Patent Application
20220103415
Various of the disclosed embodiments concern remote network and cloud infrastructure management.
The biggest pain points for IT infrastructure personnel include limited resources and time for network and cloud infrastructure management. IT infrastructure personnel are responsible for a multitude of IT infrastructure management tasks, e.g. in operations for outage Response Time/First Action time (RT/FA), as well as infrastructure visibility, security visibility, mitigating cyberattacks, configuration management, addressing too many vendors and operating systems (OSs), and box-by-box only Command Line Interface based administration (CLI), snapshots and backups, vendor and carrier support, office or virtual private network (VPN) support, email, and tickets.
Embodiments of the invention combine the power of mobile and Internet-of-things (IoT) with network infrastructure monitoring, management, automation, and AINetOps to transform any company's existing network to a NextGen network. AINetOps is accomplished by leveraging machine learning and analytics to trigger automated actions, responses, fixes, and first action for IT operations tasks and incidents. The invention allows IT professionals to manage their entire infrastructure (routing, switch, cloud, compute, security, firewall, storage, wireless, TAC, carrier, from a smartphone, tablet, smartwatch, infotainment system, smart glass, or drone.
Embodiments provide a single API for all network and cloud infrastructure management, automation, and operation, thus transforming any remote device into a self-organizing network (SON) controller.
Embodiments of the invention allow infrastructure engineers, managers, and executives to manage and administer any component of enterprise IT infrastructure from a remote or IOT device.
Embodiments also leverage machine learning and artificial intelligence (ML/AI) for auto healing and network operations.
Embodiments of the invention make life easier for IT infrastructure engineers, managers, and executives by combining the power of mobile and Internet-of-things (IOT) with network infrastructure management, automation, and AINetOps to transform any company's existing network to a NextGen network. AINetOps is accomplished by leveraging machine learning and analytics to trigger automated actions, responses, fixes, and first action for IT operations tasks and incidents.
Embodiments provide a single API for all network and cloud infrastructure management, automation, and operations to transform any remote device into a SON controller.
Embodiments of the invention allow infrastructure engineers, managers, and executives to manage and administer any component of enterprise IT infrastructure from a remote or IOT device.
In embodiments, the remote device accesses the data center via an API call 106 to a MOS (Mobile Operating System) module 107 and thence, via a secure channel 108. The MOS module 107 comprises an API which, in an embodiment, is a Java API 116/118 and Python API. A monitoring function 117/119 is also provided.
The MOS is an operating system capable of running on any remote or IOT device, e.g. smartphone, tablet, smartwatch, smart glass, drone, infotainment system, or any smart device. The MOS is powered by a controller (physical or virtual appliance) which consists of both a Java and Python API. The Java and Python API both collect data from network devices and send the data to front end remote and IOT devices. The Java and Python API also contain scripts that provide the ability to perform any IT infrastructure task.
In an embodiment, every service, for example, nginx-external 120, api 126, network-api 128, etc. is dockerized, i.e. it is based on a is a tool that seamlessly executes commands in a container. A dockerized service takes care of the details so that a command can be run in a container as if it was running on the host machine. It is only necessary to prepend a command with a dockerized exec to have it run in the container.
In embodiments, only the external server 120 is accessible via the Internet; the internal server 125 (see
The following is noted:
In embodiments, the following port requirements are set. Those skilled in the art will appreciate that other port requirements may be used in connection with the invention.
Nginx External 121: nginx-external forwards all requests to nginx-internal in the internal server. This should be the only service directly accessible via the Internet
Nginx Internal 127: nginx-internal forwards all requests from nginx-external to the api.
API 126: api also known as Java API, performs various functions such as:
Network API 128: network-api is the api which connects to the network devices in the client network. This service is focused on network device related functionality.
Network API Celery 138: network-api-celery is a helper service to network-api which provides asynchronous functionality.
Monitoring API 133: monitoring-api connects to a monitoring system, such as zabbix and monitors device status.
Logstash 129: logstash is a service which collects logs from network devices and stores them in a MongoDB database.
Logstash DB 130: logstash-db is a MongoDB database which stores logs from Logstash.
Restheart 131: restheart is an API for MongoDB databases. Embodiments use restheart to query data from the mongodb database which stores logstash information, such as network device logs.
Elasticsearch 132: elasticsearch is used for storing monitoring system alerts.
Database 137: db is a MySQL Database which is the main database for the services. It contains all network device data and anything required by the APIs.
Zabbix Web 134: zabbix-web is the frontend of Zabbix and consists of an API for retrieving Zabbix DB data.
Zabbix Server 135: zabbix-server is the core service for Zabbix.
Zabbix DB 136: zabbix-db is a MySQL database for Zabbix.
FTP 139: ftp is used for saving network device snapshots or ISO image files used for updating/upgrading network device version.
Redis 141: redis is used for network-api asynchronous functionality.
RabbitMQ 142: rabbitmq is used for network-api asynchronous functionality.
In
Android device or any other remote device and may also include personal computers. The remote devices may communicate with the data center via the Internet and may access the Internet via Wi-Fi, cellular, or any other network.
In embodiments, the remote device accesses the cloud via a cloud service, such as
Amazon Web Services (AWS) 200 and a carrier 202, such as US West. Key to the invention is an intermediary module 204 to which communications 201 from the remote device are directed. Security is provided, for example by use of HTTPS 203 and a session key 205.
Remote device communications proceed via a public subnet module 206 that includes a module 107.
1. Executing commands through the API. As can be seen in the
Once the request passes the API, the JavaAPI 116 creates an internal call to another micro service which generates a native command that works on the device, based on configurations provided for each device. These internal calls are private and not exposed to the Internet, as can be seen in 108.
Once the command is generated, an SSH tunnel is opened to the device and then the command is executed. The SSH tunnel is also secured because it must go through the firewall. Once the command is executed, a Python micro service parses the response and then it converts it to a JSON based response.
2. Direct connection to the device. In embodiments the direct connection can happen in at least two ways, either through a VPN connection 102 or by whitelisting the public IP address of the remote device on the firewall level that accesses a private subnet 210. The private subnet includes a module 220 (see
Communications proceed from the public subnets to a private subnet 208 that includes a NetAI module 209 (see
In embodiments, the remote device accesses the data center as described above and, thence, via a secure channel 108.
Embodiments leverage machine learning and artificial intelligence (ML/AI) for auto healing and network operations (see
Embodiments of the invention provide real time visibility of all networks and nodes around the globe. Real time visibility is provided from a single point of management. Response time is increased. IT infrastructure personnel can view any device or latency changes and immediately view decreasing downtime and cost.
Embodiments of the invention provide Layer 2 and Layer 3 interface visibility and configuration. IT infrastructure personnel can view all Layer 2 and Layer 3 interfaces, as well as VLAN/port memberships, interface status, and MAC address information. IT infrastructure personnel can also make configuration changes.
Embodiments provide visualization of Cisco discovery protocol (CDP) and link layer discovery protocol (LLDP) neighbors, including real time visibility and visibility for Layer 2 adjacencies.
Embodiments provide a tool with which IT infrastructure personnel can easily open technical assistance center (TAC) cases and view all current and past TAC tickets. In this way, response time is increased, and device data and contract information are easily viewed.
Embodiments provide a tool with which IT infrastructure personnel can easily open carrier cases and view all current and past TAC tickets and device data and contract information. Embodiments provide automated circuit troubleshooting, allow IT infrastructure personnel to open carrier tickets easily, allow real time collaboration with the carrier, and thus provide faster resolution time.
Embodiments provide IT infrastructure personnel with private cloud/vcenter visibility and management. Such real time visibility allows IP infrastructure personnel to manage ESX host and virtual machines, easily deploy new services, and run RDP, SSH, or console sessions to virtual machines (VMs).
Embodiments provide IT infrastructure personnel with public cloud visibility and management. Such real time visibility allows IP infrastructure personnel to manage virtual machines, easily deploy new services, run RDP or SSH sessions to VMs, and manage security groups.
Embodiments provide IT infrastructure personnel with firewall visibility and management. Such real time security visibility allows IP infrastructure personnel to view VPN tunnel, ACL, NAT, object group/network, and VPN user details, and thereby easily mitigate security vulnerabilities.
Embodiments provide IT infrastructure personnel with routing visibility and management. Such routing visibility and management visibility allows IP infrastructure personnel to view routing neighbors, view route-maps, and view prefix-lists.
Embodiments provide IT infrastructure personnel with instant datacenter visibility. IT infrastructure personnel with can start a drone to see physically where an issue may be, thereby increasing response time, reducing down time, and increasing profit.
Embodiments provide IT infrastructure personnel with easy collaborations. IT infrastructure personnel can collaborate with data center engineers. IT infrastructure personnel can also leverage a virtual assistant.
Embodiments provide IT infrastructure personnel with an infrastructure timeline for all alerts, incidents, changes and updates. Embodiments provide real time updates, a view of any changes, and a view of any carrier maintenances or issues.
Embodiments provide IT infrastructure personnel with security visibility and instant action. Such real time visibility allows IT infrastructure personnel to mitigate any attack instantly, thus immediately decreasing downtime.
The processing system 1800 may include a central processing unit (also referred to as a “processor”) 1802, main memory 1806, non-volatile memory 1810, network adapter 1812, e.g. a network interface, video display 1818, input/output device 1820, control device 1822, e.g. a keyboard or pointing device, drive unit 1824 including a storage medium 1826, and signal generation device 1830 that are communicatively connected to a bus 1816. The bus 1816 is illustrated as an abstraction that represents one or more physical buses or point-to-point connections that are connected by appropriate bridges, adapters, or controllers. The bus 1816, therefore, can include a system bus, a Peripheral
Component Interconnect (PCI) bus or PCI-Express bus, a HyperTransport or industry standard architecture (ISA) bus, a small computer system interface (SCSI) bus, a universal serial bus (USB), inter-integrated circuit (I2C) bus, or an Institute of Electrical and Electronics Engineers (IEEE) standard 1394 bus (also referred to as “Firewire”).
The processing system 1800 may share a similar processor architecture as that of a desktop computer, tablet computer, mobile phone, game console, music player, wearable electronic device, e.g. a watch or fitness tracker, network-connected (“smart”) device, e.g. a television or home assistant device, virtual/augmented reality systems, e.g. a head-mounted display, or another electronic device capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by the processing system 1800.
While the main memory 1806, non-volatile memory 1810, and storage medium 1826 are shown to be a single medium, the terms “machine-readable medium” and “storage medium” should be taken to include a single medium or multiple media, e.g. a centralized/distributed database and/or associated caches and servers, that store one or more sets of instructions 1828. The terms “machine-readable medium” and “storage medium” shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the processing system 1800.
In general, the routines executed to implement the embodiments of the disclosure may be implemented as part of an operating system or a specific application, component, program, object, module, or sequence of instructions (collectively referred to as “computer programs”). The computer programs typically comprise one or more instructions, e.g. instructions 1804, 1808, 1828, set at various times in various memory and storage devices in an electronic device. When read and executed by the processors 1802, the instruction(s) cause the processing system 1800 to perform operations to execute elements involving the various aspects of the present disclosure.
Moreover, while embodiments have been described in the context of fully functioning electronic devices, those skilled in the art will appreciate that some aspects of the technology are capable of being distributed as a program product in a variety of forms. The present disclosure applies regardless of the particular type of machine- or computer-readable media used to effect distribution.
Further examples of machine- and computer-readable media include recordable-type media, such as volatile and non-volatile memory devices 1810, removable disks, hard disk drives, and optical disks, e.g. Compact Disk Read-Only Memory (CD-ROMS) and Digital Versatile Disks (DVDs), and transmission-type media, such as digital and analog communication links.
The network adapter 1812 enables the processing system 1800 to mediate data in a network 1814 with an entity that is external to the processing system 1800 through any communication protocol supported by the processing system 1800 and the external entity. The network adapter 1812 can include a network adaptor card, a wireless network interface card, a router, an access point, a wireless router, a switch, a multilayer switch, a protocol converter, a gateway, a bridge, a bridge router, a hub, a digital media receiver, a repeater, or any combination thereof.
The network adapter 1812 may include a firewall that governs and/or manages permission to access/proxy data in a network. The firewall may also track varying levels of trust between different machines and/or applications. The firewall can be any number of modules having any combination of hardware, firmware, or software components able to enforce a predetermined set of access rights between a set of machines and applications, machines and machines, or applications and applications, e.g. to regulate the flow of traffic and resource sharing between these entities. The firewall may additionally manage and/or have access to an access control list that details permissions including the access and operation rights of an object by an individual, a machine, or an application, and the circumstances under which the permission rights stand.
The language used in the specification has been principally selected for readability and instructional purposes. It may not have been selected to delineate or circumscribe the subject matter. It is therefore intended that the scope of the technology be limited not by this Detailed Description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of various embodiments is intended to be illustrative, but not limiting, of the scope of the technology as set forth in the following claims.
This application claims priority to U.S. provisional application No. 63/084,304, entitled Remote Network and Cloud Infrastructure Management, and filed on Sep. 28, 2020, which document is incorporated herein in its entirety by this reference thereto.
| Number | Date | Country | |
|---|---|---|---|
| 63084304 | Sep 2020 | US |
