Electrical computers and digital processing systems: multicomput – Computer network managing
Reexamination Certificate
1999-10-18
2003-06-10
Lim, Krisna (Department: 2153)
Electrical computers and digital processing systems: multicomput
Computer network managing
C709S224000, C709S219000, C709S229000
Reexamination Certificate
active
06578076
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to the field of computer networking, and in particular to an improved policy-based network management system.
BACKGROUND OF THE INVENTION
A computer network, such as a corporate intranet, a local area network (LAN), or a wide area network (WAN), can be viewed as a collection of network resources. Network resources might include, for example, database servers, hosts, switches, routers, and firewalls. Since there are typically many different users competing for access to the same network resources, it is desirable to have some form of network management facility.
In the current state of the art, console-based management is the most common approach to network management. In console-based management, one or more console operators (typically members of an information technology group or similar organization within an enterprise) manually configure each resource on the network to implement the enterprise's policies for network use. However, console-based management is labor intensive, and is typically slow to respond to changing network conditions.
Recently, a new technology called policy-based network management (PBNM) has emerged. PBNM allows policies relating to the use of network resources to be stored in a management system for use in a more automated fashion than is generally possible with console-based management.
From an architectural standpoint, a PBNM system includes several different types of entities. Policy decision points (PDPs) store policies, examine requests for access to network resources received from policy enforcement points (PEPs), and compare such requests to any policies that have been established for those resources. If such established policies exist, PDPs decide on the appropriate action (e.g., approve or deny an access request) and accordingly inform one or more policy enforcement points (PEPs). Policy enforcement points are responsible for enforcing the policy decision.
A potential shortcoming of current PBNM technology relates to limitations on the flexibility of the management system. One approach to providing flexibility for policy-based network management has been to specify in advance all possible policies relating to each managed resource. However, such an approach requires substantial administrator time to establish the policies; consumes large amounts of storage space on policy servers and PDPs, since each policy related to a policy enforcement point must be maintained; and consumes significant processing time because policy servers and PDPs must evaluate potentially large numbers of policies each time a request for a network resource is received. Another approach has been to configure policies with “wildcards,” wherein a policy includes one or more variables that may be satisfied by a number of different values or conditions. While this latter approach helps reduce system administrator time and storage requirements, substantial processing time is still required to evaluate potentially large numbers of policies and to resolve any wildcard references included therein.
SUMMARY OF THE INVENTION
The present invention relates to an improved policy-based network management system. In accordance with a particular embodiment, a computer-implemented method for managing a network includes evaluating a condition relating to a network resource, generating instructions for managing access to the network resource in response to the evaluation, and installing the instructions on a network device providing access to the network resource.
REFERENCES:
patent: 5889953 (1999-03-01), Thebaut et al.
patent: 5918015 (1999-06-01), Suzuki et al.
patent: 6061721 (2000-05-01), Ismael et al.
patent: 6104700 (2000-08-01), Haddock et al.
patent: 6167445 (2000-12-01), Gai et al.
patent: 6301613 (2001-10-01), Ahlstrom et al.
patent: 6327618 (2001-12-01), Ahlstrom et al.
patent: 6389589 (2002-05-01), Mishra et al.
patent: 6463470 (2002-10-01), Mohaban et al.
patent: 6466984 (2002-10-01), Naveh
Michele Wright, “Using Policies for Effective Network Management”, International Journal of Network Management 9, 118-125 (1999).*
James W. Stamos et al., “Remote Evaluation”, ACM Transaction on Programming Languages and Systems, vol. 12, No. 4, Oct. 1990, pp. 537-565.
Intel Corporation
Kenyon & Kenyon
Lim Krisna
LandOfFree
Policy-based network management system using dynamic policy... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Policy-based network management system using dynamic policy..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Policy-based network management system using dynamic policy... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3149992