Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
2000-06-12
2004-01-13
Baderman, Scott (Department: 2184)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C714S043000, C709S223000, C709S232000
Reexamination Certificate
active
06678835
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to high availability systems, and more particularly, to systems and methods for configuring, synchronizing, and upgrading high availability units in an efficient manner.
BACKGROUND OF THE INVENTION
The growth and proliferation of computers and computer networks allow businesses to efficiently communicate with their own components as well as with their business partners, customers, and suppliers. However, the flexibility and efficiencies provided by such computers and computer networks come with increasing risks, including security breaches from outside the corporation, accidental release of vital information from within it, and inappropriate use of the LAN, WAN, Internet, or extranet.
In managing the growth of computer networks as well as addressing the various security issues, network managers often turn to network policy management services such as firewall protection, Network Address Translation, spam email filtering, DNS caching, Web caching, virtual private network (VPN) organization and security, and URL blocking for keeping network users from accessing certain Web sites through use of the organization's ISP. Each policy management service, however, generally requires a separate device that needs to be configured, managed, and monitored. Furthermore, as an organization grows and spreads across multiple locations, the devices maintained also multiply, multiplying the associated expenditures and efforts to configure, manage, and monitor the devices.
Accordingly, there remains a need in the art for a unified policy management system where various policies may be defined and managed from a single location. For such a unified policy management system to be effective, the various components of the system should be reliable and fail proof. However, these components often fail and become unreliable in many instances for various reasons. For example, there may be failures due to the main CPU (central processing unit) board, the NICs (network interface cards), and power supplies. Thus, it is desirable to have a duplicate instances(or high-availability) of mission-critical units configured in the system to prevent a single point of failure.
SUMMARY OF THE INVENTION
The present invention is directed to a high-availability system including a first edge device managing policies for a first network and a second edge device managing policies for a second network. The first and second edge devices act as policy enforcers for their respective networks.
The system further includes a central policy server in communication with the first and second edge devices. The central policy server is configured to manage the first and second edge devices from a single location.
According to one embodiment of the invention, the central policy server and the first and second edge devices include first class units (primary units) and second class units (backup units). The second class units provide backup for the corresponding first class units upon failure of the first class units.
In one particular aspect of the invention, each high-availability device discovers its status as a primary unit, a backup unit, or a stand-alone unit (third class unit) during initialization.
In another aspect of the invention, the configuration information of the primary and backup units are synchronized by transitioning the first class unit to an active state, receiving and storing the first database configuration changes on the first class unit, transferring the configuration changes to the second class unit, and storing the configuration changes on the second class unit. When the primary unit transitions to an inactive state, the backup unit stores the second database configuration changes on the second class unit and transfers those changes to the primary unit after it re-transitions to the active state.
In yet another aspect of the invention, updates to the primary and backup units, such as software updates, are also synchronized, transmitting the update information to the primary unit, updating the primary unit, transmitting the update from the primary unit to the backup unit, and updating the backup unit. Thus, the network administrator need not duplicate his or her efforts to update the backup units.
REFERENCES:
patent: 5835481 (1998-11-01), Akyol et al.
patent: 6148410 (2000-11-01), Baskey et al.
patent: 6272648 (2001-08-01), Findlay et al.
patent: 6363498 (2002-03-01), Howell
patent: 6408399 (2002-06-01), Baughman
patent: 6430710 (2002-08-01), Moriyama et al.
patent: 6442713 (2002-08-01), Block et al.
patent: 6529499 (2003-03-01), Doshi et al.
patent: 6587466 (2003-07-01), Bhattacharya et al.
Common Information Model(CIM)Specification; Specification; Version 2.2; Distributed Management Task Force, Inc.; Jun. 14, 1999; pp-1-97.
Directory-enabled Networks, Information Model and Base Schema;Version 3.0c5; pp. 1-113.
DMTF LDAP Schema for the CIM &ngr;2.4 Core Information Model &ngr;1.0, May 6, 2002;DMTF Specification, DSP0117; Distributed Management Task Force, Inc. (DMTF) 2000; pp. 1-55.
Dynamic Host Configuration Protocol(DHCP)Service;Version 0.0-1; Feb. 18, 1998; 7 pp.
Network Services—Internet Protocol Security;Version 0.0-2; Feb. 17, 1998; 7 pp.
Signaled Quality of Service;Version0.0-14; Jan. 12, 1998; 6 pp.
Simple Network Management Protocol;posted Feb. 20, 2002; pp. 1-10.
BISWAS, Debasish;Application Class of Serivce Schemata;Berkeley Networks Inc.; Feb. 19, 1998; pp. 1-7.
Case, J. et al.;Introduction to Version 3 of the Internet-standard Network Mangement Framework;Network Working Group, Request for Comments: 2570; Apr. 1999; 20 pp.
Case, J. et al.;A Simple Network Management Protocol(SNMP); Network Working Group, Request for Comments: 1157; May 1990; 32 pp.
Chaudhury, R. et al.;Directory Schema for Service Level Administration of Differentiated Services and Integrated Services in Networks;pp. 1-17.
Moore, B. et al.;Information Model for Describing Network Device QoS Datapath Mechanisms;Policy Framework Working Group; Internet-Draft; Category: Standards Track; Feb., 2002; pp 1-90.
Moore, B. et al.;Policy Core Information Model—Version 1 Specification;Network Working Group; Request for Comments: 3060; Feb. 2001; pp. 1-100.
Rajan, R. et al.;A Simple Framework and Architecture for Networking Policy draft-rajan-policy-framework-00.txt;Internet Engineering Task Force; Internet Draft; May 23, 1999; 27 pp.
Rajan, R.;Networking Policy Condition Information Model;Internet Engineering Task Force; Internet Draft; Apr. 5, 1999; pp. 1-17.
Rajan, R.;Policy Action Classes for Differentiated Services and Integrated Services;Internet Engineering Task Force; Apr. 5, 1999; pp. 1-23.
Snir, Y. et al.;Policy QoS Information Model;Policy Framework Working Group; Nov. 2001; pp. 1-69.
PCT Search Report for PCT corresponding application, Application No. PCT/US00/16246, including two cited articles.
Pohlmann, N., “Sichere It-Loesungen,” Net—Zeitschrift Fuer Kommunikationsmanagement, Huthig Verlag, Heiderberg, DE, vol. 51, No. 8/09, 1997, pp. 34-37, XP000720702.
Sun, N., “Internal Firewalls Can Protect Subnetworks form Unauthorized Access,” Computer Technology Review, Westworld Production Co.: Los Angeles, vol. 17, No. 6, Jun. 1, 1997, pp 14, 16, 18, XP000740492.
Apsani Lavanya
Shah Rajendra
Shanumgam Udayakumar
Alcatel
Baderman Scott
Cordeiro David A.
Damiano Anne L.
Reader Scot A.
LandOfFree
State transition protocol for high availability units does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with State transition protocol for high availability units, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and State transition protocol for high availability units will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3225788