Patent Application
20060277253
The present invention is generally related to computer networks.
Network administrators of large networks must manage large numbers of network devices. To make these large networks manageable, it is desirable to establish policies or criteria specifications for the configuration and operation of network devices. If such policies are implemented, large numbers of devices can be configured to operate in the same manner and therefore have predictable behavior.
Information technology administrators now use a mechanism of defining device groups to logically group network devices that are present on a network for the purpose of simplifying group operations and other network management tasks that may be required. By defining particular custom device groups and then configuring new devices as they are placed on the network enable devices within each group to be managed and configured or reconfigured as a group and thereby enables more efficient administration of a network. To accomplish this, it is desirable to group devices in ways that makes it easy to apply a single policy to a large number of devices that should share the same policy.
There are formidable problems in implementing such policies. Creating groups can be a very tedious process. A large network may contain thousands of devices, and typical policy groups may contain only a few dozen or perhaps a few hundred devices. Manually picking each desired device out of a very large list is tedious and time consuming. New devices are often added and/or removed from a large network on a daily basis. Each time a new device is added to the network, it is necessary for the network administrator to remember to add it to the appropriate policy groups, so that it can be ensured that it will be included when policies are activated.
The preferred embodiment of the present invention is directed to a method for administering custom network device groups for network devices connected in a large network that comprises establishing criteria specifications for one or more custom device groups of network devices, establishing one or more custom device groups based upon said criteria specifications, and assigning each network device to a particular custom device group based upon said device having criteria specifications corresponding to said particular custom device group.
Efficient management of the administration of a large area network requires organization and the implementation of procedures that will contribute to the operational stability and efficient and economical management of the network. One mechanism that has been generally used for large area networks is to categorize network devices such as routers, switches, hubs and access points into custom device groups which enable the information technology administration to simplify group operations as well as other network management tasks.
Embodiments of the present invention provide a solution to problems that have been encountered in the past in administering a large area network, by allowing a network administrator to define custom groups more abstractly than in the past. In addition to specifying simple attributes of a group such as a name and a description, the preferred embodiment of the system and method enables rules to be defined, (i.e., actions that are enforced or preferred configurations for devices) that determine what devices belong as members of the group, and conversely what devices should not belong to the group. The system then evaluates the rules against all the devices that are known to exist in the network, and the devices that meet the criteria or specifications set forth in the rules are automatically added to the group. Similarly, if any devices currently in the group no longer meet the criteria or specifications defined by the rules, they are automatically removed from the group.
The system provides significant improvements in the administration of the system for the reason that IT administrators do not have to manually find and add network devices to the various defined groups and they can be confident that as soon as new devices are connected to the network, the system will discover them and automatically add them to the appropriate custom device groups.
Additionally, these rules are automatically evaluated against every new network device as it is discovered. The discovery of new network devices is preferably automatically done by a discovery engine of a network management application that is not, in and of itself a part of the present invention. Thus, as new devices are added to the network, they will automatically be added to the appropriate groups that should contain them, and the policies associated with those groups are automatically applied to the device. This enables devices to be automatically “set-up” without user intervention. This automatic set-up capability is believed to be novel unprecedented in the network management industry.
Examples of rules that might be associated with a group include the following:
1. Devices belonging to a particular manufacturer's specific product line. For example, the rule may specify that all HP ProCurve network devices in the 53xx family of devices would be included in the group. So all 5304's or 5308's discovered would get added to the group.
2. Devices that belong to a particular subnet or range of IP addresses.
3. Devices that have a particular name associated with the “contact” property of a device.
4. Devices that have a particular value in the “location” property of a device. For example, an administrator might wish to have a group for all devices that physically reside in a particular building of a particular campus.
5. Devices with a particular value in the “hostname” property of the device.
6. Devices having a particular operating speed or range of operating speed.
It should also be appreciated that the system can also associate policies with the custom defined groups thereby enabling desired configurations to be enforced on all network devices of specified groups. These policies are preferably capable of being automatically executed with regard to the discovered devices as soon as they are added to a custom device group. Moreover, the policies can be modified at any time and the modifications can be automatically executed with respect to all devices in that particular group. The system thereby eliminates the necessity of performing manual searches for devices that are added to the network. The system also provides a mechanism to implement sets of policies with regard to new devices while insuring that only relevant policies are executed for others by selectively defining different custom groups and the appropriate sets of policies for each group.
While various embodiments of the present invention have been shown and described, it should be understood that other modifications, substitutions and alternatives are apparent to one of ordinary skill in the art. Such modifications, substitutions and alternatives can be made without departing from the spirit and scope of the invention, which should be determined from the appended claims.
Various features of the invention are set forth in the following claims.
