Home | Links | Contact Us | More About Intellectual Property | Bookmark

Search patents:

Home

File Sharing

Object-model-for-network-policy-management

Compiling glyphs into instructions for imaging for execution on a general purpose computer

The present invention is a method and apparatus for receiving glyph data, specifying glyphs ...

Support bound probes and methods of analysis using the same

The present invention provides improved methods useful for de novo sequencing of an unknown polymer ...

Synchronous content addressable memory

A content addressable memory (CAM) device is disclosed. The CAM device is a synchronous device that ...

Step to access native script in a legacy database management system using XML message

The present invention overcomes the disadvantages of the prior art by providing a technique which ...

Digital signature purpose encoding

OF THE INVENTION FIG. 1 is a diagram of ordinary digital signature generation without purpose ...

High speed system and method for replicating a large database at a remote location

In summary, the present invention is a distributed computer database system having a local computer ...

Document processing apparatus for adding predetermined design types to an original document

The present invention has been made to solve the above-described drawbacks of the conventional ...

Method for determining the skew of a printhead of a printer

A first method of the invention is for determining the skew of a printhead of a printer. The first ...

Method and apparatus for selecting network entities

The present invention can allow network managers to view network entities of interest more easily ...

Methods and systems for email attachment distribution and management

Email distribution methods and systems consistent with the present invention are described herein ...

Object model for network policy management

Details

Inventors: Iyer, Mahadevan; Apsani, Lavanya; Malviya, Pankaj;
Assignee: Alcatel (Paris, FR)
Primary Examiner: Cangialosi; Salvatore
Assistant Examiner:
Attorney, Agent or Firm: Hoersten; Craig A., Sewell; V. Lawrence

A unified policy management system for an organization including a central policy server and remotely situated policy enforcers. A central database and policy enforcer databases storing policy settings are configured as LDAP databases adhering to a hierarchical object oriented structure. Such structure allows the policy settings to be defined in an intuitive and extensible fashion. Changes in the policy settings made at the central policy server are automatically transferred to the policy enforcers for updating their respective databases. Each policy enforcer collects and transmits health and status information in a predefined log format and transmits it to the policy server for efficient monitoring by the policy server. For further efficiencies, the policy enforcement functionalities of the policy enforcers are effectively partitioned so as to be readily implemented in hardware. The system also provides for dynamically routed VPNs where VPN membership lists are automatically created and shared with the member policy enforcers. Updates to such membership lists are also automatically transferred to remote VPN clients. The system further provides for fine grain access control of the traffic in the VPN by allowing definition of firewall rules within the VPN. In addition, policy server and policy enforcers may be configured for high availability by maintaining a backup unit in addition to a primary unit. The backup unit becomes active upon failure of the primary unit.

DETAILED DESCRIPTION The present invention is directed to a unified policy management system where various policies, namely, the set of rules and instructions that determine the network's operation, may be established and enforced from a single site.
According to one embodiment of the invention, the system includes a first edge device associated with a first network having a first set of resources that is configured to manage the policies for the first network according to the policy settings stored in a first database.
The system also includes a second edge device associated with a second network having a second set of resources that is configured to manage the policies for the second network according to the policy settings stored in a second database.
The first and second edge devices act as policy enforcers for their respective networks.
The system further includes a central policy server defining the first and second policy settings and managing the first and second edge devices from a single location.
Thus, a network administrator need not multiply his or her efforts and associated expenditures in configuring and managing the policy enforcers individually.
The central policy server is also associated with a central database storing configuration information of the first and second edge devices.
The central database is organized according to a hierarchical object oriented structure for simplifying policy management.
According to one aspect of the invention, the central database and the first and second databases are Lightweight Directory Access Protocol (LDAP) databases all adhering to the hierarchical object oriented structure.
According to another aspect of the invention, the structure includes a plurality of resource objects and policy objects for defining the first and second policy settings.
The resource objects preferably include devices, users, hosts, services, and time.
Devices are the policy enforcers at the edge of a particular private network and are associated with a set of users and a particular host

Related patents

	Word/phrase classification processing method and apparatus A first object of the present invention is to provide a word/phrase classification processing apparatus and method thereof which can automatically classify word and ...
	Optical waveguide device, optical and electrical elements combined device, method of driving the same, and electronic equipment using the same It is an object of the present invention to provide an optical waveguide device having a configuration adapted to selectively receive a desired signal of optical signals ...
	Apparatus and method for extracting data The present invention is a method, system and apparatus for extracting data from another location and saving it in a local environment. According to one embodiment, the ...
	Method and apparatus for representing multidimensional data The invention is directed towards method and apparatus for representing multidimensional data. Some embodiments of the invention provide a two-layered data structure to ...
	Call traffic based exception generating system It is an object of the present invention to provide a new and improved call traffic based monitoring system of central office switch. The invention, therefore, according ...
	Database system with improved methods for asynchronous logging of transactions The asynchronous logging system of the present invention provides improved methods for storing log records in a manner that reduces contention for logging resources of a ...
	Format conversion of storage data using an efficient division of data OF PREFERRED EMBODIMENTS The database apparatus according to a preferred embodiment of the present invention will be described using an example of the apparatus applied ...
	Device and method for automatically classifying documents using vector analysis The invention has been conceived to solve the drawbacks of the related art and aims at realizing self-organizing classification of an aggregation of documents through ...
	Data processing apparatus, data processing method, and computer readable medium having data processing program recorded thereon To achieve the above-noted objects, the present invention is a data processing apparatus having a host system having a plurality of different databases and a terminal ...
	Utilizing information redundancy to improve text searches The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive ...

0.004
Archive: All patents - Links Copyright (c)2006 Eipa-patents.org - All rights reserved