module 70 , a logger module 72 , a remote access server module 74 , an IP and network interface module 76 , a QOS module 78 , and a VLAN module 80 .
  • an auto-provisioning module 50 an auto-update module 52 , a firewall module 54 , an intrusion prevention module 56 , an anti-virus module 58 , a content filtering module 60 , an anti-spam module 62 , a VPN module 64 , a DHCP server module 66 , a distributed network management poller module
  • the auto-provisioning module 50 of the device 14 is operable to provide the device 14 with auto-provisioning functionality.
  • the auto-provisioning module 50 allows for the device 14 to be auto-configured based on an activation code entered by an installer during installation of the device 14 at a customer location.
  • the auto-update module 52 of the device 14 is operable to provide the device 14 with auto-update functionality.
  • the auto-update module 52 allows for the device 14 to be automatically updated whenever updates to the device 14 are available.
  • the updates may include, for example, operating system updates, intrusion prevention rule updates, anti-virus signature updates, and content filtering database updates.
  • the firewall module 54 of the device 14 is operable to provide the device 14 with firewall functionality.
  • the firewall module 54 allows for the device 14 to perform deep packet inspection, stateful inspection, network address translation, port address translation and port forwarding.
  • the intrusion prevention module 56 of the device 14 is operable to provide the device 14 with intrusion prevention functionality.
  • the intrusion prevention module 56 allows for the device 14 to perform real-time traffic analysis and logging, protocol analysis, and content searching and matching.
  • the intrusion prevention module 56 may also allow for the device 14 to detect a variety of attacks and probes such as, for example, buffer overflows, operating system fingerprinting attempts, common gateway interface attacks and port scans.
  • the anti-virus module 58 of the device 14 is operable to provide the device 14 with anti-virus functionality.
  • the anti-virus module 58 of the device 14 allows for the device 14 to provide an Internet gateway protection service that protects against viruses and malicious code that may be downloaded from the Internet 16 to the local area network 18 .
  • the anti-virus module 58 of the device 14 allows for the integration of the device 14 and an anti-virus client installed on one or more devices that comprise a portion of the local area network 18 .
  • the anti-virus module 58 allows for the device 14 to block access to the Internet 16 for any device of the local area network 18 that does not have the most current anti-virus client and anti-virus signature database installed thereon.
  • the anti-virus module 58 of the device 14 may redirect such blocked devices to a webpage that will allow for the device to be updated to include the most current anti-virus client and anti-virus signature database.
  • the content filtering module 60 of the device 14 is operable to provide the device 14 with content filtering functionality.
  • the content filtering module 60 of the device 14 allows for the device 14 to act as a transparent proxy which inspects each request made from the local area network 18 to the Internet 16 .
  • the content filtering module 60 may determine whether to grant or deny the request to access a particular website based on defined policies. For instances where the request is granted, the content filtering module 60 may further determine which types of files are allowed to be downloaded from the Internet 16 to the local area network 18 .
  • each policy may be defined as a blacklist or a whitelist.
  • the content filtering module 60 operates to allow access to all sites except those explicitly defined to be blocked. If the policy is defined as a whitelist, the content filtering module 60 operates to block access to all sites except those explicitly defined to be allowed.
  • the anti-spam module 62 is operable to provide the device 14 with anti-spam and e-mail anti-virus functionality.
  • the anti-spam module 62 of the device 14 allows for the device 14 to act as a transparent proxy which inspects each e-mail message that transits the device 14 for viruses and malicious code. If the anti-spam module 62 identifies an e-mail as SPAM, the device 14 may block the e-mail. If the anti-spam module 62 identifies an e-mail as containing a virus, the device 14 may attempt to disinfect the e-mail. If the e-mail is cleaned, the device 14 may forward the cleaned e-mail along with a message that the e-mail contained a virus. If it is not possible to disinfect the e-mail, the device 14 may block the e-mail.
  • the VPN module 64 of the device 14 is operable to provide the device 14 with VPN functionality.
  • the VPN module 64 provides the encryption protocol for the automatic building of a site to site VPN which is implemented as a secure tunnel that connects two different devices 14 .
  • a secure socket layer (SSL) is used to create the encrypted tunnel between the two devices 14 .
  • SSL secure socket layer
  • the VPN module 64 allows for all of the tunnels connecting the device 14 to other devices 14 to automatically reconfigure themselves to establish new tunnels to the device 14 at the new IP Address.
  • the VPN module 64 of the device 14 allows for the cooperation of the device 14 and a remote access client.
  • the DHCP server module 66 of the device 14 is operable to provide the device 14 with DHCP server functionality.
  • the DHCP server module 66 allows the device 14 to provide IP addresses and configuration parameters to network devices requesting this information using the DHCP protocol.
  • IP address pools with characteristics such as default gateways, domain names, and DNS servers can be defined. Static assignments can also be defined based on MAC address.
  • the distributed network management poller module 68 of the device 14 is operable to provide the device 14 with distributed network management poller functionality.
  • the distributed network management poller module 68 allows the device 14 to poll network elements that comprise a portion of a local area network 18 and are in communication with the device 14 .
  • the distributed network management poller module 68 may utilize Internet control message protocol pings to determine a reachability value and a latency value for one or more of the network elements.
  • the distributed network management poller module 68 may also utilize simple network management protocol (SNMP) to poll SNMP information from network elements that are SNMP capable. Such SNMP information may include, for example, CPU utilization or server temperature.
  • SNMP simple network management protocol
  • the inline network performance monitoring module 70 of the device 14 is operable to provide the device 14 with inline network performance monitoring functionality.
  • the inline network performance monitoring module 70 allows the device 14 to inspect each packet that transits the device 14 and record certain information such as source/destination IP address, protocol, and source/destination ports.
  • the inline network performance monitoring module 70 also allows the device 14 to monitor all network traffic that passes between the device 14 and another device 14 .
  • Each device 14 has its time synchronized precisely to network time protocol servers (not shown). This allows for each device 14 to reference packet information with a common time reference.
  • the inline network performance monitoring module 70 can record the exact time every packet leaves a device 14 , and record items such as, for example, source/destination IP address, protocol, sequence number and source/destination port. As the packets travel across the Internet 16 , the packets eventually reach the destination device 14 .
  • the inline network performance monitoring module 70 of the destination device 14 records the exact time the packet is received by the destination device 14 and items such as, for example, source/destination IP address, protocol, sequence number and source/destination port.
  • the logger module 72 of the device 14 is operable to provide the device 14 with logging functionality.
  • the logger module 72 allows information obtained by the device 14 (e.g., intrusion prevention detections, anti-virus detections, network device polling results, source/destination IP addresses, application performance measurements, etc.) to be recorded, processed and transmitted to the management center 12 .
  • the data collected by the inline network management monitoring module 70 of each device 14 is forwarded to the logger module 72 of the associated device 14 .
  • the logger modules 72 wait a random amount of time (e.g., between approximately 120 and 240 seconds) before transmitting the data to the management center 12 .
  • This random delay is to prevent all the devices 14 from sending their data back to the management center 12 at the same time. If the management center 12 cannot be reached, the device 14 may queue the data locally until the management center 12 can be reached. When the management center 12 is reached, the logger module 72 will transmit all of the queued data. The data that is transmitted uses a system queue which insures that regular user network traffic will always have priority and this data transfer will only use the unused bandwidth on the network connection.
  • the remote access server module 74 of the device 14 is operable to provide the device 14 with remote access capability.
  • the remote access server module 74 allows for the cooperation of the device 14 with a remote access client.
  • the IP and network interface module 76 is operable to provide the device 14 with the capability to configure the network interface characteristics such as IP Address type (e.g., static IP, DHCP, or PPPOE), IP address, subnet mask, speed and duplex.
  • IP Address type e.g., static IP, DHCP, or PPPOE
  • IP address e.g., IP address
  • subnet mask e.g., speed and duplex.
  • speed and duplex e.g., IP Address type (e.g., static IP, DHCP, or PPPOE), IP address, subnet mask, speed and duplex.
  • the IP and network interface module 76 is also operable to provide the device 14 with the capability to configure IP routing.
  • the QOS module 78 of the device 14 is operable to provide the device 14 with QOS functionality.
  • the QOS module 78 allows the device 14 to selectively transmit packets based on the relative importance of the packet.
  • the QOS module 48 may also allow the device 14 to inspect each packet and determine a particular queue to send the packet to based on defined rules. Rules may be defined, for example, based on source/destination IP address and/or port information. If a packet does not match any rule, it may be sent to a default queue.
  • the VLAN module 80 of the device 14 is operable to provide the device 14 with VLAN functionality.
  • the first and third fast Ethernet ports 24 , 28 of the device 14 that are connected to the local area network 18 and the demilitarized zone 32 may be configured as 802.1q trunk ports.
  • the VLAN module 80 allows the device 14 to connect to many different VLANS from an Ethernet switch that has enabled trunking.
  • the device 14 may also automatically transmit performance information to the management center 12 .
  • the performance information may include, for example, a CPU utilization value for the device 14 , a memory utilization value for the device 14 , and a network interface bandwidth utilization value for the device 14 .
  • the performance data may also include, for example, the information obtained by the distributed network management poller module 68 of the device 14 .
  • FIG. 5 illustrates various embodiments of the management center 12 of FIG. 1 .
  • the management center 12 includes a database cluster 82 , an activation server 84 , a logger server 86 , a manager server 88 and a web-based management portal 90 .
  • the management center 12 is located external to any customer sites and may provide a shared infrastructure for multiple customers.
  • the database cluster 82 includes a plurality of databases and structural query language (SQL) servers.
  • the database cluster 82 includes a combination of structural query language servers and open source MySQL servers. The databases hold all of the data required by the activation server 84 , the logger server 86 , the manager server 88 and the web-based management portal 90 .
  • FIG. 6 illustrates various embodiments of the activation server 84 .
  • the activation server 84 may include a Linux based operating system, and may include an auto-provisioning manager module 92 , an auto-update manager module 94 and an activation manager module 96 .
  • the auto-provisioning manager module 92 is operable to configure any device 14 that is in the process of being activated.
  • the auto-update manager module 94 is operable to update the operating system of any device 14 that is in the process of being activated.
  • the auto-update manager module 94 is also operable to update the various databases and signature files used by applications resident on the device 14 (e.g., intrusion prevention, anti-virus, content filtering).
  • the activation manager module 96 is operable to communicate with the back-end SQL servers of the database cluster 82 to gather the necessary data required by the auto-provisioning manager module 92 to generate device configurations.
  • the activation manager module 96 is also operable to authenticate incoming devices 14 and determine their identity based on the activation key.
  • the activation server 84 is a collection of hosted servers that are utilized to set up the initial configuration of each device 14 . Based on an activation key received from the device 14 when the device 14 is first installed, the activation server 84 automatically sends the appropriate configuration to the device 14 . The activation server 84 also assigns the device 14 to a redundant pair of logger servers 86 and a redundant pair of manager servers 88 .
  • FIG. 7 illustrates various embodiments of the logger server 86 .
  • the logger server 86 may include a Linux based operating system and a logger server module 98 .
  • the logger server 86 is a collection of hosted servers that receive log information from the devices 14 and correlates the information.
  • FIG. 8 illustrates various embodiments of the manager server 88 .
  • the manager server 88 may include a Linux based operating system and the following modules: an auto-provisioning manager module 100 , an auto-update manager module 102 , a firewall configuration manager module 104 , an intrusion prevention configuration manager module 106 , an anti-virus configuration manager module 108 , a content filtering configuration manager module 110 , an anti-spam configuration manager module 112 , a VPN configuration manager module 114 , a DCHP server configuration manager module 116 , a network management monitor module 118 , a distributed network management configuration manager module 120 , an inline network management configuration manager module 122 , an IP and network interface configuration manager 124 , a VLAN configuration manager module 126 , a QOS configuration manager module 128 , a logger configuration manager module 130 , a remote access configuration manager module 132 , and a network graph generator module 134 .
  • the manager server 88 is a collection of servers that are utilized to manage the devices 14 .
  • the manager server 88 transmits the configuration and the updates to the device 14 .
  • the manager server 88 also monitors the device 14 , stores performance data, and generates graphs for each device 14 and each network element monitored by the device 14 .
  • the auto-update manager module 102 may periodically poll each device 14 and determines whether each device 14 has the most current version of the device operating system, the anti-virus signature database, the content filtering database and the intrusion protection database. If the auto-update manager module 102 determines that a particular device 14 does not have the most current version of the operating system and databases, the auto-update manager module 102 operate to will automatically transmit the appropriate update to the device 14 .
  • the VPN configuration manager module 114 may automatically configure the VPN tunnels for each device 14 .
  • the device 14 contacts the manager server 88 and reports its public Internet address.
  • the auto-provisioning manager module 100 records the reported address and stores it in the database cluster 82 .
  • the VPN configuration manager module 114 may also gather all of the VPN configuration information from the database cluster 82 for each device 14 that is provisioned to have a VPN connection to the particular device 14 .
  • the VPN configuration manager module 114 may also create configuration files for each of the devices 14 . After the manager server 88 transmi configurations to each of the devices 14 , secure encrypted tunnels are established between each of the devices 14 .
  • the device 14 When a particular device 14 is issued a new IP address, the device 14 automatically transmits its new IP address to the manager server 88 .
  • the auto-update manager module 102 responds to this IP address change and automatically generates new configurations for all of the devices 14 that have tunnels to the particular device 14 .
  • the VPN configuration manager module 114 automatically transmits the new configurations to the devices 14 and the encrypted tunnels automatically reconverge.
  • FIG. 9 illustrates various embodiments of the web-based management portal 90 .
  • the web-based management portal 90 may include a Windows or Linux based operating system and the following modules: a firewall configuration tool module 136 , an intrusion prevention configuration tool module 138 , an anti-virus configuration tool module 140 , a content filtering configuration tool module 142 , an anti-spam configuration tool module 144 , a VPN configuration tool module 146 , a DHCP server configuration tool module 148 , a network monitoring configuration tool module 150 , an IP and network interface configuration tool module 152 , a VLAN configuration tool module 154 , a QOS configuration tool module 156 , a logger configuration tool module 158 , a remote access configuration tool module 160 , a global status maps and site views module 162 and a user administration tool module 164 .
  • the web-based management portal 90 includes a collection of integrated centralized network management systems and a grouping of customer management tools.
  • the web-based management portal 90 is a combination of many different web servers running Microsoft Internet Information Server or Apache.
  • the web pages may be written in Microsoft's ASP.NET or PHP, and the web applications may interface with the SQL servers of the database cluster 82 to synchronize changes to the network environment as changes are made to the configuration of the devices 14 via the web-based management portal 90 .
  • the web-based management portal 90 may further include the capability for firewall management, intrusion prevention management, anti-virus management, content filtering management, anti-spam management, site to site and remote access virtual private network management, network monitoring, network configuration, account management and trouble ticketing.
  • the firewall configuration tool module 136 allows for centralized management of the firewall policies for each device 14 .
  • the firewall for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the firewall configuration tool module 136 allows a user to efficiently and securely manage all of the firewalls and define global policies that are easily applied to all firewalls at once.
  • the firewall configuration tool module 136 also allows the customer to set custom firewall polices to each individual firewall.
  • Each firewall can also have individual user permissions to restrict which user accounts can modify which firewalls. This capability may provide an administrator at each site the ability to manage their own firewall and yet restrict them from changing the configuration of any other firewalls in the network.
  • a notification can be automatically sent to a group of administrators every time a change is made to a firewall policy.
  • a firewall validation tool allows a user to run a security check against their current firewall settings and report on which ports are open and any vulnerabilities that are detected.
  • the firewall configuration tool module 136 may also be used to view firewall log information.
  • the intrusion prevention configuration tool module 138 allows for the centralized management of the intrusion prevention rules for each device 14 .
  • the intrusion prevention system for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the intrusion prevention configuration tool module 138 allows a user to efficiently and securely manage all of the intrusion prevention systems and define global policies that are easily applied to all intrusion prevention systems at once.
  • the intrusion prevention configuration tool module 138 also allows the customer to set custom intrusion prevention rules to each individual intrusion prevention system.
  • Each intrusion prevention system can also have individual user permissions to restrict which user accounts can modify which intrusion prevention system.
  • This capability may provide an administrator at each site the ability to manage their own intrusion prevention system and yet restrict them from changing the configuration of any other intrusion prevention systems in the network.
  • An e-mail notification can be automatically sent to a group of administrators every time a change is made to an intrusion prevention system configuration.
  • the intrusion prevention configuration tool module 138 may also be used to view intrusion protection log information.
  • the anti-virus configuration tool module 140 allows for the centralized management of the anti-virus policies for each device 14 .
  • the anti-virus service includes two anti-virus systems.
  • the first anti-virus system for a given local area network 18 may be embodied as an anti-virus gateway service that resides on the device 14 associated with the given local area network 18 .
  • the second anti-virus system is a desktop anti-virus agent that resides on each customer computer (e.g., computer 36 ) that requires anti-virus protection.
  • the anti-virus configuration tool module 140 allows a user to efficiently and securely manage both of the anti-virus systems and define global policies that are easily applied to all anti-virus systems at once.
  • the anti-virus configuration tool module 140 also allows a user to set custom anti-virus policies to each individual anti-virus gateway. Each anti-virus system can also have individual user permissions to restrict which user accounts can modify which anti-virus system. This capability may provide an administrator at each site the ability to manage their own anti-virus policies and yet restrict them from changing the configuration of any other anti-virus systems in the network. An e-mail notification can be automatically sent to a group of administrators every time a change is made to an anti-virus system configuration. The anti-virus configuration tool module 140 may also be used to view anti-virus log information.
  • the content filtering configuration tool module 142 allows for the centralized management of the content filtering policies for each device 14 .
  • the content filtering system for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the content filtering configuration tool module 142 allows a user to efficiently and securely manage all of the content filtering systems and define global policies that are easily applied to all content filtering systems at once.
  • the content filtering configuration tool module 142 also allows the customer to set custom content filtering policies to each individual content filtering system.
  • Each content filtering system can also have individual user permissions to restrict which user accounts can modify which content filtering system.
  • This capability may provide an administrator at each site the ability to manage their own content filtering system and yet restrict them from changing the configuration of any other content filtering systems in the network.
  • An e-mail notification can be automatically sent to a group of administrators every time a change is made to a content filtering system configuration.
  • the content filtering configuration tool module 142 may also be used to view content filtering log information.
  • the anti-spam configuration tool module 144 allows for the centralized management of the anti-spam policies for each device 14 .
  • the anti-spam system for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the anti-spam configuration tool module 144 allows a user to efficiently and securely manage all of the anti-spam systems and define global policies that are easily applied to all anti-spam systems at once.
  • the anti-spam configuration tool module 144 also allows a user to set custom anti-spam policies to each individual anti-spam system. Each anti-spam system can also have individual user permissions to restrict which user accounts can modify which anti-spam system.
  • This capability may provide an administrator at each site the ability to manage their own anti-spam system and yet restrict them from changing the configuration of any other anti-spam systems in the network.
  • a notification can be automatically sent to a group of administrators every time a change is made to an anti-spam system configuration.
  • the anti-spam configuration tool module 144 may also be used to view anti-spam log information.
  • the VPN configuration tool module 146 allows for the centralized management of the VPN policies for each device 14 .
  • the VPN system for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the VPN configuration tool module 146 allows a user to efficiently and securely manage all of the VPN systems and define global policies that are easily applied to all VPN systems at once.
  • the VPN configuration tool module 146 also allows a user to set custom VPN policies to each individual VPN system.
  • Each VPN system can also have individual user permissions to restrict which user accounts can modify which VPN system. This capability may provide an administrator at each site the ability to manage their own VPN system and yet restrict them from changing the configuration of any other VPN systems in the network.
  • a notification can be automatically sent to a group of administrators every time a change is made to a VPN system configuration.
  • the DHCP server configuration tool module 148 allows for the centralized management of the DHCP server policies for each device 14 .
  • the DHCP server for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the DHCP server configuration tool module 148 allows a user to efficiently and securely manage all of the DHCP servers and define global policies that are easily applied to all DHCP servers at once.
  • the DHCP server configuration tool module 148 also allows a user to set custom DHCP server policies to each individual DHCP server. Each DHCP server can also have individual user permissions to restrict which user accounts can modify which DHCP server.
  • This capability may provide an administrator at each site the ability to manage their own DHCP server and yet restrict them from changing the configuration of any other DHCP server in the network.
  • a notification can be automatically sent to a group of administrators every time a change is made to a DHCP server configuration.
  • the network monitoring configuration tool module 150 allows for the centralized management of the network monitoring policies for each device 14 .
  • the network monitoring system for a given local area network 18 resides on the device 14 associated with the given local area network 18 .
  • the network monitoring configuration tool module 150 allows a user to efficiently and securely manage all of the network monitoring systems and define global policies that are easily applied to all network monitoring systems at once.
  • the network monitoring configuration tool module 150 also allows a user to set custom network monitoring policies to each individual network monitoring system.
  • Each network monitoring system can also have individual user permissions to restrict which user accounts can modify which network monitoring system. This capability may provide an administrator at each site the ability to manage their own network monitoring system and yet restrict them from changing the configuration of any other network monitoring systems in the network.
  • a notification can be automatically sent to a group of administrators every time a change is made to a network monitoring system configuration.
  • the IP and network interface configuration tool module 152 allows for the centralized management of the network configuration for each device 14 .
  • the centralized management of the network configuration may include, for example, managing IP Address, IP Types (static IP, DHCP, PPPOE), IP routing, Ethernet Trunking, VLANs, and QOS configuration.
  • the IP and network interface configuration tool module 152 allows a user to efficiently and securely manage all of the devices 14 .
  • Each device 14 can also have individual user permissions to restrict which user accounts can modify the network configuration. This capability may provide an administrator at each site the ability to manage their own network configuration and yet restrict them from changing the configuration of any other devices 14 in the network.
  • a notification can be automatically sent to a group of administrators every time a change is made to a device network configuration.
  • the global status maps and site views module 162 allows an authorized user to view the real-time status of their network, devices 14 , and network elements that are monitored by the devices 14 .
  • This global status maps and site views module 162 provides a global map of the world, and countries and continents on this map are color coded to represent the underlying status of any devices 14 that reside in that region. For example a customer may have devices 14 in the United States, Japan, and Italy. If all of devices 14 and network elements monitored by the devices 14 are operating as expected, the countries on the map will be shown as green. When a device 14 in Japan ceases to operate as expected, the portion of the map representing Japan may turn red or yellow depending on the severity of the problem. The countries on the map can be selected to drill down into a lower level map.
  • the authorized user could select the United States from the world map and be presented with a state map of the United States.
  • the individual states may be color coded to represent the underlying status of any devices 14 that reside in that state. For each state selected, a list of the sites and devices 14 in that state may be shown.
  • the states on the map can be selected to drill down into a lower level sub map.
  • the lower level sub map may show for example, a particular region, city, or customer site.
  • the global status maps and site views module 162 may read the latest data polled for each device 14 and the network elements that are monitored by them. It may also check the data against preset thresholds that determine what the status of each device 14 should be set to. It may determine the color for the lowest level map item that contains the device 14 and set the status appropriately. The status and color for each higher level map is set to represent the status of the underlying map. The color of each map item represents the severity of the most severe problem of a device 14 in that region. For example, if a device 14 is not operating as expected, all of the maps that have a region that include this device 14 will be shown as red. If a device 14 is operating in a manner associated with the color yellow, all of the maps that have a region that include this device 14 will be shown as yellow. A map region will only be shown as green if all devices 14 included in that map region are operating as expected.
  • the user administration tool module 164 allows for the centralized management of a number of functionalities. According to various embodiments, the user administration tool module 164 allows a user to set up an account profile and manage different aspects of a user profile such as name, address and account name. According to various embodiments, the user administration tool module 164 allows a user to manage all orders for secure network access platform products and services including a description and status of orders and allows a user to order additional items as well. According to various embodiments, the user administration tool module 164 allows a user to manage bills, including reading current invoices, making payment, updating billing information, downloading previous statements, and invoices.
  • the user administration tool module 164 allows a user to add and change user accounts, delete user accounts, change passwords, create new groups, move users into certain individuals and groups, and set permissions for those individuals and groups.
  • the permissions may allow access to different portions of the web-based management portal 90 .
  • a finance employee may be given access to only account administration tools for billing and order management.
  • a technical employee may be given access to only the technical sections of the web-based management portal 90 and not to billing center or order management sections.
  • the user administration tool module 164 may allow a user to open trouble tickets, track the status of existing trouble tickets, and run some of the diagnostic tools available in the secure network access platform environment.
  • the management center 12 may correlate all information received from the devices 14 , including performance information received from the devices 14 .
  • Each of the modules described hereinabove may be implemented as microcode configured into the logic of a processor, or may be implemented as programmable microcode stored in electrically erasable programmable read only memories.
  • the modules may be implemented by software to be executed by a processor.
  • the software may utilize any suitable algorithms, computing language (e.g., C, C++, Java, JavaScript, Visual Basic, VBScript, Delphi), and/or object oriented techniques and may be embodied permanently or temporarily in any type of computer, computer system, device, machine, component, physical or virtual equipment, storage medium, or propagated signal capable of delivering instructions.
  • the software may be stored as a series of instructions or commands on a computer readable medium (e.g., device, disk, or propagated signal) such that when a computer reads the medium, the described functions are performed.
  • the secure network may include any type of delivery system comprising a local area secure network (e.g., Ethernet), a wide area secure network (e.g., the Internet and/or World Wide Web), a telephone secure network, a packet-switched secure network, a radio secure network, a television secure network, a cable secure network, a satellite secure network, and/or any other wired or wireless communications secure network configured to carry data.
  • the secure network may also include additional elements, such as intermediate nodes, proxy servers, routers, switches, and adapters configured to direct and/or deliver data.
  • FIG. 10 illustrates various embodiments of a method of managing a network.
  • the method includes receiving an activation key automatically transmitted from a device connected to the network, automatically transmitting a configuration to the device, automatically maintaining the configuration of the device, and receiving log information from the device.
  • the network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another.
  • the device may be, for example, the device 14 described hereinabove.
  • the method may be utilized to provide an automated managed service for a complex network environment.
  • the process starts at block 200 , where the management center 12 receives an activation key automatically transmitted from a device 14 connected to the network.
  • the configuration of the device 14 is provisioned by an entity such as, for example, an administrator or a managed service provider.
  • the entity may initiate the provisioning of the device 14 by logging onto the web-based management portal 90 and entering a license key associated with the device 14 .
  • the license key may be generated by a managed service provider and may be issued with the purchase of the device 14 .
  • the license key may include information such as the product type of the device 14 , the term length of the license associated with the device 14 , and the seller of the license.
  • a hash function may be used to embed the information in the key to obscure the data, and the data may be read by the network manager to verify the authenticity of the license key.
  • the configuration of the device 14 may be provisioned via the web-based management portal 90 .
  • Setting the configuration of the device 14 may include setting the IP address of the device 14 , and setting the configurations for the firewall configuration, the intrusion prevention configuration, the anti-virus configuration, the content filtering configuration, the anti-spam configuration, the VPN configuration, the DHCP server configuration, the network management configuration, the network interface configuration, the VLAN configuration, the QOS configuration and any other device configurations.
  • Each configuration provisioned for the device 14 may be stored in the database cluster 82 . According to various embodiments, a default configuration may be selected for the device 14 .
  • an activation key associated with the device 14 is generated and may be printed out or e-mailed for later use.
  • the configuration of the device 14 and the generation of the activation key may be completed from any location by accessing the web-based management portal 90 .
  • the device 14 may be installed at the customer location. After the device 14 is connected to the local area network 18 , the device 14 automatically attempts to DHCP for a wide area network IP address. As most Internet service providers assign IP addresses using DHCP, in most cases the device 14 will automatically obtain its wide area network IP address. For Internet service providers who do not use DHCP, the wide area network IP address can be obtained using PPPOE. Alternatively, a wide area network IP address may be statically assigned to the device 14 .
  • the device 14 is configured with the DNS names of a number of the hosted servers that comprise the activation server 84 . Once the device 14 obtains a wide area network IP address, the device 14 automatically attempts to communicate with one of the hosted servers that comprise the activation server 84 . When the communication is successful, the activation key is entered and the device 14 transmits the activation key to the activation server 84 . The activation key may be entered by an installer of the device 14 . The process associated with block 200 may be repeated for any number of devices 14 .
  • the process advances to block 210 , where the activation server 84 automatically transmits the configuration provisioned at block 200 to the device 14 .
  • the device 14 receives its configuration from the activation server 84 , an installer of the device 14 may be prompted to reboot the device 14 .
  • the device 14 automatically connects to its assigned manager server 88 and the installation of the device 14 is complete.
  • the process associated with block 210 may be repeated for any number of devices 14
  • the process advances to block 220 , where the management center 12 automatically maintains the configuration of the device 14 .
  • a flag is set in the database servers of the database cluster 82 when a change to the configuration of the device 14 is entered via the web-based management portal 90 .
  • the auto-provisioning manager module 100 periodically polls the database cluster 82 looking for changes to the configurations of the devices 14 managed by the manager server 88 .
  • the appropriate module e.g., firewall, intrusion prevention, anti-virus, etc.
  • the process associated with block 220 may be repeated for any number of devices 14 .
  • the process advances to block 230 , where the logger manager 86 receives log information from the device 14 .
  • the log information received from each device 14 may be compressed and encrypted, and may represent information associated with, for example, a firewall system, an intrusion prevention system, an anti-virus system, a content filtering system, an anti-spam system, etc. residing at the particular device 14 .
  • the logger manager 86 correlates the log information and makes it available to other elements of the management center 12 .
  • the correlated information may be utilized to determine both the real time and historical performance of the network.
  • FIG. 11 illustrates various embodiments of a method of managing a network.
  • the method includes automatically setting a default configuration for the device, automatically generating an activation key associated with a device, and automatically transmitting a provisioned configuration to the device after the device is connected to the network.
  • the network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another.
  • the device may be, for example, the device 14 described hereinabove.
  • the method may be utilized to provide an automated managed service for a complex network environment.
  • the process starts at block 240 , where a default configuration is set for the device 14 .
  • the web-based management portal 90 may provide the default configuration that serves as the basis for the device configuration.
  • the process associated with block 240 may be repeated for any number of devices 14 .
  • an activation key associated with a device is automatically generated.
  • the activation key may be generated by the web-based management portal 90 during the provisioning of the device 14 .
  • the provisioning of the device 14 may include changing some of the settings of the default configuration.
  • the process associated with block 250 may be repeated for any number of devices 14 .
  • the process advances to block 260 , where the provisioned configuration is automatically transmitted to the device 14 after the device 14 is connected to the network.
  • the activation server 84 may automatically transmit a provisioned configuration to the device 14 after the device 14 is connected to the network.
  • the process associated with block 260 may be repeated for any number of devices 14 .
  • FIG. 12 illustrates various embodiments of a method of managing a network.
  • the method includes periodically polling a device connected to the network, automatically determining whether a configuration of the device is current, automatically setting a new configuration for the device when the configuration is not current, and automatically transmitting the new configuration to the device.
  • the network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another.
  • the device may be, for example, the device 14 described hereinabove.
  • the method may be utilized to provide an automated managed service for a complex network environment.
  • the process starts at block 270 , where a device 14 connected to the network is periodically polled.
  • the periodic polling may be conducted by the manager server 88 .
  • the process associated with block 270 maybe repeated for any number of devices 14 .
  • the process advances to block 280 , where it is automatically determined whether the configuration of the device 14 is current. According to various embodiments, the automatic determination may be made by the manager server 88 . The process associated with block 280 maybe repeated for any number of devices 14 .
  • a new configuration is automatically set for the device 14 when the configuration of the device 14 is not current.
  • the new configuration may be automatically set by the manager server 88 .
  • the process associated with block 290 maybe repeated for any number of devices 14 .
  • the process advances to block 300 , where the new configuration is automatically transmitted to the device 14 .
  • the new configuration may be automatically transmitted to the device 14 by the manager server 88 .
  • the process associated with block 300 maybe repeated for any number of devices 14 .
  • FIG. 13 illustrates various embodiments of a method of managing a network.
  • the method includes receiving network traffic information from a device connected to the network, automatically correlating the information, and automatically determining network performance based on the information.
  • the network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another.
  • the device may be, for example, the device 14 described hereinabove.
  • the method may be utilized to provide an automated managed service for a complex network environment.
  • the process starts at block 310 , where network traffic information is received from a device 14 connected to the network.
  • the network traffic information may represent information that travels from one device 14 to another device 14 .
  • the network traffic information is captured at the device 14 and may include, for example, source/destination IP address, protocol, sequence number and source/destination port.
  • the network traffic information transmitted from the device 14 is received by the manager server 88 .
  • the process associated with block 310 maybe repeated for any number of devices 14 .
  • the process advances to block 320 , where the information is correlated.
  • the information may be correlated with network traffic information transmitted from any number of devices 14 .
  • the correlation of the information is conducted by the manager server 88 .
  • the process advances to block 330 , where the network performance is determined based on the information.
  • the network performance determination is made by the manager server 88 . For example, assume that ten VOIP packets leave a first device 14 destined for a second device 14 . As explained previously, the first device 14 may record the exact time each VOIP packet leaves, and the source/destination IP Address, protocol, sequence number and source/destination port for each VOIP packet. The first device 14 may then send this information to the manager server 88 . Further assume that these ten VOIP packets travel over the Internet 16 , the third and eighth VOIP packets are lost, dropped by a router that is over-utilized.
  • the second device 14 will only see eight VOIP packets arrive, not knowing that the third and eighth packets were lost.
  • the second device 14 may then record the exact time each packet is received and the source/destination IP Address, protocol, sequence number, and source/destination port for each received packet.
  • the second device 14 may then send this information to the manager server 88 .
  • the manager server 88 may then examine the information transmitted from the first and second devices 12 , 14 and determine, based on the IP Address, protocol, sequence number, and source/destination port that the packets recorded by both the first and second devices 14 are part of the same packet stream. Armed with this information, the manager server 88 may then determine the exact latency and jitter of each packet, and the packet loss (20% in this example) on a real application data stream.
  • the process associated with block 330 may be repeated for network traffic information received from any number of devices 14 .
  • FIG. 14 illustrates various embodiments of a method of managing a network.
  • the method includes receiving credentials associated with a remote access user, automatically validating the credentials, automatically determining which devices connected to the network the remote access user is authorized to connect to, and automatically transmitting to a remote access client a list of devices the remote access user is authorized to connect to.
  • the network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another.
  • the device may be, for example, the device 14 described hereinabove.
  • the method may be utilized to provide an automated managed service for a complex network environment.
  • the process starts at block 340 , where credentials associated with a remote access user is received from a remote access client.
  • the remote access user is a user who is located at a site that does not have a device 14 associated therewith.
  • the credentials are received by the web-based management portal 90 .
  • the remote access client may be implemented as a software client installed on a personal computer such as, for example, a desktop computer or a laptop computer.
  • the software client when the software client is launched, it requires the remote access user to input their credentials (e.g., company ID, username, password).
  • the software client may make a secure socket layer connection to the web-based management portal 90 .
  • the process associated with block 340 may be repeated for any number of remote access users.
  • the process advances to block 350 , where the credentials are automatically validated.
  • the credentials may be automatically validated by the web-based management portal 90 . If the credentials are not valid, the web-based management portal 90 may return an error message to the remote access client which may then prompt the remote access user to reenter their credentials.
  • the process associated with block 350 may be repeated for any number of remote access users.
  • the process advance to block 360 , where it is determined which devices 14 connected to the network the remote access user is authorized to connect to. According to various embodiments, the determination is made by the web-based management portal 90 .
  • the process associated with block 360 may be repeated for any number of remote access users.
  • the process advances to block 370 , where a list of the devices 14 is automatically transmitted to a remote access client associated with the remote access user.
  • the list is automatically transmitted from the web-based management portal 90 . Once the list is presented to the remote access user and a particular device 14 is selected, an encrypted tunnel may be established between the personal computer and the selected device 14 .
  • the process associated with block 370 may be repeated for any number of remote access users.
  • Each of the methods described above may be performed by the system 10 of FIG. 1 or by any suitable type of hardware (e.g., device, computer, computer system, equipment, component); software (e.g., program, application, instruction set, code); storage medium (e.g., disk, device, propagated signal); or combination thereof.
  • hardware e.g., device, computer, computer system, equipment, component
  • software e.g., program, application, instruction set, code
  • storage medium e.g., disk, device, propagated signal
  • the system 10 may further include a plurality of graphical user interfaces to facilitate the management of the network.
  • the graphical user interfaces may be presented through an interactive computer screen to solicit information from and present information to a user in conjunction with the described systems and methods.
  • the graphical user interfaces may be presented through a client system including a personal computer running a browser application and having various input/output devices (e.g., keyboard, mouse, touch screen, etc.) for receiving user input. It is therefore intended to cover all such modifications, alterations and adaptations without departing from the scope and spirit of the disclosed invention as defined by the appended claims.

Abstract

A method of managing a network. The method includes receiving an activation key transmitted from a device connected to the network, automatically transmitting a configuration to the device, automatically maintaining the configuration of the device, and receiving log information from the device.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is a divisional application of co-pending U.S. patent application Ser. No. 11/106,837 filed Apr. 15, 2005, which claims the benefit under 35 U.S.C. §119(e) to U.S. Provisional Patent Application Ser. No. 60/562,596 filed on Apr. 15, 2004, the disclosure of which is incorporated herein by reference.
  • BACKGROUND
  • This application discloses an invention that is related, generally and in various embodiments, to systems and methods for managing a network.
  • Some network environments provide companies with critical information technology (IT) services for installing, connecting, managing and securing their network environment. However, traditional network implementations have required that network infrastructure capable of supporting computer applications be assembled using disparate hardware, software and systems that must be manually configured and managed. As a result, these traditional network implementations have been utilized primarily by large enterprises with large information technology (IT) budgets.
  • Small and medium businesses (SMBs) represent the majority of businesses, and their network management and security needs are no less critical that that of larger enterprises. However, due to budgetary and technological constraints, traditional secure network management systems, services, and elements are usually not a viable option for SMBs. Most SMBs lack the necessary IT staff and budget resources to effectively manage secure network environments that may be leveraged to deploy distributed applications that run on these networks and make those businesses more competitive.
  • SUMMARY
  • In one general respect, this application discloses a method of managing a network. According to various embodiments, the method includes receiving an activation key automatically transmitted from a device connected to the network, automatically transmitting a configuration to the device, automatically maintaining the configuration of the device, and receiving log information from the device.
  • According to various embodiments, the method includes automatically setting a default configuration for the device, automatically generating an activation key associated with a device, and automatically transmitting a provisioned configuration to the device after the device is connected to the network.
  • According to various embodiments, the method includes periodically polling a device connected to the network, automatically determining whether a configuration of the device is current, automatically setting a new configuration for the device when the configuration is not current, and automatically transmitting the new configuration to the device.
  • According to various embodiments, the method includes receiving network traffic information from a device connected to the network, automatically correlating the information, and automatically determining network performance based on the information.
  • According to various embodiments, the method includes receiving credentials associated with a remote access user, automatically validating the credentials, automatically determining which devices connected to the network the remote access user is authorized to connect to, and automatically transmitting to a remote access client a list of devices the remote access user is authorized to connect to.
  • In another general respect, this application discloses a system for managing a network. According to various embodiments, the system includes a device connected to the network and a management center in communication with the device via the Internet. The device includes a processor and a memory. The management center includes a first module for provisioning a configuration of the device, a second module for automatically transmitting the configuration to the device, and a third module for automatically maintaining the configuration of the device.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates various embodiments of a system for managing a network;
  • FIG. 2 illustrates various embodiments of a device;
  • FIG. 3 illustrates various embodiments of the device;
  • FIG. 4 illustrates various embodiments of the device;
  • FIG. 5 illustrates various embodiments of a management center;
  • FIG. 6 illustrates various embodiments of a server,
  • FIG. 7 illustrates various embodiments of a server,
  • FIG. 8 illustrates various embodiments of a server;
  • FIG. 9 illustrates various embodiments of a web-based management portal;
  • FIG. 10 illustrates various embodiments of a method of managing a network;
  • FIG. 11 illustrates various embodiments of a method of managing a network;
  • FIG. 12 illustrates various embodiments of a method of managing a network;
  • FIG. 13 illustrates various embodiments of a method of managing a network; and
  • FIG. 14 illustrates various embodiments of a method of managing a network.
  • DETAILED DESCRIPTION
  • The systems and methods described herein may be utilized to provide for the automated delivery of managed services. It is to be understood that the figures and descriptions of the disclosed invention have been simplified to illustrate elements that are relevant for a clear understanding of the invention, while eliminating, for purposes of clarity, other elements. Those of ordinary skill in the art will recognize, however, that these and other elements may be desirable. However, because such elements are well known in the art, and because they do not facilitate a better understanding of the invention, a discussion of such elements is not provided herein.
  • FIG. 1 illustrates various embodiments of a system 10 for managing a network. The system 10 may be utilized to provide a company with critical information technology (IT) services for installing, connecting, managing and securing their network environment without having to rely on several discrete systems.
  • According to various embodiments, the system 10 includes a management center 12 and at least one device 14 in communication with the management center 12 via the Internet 16. Although only three devices 14 are shown in FIG. 1, the system 10 may include any number of devices 14 in communication with the management center 12 via the Internet 16. Each device 14 may be located at a different customer location, and each device 14 may be connected to a different local area network 18.
  • FIGS. 2-4 illustrate various embodiments of the device 14 of FIG. 1. As shown in FIG. 2, the device 14 includes a processor 20 and a memory 22. According to various embodiments, the device 14 may also include a first fast ethernet port 24, a second fast ethernet port 26, and a third fast ethernet port 28. As shown in FIG. 3, the device 14 may be connected to a local area network 18 via the first fast ethernet port 24, to a service provider wide area network 30 via the second fast ethernet port 26, and to a demilitarized zone 32 via the third fast ethernet port 28. The device 14 may serve to act as a security device to protect the local area network 18 and the demilitarized zone 32 from outside threats originating from the wide area network 30. According to various embodiments, in lieu of being connected to the demilitarized zone 32 via the third fast ethernet port 28, the device 14 may be connected to a redundant wide area network (not shown) via the third fast ethernet port 28.
  • The local area network 18 may include network elements such as, for example, an ethernet switch 34, a computer 36, a wireless access point 38, a printer 40, a file server 42 and any other network elements known by those skilled in the art to comprise a portion of a local area network. The demilitarized zone 32 may include network elements such as, for example, an ethernet switch 44, an e-mail server 46, a web server 48 and any other network elements known by those skilled in the art to comprise a portion of a demilitarized zone.
  • As shown in FIG. 4, the device 14 may include a Linux based operating system and the following modules: an auto-provisioning module 50, an auto-update module 52, a firewall module 54, an intrusion prevention module 56, an anti-virus module 58, a content filtering module 60, an anti-spam module 62, a VPN module 64, a DHCP server module 66, a distributed network management poller module 68, an inline network performance monitoring module 70, a logger module 72, a remote access server module 74, an IP and network interface module 76, a QOS module 78, and a VLAN module 80.
  • The auto-provisioning module 50 of the device 14 is operable to provide the device 14 with auto-provisioning functionality. For example, according to various embodiments, the auto-provisioning module 50 allows for the device 14 to be auto-configured based on an activation code entered by an installer during installation of the device 14 at a customer location.
  • The auto-update module 52 of the device 14 is operable to provide the device 14 with auto-update functionality. For example, according to various embodiments, the auto-update module 52 allows for the device 14 to be automatically updated whenever updates to the device 14 are available. The updates may include, for example, operating system updates, intrusion prevention rule updates, anti-virus signature updates, and content filtering database updates.
  • The firewall module 54 of the device 14 is operable to provide the device 14 with firewall functionality. For example, according to various embodiments, the firewall module 54 allows for the device 14 to perform deep packet inspection, stateful inspection, network address translation, port address translation and port forwarding.
  • The intrusion prevention module 56 of the device 14 is operable to provide the device 14 with intrusion prevention functionality. For example, according to various embodiments, the intrusion prevention module 56 allows for the device 14 to perform real-time traffic analysis and logging, protocol analysis, and content searching and matching. The intrusion prevention module 56 may also allow for the device 14 to detect a variety of attacks and probes such as, for example, buffer overflows, operating system fingerprinting attempts, common gateway interface attacks and port scans.
  • The anti-virus module 58 of the device 14 is operable to provide the device 14 with anti-virus functionality. For example, according to various embodiments, the anti-virus module 58 of the device 14 allows for the device 14 to provide an Internet gateway protection service that protects against viruses and malicious code that may be downloaded from the Internet 16 to the local area network 18. According to various embodiments, the anti-virus module 58 of the device 14 allows for the integration of the device 14 and an anti-virus client installed on one or more devices that comprise a portion of the local area network 18. The anti-virus module 58 allows for the device 14 to block access to the Internet 16 for any device of the local area network 18 that does not have the most current anti-virus client and anti-virus signature database installed thereon. The anti-virus module 58 of the device 14 may redirect such blocked devices to a webpage that will allow for the device to be updated to include the most current anti-virus client and anti-virus signature database.
  • The content filtering module 60 of the device 14 is operable to provide the device 14 with content filtering functionality. For example, according to various embodiments, the content filtering module 60 of the device 14 allows for the device 14 to act as a transparent proxy which inspects each request made from the local area network 18 to the Internet 16. The content filtering module 60 may determine whether to grant or deny the request to access a particular website based on defined policies. For instances where the request is granted, the content filtering module 60 may further determine which types of files are allowed to be downloaded from the Internet 16 to the local area network 18. According to various embodiments, each policy may be defined as a blacklist or a whitelist. If the policy is defined as a blacklist, the content filtering module 60 operates to allow access to all sites except those explicitly defined to be blocked. If the policy is defined as a whitelist, the content filtering module 60 operates to block access to all sites except those explicitly defined to be allowed.
  • The anti-spam module 62 is operable to provide the device 14 with anti-spam and e-mail anti-virus functionality. For example, according to various embodiments, the anti-spam module 62 of the device 14 allows for the device 14 to act as a transparent proxy which inspects each e-mail message that transits the device 14 for viruses and malicious code. If the anti-spam module 62 identifies an e-mail as SPAM, the device 14 may block the e-mail. If the anti-spam module 62 identifies an e-mail as containing a virus, the device 14 may attempt to disinfect the e-mail. If the e-mail is cleaned, the device 14 may forward the cleaned e-mail along with a message that the e-mail contained a virus. If it is not possible to disinfect the e-mail, the device 14 may block the e-mail.
  • The VPN module 64 of the device 14 is operable to provide the device 14 with VPN functionality. For example, according to various embodiments, the VPN module 64 provides the encryption protocol for the automatic building of a site to site VPN which is implemented as a secure tunnel that connects two different devices 14. A secure socket layer (SSL) is used to create the encrypted tunnel between the two devices 14. In instances where a device 14 is assigned a new WAN IP Address, the VPN module 64 allows for all of the tunnels connecting the device 14 to other devices 14 to automatically reconfigure themselves to establish new tunnels to the device 14 at the new IP Address. According to various embodiments, the VPN module 64 of the device 14 allows for the cooperation of the device 14 and a remote access client.
  • The DHCP server module 66 of the device 14 is operable to provide the device 14 with DHCP server functionality. For example, according to various embodiments, the DHCP server module 66 allows the device 14 to provide IP addresses and configuration parameters to network devices requesting this information using the DHCP protocol. IP address pools with characteristics such as default gateways, domain names, and DNS servers can be defined. Static assignments can also be defined based on MAC address.
  • The distributed network management poller module 68 of the device 14 is operable to provide the device 14 with distributed network management poller functionality. For example, according to various embodiments, the distributed network management poller module 68 allows the device 14 to poll network elements that comprise a portion of a local area network 18 and are in communication with the device 14. For example, the distributed network management poller module 68 may utilize Internet control message protocol pings to determine a reachability value and a latency value for one or more of the network elements. The distributed network management poller module 68 may also utilize simple network management protocol (SNMP) to poll SNMP information from network elements that are SNMP capable. Such SNMP information may include, for example, CPU utilization or server temperature.
  • The inline network performance monitoring module 70 of the device 14 is operable to provide the device 14 with inline network performance monitoring functionality. For example, according to various embodiments, the inline network performance monitoring module 70 allows the device 14 to inspect each packet that transits the device 14 and record certain information such as source/destination IP address, protocol, and source/destination ports.
  • According to various embodiments, the inline network performance monitoring module 70 also allows the device 14 to monitor all network traffic that passes between the device 14 and another device 14. Each device 14 has its time synchronized precisely to network time protocol servers (not shown). This allows for each device 14 to reference packet information with a common time reference. According to various embodiments, the inline network performance monitoring module 70 can record the exact time every packet leaves a device 14, and record items such as, for example, source/destination IP address, protocol, sequence number and source/destination port. As the packets travel across the Internet 16, the packets eventually reach the destination device 14. The inline network performance monitoring module 70 of the destination device 14 records the exact time the packet is received by the destination device 14 and items such as, for example, source/destination IP address, protocol, sequence number and source/destination port.
  • The logger module 72 of the device 14 is operable to provide the device 14 with logging functionality. For example, according to various embodiments, the logger module 72 allows information obtained by the device 14 (e.g., intrusion prevention detections, anti-virus detections, network device polling results, source/destination IP addresses, application performance measurements, etc.) to be recorded, processed and transmitted to the management center 12. According to various embodiments, the data collected by the inline network management monitoring module 70 of each device 14 is forwarded to the logger module 72 of the associated device 14. After receiving the data, the logger modules 72 wait a random amount of time (e.g., between approximately 120 and 240 seconds) before transmitting the data to the management center 12. This random delay is to prevent all the devices 14 from sending their data back to the management center 12 at the same time. If the management center 12 cannot be reached, the device 14 may queue the data locally until the management center 12 can be reached. When the management center 12 is reached, the logger module 72 will transmit all of the queued data. The data that is transmitted uses a system queue which insures that regular user network traffic will always have priority and this data transfer will only use the unused bandwidth on the network connection.
  • The remote access server module 74 of the device 14 is operable to provide the device 14 with remote access capability. For example, according to various embodiments, the remote access server module 74 allows for the cooperation of the device 14 with a remote access client.
  • The IP and network interface module 76 is operable to provide the device 14 with the capability to configure the network interface characteristics such as IP Address type (e.g., static IP, DHCP, or PPPOE), IP address, subnet mask, speed and duplex. The IP and network interface module 76 is also operable to provide the device 14 with the capability to configure IP routing.
  • The QOS module 78 of the device 14 is operable to provide the device 14 with QOS functionality. For example, according to various embodiments, the QOS module 78 allows the device 14 to selectively transmit packets based on the relative importance of the packet. The QOS module 48 may also allow the device 14 to inspect each packet and determine a particular queue to send the packet to based on defined rules. Rules may be defined, for example, based on source/destination IP address and/or port information. If a packet does not match any rule, it may be sent to a default queue.
  • The VLAN module 80 of the device 14 is operable to provide the device 14 with VLAN functionality. For example, according to various embodiments, the first and third fast Ethernet ports 24, 28 of the device 14 that are connected to the local area network 18 and the demilitarized zone 32 may be configured as 802.1q trunk ports. The VLAN module 80 allows the device 14 to connect to many different VLANS from an Ethernet switch that has enabled trunking.
  • According to various embodiments, the device 14 may also automatically transmit performance information to the management center 12. The performance information may include, for example, a CPU utilization value for the device 14, a memory utilization value for the device 14, and a network interface bandwidth utilization value for the device 14. The performance data may also include, for example, the information obtained by the distributed network management poller module 68 of the device 14.
  • FIG. 5 illustrates various embodiments of the management center 12 of FIG. 1. The management center 12 includes a database cluster 82, an activation server 84, a logger server 86, a manager server 88 and a web-based management portal 90. The management center 12 is located external to any customer sites and may provide a shared infrastructure for multiple customers. According to various embodiments, the database cluster 82 includes a plurality of databases and structural query language (SQL) servers. According to various embodiments, the database cluster 82 includes a combination of structural query language servers and open source MySQL servers. The databases hold all of the data required by the activation server 84, the logger server 86, the manager server 88 and the web-based management portal 90.
  • FIG. 6 illustrates various embodiments of the activation server 84. The activation server 84 may include a Linux based operating system, and may include an auto-provisioning manager module 92, an auto-update manager module 94 and an activation manager module 96. The auto-provisioning manager module 92 is operable to configure any device 14 that is in the process of being activated. The auto-update manager module 94 is operable to update the operating system of any device 14 that is in the process of being activated. The auto-update manager module 94 is also operable to update the various databases and signature files used by applications resident on the device 14 (e.g., intrusion prevention, anti-virus, content filtering). The activation manager module 96 is operable to communicate with the back-end SQL servers of the database cluster 82 to gather the necessary data required by the auto-provisioning manager module 92 to generate device configurations. The activation manager module 96 is also operable to authenticate incoming devices 14 and determine their identity based on the activation key.
  • According to various embodiments, the activation server 84 is a collection of hosted servers that are utilized to set up the initial configuration of each device 14. Based on an activation key received from the device 14 when the device 14 is first installed, the activation server 84 automatically sends the appropriate configuration to the device 14. The activation server 84 also assigns the device 14 to a redundant pair of logger servers 86 and a redundant pair of manager servers 88.
  • FIG. 7 illustrates various embodiments of the logger server 86. The logger server 86 may include a Linux based operating system and a logger server module 98. According to various embodiments, the logger server 86 is a collection of hosted servers that receive log information from the devices 14 and correlates the information.
  • FIG. 8 illustrates various embodiments of the manager server 88. The manager server 88 may include a Linux based operating system and the following modules: an auto-provisioning manager module 100, an auto-update manager module 102, a firewall configuration manager module 104, an intrusion prevention configuration manager module 106, an anti-virus configuration manager module 108, a content filtering configuration manager module 110, an anti-spam configuration manager module 112, a VPN configuration manager module 114, a DCHP server configuration manager module 116, a network management monitor module 118, a distributed network management configuration manager module 120, an inline network management configuration manager module 122, an IP and network interface configuration manager 124, a VLAN configuration manager module 126, a QOS configuration manager module 128, a logger configuration manager module 130, a remote access configuration manager module 132, and a network graph generator module 134.
  • According to various embodiments, the manager server 88 is a collection of servers that are utilized to manage the devices 14. The manager server 88 transmits the configuration and the updates to the device 14. The manager server 88 also monitors the device 14, stores performance data, and generates graphs for each device 14 and each network element monitored by the device 14. For example, the auto-update manager module 102 may periodically poll each device 14 and determines whether each device 14 has the most current version of the device operating system, the anti-virus signature database, the content filtering database and the intrusion protection database. If the auto-update manager module 102 determines that a particular device 14 does not have the most current version of the operating system and databases, the auto-update manager module 102 operate to will automatically transmit the appropriate update to the device 14.
  • The VPN configuration manager module 114 may automatically configure the VPN tunnels for each device 14. When the particular device 14 is first activated, the device 14 contacts the manager server 88 and reports its public Internet address. The auto-provisioning manager module 100 records the reported address and stores it in the database cluster 82. The VPN configuration manager module 114 may also gather all of the VPN configuration information from the database cluster 82 for each device 14 that is provisioned to have a VPN connection to the particular device 14. The VPN configuration manager module 114 may also create configuration files for each of the devices 14. After the manager server 88 transmi configurations to each of the devices 14, secure encrypted tunnels are established between each of the devices 14.
  • When a particular device 14 is issued a new IP address, the device 14 automatically transmits its new IP address to the manager server 88. The auto-update manager module 102 responds to this IP address change and automatically generates new configurations for all of the devices 14 that have tunnels to the particular device 14. The VPN configuration manager module 114 automatically transmits the new configurations to the devices 14 and the encrypted tunnels automatically reconverge.
  • FIG. 9 illustrates various embodiments of the web-based management portal 90. The web-based management portal 90 may include a Windows or Linux based operating system and the following modules: a firewall configuration tool module 136, an intrusion prevention configuration tool module 138, an anti-virus configuration tool module 140, a content filtering configuration tool module 142, an anti-spam configuration tool module 144, a VPN configuration tool module 146, a DHCP server configuration tool module 148, a network monitoring configuration tool module 150, an IP and network interface configuration tool module 152, a VLAN configuration tool module 154, a QOS configuration tool module 156, a logger configuration tool module 158, a remote access configuration tool module 160, a global status maps and site views module 162 and a user administration tool module 164.
  • According to various embodiments, the web-based management portal 90 includes a collection of integrated centralized network management systems and a grouping of customer management tools. According to various embodiments, the web-based management portal 90 is a combination of many different web servers running Microsoft Internet Information Server or Apache. The web pages may be written in Microsoft's ASP.NET or PHP, and the web applications may interface with the SQL servers of the database cluster 82 to synchronize changes to the network environment as changes are made to the configuration of the devices 14 via the web-based management portal 90. The web-based management portal 90 may further include the capability for firewall management, intrusion prevention management, anti-virus management, content filtering management, anti-spam management, site to site and remote access virtual private network management, network monitoring, network configuration, account management and trouble ticketing.
  • The firewall configuration tool module 136 allows for centralized management of the firewall policies for each device 14. According to various embodiments, the firewall for a given local area network 18 resides on the device 14 associated with the given local area network 18. The firewall configuration tool module 136 allows a user to efficiently and securely manage all of the firewalls and define global policies that are easily applied to all firewalls at once. The firewall configuration tool module 136 also allows the customer to set custom firewall polices to each individual firewall. Each firewall can also have individual user permissions to restrict which user accounts can modify which firewalls. This capability may provide an administrator at each site the ability to manage their own firewall and yet restrict them from changing the configuration of any other firewalls in the network. A notification can be automatically sent to a group of administrators every time a change is made to a firewall policy. A firewall validation tool allows a user to run a security check against their current firewall settings and report on which ports are open and any vulnerabilities that are detected. The firewall configuration tool module 136 may also be used to view firewall log information.
  • The intrusion prevention configuration tool module 138 allows for the centralized management of the intrusion prevention rules for each device 14. According to various embodiments, the intrusion prevention system for a given local area network 18 resides on the device 14 associated with the given local area network 18. The intrusion prevention configuration tool module 138 allows a user to efficiently and securely manage all of the intrusion prevention systems and define global policies that are easily applied to all intrusion prevention systems at once. The intrusion prevention configuration tool module 138 also allows the customer to set custom intrusion prevention rules to each individual intrusion prevention system. Each intrusion prevention system can also have individual user permissions to restrict which user accounts can modify which intrusion prevention system. This capability may provide an administrator at each site the ability to manage their own intrusion prevention system and yet restrict them from changing the configuration of any other intrusion prevention systems in the network. An e-mail notification can be automatically sent to a group of administrators every time a change is made to an intrusion prevention system configuration. The intrusion prevention configuration tool module 138 may also be used to view intrusion protection log information.
  • The anti-virus configuration tool module 140 allows for the centralized management of the anti-virus policies for each device 14. According to various embodiments, the anti-virus service includes two anti-virus systems. The first anti-virus system for a given local area network 18 may be embodied as an anti-virus gateway service that resides on the device 14 associated with the given local area network 18. The second anti-virus system is a desktop anti-virus agent that resides on each customer computer (e.g., computer 36) that requires anti-virus protection. The anti-virus configuration tool module 140 allows a user to efficiently and securely manage both of the anti-virus systems and define global policies that are easily applied to all anti-virus systems at once. The anti-virus configuration tool module 140 also allows a user to set custom anti-virus policies to each individual anti-virus gateway. Each anti-virus system can also have individual user permissions to restrict which user accounts can modify which anti-virus system. This capability may provide an administrator at each site the ability to manage their own anti-virus policies and yet restrict them from changing the configuration of any other anti-virus systems in the network. An e-mail notification can be automatically sent to a group of administrators every time a change is made to an anti-virus system configuration. The anti-virus configuration tool module 140 may also be used to view anti-virus log information.
  • The content filtering configuration tool module 142 allows for the centralized management of the content filtering policies for each device 14. According to various embodiments, the content filtering system for a given local area network 18 resides on the device 14 associated with the given local area network 18. The content filtering configuration tool module 142 allows a user to efficiently and securely manage all of the content filtering systems and define global policies that are easily applied to all content filtering systems at once. The content filtering configuration tool module 142 also allows the customer to set custom content filtering policies to each individual content filtering system. Each content filtering system can also have individual user permissions to restrict which user accounts can modify which content filtering system. This capability may provide an administrator at each site the ability to manage their own content filtering system and yet restrict them from changing the configuration of any other content filtering systems in the network. An e-mail notification can be automatically sent to a group of administrators every time a change is made to a content filtering system configuration. The content filtering configuration tool module 142 may also be used to view content filtering log information.
  • The anti-spam configuration tool module 144 allows for the centralized management of the anti-spam policies for each device 14. According to various embodiments, the anti-spam system for a given local area network 18 resides on the device 14 associated with the given local area network 18. The anti-spam configuration tool module 144 allows a user to efficiently and securely manage all of the anti-spam systems and define global policies that are easily applied to all anti-spam systems at once. The anti-spam configuration tool module 144 also allows a user to set custom anti-spam policies to each individual anti-spam system. Each anti-spam system can also have individual user permissions to restrict which user accounts can modify which anti-spam system. This capability may provide an administrator at each site the ability to manage their own anti-spam system and yet restrict them from changing the configuration of any other anti-spam systems in the network. A notification can be automatically sent to a group of administrators every time a change is made to an anti-spam system configuration. The anti-spam configuration tool module 144 may also be used to view anti-spam log information.
  • The VPN configuration tool module 146 allows for the centralized management of the VPN policies for each device 14. According to various embodiments, the VPN system for a given local area network 18 resides on the device 14 associated with the given local area network 18. The VPN configuration tool module 146 allows a user to efficiently and securely manage all of the VPN systems and define global policies that are easily applied to all VPN systems at once. The VPN configuration tool module 146 also allows a user to set custom VPN policies to each individual VPN system. Each VPN system can also have individual user permissions to restrict which user accounts can modify which VPN system. This capability may provide an administrator at each site the ability to manage their own VPN system and yet restrict them from changing the configuration of any other VPN systems in the network. A notification can be automatically sent to a group of administrators every time a change is made to a VPN system configuration.
  • The DHCP server configuration tool module 148 allows for the centralized management of the DHCP server policies for each device 14. According to various embodiments, the DHCP server for a given local area network 18 resides on the device 14 associated with the given local area network 18. The DHCP server configuration tool module 148 allows a user to efficiently and securely manage all of the DHCP servers and define global policies that are easily applied to all DHCP servers at once. The DHCP server configuration tool module 148 also allows a user to set custom DHCP server policies to each individual DHCP server. Each DHCP server can also have individual user permissions to restrict which user accounts can modify which DHCP server. This capability may provide an administrator at each site the ability to manage their own DHCP server and yet restrict them from changing the configuration of any other DHCP server in the network. A notification can be automatically sent to a group of administrators every time a change is made to a DHCP server configuration.
  • The network monitoring configuration tool module 150 allows for the centralized management of the network monitoring policies for each device 14. According to various embodiments, the network monitoring system for a given local area network 18 resides on the device 14 associated with the given local area network 18. The network monitoring configuration tool module 150 allows a user to efficiently and securely manage all of the network monitoring systems and define global policies that are easily applied to all network monitoring systems at once. The network monitoring configuration tool module 150 also allows a user to set custom network monitoring policies to each individual network monitoring system. Each network monitoring system can also have individual user permissions to restrict which user accounts can modify which network monitoring system. This capability may provide an administrator at each site the ability to manage their own network monitoring system and yet restrict them from changing the configuration of any other network monitoring systems in the network. A notification can be automatically sent to a group of administrators every time a change is made to a network monitoring system configuration.
  • The IP and network interface configuration tool module 152 allows for the centralized management of the network configuration for each device 14. The centralized management of the network configuration may include, for example, managing IP Address, IP Types (static IP, DHCP, PPPOE), IP routing, Ethernet Trunking, VLANs, and QOS configuration. According to various embodiments, the IP and network interface configuration tool module 152 allows a user to efficiently and securely manage all of the devices 14. Each device 14 can also have individual user permissions to restrict which user accounts can modify the network configuration. This capability may provide an administrator at each site the ability to manage their own network configuration and yet restrict them from changing the configuration of any other devices 14 in the network. A notification can be automatically sent to a group of administrators every time a change is made to a device network configuration.
  • The global status maps and site views module 162 allows an authorized user to view the real-time status of their network, devices 14, and network elements that are monitored by the devices 14. This global status maps and site views module 162 provides a global map of the world, and countries and continents on this map are color coded to represent the underlying status of any devices 14 that reside in that region. For example a customer may have devices 14 in the United States, Japan, and Italy. If all of devices 14 and network elements monitored by the devices 14 are operating as expected, the countries on the map will be shown as green. When a device 14 in Japan ceases to operate as expected, the portion of the map representing Japan may turn red or yellow depending on the severity of the problem. The countries on the map can be selected to drill down into a lower level map. For example, the authorized user could select the United States from the world map and be presented with a state map of the United States. The individual states may be color coded to represent the underlying status of any devices 14 that reside in that state. For each state selected, a list of the sites and devices 14 in that state may be shown. The states on the map can be selected to drill down into a lower level sub map. The lower level sub map may show for example, a particular region, city, or customer site.
  • The global status maps and site views module 162 may read the latest data polled for each device 14 and the network elements that are monitored by them. It may also check the data against preset thresholds that determine what the status of each device 14 should be set to. It may determine the color for the lowest level map item that contains the device 14 and set the status appropriately. The status and color for each higher level map is set to represent the status of the underlying map. The color of each map item represents the severity of the most severe problem of a device 14 in that region. For example, if a device 14 is not operating as expected, all of the maps that have a region that include this device 14 will be shown as red. If a device 14 is operating in a manner associated with the color yellow, all of the maps that have a region that include this device 14 will be shown as yellow. A map region will only be shown as green if all devices 14 included in that map region are operating as expected.
  • The user administration tool module 164 allows for the centralized management of a number of functionalities. According to various embodiments, the user administration tool module 164 allows a user to set up an account profile and manage different aspects of a user profile such as name, address and account name. According to various embodiments, the user administration tool module 164 allows a user to manage all orders for secure network access platform products and services including a description and status of orders and allows a user to order additional items as well. According to various embodiments, the user administration tool module 164 allows a user to manage bills, including reading current invoices, making payment, updating billing information, downloading previous statements, and invoices.
  • According to various embodiments, the user administration tool module 164 allows a user to add and change user accounts, delete user accounts, change passwords, create new groups, move users into certain individuals and groups, and set permissions for those individuals and groups. The permissions may allow access to different portions of the web-based management portal 90. For example, a finance employee may be given access to only account administration tools for billing and order management. Similarly, a technical employee may be given access to only the technical sections of the web-based management portal 90 and not to billing center or order management sections. According to various embodiments, the user administration tool module 164 may allow a user to open trouble tickets, track the status of existing trouble tickets, and run some of the diagnostic tools available in the secure network access platform environment.
  • According to various embodiments, the management center 12 may correlate all information received from the devices 14, including performance information received from the devices 14.
  • Each of the modules described hereinabove may be implemented as microcode configured into the logic of a processor, or may be implemented as programmable microcode stored in electrically erasable programmable read only memories. According to other embodiments, the modules may be implemented by software to be executed by a processor. The software may utilize any suitable algorithms, computing language (e.g., C, C++, Java, JavaScript, Visual Basic, VBScript, Delphi), and/or object oriented techniques and may be embodied permanently or temporarily in any type of computer, computer system, device, machine, component, physical or virtual equipment, storage medium, or propagated signal capable of delivering instructions. The software may be stored as a series of instructions or commands on a computer readable medium (e.g., device, disk, or propagated signal) such that when a computer reads the medium, the described functions are performed.
  • Although the system 10 is shown in FIG. 1 as having wired data pathways, according to various embodiments, the network elements may be interconnected through a secure network having wired or wireless data pathways. The secure network may include any type of delivery system comprising a local area secure network (e.g., Ethernet), a wide area secure network (e.g., the Internet and/or World Wide Web), a telephone secure network, a packet-switched secure network, a radio secure network, a television secure network, a cable secure network, a satellite secure network, and/or any other wired or wireless communications secure network configured to carry data. The secure network may also include additional elements, such as intermediate nodes, proxy servers, routers, switches, and adapters configured to direct and/or deliver data.
  • FIG. 10 illustrates various embodiments of a method of managing a network. According to various embodiments, the method includes receiving an activation key automatically transmitted from a device connected to the network, automatically transmitting a configuration to the device, automatically maintaining the configuration of the device, and receiving log information from the device. The network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another. The device may be, for example, the device 14 described hereinabove. The method may be utilized to provide an automated managed service for a complex network environment.
  • The process starts at block 200, where the management center 12 receives an activation key automatically transmitted from a device 14 connected to the network. Prior to the start of the process at block 200, the configuration of the device 14 is provisioned by an entity such as, for example, an administrator or a managed service provider. The entity may initiate the provisioning of the device 14 by logging onto the web-based management portal 90 and entering a license key associated with the device 14. The license key may be generated by a managed service provider and may be issued with the purchase of the device 14. The license key may include information such as the product type of the device 14, the term length of the license associated with the device 14, and the seller of the license. A hash function may be used to embed the information in the key to obscure the data, and the data may be read by the network manager to verify the authenticity of the license key.
  • Once the license key is received by the web-based management portal 90, the configuration of the device 14 may be provisioned via the web-based management portal 90. Setting the configuration of the device 14 may include setting the IP address of the device 14, and setting the configurations for the firewall configuration, the intrusion prevention configuration, the anti-virus configuration, the content filtering configuration, the anti-spam configuration, the VPN configuration, the DHCP server configuration, the network management configuration, the network interface configuration, the VLAN configuration, the QOS configuration and any other device configurations. Each configuration provisioned for the device 14 may be stored in the database cluster 82. According to various embodiments, a default configuration may be selected for the device 14.
  • During the provisioning process, an activation key associated with the device 14 is generated and may be printed out or e-mailed for later use. The configuration of the device 14 and the generation of the activation key may be completed from any location by accessing the web-based management portal 90.
  • Once the provisioning process is completed, the device 14 may be installed at the customer location. After the device 14 is connected to the local area network 18, the device 14 automatically attempts to DHCP for a wide area network IP address. As most Internet service providers assign IP addresses using DHCP, in most cases the device 14 will automatically obtain its wide area network IP address. For Internet service providers who do not use DHCP, the wide area network IP address can be obtained using PPPOE. Alternatively, a wide area network IP address may be statically assigned to the device 14.
  • According to various embodiments, the device 14 is configured with the DNS names of a number of the hosted servers that comprise the activation server 84. Once the device 14 obtains a wide area network IP address, the device 14 automatically attempts to communicate with one of the hosted servers that comprise the activation server 84. When the communication is successful, the activation key is entered and the device 14 transmits the activation key to the activation server 84. The activation key may be entered by an installer of the device 14. The process associated with block 200 may be repeated for any number of devices 14.
  • From block 200, the process advances to block 210, where the activation server 84 automatically transmits the configuration provisioned at block 200 to the device 14. After the device 14 receives its configuration from the activation server 84, an installer of the device 14 may be prompted to reboot the device 14. Once the device 14 reboots, the device 14 automatically connects to its assigned manager server 88 and the installation of the device 14 is complete. The process associated with block 210 may be repeated for any number of devices 14
  • From block 210, the process advances to block 220, where the management center 12 automatically maintains the configuration of the device 14. According to various embodiments, a flag is set in the database servers of the database cluster 82 when a change to the configuration of the device 14 is entered via the web-based management portal 90. According to various embodiments, the auto-provisioning manager module 100 periodically polls the database cluster 82 looking for changes to the configurations of the devices 14 managed by the manager server 88. When the auto-provisioning manager module 100 detects a device configuration that needs to be changed, the appropriate module (e.g., firewall, intrusion prevention, anti-virus, etc.) will generate the new configuration for the particular service and make the necessary configuration changes to the device 14 that needs to be updated. The process associated with block 220 may be repeated for any number of devices 14.
  • From block 220, the process advances to block 230, where the logger manager 86 receives log information from the device 14. As explained previously, the log information received from each device 14 may be compressed and encrypted, and may represent information associated with, for example, a firewall system, an intrusion prevention system, an anti-virus system, a content filtering system, an anti-spam system, etc. residing at the particular device 14. Once the logger manager 86 receives the log information, the logger manager 86 correlates the log information and makes it available to other elements of the management center 12. The correlated information may be utilized to determine both the real time and historical performance of the network.
  • FIG. 11 illustrates various embodiments of a method of managing a network. According to various embodiments, the method includes automatically setting a default configuration for the device, automatically generating an activation key associated with a device, and automatically transmitting a provisioned configuration to the device after the device is connected to the network. The network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another. The device may be, for example, the device 14 described hereinabove. The method may be utilized to provide an automated managed service for a complex network environment.
  • The process starts at block 240, where a default configuration is set for the device 14. According to various embodiments, the web-based management portal 90 may provide the default configuration that serves as the basis for the device configuration. The process associated with block 240 may be repeated for any number of devices 14.
  • From block 240, the process advances to block 250, where an activation key associated with a device is automatically generated. According to various embodiments, the activation key may be generated by the web-based management portal 90 during the provisioning of the device 14. The provisioning of the device 14 may include changing some of the settings of the default configuration. The process associated with block 250 may be repeated for any number of devices 14.
  • From block 250, the process advances to block 260, where the provisioned configuration is automatically transmitted to the device 14 after the device 14 is connected to the network. According to various embodiments, the activation server 84 may automatically transmit a provisioned configuration to the device 14 after the device 14 is connected to the network. The process associated with block 260 may be repeated for any number of devices 14.
  • FIG. 12 illustrates various embodiments of a method of managing a network. According to various embodiments, the method includes periodically polling a device connected to the network, automatically determining whether a configuration of the device is current, automatically setting a new configuration for the device when the configuration is not current, and automatically transmitting the new configuration to the device. The network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another. The device may be, for example, the device 14 described hereinabove. The method may be utilized to provide an automated managed service for a complex network environment.
  • The process starts at block 270, where a device 14 connected to the network is periodically polled. According to various embodiments, the periodic polling may be conducted by the manager server 88. The process associated with block 270 maybe repeated for any number of devices 14.
  • From block 270, the process advances to block 280, where it is automatically determined whether the configuration of the device 14 is current. According to various embodiments, the automatic determination may be made by the manager server 88. The process associated with block 280 maybe repeated for any number of devices 14.
  • From block 280, the process advances to block 290, where a new configuration is automatically set for the device 14 when the configuration of the device 14 is not current. According to various embodiments, the new configuration may be automatically set by the manager server 88. The process associated with block 290 maybe repeated for any number of devices 14.
  • From block 290, the process advances to block 300, where the new configuration is automatically transmitted to the device 14. According to various embodiments, the new configuration may be automatically transmitted to the device 14 by the manager server 88. The process associated with block 300 maybe repeated for any number of devices 14.
  • FIG. 13 illustrates various embodiments of a method of managing a network. According to various embodiments, the method includes receiving network traffic information from a device connected to the network, automatically correlating the information, and automatically determining network performance based on the information. The network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another. The device may be, for example, the device 14 described hereinabove. The method may be utilized to provide an automated managed service for a complex network environment.
  • The process starts at block 310, where network traffic information is received from a device 14 connected to the network. The network traffic information may represent information that travels from one device 14 to another device 14. According to various embodiments, the network traffic information is captured at the device 14 and may include, for example, source/destination IP address, protocol, sequence number and source/destination port. According to various embodiments, the network traffic information transmitted from the device 14 is received by the manager server 88. The process associated with block 310 maybe repeated for any number of devices 14.
  • From block 310, the process advances to block 320, where the information is correlated. According to various embodiments the information may be correlated with network traffic information transmitted from any number of devices 14. According to various embodiments, the correlation of the information is conducted by the manager server 88.
  • From block 320, the process advances to block 330, where the network performance is determined based on the information. According to various embodiments, the network performance determination is made by the manager server 88. For example, assume that ten VOIP packets leave a first device 14 destined for a second device 14. As explained previously, the first device 14 may record the exact time each VOIP packet leaves, and the source/destination IP Address, protocol, sequence number and source/destination port for each VOIP packet. The first device 14 may then send this information to the manager server 88. Further assume that these ten VOIP packets travel over the Internet 16, the third and eighth VOIP packets are lost, dropped by a router that is over-utilized. The second device 14 will only see eight VOIP packets arrive, not knowing that the third and eighth packets were lost. The second device 14 may then record the exact time each packet is received and the source/destination IP Address, protocol, sequence number, and source/destination port for each received packet. The second device 14 may then send this information to the manager server 88. The manager server 88 may then examine the information transmitted from the first and second devices 12, 14 and determine, based on the IP Address, protocol, sequence number, and source/destination port that the packets recorded by both the first and second devices 14 are part of the same packet stream. Armed with this information, the manager server 88 may then determine the exact latency and jitter of each packet, and the packet loss (20% in this example) on a real application data stream. The process associated with block 330 may be repeated for network traffic information received from any number of devices 14.
  • FIG. 14 illustrates various embodiments of a method of managing a network. According to various embodiments, the method includes receiving credentials associated with a remote access user, automatically validating the credentials, automatically determining which devices connected to the network the remote access user is authorized to connect to, and automatically transmitting to a remote access client a list of devices the remote access user is authorized to connect to. The network may be, for example, a local area network, or a number of local area networks that rely on the Internet to communicate with one another. The device may be, for example, the device 14 described hereinabove. The method may be utilized to provide an automated managed service for a complex network environment.
  • The process starts at block 340, where credentials associated with a remote access user is received from a remote access client. The remote access user is a user who is located at a site that does not have a device 14 associated therewith. According to various embodiments, the credentials are received by the web-based management portal 90. The remote access client may be implemented as a software client installed on a personal computer such as, for example, a desktop computer or a laptop computer. According to various embodiments, when the software client is launched, it requires the remote access user to input their credentials (e.g., company ID, username, password). After the remote access user enters the credentials, the software client may make a secure socket layer connection to the web-based management portal 90. The process associated with block 340 may be repeated for any number of remote access users.
  • From block 340, the process advances to block 350, where the credentials are automatically validated. According to various embodiments, the credentials may be automatically validated by the web-based management portal 90. If the credentials are not valid, the web-based management portal 90 may return an error message to the remote access client which may then prompt the remote access user to reenter their credentials. The process associated with block 350 may be repeated for any number of remote access users.
  • From block 350, the process advance to block 360, where it is determined which devices 14 connected to the network the remote access user is authorized to connect to. According to various embodiments, the determination is made by the web-based management portal 90. The process associated with block 360 may be repeated for any number of remote access users.
  • From block 360, the process advances to block 370, where a list of the devices 14 is automatically transmitted to a remote access client associated with the remote access user. According to various embodiments, the list is automatically transmitted from the web-based management portal 90. Once the list is presented to the remote access user and a particular device 14 is selected, an encrypted tunnel may be established between the personal computer and the selected device 14. The process associated with block 370 may be repeated for any number of remote access users.
  • Each of the methods described above may be performed by the system 10 of FIG. 1 or by any suitable type of hardware (e.g., device, computer, computer system, equipment, component); software (e.g., program, application, instruction set, code); storage medium (e.g., disk, device, propagated signal); or combination thereof.
  • While several embodiments of the invention have been described, it should be apparent, however, that various modifications, alterations and adaptations to those embodiments may occur to persons skilled in the art with the attainment of some or all of the advantages of the disclosed invention. For example, the system 10 may further include a plurality of graphical user interfaces to facilitate the management of the network. The graphical user interfaces may be presented through an interactive computer screen to solicit information from and present information to a user in conjunction with the described systems and methods. The graphical user interfaces may be presented through a client system including a personal computer running a browser application and having various input/output devices (e.g., keyboard, mouse, touch screen, etc.) for receiving user input. It is therefore intended to cover all such modifications, alterations and adaptations without departing from the scope and spirit of the disclosed invention as defined by the appended claims.

Claims (24)

What is claimed is:
1. A method for providing a managed network, comprising:
in a management center, setting at least one configuration to be transmitted to a first network management device, the at least one configuration to cause the first network management device to provide a corresponding at least one managed network service for a first network after the at least one configuration is transmitted to and received by the first network management device, wherein setting the at least one configuration comprises setting:
a quality of service (QOS) configuration to cause the first network management device to enable selective transmission of information by the first network management device based on a relative metric of the information; and
transmitting the at least one configuration to the first network management device via a second network in response to receiving an activation key at the management center, the activation key transmitted from the first network management device to the management center via the second network after the first network management device is connected to the second network at a first location.
2. The method of claim 1, wherein setting at least one configuration of a first network management device comprises generating the activation key.
3. The method of claim 1, wherein setting at least one configuration of a first network management device comprises setting at least one of:
an anti-virus configuration to cause the first network management device to provide an anti-virus service;
a content filtering configuration to cause the first network management device to provide a content filtering service;
an anti-spam configuration to cause the first network management device to provide an anti-spam service;
a virtual private network (VPN) configuration to cause the first network management device to provide a VPN service, the VPN service to enable the first network management device to communicate with at least one of: a second network management device located at a second location, a remote access client, and the management center;
an internet protocol (IP) routing and network interface configuration to cause the first network management device to provide an IP routing and network interface service; and
a device monitoring configuration to cause the first network management device to provide a device monitoring service, the device monitoring service to monitor one or more network elements, the one or more network elements connected to the first network and external to the first network management device.
4. The method of claim 1, comprising updating the at least one configuration within the first network management device.
5. The method of claim 4, wherein updating the at least one configuration within the first network management device comprises:
periodically polling the first network management device;
determining whether the at least one configuration of the first network management device is current;
setting a new configuration for each of the at least one configuration that is not current; and
transmitting the new configurations to the first network management device.
6. The method of claim 1, comprising receiving log information from the first network management device, the log information associated with at least one managed network service.
7. The method of claim 6, comprising:
correlating the received log information; and
determining one or more of a real time performance and a historical performance of the first network based on the correlated log information.
8. The method of claim 1, comprising:
receiving performance information from the first network management device;
correlating the received performance information; and
determining one or more of a real time performance and a historical performance of the first network based on the correlated performance information.
9. The method of claim 8, wherein receiving performance information from the first network management device comprises receiving at least one of the following:
a CPU utilization value;
a memory utilization; and
a network interface bandwidth utilization value.
10. The method of claim 8, wherein receiving performance information from the first network management device comprises receiving performance information gathered from one or more network elements connected to the first network and external to the first network management device.
11. The method of claim 10, wherein receiving performance information gathered from the one or more network elements comprises receiving at least one of the following:
a reachability value;
a latency value; and
a CPU utilization value.
12. A system for managing a network, the system comprising:
a first network management device comprising a processor and a memory, the first network management device to provide at least one managed network service for a first network after a corresponding at least one configuration is transmitted to and received by the first network management device; and
a management center to communicate with the first network management device via a second network, the management center to:
set the least one configuration to be transmitted to a first network management device, wherein the at least one configuration comprises:
a quality of service (QOS) configuration to cause the first network management device to enable selective transmission of information by the first network management device based on a relative metric of the information; and
transmit the at least one configuration to the first network management device via the second network in response to receiving an activation key at the management center, the activation key transmitted from the first network management device to the management center via the second network after the first network management device is connected to the second network at a first location.
13. The system of claim 12, wherein the at least one configuration comprises at least one of:
an anti-virus configuration to cause the first network management device to provide an anti-virus service;
a content filtering configuration to cause the first network management device to provide a content filtering service;
an anti-spam configuration to cause the first network management device to provide an anti-spam service;
a virtual private network (VPN) configuration to cause the first network management device to provide a VPN service, the VPN service to enable the first network management device to communicate with at least one of: a second network management device located at a second location, a remote access client, and the management center,
an internet protocol (IP) routing and network interface configuration to cause the first network management device to provide an IP routing and network interface service; and
a device monitoring configuration to cause the first network management device to provide a device monitoring service, the device monitoring service to monitor one or more network elements, the one or more network elements connected to the first network and external to the first network management device.
14. The system of claim 12, wherein the management center is to update the at least one configuration within the first network management device.
15. The system of claim 14, wherein the management center is to:
periodically poll the first network management device;
determine whether the at least one configuration of the first network management device is current;
set a new configuration for each of the at least one configuration that is not current; and
transmit the new configurations to the first network management device.
16. The system of claim 12, wherein the management center is to receive log information from the first network management device, the log information associated with the at least one managed network service.
17. The system of claim 16, wherein the management center is to:
correlate the received log information; and
determine one or more of a real time performance and a historical performance of the first network based on the correlated log information.
18. The system of claim 12, wherein the management center is to:
receive performance information from the first network management device;
correlate the received performance information; and
determine one or more of a real time performance and a historical performance of the first network based on the correlated information.
19. The system of claim 18, wherein performance information comprises at least one of the following:
a CPU utilization value;
a memory utilization value; and
a network interface bandwidth utilization value.
20. The system of claim 18, wherein the performance information comprises at least one of the following:
a reachability value;
a latency value; and
a CPU utilization value.
21. A method of managing a network, comprising:
receiving network traffic information from a network management device connected to the network;
correlating the received information; and
determining a performance of the network based on the correlated information.
22. The method of claim 21, wherein determining a performance of the network comprises determining packet loss.
23. The method of claim 21, wherein determining a performance of the network comprises determining latency.
24. The method of claim 21, wherein determining a performance of the network comprises determining jitter.
US14/219,596 2004-04-15 2014-03-19 Systems and methods for managing a network Abandoned US20150058456A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/219,596 US20150058456A1 (en) 2004-04-15 2014-03-19 Systems and methods for managing a network

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US56259604P 2004-04-15 2004-04-15
US11/106,837 US7783800B2 (en) 2004-04-15 2005-04-15 Systems and methods for managing a network
US12/833,832 US8078777B2 (en) 2004-04-15 2010-07-09 Systems and methods for managing a network
US13/272,311 US8341317B2 (en) 2004-04-15 2011-10-13 Systems and methods for managing a network
US13/683,603 US20130297759A1 (en) 2004-04-15 2012-11-21 Systems and methods for managing a network
US14/219,596 US20150058456A1 (en) 2004-04-15 2014-03-19 Systems and methods for managing a network

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/683,603 Continuation US20130297759A1 (en) 2004-04-15 2012-11-21 Systems and methods for managing a network

Publications (1)

Publication Number Publication Date
US20150058456A1 true US20150058456A1 (en) 2015-02-26

Family

ID=35242344

Family Applications (5)

Application Number Title Priority Date Filing Date
US11/106,837 Expired - Fee Related US7783800B2 (en) 2004-04-15 2005-04-15 Systems and methods for managing a network
US12/833,832 Expired - Fee Related US8078777B2 (en) 2004-04-15 2010-07-09 Systems and methods for managing a network
US13/272,311 Expired - Fee Related US8341317B2 (en) 2004-04-15 2011-10-13 Systems and methods for managing a network
US13/683,603 Abandoned US20130297759A1 (en) 2004-04-15 2012-11-21 Systems and methods for managing a network
US14/219,596 Abandoned US20150058456A1 (en) 2004-04-15 2014-03-19 Systems and methods for managing a network

Family Applications Before (4)

Application Number Title Priority Date Filing Date
US11/106,837 Expired - Fee Related US7783800B2 (en) 2004-04-15 2005-04-15 Systems and methods for managing a network
US12/833,832 Expired - Fee Related US8078777B2 (en) 2004-04-15 2010-07-09 Systems and methods for managing a network
US13/272,311 Expired - Fee Related US8341317B2 (en) 2004-04-15 2011-10-13 Systems and methods for managing a network
US13/683,603 Abandoned US20130297759A1 (en) 2004-04-15 2012-11-21 Systems and methods for managing a network

Country Status (6)

Country Link
US (5) US7783800B2 (en)
EP (1) EP1757005A4 (en)
JP (3) JP5038887B2 (en)
CN (1) CN101061454B (en)
CA (2) CA2814261C (en)
WO (1) WO2005107134A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170214583A1 (en) * 2016-01-27 2017-07-27 Starry, Inc. Premises Networking Device User Interface and Method of Operation
US20170286689A1 (en) * 2016-03-30 2017-10-05 Airwatch Llc Detecting vulnerabilities in managed client devices

Families Citing this family (133)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004032364A (en) * 2002-06-26 2004-01-29 Matsushita Electric Ind Co Ltd Network system
JP2004355503A (en) * 2003-05-30 2004-12-16 Canon Inc Device management apparatus and method therefor
US20050210288A1 (en) * 2004-03-22 2005-09-22 Grosse Eric H Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services
CA2814261C (en) 2004-04-15 2015-09-15 Clearpath Networks, Inc. Systems and methods for managing a network
JP4266897B2 (en) * 2004-08-06 2009-05-20 オリンパス株式会社 License management system, license management method, license management server, and license management software
US20060143135A1 (en) * 2004-11-26 2006-06-29 Tucker David M Associating licensing information with software applications
US20060248578A1 (en) * 2005-04-28 2006-11-02 International Business Machines Corporation Method, system, and program product for connecting a client to a network
EP1729477B1 (en) * 2005-05-30 2011-08-03 Siemens Enterprise Communications GmbH & Co. KG Method for setting up a connection via a communication device to a terminal device, terminal device and communication device to carry out said method
US20070055743A1 (en) * 2005-09-02 2007-03-08 Pirtle Ross M Remote control media player
US7752450B1 (en) 2005-09-14 2010-07-06 Juniper Networks, Inc. Local caching of one-time user passwords
US8001610B1 (en) * 2005-09-28 2011-08-16 Juniper Networks, Inc. Network defense system utilizing endpoint health indicators and user identity
US20070121626A1 (en) * 2005-11-28 2007-05-31 Shepard Jeffrey L G User and activity based end-to-end utilization measurement system
JP4699886B2 (en) * 2005-12-06 2011-06-15 株式会社日立製作所 Device setting system and device setting method
US7882538B1 (en) 2006-02-02 2011-02-01 Juniper Networks, Inc. Local caching of endpoint security information
US8531953B2 (en) * 2006-02-21 2013-09-10 Barclays Capital Inc. System and method for network traffic splitting
DE102006008817A1 (en) * 2006-02-25 2007-08-30 Deutsche Telekom Ag Safety device for preventing offenses over Internet by third party during Internet usage, is controlled after activation of data exchange from end terminal to Internet, where device permits connections to exactly determined destination
US8914868B2 (en) * 2006-03-03 2014-12-16 Hewlett-Packard Development Company, L.P. Vendor-neutral policy based mechanism for enabling firewall service in an MPLS-VPN service network
US7810139B2 (en) * 2006-03-29 2010-10-05 Novell, Inc Remote authorization for operations
JP2007316780A (en) * 2006-05-24 2007-12-06 Nec Corp Computer system, computer and file operation limiting method to be used therefor, and its program
US20080127345A1 (en) * 2006-06-30 2008-05-29 Nokia Corporation Smart-card centric spam protection
US8122111B2 (en) * 2006-07-25 2012-02-21 Network Appliance, Inc. System and method for server configuration control and management
JP4679461B2 (en) * 2006-07-28 2011-04-27 Necビッグローブ株式会社 Site service device, site service system, site management method, and program
CA2668287C (en) * 2006-10-31 2017-09-19 Aastra Technologies Limited Method & system for network entity configuration
US8189572B2 (en) 2006-12-21 2012-05-29 Verizon Patent And Licensing Inc. Systems and methods for resetting a network device
US8505092B2 (en) * 2007-01-05 2013-08-06 Trend Micro Incorporated Dynamic provisioning of protection software in a host intrusion prevention system
US7930747B2 (en) * 2007-01-08 2011-04-19 Trend Micro Incorporated Host intrusion prevention server
US8850547B1 (en) 2007-03-14 2014-09-30 Volcano Corporation Remote access service inspector
US7886335B1 (en) 2007-07-12 2011-02-08 Juniper Networks, Inc. Reconciliation of multiple sets of network access control policies
US8769291B2 (en) * 2007-07-23 2014-07-01 Red Hat, Inc. Certificate generation for a network appliance
GB2465319B (en) 2007-09-07 2012-07-25 Kace Networks Inc Architecture and protocol for extensible and scalable communication
US9213533B1 (en) * 2007-10-17 2015-12-15 Cisco Technology, Inc. Dynamically provisioning digital voice trunks
US7996896B2 (en) 2007-10-19 2011-08-09 Trend Micro Incorporated System for regulating host security configuration
US8621027B2 (en) * 2007-11-16 2013-12-31 Red Hat, Inc. Automatically providing identity information for a network appliance
US8191123B2 (en) * 2007-11-27 2012-05-29 Red Hat, Inc. Provisioning a network appliance
US8191122B2 (en) * 2007-11-27 2012-05-29 Red Hat, Inc. Provisioning a network appliance
KR100937872B1 (en) * 2007-12-17 2010-01-21 한국전자통신연구원 Method and Apparatus for dynamic management of sensor module on sensor node in wireless sensor network
US8316442B2 (en) * 2008-01-15 2012-11-20 Microsoft Corporation Preventing secure data from leaving the network perimeter
US9407495B2 (en) * 2008-02-05 2016-08-02 Telefonaktiebolaget L M Ericsson (Publ) Combining locally addressed devices and wide area network (WAN) addressed devices on a single network
US8407362B2 (en) * 2008-03-28 2013-03-26 Oracle International Corporation Auto-discovery based item(s) sharing, including sender pushing and recipient approval
US9106489B2 (en) * 2008-07-17 2015-08-11 Dish Network, L.L.C. Method and apparatus for updating a network address of an audio/video node to a communication device
US8326954B2 (en) * 2008-07-23 2012-12-04 Caterpillar Inc. System and method for synchronizing configurations in a controller network
US8631468B2 (en) * 2008-11-10 2014-01-14 Samsung Electronics Co., Ltd. Active access monitoring for safer computing environments and systems
PL2392099T3 (en) * 2009-02-02 2018-02-28 Nokia Solutions And Networks Oy Communicating a network event
US20100313262A1 (en) * 2009-06-03 2010-12-09 Aruba Networks, Inc. Provisioning remote access points
US20100309819A1 (en) * 2009-06-09 2010-12-09 Sony Corporation And Sony Electronics Inc. System and method for effectively implementing an enhanced router device
CN102461118B (en) * 2009-06-11 2016-07-06 松下航空电子公司 For providing the system and method for safety on a mobile platform
US9014198B2 (en) * 2009-10-05 2015-04-21 Vss Monitoring, Inc. Apparatus and system for aggregating captured network traffic
US8645511B2 (en) * 2009-10-13 2014-02-04 Google Inc. Pre-configuration of a cloud-based computer
US20110093367A1 (en) * 2009-10-20 2011-04-21 At&T Intellectual Property I, L.P. Method, apparatus, and computer product for centralized account provisioning
US8925039B2 (en) * 2009-12-14 2014-12-30 At&T Intellectual Property I, L.P. System and method of selectively applying security measures to data services
US8762508B2 (en) * 2010-03-11 2014-06-24 Microsoft Corporation Effectively managing configuration drift
CN101877710B (en) 2010-07-13 2012-10-17 成都市华为赛门铁克科技有限公司 Proxy gateway anti-virus implement method, pre-sorter and proxy gateway
CN101969413A (en) * 2010-08-10 2011-02-09 东莞环亚高科电子有限公司 Home gateway
US8458786B1 (en) * 2010-08-13 2013-06-04 Zscaler, Inc. Automated dynamic tunnel management
US8356087B1 (en) * 2010-08-24 2013-01-15 Amazon Technologies, Inc. Automatically configuring virtual private networks
US9106527B1 (en) 2010-12-22 2015-08-11 Juniper Networks, Inc. Hierarchical resource groups for providing segregated management access to a distributed switch
CN102082728B (en) * 2010-12-28 2012-07-25 北京锐安科技有限公司 Dynamic loading method for filtering rules of network audit system
US9112911B1 (en) * 2011-01-04 2015-08-18 Juniper Networks, Inc. Adding firewall security policy dynamically to support group VPN
US9369433B1 (en) * 2011-03-18 2016-06-14 Zscaler, Inc. Cloud based social networking policy and compliance systems and methods
US20120260246A1 (en) * 2011-04-06 2012-10-11 International Business Machines Corporation Software application installation
US20120290707A1 (en) * 2011-05-10 2012-11-15 Monolith Technology Services, Inc. System and method for unified polling of networked devices and services
US9736065B2 (en) 2011-06-24 2017-08-15 Cisco Technology, Inc. Level of hierarchy in MST for traffic localization and load balancing
US9661016B2 (en) * 2011-12-06 2017-05-23 Avocent Huntsville Corp. Data center infrastructure management system incorporating security for managed infrastructure devices
US8908698B2 (en) * 2012-01-13 2014-12-09 Cisco Technology, Inc. System and method for managing site-to-site VPNs of a cloud managed network
JP5512785B2 (en) * 2012-01-16 2014-06-04 株式会社アスコン Information providing system, information providing apparatus, router, information providing method, and information providing program
CN102547706B (en) * 2012-01-30 2015-07-22 杭州华三通信技术有限公司 Management method of network equipment and device thereof
US9311070B2 (en) 2012-10-05 2016-04-12 International Business Machines Corporation Dynamically recommending configuration changes to an operating system image
US9208041B2 (en) 2012-10-05 2015-12-08 International Business Machines Corporation Dynamic protection of a master operating system image
US9286051B2 (en) * 2012-10-05 2016-03-15 International Business Machines Corporation Dynamic protection of one or more deployed copies of a master operating system image
US8990772B2 (en) 2012-10-16 2015-03-24 International Business Machines Corporation Dynamically recommending changes to an association between an operating system image and an update group
US9548889B2 (en) 2013-03-15 2017-01-17 Enginuity Communications Corporation Methods and apparatuses for automated TDM-ethernet provisioning
US9116808B2 (en) * 2013-03-15 2015-08-25 Vonage Network Llc Method and system for determining device configuration settings
GB2517740B (en) 2013-08-30 2016-03-30 Eco Hive Ltd A Monitoring Arrangement
KR101455167B1 (en) * 2013-09-03 2014-10-27 한국전자통신연구원 Network switch based on whitelist
US10282346B1 (en) * 2014-02-05 2019-05-07 Cisco Technology, Inc. Scalable network device self-configuration in large networks
US10122605B2 (en) 2014-07-09 2018-11-06 Cisco Technology, Inc Annotation of network activity through different phases of execution
US9331905B1 (en) * 2014-07-10 2016-05-03 Sprint Communication Company L.P. Configuring ethernet elements via ethernet local management interface
US9392438B2 (en) 2014-09-24 2016-07-12 Motorola Solutions, Inc. Method and apparatus to manage user/device profiles for public safety applications
JP6150137B2 (en) * 2014-10-17 2017-06-21 株式会社網屋 Communication device, heterogeneous communication control method, and operation management expertise exclusion method
CN107251005B (en) 2014-12-08 2021-05-25 安博科技有限公司 System and method for content retrieval from remote network area
WO2016110785A1 (en) 2015-01-06 2016-07-14 Umbra Technologies Ltd. System and method for neutral application programming interface
CN115834534A (en) 2015-01-28 2023-03-21 安博科技有限公司 System for global virtual network
US9769201B2 (en) * 2015-03-06 2017-09-19 Radware, Ltd. System and method thereof for multi-tiered mitigation of cyber-attacks
CN107873128B (en) 2015-04-07 2021-06-25 安博科技有限公司 Multi-boundary firewall at cloud
US10476982B2 (en) 2015-05-15 2019-11-12 Cisco Technology, Inc. Multi-datacenter message queue
US11558347B2 (en) 2015-06-11 2023-01-17 Umbra Technologies Ltd. System and method for network tapestry multiprotocol integration
US10243848B2 (en) 2015-06-27 2019-03-26 Nicira, Inc. Provisioning logical entities in a multi-datacenter environment
US10205677B2 (en) 2015-11-24 2019-02-12 Cisco Technology, Inc. Cloud resource placement optimization and migration execution in federated clouds
US10084703B2 (en) 2015-12-04 2018-09-25 Cisco Technology, Inc. Infrastructure-exclusive service forwarding
WO2017098326A1 (en) 2015-12-11 2017-06-15 Umbra Technologies Ltd. System and method for information slingshot over a network tapestry and granularity of a tick
US10491611B2 (en) * 2016-01-08 2019-11-26 Belden, Inc. Method and protection apparatus to prevent malicious information communication in IP networks by exploiting benign networking protocols
US10367914B2 (en) 2016-01-12 2019-07-30 Cisco Technology, Inc. Attaching service level agreements to application containers and enabling service assurance
US11297058B2 (en) 2016-03-28 2022-04-05 Zscaler, Inc. Systems and methods using a cloud proxy for mobile device management and policy
ES2903130T3 (en) 2016-04-26 2022-03-31 Umbra Tech Ltd Network Slinghop Implemented Using Tapestry Slingshot
US10601779B1 (en) * 2016-06-21 2020-03-24 Amazon Technologies, Inc. Virtual private network (VPN) service backed by eventually consistent regional database
US10257167B1 (en) 2016-06-21 2019-04-09 Amazon Technologies, Inc. Intelligent virtual private network (VPN) client configured to manage common VPN sessions with distributed VPN service
US10536338B2 (en) * 2016-07-07 2020-01-14 International Business Machines Corporation Networking connection resolution assistant
US10432532B2 (en) 2016-07-12 2019-10-01 Cisco Technology, Inc. Dynamically pinning micro-service to uplink port
US10382597B2 (en) 2016-07-20 2019-08-13 Cisco Technology, Inc. System and method for transport-layer level identification and isolation of container traffic
US10567344B2 (en) 2016-08-23 2020-02-18 Cisco Technology, Inc. Automatic firewall configuration based on aggregated cloud managed information
CN106452917B (en) * 2016-11-24 2019-10-25 上海斐讯数据通信技术有限公司 PPPOE internet account and password method of automatic configuration and system
US10320683B2 (en) 2017-01-30 2019-06-11 Cisco Technology, Inc. Reliable load-balancer using segment routing and real-time application monitoring
US10671571B2 (en) 2017-01-31 2020-06-02 Cisco Technology, Inc. Fast network performance in containerized environments for network function virtualization
US11005731B2 (en) 2017-04-05 2021-05-11 Cisco Technology, Inc. Estimating model parameters for automatic deployment of scalable micro services
US10880332B2 (en) * 2017-04-24 2020-12-29 Unisys Corporation Enterprise security management tool
US10439877B2 (en) 2017-06-26 2019-10-08 Cisco Technology, Inc. Systems and methods for enabling wide area multicast domain name system
US10382274B2 (en) 2017-06-26 2019-08-13 Cisco Technology, Inc. System and method for wide area zero-configuration network auto configuration
CN109286240A (en) * 2017-07-21 2019-01-29 鸿富锦精密电子(天津)有限公司 Power distribution unit monitoring system and method
US10425288B2 (en) 2017-07-21 2019-09-24 Cisco Technology, Inc. Container telemetry in data center environments with blade servers and switches
US10601693B2 (en) 2017-07-24 2020-03-24 Cisco Technology, Inc. System and method for providing scalable flow monitoring in a data center fabric
US10541866B2 (en) 2017-07-25 2020-01-21 Cisco Technology, Inc. Detecting and resolving multicast traffic performance issues
US10979390B2 (en) * 2017-08-25 2021-04-13 Panasonic Intellectual Property Corporation Of America Communication security apparatus, control method, and storage medium storing a program
KR101909957B1 (en) * 2018-04-03 2018-12-19 큐비트시큐리티 주식회사 Web traffic logging system and method for detecting web hacking in real time
CN109845228B (en) * 2017-09-28 2021-08-31 量子位安全有限公司 Network flow recording system and method for detecting network hacker attack in real time
CN107733706A (en) * 2017-09-30 2018-02-23 北京北信源软件股份有限公司 The illegal external connection monitoring method and system of a kind of no agency
US10705882B2 (en) 2017-12-21 2020-07-07 Cisco Technology, Inc. System and method for resource placement across clouds for data intensive workloads
US11595474B2 (en) 2017-12-28 2023-02-28 Cisco Technology, Inc. Accelerating data replication using multicast and non-volatile memory enabled nodes
CN108460275A (en) * 2018-03-08 2018-08-28 福建深空信息技术有限公司 A kind of file tamper resistant systems framework
CN110324159B (en) * 2018-03-28 2020-11-03 华为技术有限公司 Link configuration method, controller and storage medium
US10728361B2 (en) 2018-05-29 2020-07-28 Cisco Technology, Inc. System for association of customer information across subscribers
US10904322B2 (en) 2018-06-15 2021-01-26 Cisco Technology, Inc. Systems and methods for scaling down cloud-based servers handling secure connections
US10764266B2 (en) 2018-06-19 2020-09-01 Cisco Technology, Inc. Distributed authentication and authorization for rapid scaling of containerized services
US11019083B2 (en) 2018-06-20 2021-05-25 Cisco Technology, Inc. System for coordinating distributed website analysis
US10819571B2 (en) 2018-06-29 2020-10-27 Cisco Technology, Inc. Network traffic optimization using in-situ notification system
US10904342B2 (en) 2018-07-30 2021-01-26 Cisco Technology, Inc. Container networking using communication tunnels
US11200319B2 (en) * 2019-04-04 2021-12-14 Cisco Technology, Inc. Cloud enabling of legacy trusted networking devices for zero touch provisioning and enterprise as a service
US11870679B2 (en) 2020-04-06 2024-01-09 VMware LLC Primary datacenter for logical router
US11088902B1 (en) 2020-04-06 2021-08-10 Vmware, Inc. Synchronization of logical network state between global and local managers
US11088919B1 (en) * 2020-04-06 2021-08-10 Vmware, Inc. Data structure for defining multi-site logical network
US11153170B1 (en) 2020-04-06 2021-10-19 Vmware, Inc. Migration of data compute node across sites
US11777793B2 (en) 2020-04-06 2023-10-03 Vmware, Inc. Location criteria for security groups
US20220103415A1 (en) * 2020-09-28 2022-03-31 MobileNOC Corporation Remote network and cloud infrastructure management
US11343283B2 (en) 2020-09-28 2022-05-24 Vmware, Inc. Multi-tenant network virtualization infrastructure

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6041041A (en) * 1997-04-15 2000-03-21 Ramanathan; Srinivas Method and system for managing data service systems
US20020101860A1 (en) * 1999-11-10 2002-08-01 Thornton Timothy R. Application for a voice over IP (VoIP) telephony gateway and methods for use therein
US20020174246A1 (en) * 2000-09-13 2002-11-21 Amos Tanay Centralized system for routing signals over an internet protocol network
US20030191798A1 (en) * 2002-04-08 2003-10-09 Atsushi Shimizu Apparatus and system for communication
US20030217126A1 (en) * 2002-05-14 2003-11-20 Polcha Andrew J. System and method for automatically configuring remote computer
US6708221B1 (en) * 1996-12-13 2004-03-16 Visto Corporation System and method for globally and securely accessing unified information in a computer network
US20040213210A1 (en) * 2003-04-23 2004-10-28 At & T Corp. Methods and systems for configuring voice over internet protocol network quality of service
US6930785B1 (en) * 2000-03-17 2005-08-16 Hewlett-Packard Development Company, L.P. Automatic remote firmware upgrade

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5889958A (en) 1996-12-20 1999-03-30 Livingston Enterprises, Inc. Network access control system and process
US6131119A (en) * 1997-04-01 2000-10-10 Sony Corporation Automatic configuration system for mapping node addresses within a bus structure to their physical location
JPH11112503A (en) * 1997-09-30 1999-04-23 Hitachi Ltd Network system and network equipment
US6799277B2 (en) * 1998-06-04 2004-09-28 Z4 Technologies, Inc. System and method for monitoring software
US6697360B1 (en) * 1998-09-02 2004-02-24 Cisco Technology, Inc. Method and apparatus for auto-configuring layer three intermediate computer network devices
US6687698B1 (en) 1999-10-18 2004-02-03 Fisher Rosemount Systems, Inc. Accessing and updating a configuration database from distributed physical locations within a process control system
US6990591B1 (en) 1999-11-18 2006-01-24 Secureworks, Inc. Method and system for remotely configuring and monitoring a communication device
WO2002003744A1 (en) 2000-06-30 2002-01-10 Hughes Electronics Corporation Residential broadband communications device, and method of operating same
JP3566198B2 (en) * 2000-09-13 2004-09-15 日本電信電話株式会社 Connection management method and apparatus for communication between virtual private networks
SE518162C2 (en) 2000-12-15 2002-09-03 Ericsson Telefon Ab L M Methods and apparatus for configuring a mobile phone
US20030204574A1 (en) * 2001-03-30 2003-10-30 Oleg Kupershmidt System and method for configuring network access devices
US7240106B2 (en) * 2001-04-25 2007-07-03 Hewlett-Packard Development Company, L.P. System and method for remote discovery and configuration of a network device
EP1401546A4 (en) * 2001-06-15 2006-11-02 Walker Digital Llc Method and apparatus for planning and customizing a gaming experience
JP2003108412A (en) * 2001-10-02 2003-04-11 Hitachi Ltd Storage control system
US20030069947A1 (en) * 2001-10-05 2003-04-10 Lipinski Gregory J. System and methods for network detection and configuration
US7720968B2 (en) * 2003-04-30 2010-05-18 International Business Machines Corporation Method and system of configuring elements of a distributed computing system for optimized value
US7380025B1 (en) * 2003-10-07 2008-05-27 Cisco Technology, Inc. Method and apparatus providing role-based configuration of a port of a network element
US20050101310A1 (en) 2003-11-12 2005-05-12 Ixi Mobile (R&D) Ltd. Real time system update in a mobile communication network
CA2814261C (en) 2004-04-15 2015-09-15 Clearpath Networks, Inc. Systems and methods for managing a network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6708221B1 (en) * 1996-12-13 2004-03-16 Visto Corporation System and method for globally and securely accessing unified information in a computer network
US6041041A (en) * 1997-04-15 2000-03-21 Ramanathan; Srinivas Method and system for managing data service systems
US20020101860A1 (en) * 1999-11-10 2002-08-01 Thornton Timothy R. Application for a voice over IP (VoIP) telephony gateway and methods for use therein
US6930785B1 (en) * 2000-03-17 2005-08-16 Hewlett-Packard Development Company, L.P. Automatic remote firmware upgrade
US20020174246A1 (en) * 2000-09-13 2002-11-21 Amos Tanay Centralized system for routing signals over an internet protocol network
US20030191798A1 (en) * 2002-04-08 2003-10-09 Atsushi Shimizu Apparatus and system for communication
US20030217126A1 (en) * 2002-05-14 2003-11-20 Polcha Andrew J. System and method for automatically configuring remote computer
US20040213210A1 (en) * 2003-04-23 2004-10-28 At & T Corp. Methods and systems for configuring voice over internet protocol network quality of service

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170214583A1 (en) * 2016-01-27 2017-07-27 Starry, Inc. Premises Networking Device User Interface and Method of Operation
US10511492B2 (en) 2016-01-27 2019-12-17 Starry, Inc. Application programming interface for premises networking device
US10805177B2 (en) 2016-01-27 2020-10-13 Starry, Inc. Application programming interface for premises networking device
US10826790B2 (en) 2016-01-27 2020-11-03 Starry, Inc. Premises networking device with interactive display and method of operation
US20170286689A1 (en) * 2016-03-30 2017-10-05 Airwatch Llc Detecting vulnerabilities in managed client devices
US10445506B2 (en) * 2016-03-30 2019-10-15 Airwatch Llc Detecting vulnerabilities in managed client devices
US11816222B2 (en) 2016-03-30 2023-11-14 Airwatch, Llc Detecting vulnerabilities in managed client devices

Also Published As

Publication number Publication date
US8078777B2 (en) 2011-12-13
JP2007538311A (en) 2007-12-27
CA2814261A1 (en) 2005-11-10
US20050235352A1 (en) 2005-10-20
US8341317B2 (en) 2012-12-25
CA2814261C (en) 2015-09-15
WO2005107134A3 (en) 2007-07-05
EP1757005A2 (en) 2007-02-28
EP1757005A4 (en) 2014-04-23
WO2005107134A2 (en) 2005-11-10
JP5548228B2 (en) 2014-07-16
US7783800B2 (en) 2010-08-24
JP2014143742A (en) 2014-08-07
CN101061454B (en) 2011-09-28
CA2563422C (en) 2013-06-04
CA2563422A1 (en) 2005-11-10
JP5702486B2 (en) 2015-04-15
JP2012157052A (en) 2012-08-16
CN101061454A (en) 2007-10-24
US20110004937A1 (en) 2011-01-06
US20130297759A1 (en) 2013-11-07
US20120036234A1 (en) 2012-02-09
JP5038887B2 (en) 2012-10-03

Similar Documents

Publication Publication Date Title
US8341317B2 (en) Systems and methods for managing a network
US10841279B2 (en) Learning network topology and monitoring compliance with security goals
EP3248328B1 (en) A data driven orchestrated network using a light weight distributed sdn controller
EP3449600B1 (en) A data driven intent based networking approach using a light weight distributed sdn controller for delivering intelligent consumer experiences
US10708146B2 (en) Data driven intent based networking approach using a light weight distributed SDN controller for delivering intelligent consumer experience
US11025588B2 (en) Identify assets of interest in enterprise using popularity as measure of importance
US11516257B2 (en) Device discovery for cloud-based network security gateways
US20160212012A1 (en) System and method of network functions virtualization of network services within and across clouds
US20060026682A1 (en) System and method of characterizing and managing electronic traffic
US20100251329A1 (en) System and method for access management and security protection for network accessible computer services
US10404747B1 (en) Detecting malicious activity by using endemic network hosts as decoys
US10868720B2 (en) Data driven orchestrated network using a voice activated light weight distributed SDN controller
CN117614647A (en) Communication system and communication method
Cases et al. Enterprise Internet Edge Design Guide

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION