CN1761209A - System and methods for providing network quarantine - Google Patents

System and methods for providing network quarantine Download PDF

Info

Publication number
CN1761209A
CN1761209A CN 200510089633 CN200510089633A CN1761209A CN 1761209 A CN1761209 A CN 1761209A CN 200510089633 CN200510089633 CN 200510089633 CN 200510089633 A CN200510089633 A CN 200510089633A CN 1761209 A CN1761209 A CN 1761209A
Authority
CN
China
Prior art keywords
client
server
soh
qcc
qpc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200510089633
Other languages
Chinese (zh)
Inventor
A·帕勒卡
C·C-H·乔伊
E·D·莱维斯
H·贝克
L·布拉迪克
N·C·吉德瓦尼
T·M·莫利
V·P·卡玛斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN1761209A publication Critical patent/CN1761209A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

A system and method for ensuring that machines having invalid or corrupt states are restricted from accessing network resources are provided. A quarantine coordination client (QCC) located on a client machine acquires statements of health from a plurality of quarantine policy clients. The QCC packages the statements and provides the package to a quarantine enforcement client (QEC). The QEC sends the package to a quarantine enforcement server (QES) with a request for network access. The QES passes the package to a quarantine coordination server (QCS) that disassembles the package and passes the individual statements of health to corresponding quarantine policy servers (QPS). The QPSs validate the statements of health and inform the QCS of the result. If the client provided valid statements of health, the QES grants the client access to the network.

Description

The system and method for Network Isolation is provided
Technical field
The present invention relates generally to the access to netwoks management, and relate more particularly to before allowing the client access Internet resources, check client's safe condition.
Background technology
Usually use trusted module (trust model) and mechanism (mechanism) can not obtain the visit to Internet resources to guarantee undelegated user in computer network, client, server and peer device (peer), described Internet resources for example are file, printer, other computers or addressable any resource on network.These trust models and mechanism are used to discern those well-meant users.Yet it is possible that user's machine constitutes a threat to network under the ignorant situation of user.For example, machine may comprise virus, or has the security breaches of user's the unknown.Therefore no matter whether the user has malice, the unsafe condition of subscriber set should break away from from network to be repaired up to safety defect.This safety problem especially is present in three network environments: DHCP (DHCP), VPN (VPN), IEEE802.1X and Internet Protocol Security (IPsec).
DHCP is that an Internet protocol (IP) distributes standard, distributes the standard server to give the time of one section appointment of client with IP address assignment or " leasing " thus.When DHCP client was connected in network with himself for the first time, it broadcasted a DHCP DISCOVER packet.Intercept and capture this broadcasting at the Dynamic Host Configuration Protocol server of local segment, and return a DHCP OFFER packet, this DHCP OFFER packet comprises the IP address and provides access to netwoks necessary other information for the client.Because the client can receive a plurality of DHCP OFFER packets from a plurality of different servers,, and broadcast a DHCP REQUEST packet that has identified selected clear and definite server so the client must therefrom select.Selected server can return a DHCPACK and inform that the client leases and finished.If make described providing (offer) no longer valid for a certain reason, this reason is such as being overtime or other clients are distributing this concession, and so selected server must utilize DHCPNAK information to react.This will cause the client to send another one DHCPDISCOVER packet, and restart this process.
If client has obtained the network address by some other means (for example, manual configuration), client can use the DHCPINFORM solicited message to obtain other local configuration parameters so.The server constructs that receives DHCPINFORM information has the DHCPACK information of any local configuration parameter that is suitable for client.Lease in case client has had, before the time limit of the lease arrives another DHCPREQUEST information, must upgrade so it.Lease if client finished to use before its closing date, client sends to server with DHCP RELEASE information so that to lease other nodes be available so.If server is not received information from client to leasing when finishing, server will be leased not to be labeled as and upgrade so, and to make it be available to other clients.
In traditional DHCP supply system, Dynamic Host Configuration Protocol server can be carried out an authentication procedure to guarantee the asking client of access to netwoks to have the voucher of having verified (credentials).For example, before providing DHCP OFFER to client, the Dynamic Host Configuration Protocol server on mechanism's Local Area Network needs a fetcher code to prove that the user has the right to visit described LAN.Authentication procedure prevents the visit to Internet resources of unauthorized or user with harmful intent.Yet traditional authentication procedure can not stop dangerous, or even despiteful machine access network.The user can have effective right and visit network, but user's machine can be by virus infections, or comprises security breaches, and these should be corrected before this machine access network allowing.
The machine that wherein is in serious unsafe condition is VPN to another environment that network constitutes a threat to.VPN is the expansion that comprises the personal network who is linked to the shared or public network such as the internet.VPN make you can share or public the Internet on two computers between send data in the mode of privately owned (private) link properties of simulation point-to-point.The behavior of configuration or establishment VPN is called virtual individual's networking.In order to simulate the point-to-point link, utilize a header (header) compression or packing data, this header provides routing iinformation to make data pass shared or reach home in the common transmission internet.In order to simulate privately owned link, the data that just are being sent out are compressed for confidentiality.Intercepted data packet does not have encryption key not decode on shared or public network.The compressed coupling part of private data is called the tunnel therein.Wherein the encrypted coupling part of private data is called VPN (VPN) connection.
VPN also uses authentication protocol.Network access server (NAS) sends inquiry to the VPN client to Terminal Server Client, and this inquiry comprises paragraph (session) ID and one enquiry character string arbitrarily.Terminal Server Client must return the encrypted form of user name and enquiry character string, conversation ID, and the MD4 of hash (MD4-hashed) password.This design of hash of the MD4 hash that accesses to your password provides another other safety of level, because this design allows the password rather than the clear-text passwords of server stores hash.Yet the conventional authentication program can not prevent dangerous or even despiteful machine access network again.The VPN client can provide valid certificates, but VPN client machine itself can be by virus infections, or has comprised security breaches, and these should be corrected before this machine access VPN allowing.
Wherein the another one environment of authentification of user deficiency is to use IPsec.IPsec has defined two functions guaranteeing confidentiality: data encryption and data integrity.IPsec uses authorization header (AH) so that resources certification and integrality to be provided under the situation of not encrypting, and uses compressing secure payload (ESP) that authentication and integrality are provided together with encrypting.Utilize IPsec, have only sender and recipient to know safe key.If verify data is effective, this recipient knows that communication does not change from this sender and in transmission so.
IPsec can be envisioned as a layer under the TCP/IP lamination (stack).This layer is by security association (association) control of consulting between the security strategy on each computer and sender and the recipient.Described strategy comprises a set filter and relevant safety measure.If the IP address of a packet, agreement and port numbers and filter coupling, described packet is then obeyed relevant safety measure.First such packet triggers the negotiation of the security association between sender and the recipient.The Internet Key Exchange (IKE) is exactly the standard agreement of this negotiation.During ike negotiation, two computers are reached an agreement on authentication and data security method, carry out authentication mutually, and are the shared key of data encryption generation afterwards.
After setting up security association, can transmit for each computer carries out data, data safe processing is applied to the packet that transmits to Terminal Server Client.Described processing can only guarantee the integrality of the data that transmit, and perhaps it also can be encrypted it.The data integrity of IP payload and data authentication can be provided by the authorization header between IP header and transmission header.Authorization header comprises verify data and sequence number, and it all is used to verify the sender, guarantees that information was not modified in transmission, and prevents Replay Attack.
Yet traditional authentication procedure can not prevent again dangerous, or even despiteful machine access network.Computer can provide valid certificates, but machine itself can perhaps be comprised security breaches by virus infections, and these should be corrected before the Internet resources that allow another computer of machine access.
IEEE802.1x is based on the standard of the access to netwoks control of port, and described access to netwoks control provides the certified access to netwoks to 802.11 wireless networks and wired ethernet.The equipment that utilizes the physical characteristic of changeable Local Area Network essential structure to authenticate to be connected in the LAN port based on the access to netwoks of port control and just in case the verification process failure prevents the visit to that port.
In the access to netwoks control reciprocal process based on port, the LAN port is taked among two roles: authenticator or requestor (supplicant).In authenticator role, the LAN port allows user capture to authenticate by carrying out before the equipment of that port access at it.In requestor's role, the equipment that the visit of LAN port request can be visited by authenticator's port.Certificate server, can be an independent entity or with the authenticator together, represent the authenticator to check requestor's certificate.Then authentication server response authenticator, whether indication request person is authorized to access registrar person's equipment.
Authenticator's the access to netwoks control based on port has defined by two logical access points of a physics LAN port to LAN.First logical access points, uncontrolled port allows the exchanges data between other computers on authenticator and the LAN, and no matter the licensing status of computer.Second logical access points, controlled ports allows the exchanges data between certified LAN user and the authenticator.IEEE802.1x uses the security protocol of standard, and for example remote authentication is dialled in (Dial-In) subscriber equipment (RADIUS), and centralized User Recognition is provided, authentication, and dynamic key management, and charge.
Yet traditional authentication procedure can not prevent dangerous again, or even despiteful machine access network.Computer can provide valid certificates, but machine itself can perhaps be comprised security breaches by virus infections, should be corrected before the Internet resources that allow another computer of machine access.Therefore, guarantee up to client be safe and the safe condition that can prove them just to allow the system and method for the access to netwoks of client be the needs of this area.
Summary of the invention
For above-mentioned purpose, the invention provides a kind of being used for carries out mutual Network Isolation client with the server of carry out isolating strategy, and described Network Isolation client comprises at least one execution client by procotol and server communication; And the collaboration client that obtains at least one Health Claims from least one policy client; Wherein collaboration client provides an interface, communicate by at least one policy client of described interface and collaboration client, and wherein collaboration client focuses at least one Health Claims in the statement of healthy tabulation and at least one and carries out the statement that client provides healthy tabulation.In an embodiment of invention, at least one is carried out client and uses the statement of healthy tabulation to obtain the visit to the Internet resources on the server.For characteristics according to the invention, at least one carries out client is Dynamic Host Control Protocol, in VPN client and the IPsec client one.Collaboration client is communicated by letter with at least one policy client by the interface that is provided by at least one policy client.Collaboration client and execution client can be included in the operating system of a computer.
An alternative embodiment of the invention comprises a kind of Network Isolation server that is used to carry out the Network Isolation strategy, comprise that at least one is used for the execution server by procotol and at least one client communication, and collaboration server that is used for receiving a Health Claims tabulation from the execution server, described tabulation comprises at least one Health Claims, and is used to inquire about at least one strategic server to confirm at least one Health Claims.If each Health Claims all is identified, collaboration server indicates at least one to carry out at least one client-access Internet resources of server authorizes so.If each Health Claims all is not identified, collaboration server is indicated at least one to carry out server and is carried out the isolation strategy that obtains from least one strategic server so.For characteristics according to the invention, collaboration server provides a port, communicates by letter with collaboration server by at least one strategic server of this port.Collaboration server is communicated by letter with at least one strategic server by the interface that is provided by at least one strategic server.
In another embodiment of invention, a kind of be used to allow policy client and the application programming interface of isolating client communication are provided, described interface comprises that one is used for policy client is bound to the bind command (bind call) of isolating client, and a notice is isolated the notification command that client is isolated the variation of strategy.
In the another one embodiment of invention, a kind of application programming interface is provided, be used for allowing to isolate client and communicate by letter with policy client, described interface comprises the order of obtaining of obtaining Health Claims from policy client.
In the another one embodiment of invention, a kind of application programming interface is provided, be used to allow strategic server to communicate by letter with Quarantine Server, described interface comprises a bind command (bind call), be used for policy client is bound to the isolation client, and a response command, be used to represent that Health Claims is effective.
In the another one embodiment of invention, provide an application programming interface to be used to allow Quarantine Server to communicate by letter with strategic server, described interface comprises and being used for by the order of accepting one's fate really of strategic server affirmation Health Claims.
In the another one embodiment of invention, a kind of method is used for the Network Isolation management, comprise from Remote Dynamic host control protocol (DHCP) server receiving a Health Claims that obtains from the client of request Internet resources, described Health Claims has reflected the system mode of client; Confirm described Health Claims; If Health Claims is effective, indicate this request of Dynamic Host Configuration Protocol server mandate so; And if Health Claims is invalid, indicate Dynamic Host Configuration Protocol server not authorize this request and client is isolated so.
With reference to the detailed description of accompanying drawing to embodiment, other characteristics of the present invention and advantage become more apparent from following.
Description of drawings
The part of the specification of the several aspects of example the present invention is introduced wherein and formed to accompanying drawing, is used from the principle of explaining invention with description one.In the accompanying drawings:
Figure 1A is the schematic diagram of the exemplary network environment that moves thereon of overall example the present invention;
Figure 1B is the calcspar of the example computer system of overall example the present invention's existence;
Fig. 2 is the schematic overview of parts of the present invention.
Fig. 3 shows the method for the inventory that secures good health according to the embodiment of the invention;
Fig. 4 shows the software part of the embodiment of the invention;
Fig. 5 shows the method for client and server communication according to the embodiment of the invention;
It is mutual that Fig. 6 shows the demonstration of element of one embodiment of the invention;
Fig. 7 shows client terminal/server structure according to an embodiment of the invention;
Fig. 8 shows one embodiment of the present of invention of using DHCP;
Fig. 9 shows one embodiment of the present of invention of using IPsec; And
Figure 10 shows one embodiment of the present of invention of using a client of a plurality of Dynamic Host Configuration Protocol server supplies;
Wherein describe the present invention in connection with some preferred embodiments, purpose does not lie in it is limited in those in fact Execute in the example. On the contrary, purpose is to cover the spirit and scope that are included in by the invention of claims definition Within all replacements, revise and be equal to.
Embodiment
With reference to accompanying drawing, wherein identical Reference numeral is represented components identical, and the present invention who illustrates carries out in the processing environment that is fit to.Below describe based on embodiments of the invention and should not be considered to and limit the present invention herein with respect to the alternative embodiment of clearly not describing.
In the following description, the present invention describes with reference to the behavior or the symbolic representation of the operation of being carried out by one or more treatment facilities, unless otherwise indicated.Similarly, be understandable that this behavior or operation, be sometimes referred to as by computer executablely, comprise the operation of processing unit of treatment facility of representing the signal of telecommunication of data with version.This operation translation data or they are kept in the memory device of treatment facility, described treatment facility reconfigures or adjusts the operation of equipment in mode well known to those skilled in the art.The data structure that data are saved is the defined memory physical location with particular characteristics of data format.Yet, although described the present invention hereinbefore, and do not mean that restriction the present invention, person of skill in the art will appreciate that hereinafter described various actions and operation also can be realized by hardware.
To be described in the example that wherein uses a network environment of the present invention referring now to Figure 1A.Example network is included in the several computers 110 that communicate each other on the network 111, and wherein network 111 is represented by cloud form.Network 111 can comprise many known parts, router for example, and gateway, hub etc., and allow computer 110 to communicate by wired and/or wireless medium.When on network 111 when mutual each other, wherein one or more computers can be used as the client of other computer relatively, the webserver, and Quarantine Server, or at the same level.Therefore, each embodiment of the present invention can be in client, the webserver, and Quarantine Server is realized in peer or their combination, although the concrete example that this paper comprised can not relate to the computer of all these types.
Figure 1B shows the example that can implement suitable treatment system environment 100 of the present invention therein.Treatment system environment 100 is an example of suitable processing environment just, and does not mean that any restriction to the scope of use of the present invention or function.Processing environment 100 should not be interpreted as having and any one element or relevant any interdependence or the necessity of combination of elements routine shown in the example process environment 100 yet.
The present invention utilizes multiple other universal or special treatment system environment or configuration operations.Be fit to the known process system that the present invention uses, the example of environment and configuration include but not limited to, personal computer, server computer, portable or portable set, multicomputer system is based on the system of microprocessor, set-top box, programmable consumer electronics (consumer electronic), network PC, microcomputer, large-scale computer, the distributed processing environment that comprises any said system and equipment, or the like.
The present invention can be with the formal description of the executable instruction of common computer, for example the program module of being carried out by computer.Usually, program module comprises the routine of carrying out particular task or realizing particular abstract, program, object, element, data structure etc.The present invention can realize in distributed processing environment that also task is carried out by the teleprocessing equipment that connects by communication network in distributed processing environment.In distributed processing environment, program module both can be stored in the local computer storage medium that comprises memory devices, also can be stored in the remote computer storage medium that comprises memory devices.
With reference to Figure 1B, be used to realize that example system of the present invention comprises the common treatment equipment of a computer ll0 form, can be used as client within the scope of the present invention, the webserver, Quarantine Server, or at the same level.The parts of computer 110 can include, but not limited to a processing unit 120, system storage 130 and a plurality of system units are connected to the system bus 121 of processing unit 120, and described a plurality of system units comprise system storage 130.System bus 121 can be several types bus-structured any one, comprise memory bus or storage control, peripheral bus and use any one local bus in a plurality of bus structures.And unrestricted, this structure comprises industrial standard architecture bus for example, the Micro Channel Architecture bus, and the isa bus of enhancing, VESA's local bus, and peripheral component interconnect also are commonly referred to as interlayer (Mezzanine) bus.
Computer 110 generally includes multiple computer-readable medium.Computer-readable medium can be anyly can comprise the non-volatile media of easily becoming estranged by the usable medium of computer 110 visit, moves and non-moving medium.And unrestricted, computer-readable medium can comprise computer-readable storage medium and propagation medium for example.It is non-volatile that computer-readable storage medium is included in easily becoming estranged of using in any method that is used for stored information (for example computer-readable instruction, data structure, program module, or other data) or the technology, and moves and non-moving medium.Computer-readable storage medium comprises, but be not limited to RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disc (digital versatile disk) or other disk storages, cassette, tape, magnetic disc store or other disk storage devices, or can be used in storage information needed and can be by any other medium of computer 110 visit.Propagation medium comprises computer-readable instruction usually, data structure, and program module, or other data in modulated data-signal (for example carrier wave or other transmission mechanisms), and comprise any information transmitting medium." modulated data-signal " vocabulary shows the signal that has one or more its characteristic sets or change in the mode of coded message in signal.And unrestricted, communication media comprises wire medium for example, and for example cable network or single line connect, and wireless medium, sound for example, RF, infrared ray and other wireless mediums.The combination of any above-mentioned medium also should be included within the scope of computer-readable medium.
System storage 130 comprises the computer-readable storage medium of the nonvolatile storage form of easily becoming estranged, for example read-only memory (ROM) 131 and random-access memory (ram) 132.Basic input/output 133 (BIOS) comprises basic routine and helps (for example between the starting period) transmission information between the parts within the computer 110, is stored among the ROM131 usually.RAM132 comprises usually by addressable immediately or current data of operating of processing unit 120 and program module.For example and unrestricted, Figure 1B example operating system 134, application program 135, other program modules 136 and routine data 137.
Computer 110 can comprise that also other are removable/non-moving, and easy mistake/nonvolatile computer storage media.Only for example, Figure 1B shows the hard disk drive 141 that reads or write non-moving, non-volatile magnetic medium, read or write the disc driver 151 of removable, non-volatile disk 152, and the CD drive 155 that reads or write removable, non-volatile CD 156, described CD for example is CD ROM or other optical mediums.Other that can be used for example process environment 100 are removable/and non-moving, easily mistake/nonvolatile computer storage media include but not limited to, cassette, flash card, digital versatile disk [Sony], digital video tape, solid-state RAM, solid-state ROM, or the like.Hard disk drive 141 is connected in system bus 121 by the non-moving memory interfaces of for example interface 140 usually, and disc driver 151 and CD drive 155 are connected in system bus 121 by the removable memory interfaces of for example interface 150 usually.
The computer-readable storage medium that driver example and above-mentioned is relevant with them among Figure 1B provides computer-readable instruction for computer 110, data structure, the storage of program module and other data.In Figure 1B, for example, hard disk drive 141 is exemplified as storage operating system 144, application program 145, other program modules 146 and routine data 147.What note is, these parts also can with operating system 134, application program 135, other program modules 136 and routine data 137 are identical or different.Operating system 144, application program 145, other program modules 146 and routine data 147 are given different digital so that save your breath bright they are different copies.
The user can be input in the computer 110 by ordering such as the input equipment of keyboard 162 and positioning equipment 161 with information, and positioning equipment is commonly referred to as mouse, trace ball, or touch-screen.Other input equipment (not shown) can comprise microphone, joystick, and cribbage-board, satellite dish, or the like.These and other input equipments are connected in processing unit 120 by user's input interface 160 usually, described user's input interface 160 is connected in system bus 121, but also can be connected with bus structures by other interface, such as parallel port, game port or USB.The display device of display 191 or other types also is connected in system bus 121 by the interface such as video interface 190.Except display 191, computer 110 also can comprise other output peripheral equipment that connects by output external interface 195, for example loud speaker 197 and printer 196.
Computer 110 can move using logic to connect in the networked environment of one or more remote computers (for example remote computer 180).Remote computer 180 can be another person's computer, server, router, network PC, peer device, or other common network nodes, and generally include above-mentioned a plurality of or all parts relevant with personal computer 110, although among Figure 1B an example memory device 181.Logic described in Figure 1B connects and comprises Local Area Network 171 and wide area network (WAN) 173, but also can comprise other networks.This networked environment is in office, and enterprise-wide. computer networks is common in Intranet and the internet.
When being used for the LAN networked environment, personal computer 110 is connected in LAN171 by network interface or adapter 170.When being used for the WAN networked environment, computer 110 generally includes modulator-demodulator 172 or be used for setting up other devices of communication on the WAN173 that for example is the internet.Modulator-demodulator 172 can be inner also can be outside, can be connected in system bus 121 by user's input interface 160 or other mechanism that is fit to.In networked environment, the program module that described and personal computer 110 are relevant, or its part can be stored in the remote storage device 181.Also unrestricted for example, Figure 1B is exemplified as remote application 185 and is stored in the memory device 181.Be understandable that shown network connects just example, and other modes that establish a communications link also can be used between computer.
In the following description, the present invention describes with reference to the behavior or the symbolic representation of the operation of being carried out by one or more computers, unless otherwise indicated.Similarly, be understandable that this behavior or operation, be sometimes referred to as by computer and carry out, comprise the processing of processing unit of computer of representing the signal of telecommunication of data with version.This treatment conversion data or they are kept in the memory device of computer, described computer reconfigures or adjusts the operation of equipment in mode well known to those skilled in the art.The data structure that data are saved is the defined memory physical location with particular characteristics of data format.Yet, although described the present invention hereinbefore, and do not mean that restriction the present invention, person of skill in the art will appreciate that hereinafter described various actions and operation also can be realized by hardware.
With reference to Fig. 2, one embodiment of the present of invention comprise at least three computers: client 210, strategic server 220 and isolated execution server (QES) 230.The machine of client 210 to QES230 has two kinds of forms alternately, wherein said Health Claims tabulation (SoHs) and SoH response, the wherein said healthy inventory (BoH) that comprises alternately of comprising alternately.An alternative embodiment of the invention further comprises repairs server 240, and being used for provides necessary software to upgrade with patch so that client tactful consistent with from strategic server 220 downloads to client 210.
Strategic server 220 comprises inspection policy, and the keeper wishes that client checks, operating system (OS) version for example, antiviral mark version etc.The example of strategic server is Windows Update service device (WUS) and antiviral flag update server.Strategic server also changes information, and client needs described information that client is changed into proper configuration, patch for example, antiviral renewal etc.Network can comprise a plurality of strategic servers, that is to say, the strategic server of a patch and another strategic server of antiviral service can be arranged.The keeper of client inspection and collocation strategy can change this strategy on the strategic server.Strategic server changes to the repairing that client downloads inspection policy and Policy Administrator are configured in the strategic server.Strategic server allows QES230 to check that the SoH from client 210 is effective.
The Policy Administrator is provided with the client's that will be applied to strategic server 220 strategy.This strategy is downloaded and is applied to client 210.When client 210 is sent network resource request, DHCP for example, 802.1X etc., client 210 provides a SoH tabulation together with request.QES230 verifies these SoH, and contact strategic server 220 is to obtain desired customer strategy and to return the response and the SoH Response List of Internet resources.The network manager can will isolate policy configurations in QES230.If be rejected Internet resources, then notify the user of client 210, and the user can ask the more detailed information that how to address this problem about the client owing to isolating the reason machine.The user also can ask support information.
Client 210 can be communicated by letter with one or more strategic servers, and for example a client can be from acquisition strategy of a plurality of Different Strategies server and configuration, WUS server that described Different Strategies server for example is a patch and antiviral mark server.Client 210 is also communicated by letter with one or more QES230 with the request Internet resources.If client is isolated, then client shows a spherical prompting (balloon) and an icon to the user in system tray.The user can ask the details of isolation.This details comprises which strategy is up-to-date.The user can ask to check the support information of isolation.Client 210 request Internet resources comprise that DHCP finds, request, 802.1X authentication, VPN authentication and IPsec IKE exchange.Client 210 provides its SoH tabulation and QES230 checking SoH tabulation to determine to have set the visit of how many times to Internet resources.QES responds request to Internet resources with complete accesses network resource or limiting access Internet resources.
QES230 receives network requests from client, for example DHCP request, 802.1X authentication request, IPsecSA request etc.As the part of this network requests, client 210 sends one or more SoH.The strategy of each type has a SoH, for example has a SoH to describe the health status of patch, has another SoH to describe antiviral health status etc.If desired, QES230 verifies each SoH by the strategy that obtains particular type of communicating by letter with strategic server.Client 210 is communicated by letter in both cases with more than a QES230: when using the QES230 (for example 802.1X radius server and DCHP server) of a plurality of types and when the agreement between client 210 and the QES230 is supported a plurality of QES (for example DHCP will broadcast DHCP and send to a plurality of DHCP QES that can respond) of a type.The network manager can dispose QES230 for strategic server, and it is used to verify the quantity from the SoH of client computer and visit when being proved to be successful or fail.
Repairing server 240 can be to can be used in any server of correcting machine state, for example provides state that information changes machine so that it is no longer isolated.Described information can be software or configuration information.Because the machine of isolating can not communicate with non-isolation machine, be available to isolation network so repair server.Usually repair server also can with the machine communication of not isolating.For example and unrestricted, the example of repairing server is: (1) www.windowsupdate.com, wherein MS's issue form OS security update (Windows OS Security Updates), and client update service and WUS client can be downloaded security update from this address.If form upgrades and to be used as one and to repair server, then need can be directly or the machine by browser agent visit isolation in the internet.(2) SMS server, the SMS client is from wherein download configuration information, script and software.(3) domain controller, it has several different methods so that configuration is used for client.If wherein a kind of method is used, domain controller is exactly a repairing server and need be conducted interviews by the machine of isolating so.
Fig. 3 example client 210, strategic server 220, QES230 and repair mutual between the server 240.In step 310, client sends the safety of an expression client and the SoH tabulation of application state to QES.In step 320, if client has received a SoH response that comprises BoH, then client finishes and can withdraw from isolation now.Yet, do not upgrade BoH from the strategic server download policy in step 330 client if the SoH response does not comprise.Based on these strategies, then download necessary renewal from repairing server in step 340 client.Follow the operational system health examination to generate a new SoH tabulation in step 350 client.This process is then returned step 310 with retry BoH interception (acquisition).
With reference to Fig. 4, client computer comprises three software parts, isolates policy client (QPC) 410, isolates collaboration client (QCC) 420 and isolated execution client (QEC) 430.Client computer can comprise one or more QPS, QPC410a for example, QPC410b, and QPC410c.Each QPC and one or more strategic server 440 communicate and for network provide the strategy and the configuration.Because QPC must understand the strategy that strategic server 440 provides and the type of configuration, so QPC is provided by the identical entity that one or more strategic servers 440 are provided.Each QPC provides a SoH to QCC420.When the SoH of QPC changed, QPC also notified QCC420, and for example when QPC communicated by letter with its strategic server 440, strategic server 440 can change required configuration and inspection condition.QPC410 will carry out this new strategy and produce a different SoH.Here have only a QCC to collect SoH from each QPC.Just in case QPC unavailable (for example, machine startup) is then these SoH of QCC420 buffer memory.According to the requirement from QEC, QCC420 provides SoH tabulation to one or more QEC430.
Client computer can comprise one or more QEC, the QEC of DHCP430 for example, the QEC of the QEC of IPsec 430b and 802.1X 430c.Each QEC communicates by letter with QES450.Usually QEC430 is the existing parts that utilization asks the agreement of Internet resources to communicate.Isolation is to utilize information with the health status of client on the relevant QEC430 to be sent to the QES agreement by restriction to obtain resource and realize that these examples are DHCP, the PEAP of IEEE802.1X and VPN and IPsec.For DHCP, the DHCP agreement has the SoH tabulation.When QEC430 need make network requests, obtain the SoH tabulation from QCC420.
With reference to Fig. 5, client 560 can be communicated by letter with Quarantine Server (QS) 510 by SoH tabulation is sent to specific protocol (protocol-specific) isolated execution server (QES) 540, and wherein isolated execution server 540 passes to QCS530 with tabulation.QS510 can communicate by letter with one or more strategic servers 550 and think that isolating strategic server (QPS) 520 acquisition strategies upgrades.Then QCS530 can determine whether and issue BoH by the BoH tabulation is sent to one or more QPS520 with checking SoH.QPS520 sends to QCS530 with the SoH response, and QCS530 sends it to corresponding QES540, and QES540 then sends it to client 560.If will issue a BoH, then QCS530 comprises a BoH with SoH response.
Fig. 6 example parts exemplary mutual of one embodiment of the invention.In step 601, QPC downloads updating strategy to client.The strategy of downloading is specific to the type of QPC, for example patch client or antiviral client.In step 602, QPC notice QCC changes about the strategy of QPC strategy.In step 603, QCC notifies one or more QEC the change of relevant strategy.Then in step 604, QEC is from QCC request SoH tabulation.In step 605, QCC asks all SoH from one or more QPC.In step 606, each QPC sends its SoH.In step 607, QCC then submits to QEC with the SoH tabulation.In step 608, QEC sends the SoH tabulation QES of QS to, and asks a BoH.In step 609, QES requests verification SoH.QCS receives SoH and each SoH is submitted to corresponding QPS to be used for checking.In step 611,, then download them from strategic server if QPS does not have current strategy.In step 612, QPS then verifies SoH and the result is submitted to QCS as SoH response.In step 613, QCS collects the SoH response and they is submitted to QES, so that can corresponding QEC be submitted in the SoH response according to the agreement that they are shared at step 614QES.If SoH has been verified, then QCS further comprises the BoH with SoH response.
In addition, with reference to Fig. 7, total comprise as the parts of client with as the parts of server (notice that the client and server parts can be on identical machine, for example when sending request to peer IPsec can be client and when being server when peer's reception is asked).QPC obtains and can change the state of machine, and for example, they obtain the machine state that the keeper has determined machine is in " health " or " non-health ".QPC provides SoH to QCC.When the QCC stored information needs the SoH of client in order to QEC.No matter when QEC need make network requests, and it all obtains SoH and they are sent to the QEC of QES from QCC.QES passes to QCS with SoH.QCS passes to correct QPS with SoH.The state of strategic server/QPS inspection machine and to notify the QCS client computer be " health " or " non-health ".QEC and QES are the multiple technologies that can allow or not allow accesses network resource (for example VPN, DHCP, and IPsec).The QES parts determine that according to QCS client computer is that Internet resources are supplied with or refused in the strategy decision whether " health " or " non-health " and actuator should be carried out, and for example, QCS can select to write down the result but how the result of QPS returns success from QPS.
Do not need each QPS that the QPC of a coupling is all arranged.QCS calls each and makes the QPS that " binding " calls to QCS.If SoH can not offer QPS, then transmit an empty SoH and return an empty SoH response.QES is except as providing or refusing the network technology of Internet resources, also can be as Quarantine Server independently.In this role, Quarantine Server QES can receive " health status " of QPC, verifies a plurality of SoH, and returns the BoH that can be used by other QEC/QES and QES needn't need to use the QPS of oneself to verify the state of client computer to QCC.
The agreement of using between QPC and strategic server is fixed according to QPC and strategic server (for example WUS definition himself agreement).The agreement of using between QCC and the QCS transmits SoH and SoH response buffer.Described agreement transmits on the actuator agreement.The agreement of using between QEC and the QES is decided according to actuation technologies.DHCP QEC/QES uses the DHCP agreement.SoH and SoH response transmit by DHCP supply option (vendor option).PEAP QEC/QES uses the PEAPv2 agreement.SoH and SoH response transmit by PEAP TLV.SoH and SoH response also can transmit by the SOAP such as XML.
With reference to Fig. 8, QEC/QES uses DHCP data in one embodiment of the invention.DHCP isolates the gateway address that acquiescence is not provided to machine, but provides static route to selected machine (for example DHCP, DNS, patch server (for example WUS)).Also to the IP address setting netmask (netmask) that offers 255.255.255.255, so there is not the route of normal local subnet network.Therefore when application is attempted to send the address of any other IP address rather than those permissions, the inaccessiable mistake in destination will appear in the tcpip stack.Because Dynamic Host Configuration Protocol server is a handle machine, so can comprise that QPS is in machine.
QPC and QPS/ strategic server 850, for example SMS or WUS can be sent to client 810 from server 860 with the strategy of client 810.QPC820 will upgrade with predetermined interval polling server.No matter when " health status " of machine changes, and QPC820 is distributed to QCC830 with its SoH.QCC830 collects the SoH of each QPC820 in the SoH tabulation.No matter when SoH changes, and QCC830 notifies all QEC.When QEC (dhcp client) 840 wanted to ask an IP address or upgrades an IP address, it obtained the SoH tabulation by QCC830 from QPC and SoH buffer, and utilizes one or more DHCP option that it is passed to QES (Dynamic Host Configuration Protocol server) 890.QES (Dynamic Host Configuration Protocol server) 890 offers QCS880 with the SoH tabulation, and described QCS880 passes to correct QPS870 with each SoH.It is correct and current with the SoH of checking client to that client that each QPS870 can get in touch its strategic server 850, for example, does not have patch to be installed in this client.If client is current and correct, then QPS870 returns success to QCS880.If all QPS return success to QCS880, then QCS880 returns success to QES (Dynamic Host Configuration Protocol server) 890.QES (Dynamic Host Configuration Protocol server) 890 then turns back to QES (Dynamic Host Configuration Protocol server) 840 with correct DHCP option, comprises a BoH.
With reference to Fig. 9, QEC/QES uses the IPsec protocol communication in one embodiment of the invention.The IPsec isolated execution is to set up IPsec SA to realize by refusal from the client of isolating.The machine of Ge Liing will can not accepted IPsec SA from the machine of isolating.Shielding system needs a kind of method to exempt some machine and equipments.Isolate client and only support some OS, the machine that moves other OS is segregate always, and perhaps the network manager must accept, and is allowed to and the machine communication of the not isolating tactful detecting position that just do not rerun up to this machine.Because the IPsec client is directly from another client-requested Internet resources, so IPsec client at the same level can not directly be used QPS.QCC must use Quarantine Server QEC to obtain a BoH, and described BoH will be that an IPsec does not change the X.509 proof that can be sent to the peer of IKE under the situation of IKE.
QPC and QPS/ strategic server (for example SMS or WUS) 960; The strategy of client 910 is sent to client 910 from server 970.QPC920 will upgrade with fixed intervals poll strategic server.No matter when " health status " of machine changes, and QPC920 is distributed to QCC930 with its SoH.QCC930 collects the SoH of each QPC in the SoH tabulation.No matter when SoH changes, and QCC930 notifies all QEC.When receiving this notice, QS QEC940 obtains SoH and sends it to QS QES976.Quarantine Server QES976 offers QCS974 with the SoH tabulation, and described QCS974 passes to correct QPS972 with each SoH.It is correct and current with the SoH of checking client to that client that each QPS can get in touch its strategic server 960, for example, does not have patch to be installed in this client.If client is current and correct, then QPS972 returns success to QCS974.If all QPS return success to QCS974, then QCS974 returns success to Quarantine Server QES976.If QCS974 returns success to it, then Quarantine Server QES976 returns BoH to QS QEC940.QS QEC940 then returns BoH to the QCC930 of buffer memory BoH.QCC930 then changes to all actuators BoH that gives notice.When IPsec is requested when peer sets up IKE SA, QEC (IPsec) 950 obtains BoH and it is passed at the same level 980 QES (IPsec) 984 from the BoH buffer.QES (IPsec) 984 passes to QCS982 with BoH, and described QCS982 verifies to BoH and success (if being identified) is turned back to QES (IPsec) 984 that QES (IPsec) 984 then accepts remote I KE communication.
In another embodiment of the present invention, system uses VPN to carry out.If carrying out should to be isolated then IP filter is placed on the vpn server by client, VPN realizes that the server that therefore only can arrive vpn server is DNS, DHCP and repair server.The isolation switching implementation of SoH and SoH response is not for needing the EAP exchange of new EPA method, and described new EAP method is to be bound by PEAPv2's after any required user or device authentication.Whole EAP part will be finished just and can finish up to the PEAP part and the EAP isolated part that comprise embedding EAP authentication.If PEAPv2 partly completes successfully, then whole EAP partly completes successfully.If the EAP method of all embeddings all completes successfully, then PEAPv2 partly completes successfully.The order of the EAP method operation that embeds is driven by radius server, and which EAP method described radius server utilizes must successful execution and dispose in proper order with which.The EAP method that client PEAP will be configured to wherein embed allows by the radius server request.
In another embodiment of the present invention, system uses IEEE802.1X to carry out.Hawaiian IEEE802.1X carries out and uses the PEAPv2 agreement that has among the EAP, and wherein EAP has among the IEEE802.1X.If the IEEE802.1X execution should be isolated by client IP filter being placed on NAS (Ethernet switches or radio access point) and realizing, can be DNS by the server of NAS only therefore, DHCP and repairing server.
With reference to Figure 10 an alternative embodiment of the invention has been described.In this embodiment, network comprises a plurality of Dynamic Host Configuration Protocol server, is used to provide the visit of user to Internet resources.The QES that each Dynamic Host Configuration Protocol server 1030 has been described before all comprising one.Network 1020 further comprises remote authentication dial-in customer service (RADIUS) server 1040, the QCS and the QPS that have described before described server 1040 comprises.Therefore, isolation cooperation in this embodiment and tactical management are concentrated and are positioned on the radius server of whole network 1020.When client 1010 was asked from one of them Dynamic Host Configuration Protocol server 1030 accesses network resource, QCS and QPS that the QES of Dynamic Host Configuration Protocol server relies on radius server 1040 authenticated health status.If radius server 1040 has been confirmed the health status that client provided, then Dynamic Host Configuration Protocol server 1030 is permitted the client-access network.If health status is not identified, then Dynamic Host Configuration Protocol server 1030 places isolation according to the strategy that radius server 1040 is provided with client.
Provide the dns server of network infrastructure support to need to have access to segregate and non-isolation machine.The network manager can select to make the Internet proxy server can visit segregate machine to allow those machine access internets.
The a plurality of QPC of structural support of the present invention comprise: (1) antiviral QPC, provide about AV whether in operation, and whether the mark version that the version of AV, AV are using, AV be just at the SoH of real-time inspection etc.(2) inspection file or registration are landed and are existed or non-existent QPC.This QPC allows to check OS configuration and the ICS configuration such as ICF, and whether malware etc. has been installed.(3) check the QPC of the quantity that TCP/IP that each process is set up connects.Then QPS can isolate the client with application program of opening many connections.Except server or end-to-end application program, such behavior may not be correct.May not have to support QPS under the situation of QPC yet.Whether this point makes the network behavior inspection provide the input client should to be isolated.
The programming model that is used to visit the interface that above-mentioned software part provides is described now.The isolated execution system has a public API on the client between QPC and the QCC, and the server end of a public API between QPS and QCS.Each API is a com interface rather than long-range calling.Two API are not labeled as and are used safely in initialization or are used safely in script.Client end AP I is synchronous and server A PI is asynchronous.Also be useful on QEC, QCC, QES, other COMAPI between the QCS.
Quarantine?Coordination?Client<-Quarantine?Policy?Client(IQuarPolicyClientBinding)
(the isolation collaboration client<-isolation policy client (IQuarPolicyClientBinding))
This interface is provided by QCC.Use by QPC.This interface by ACL to local system and network service.This be QPC communicate by letter with isolation platform main debarkation point.Visit by overall interface table (Global Interface Table) by QPC.Be responsible for communicating by letter with the internal procedure (inter-process) of QCC service.If not operation of QCC service, then COM will be configured to start service.Under QCC service can not be carried out more news, QPC poll QCCQPC-〉Bind is up to the QCC service operation.
Initialize(QPC_ID,Product?GUID,QPCQCC?CLSID,QPC_READ?CLSID,QPCQCCIF)。This API is that QPC calls so that its QPCQCC interface is offered QCC in running time.Product GUID must be identical for the product of all versions.If possible, the product of different editions also should use identical QPC_ID/QPS_ID, and adds version to SoH.Otherwise new version should use different QPC_ID/QPS_ID, but is to use identical Product GUID.QPCQCC CLSID is the CLSID that is used for com object, and must support to implement the interface of QPCQCC interface.QPC must utilize CoCreateInstance (QPCQCC Class GUID, QPCQCC IFGUID , ﹠amp; Object) create QPCQCCIF.QPC_READ CLSID is the CLSID of QPC_READ interface.This interface is supported from the QPC Query Information.
Uninitialize(QPC_ID)。This API calls in running time when QPC exists.QPC should confirm that QCC is not had uncompleted calling before calling making this, calls then should not make other to QCC again and call in case made this.Making before this calls, QPC should not destroy QPCQCC and QPC_READ IF.In case all return to calling all of QPCQCC and QPC_READ, then QCC will return this and call.Call when discharging when QPC makes, should make QPCQCC and QPC_READ any called all invalid.
NotifySoHChange(QPC_ID)。This API notice QCC is changed by the SoH state that QPC preserves.
QuerySystemQuarantineState(QPC_ID, *Q/NQ/Probation, *ProbationTime)。This API allows the current client isolation of QPC inquiry.
Quarantine?Coordination?Client<-Quarantine?Enforcement?Client(IQuarEnforcementClientBinding)
(the isolation collaboration client<-isolated execution client (IQuarEnforcementClientBinding))
The interface that QCC provides is used by QEC.This interface by ACL to local system and network service.This interface is to be provided and used by QEC by QCC.QEC visits this interface by overall interface table.It is the main login point that QEC is used for communicating by letter with QCC.
Initialize(QEC_ID,QECQCC?CLSID,QEC_READ?CLSID,QECQCCIF)。This API is that QEC calls so that its QECQCC interface is offered QCC in running time.QECQCCCLSID must provide the interface of type QECQCC.QECQCCIF is the interface that obtains from QECQCC_Class_GUID.
Uninitialize(QEC_ID)。This API is when QEC exists and do not re-use the QECQCC interface, calls in running time.
QuerySoHs(QEC_ID,ConnectionState?IF)。This API is called by QEC when QEC need offer its QES with the SoH tabulation.QEC will can not know the form of SoH buffer, and the form of SoH buffer must be passed to QES apparently.ConnectionState IF be distribute by QEC and be delivered to QCC and if necessary then be delivered to QPC.QCC can be provided with QPC and inquire about the relevant information of handling (transaction).In case this API has returned QCC, then QPC can not visit ConnectionState IF.This function all calls QuerySoHs for the QPC that is bound to QCC, and then adds available any other SoH in the buffer storage for QName.Before returning this function, must call the TestSoHHash of ConnectionState IF.If function has returned S_OK, then QuerySoHs returns S_FALSE does not have SoH to change with expression, otherwise this function upgrades SoH Hash by the SetSoHHash that calls ConnectionState IF.QEC should often visit QuerySoHs to check whether ConnectionState has the isolation of startup etc.Can not do if isolate work for QEC, then QCC will return a NO_QUARANTINE_INFORMATION state.
QuerySoHResponseQuarantineState(QEC_ID,ConnectionState?IF, *Q/NQ)。This interface is called to isolate from QCS SoHResponse/isolation not by QEC.
NotifyConnectionStateUp(QEC_ID,ConnectionState?IF)。This API is called by QEC when its QES returns the SoHResponse tabulation, and QEC is in read states to use described Response.Described SoHResponse tabulation is provided with by QEC, and QEC knows its buffer form scarcely, and the form of buffer must be passed to QCC apparently.SoHResponse can be empty, so QES/QEC can not transmit SoHResponse.ConnectionState IF be distribute by QEC and pass to QCC, and if necessary then pass to QPC.QCC can be provided with and the information of inquiring about relevant processing with QPC.
NotifyConnectionStateDown(QEC_ID,ConnectionState?IF)。This API is called with notice QCC connection by QEC and has changed into decline (down) state, and QCC may need the update system isolation.
NotifySoHChangeFailure(QEC_ID)。If failing to carry out NotifySoHChange, QEC calls this API by QEC.Then QCC should start a timer, and calls QECQCC-in the time of timer expired〉NotifySoHChange.
Quarantine?Policy?Client<-Quarantine?Coordination?Client(IquarPolicyClientCallback)
(the isolation policy client<-isolation collaboration client (IQuarPolicyClientCallback))
QPC provides an interface to be used by QCC.This interface by ACL to local system and network service, and can not remote access.This interface is provided by QPC and is used by QCC.The linguistic context that any code that comprises the QCC that calls this interface must use QPC wherein can not imitate caller.When QPC called binding on the QCC, QPC transmitted a Class GUID, and QCC uses described Class GUID to produce the QPCQCC interface instance.
QuerySoH(QPC_ID,ConnectionStateRead?IF)。This API is called with inquiry SoH by QCC.QPC must call ConnectionState-〉SetSoH to be to be provided with their SoH.If QPC transmits different SoH via network, then QPC should inquire about the QName of ConnectionState IF to return correct SoH.
ProcessSoHResponse(QPC_ID,ConnectionStateRead?IF, *QPS_Result)。QPC handles the SoH response interface from QCC.If QPC is not bound to QCC when ProcessSoHResponse should be called, then SoHResponse is abandoned.QName is an isolation title of returning the network of SoH response.SoHResponse can be empty, so QES/QEC can not transmit SoHResponse.QPS_Result turns back to QPC its SoHResponse from the HRESULT that QPS returns.QPS_Result will utilize QCC/QEC recorded information record.
NotifySystemQuarantineStateChange(QPC_ID,Q/NQ)。Notice QPC system isolation changes.
QueryStatus(QPC_ID, *State, *Percentage, *MessageID)。The current state of QPC and the information of the process of description are provided, and described process trends towards reaching its policy configurations and reaches its SoH thus.State (State) is in process, complete successfully and fail to finish one of them.Percentage (Percentage) is 0 to 100%, returns-1 expression QPC and does not support %.Described information must be the MessageID that can use together with QPC_READIF.
Quarantine?Enforcement?Client<-Quarantine?Coordination?Client(IquarEnforcementClientCallback)
(the isolated execution client<-isolation collaboration client (IQuarEnforcementClientCallback))
QEC provides an interface to be used by QCC.This interface has QEC to provide and is used by QCC.This interface by ACL to local system and network service, and can not remote access.When the QEC request was bound to QCC, QEC transmitted a Class GUID, and QCC uses described Class GUID to produce a QECQCC interface instance.
NotifySoHChange(QEC_ID)。This API notice QEC is changed by the SoH state that QCC preserves.QEC should not ignore this and call, if but QEC is occupied then passable, do not call but do not recommend to ignore this.QCC incites somebody to action this API frequently when system is in isolation.
QueryConnectionState(QEC_ID, *Number_IF, *ConnectionState[])。The tabulation of its isolating interface of this API inquiry QEC ID.The form of ConnectionState is the arrangement (array) of ConnectionState IF.
ResetQuarantineState(QEC_ID)。When QCC starts or forbids isolating, call this API by QCC.QEC will reconfigure any isolation configuration.
SoHStateIF
This interface is used by connection status (ConnectionState) and stateful transaction (TransactionState) interface.The tabulation that connection status and stateful transaction use the example of this interface to comprise the tabulation of SoH and comprise SoHResponses.
QuerySoHStateRead: this API is used to obtain the SoH state by QCC and QCS and reads (SoHStateRead) interface.SetListOfSoHResponses (SoHResponse): use this API so that the SoHResponses tabulation to be set by QEC.QueryListOfSoHResponses ( *SoHResponse): use this API with inquiry SoHResponses tabulation by QES.SetSoHResponse (QPS_ID, SoHResponse): use this API so that SoHResponse to be set by QCS.SetListOfSoHs (SoHs): use this API so that the SoH tabulation to be set by QES.QCC SoH should be copied transaction id.If in the SoH tabulation, do not have QCC SoH, should create so and dispensing transaction ID.Before using the SoH tabulation, this API should verify the SoH format list.QueryListOfSoHs (SoHs): by QES use this API with inquire about them or another SoH.SetSoH (QPS_ID, SoH): use this API so that SoH to be set by QCC.SetQCSQPS_IDs: this API is used for being provided with preferred QPS_IDs among the QCS SoHResponse.QueryQCSQPS_IDs: this API is used for reading preferred QPS_IDs from QCS SoHResponse.SetQCCClientName: this API is used for reading client name from QCC SoH.QueryQCCCIientName: this API is used for reading Client Name from QCC SoH.SetQCSClientState: this API is used to be provided with the client state that QCS has determined.QueryQCSClientState: this API is used for reading client state from QCS SoHResponse.SetQCCClientState: this API is used at QCC SoH the active client state being set.QueryQCCClientState: this API is used for reading client state from QCC SoH.SetQCCTransactionID: this API is used at QCC SoH the active client state being set.QueryQCCTransactionID: this API is used for reading client state from QCC SoH.
SetQCSTransactionID: this API is used at QCC SoH the active client state being set.QueryQCSTransactionID: this API is used for reading client state from QCC SoH.SetQCCOSVersion: this API is used at QCC SoH the active client state being set.QueryQCCOSVersion: this API is used for reading client state from QCC SoH.SetQCCOSSPVersion: this API is used at QCC SoH the active client state being set.QueryQCCOSSPVersion: this API is used for reading client state from QCC SoH.SetQCCProcessorArchitecture: this API is used at QCC SoH the active client state being set.QueryQCCProcessorArchitecture: this API is used for reading client state from QCC SoH.SetQCSQPS_Results: this API is used at QCC SoH the active client state being set.QueryQCSQPS_Results: this API is used for reading client state from QCC SoH.SetQCSQName: this API is used at QCC SoH the active client state being set.QueryQCSQName: this API is used for reading customer status from QCC SoH.SetQCSQCSName: this API is used at QCC SoH the active client state being set.QueryQCSQCSName: this API is used for reading client state from QCC SoH.SetQCSProbationTime: this API is used at QCC SoH the active client state being set.QueryQCSProbationTime: this API is used for reading client state from QCC SoH.SetQCSURL: this API is used at QCC SoH the active client state being set.QueryQCSURL: this API is used for reading client state from QCC SoH.
SoHStateReadIF
This interface is used by connection status and stateful transaction interface.Be sent to QPC and QPS with inquiry SoH and SoHResponses by this interface.
QuerySoHResponse (QPS_ID, SoH): by QCC and QPC use this API with inquire about them or another SoHResponse.QuerySoH (QPS_ID, SoH): by QCS and QPS use this API with inquire about them or another SoH.
Connection?Statefor?QEC/QCC(IquarClientConnection)
(connection status of QEC/QCC (IQuarClinetConnection))
QEC uses this interface to manage each unique network " interface " state, and described " interface " has isolation.This interface-ACL to local system and network service, and can not remotely be visited this interface.This interface is offered QEC and QCC.Connection status is read (ConnectionStateRead) interface and offer QCC, QEC and QPC.Network " interface " can be mapped to physics NIC and maybe can the company of being mapped to connect to the logic of another machine, for example IPsec.
QueryConnectionStateRead: this API allows QCC inquiry connection status fetch interface.QuerySoHtate: this API allows QEC and QCC inquiry SoHtate interface.SetMaxSize: its maximum that allows QEC is set to that the SoH list size supported.SetQName:QCC receives QName and at connection status IF QName is set from QCS.SetQCSName: this API allows QCC to be arranged on the current QCS that uses on this connection status.SetPreferredQPS_IDs: use so that preferred QPS_IDs is set as QCS by QCC.SetURL: use so that URL is set as QCS by QCC.SetSoHHash: the hash that is stored in the SoH in the connection status IF object.SetTransactionID (ConnectionStateID, Length): use API so that transaction id is set by QEC.QEC should receive ID for connection status, and for example this should be the NIC MAC Address for DHCP.SetTransactionID should and produce Eight characters joint hash with this and random number shuffling.SetQuarantineState (Quarantine_Enable, Quarantine/Probation/Non-quarantine): rely on the QCS-that returns from QCS〉result the QCC SoH is provided with isolation/non-isolation.SetProbationTime (ProbationTime): be arranged on watching the time on this C connection status IF.Have only when QCS/QCCSoH comprises the time of watching and the isolation of watching and just call it.The time of checking is the very short time.This API keeps watching the termination time of TestProbationTime.Check that time 0 meaning is not to be provided with to check the time.SetQECInfo (EnumType, QECInfo): EnumType comprise from QEC, about the information of QEC.But QECInfo depends on QEC EnumType comprises following: DHCP QEC (Client IP address, Client MAC address, PEAP QEC and IPsec QEC.Serialize (outputbuffer, *Size): this API writes connection status IF configuration in the output buffer.The place that output buffer should be placed in any non-administrator can access, read or write.Deserialize ( *Inputbuffer, size): this API reads input buffer in the connection status IF configuration.DHCP QEC can use this API so that with in the connection state information preservation and the register of restoring with serializer.Have only the keeper to visit and deposit data.
Connection State for QPC (IQuarPolicyClientConnection) (QPC connection status (IQuarPolicyClientConnection))
QEC uses this interface to manage each unique network " interface " state, and described " interface " has isolation.This interface is carried out ACL to local system and network service, and can not remotely visit.This interface is offered QEC, QCC and QPC.Network " interface " can be mapped to physics NIC and maybe can the company of being mapped to connect to the logic of another machine, for example IPsec.Form has listed method and which element uses each method.
QuerySoHStateRead: this API allows QPC inquiry SoHStateRead interface.QueryMaxSize: largest amount allows QEC to specify limit size that QCC can return, the SoH buffering.QueryQName:QName specifies the isolation title of just inquiring about in SoH.If QEC does not know QName, it should use " " so.QCC should return the SoH that has " " disclosed QName or used last time.QueryQCSName:, inquire about the current QCS on this connection status so if know.QueryPreferredQPS_IDs: use so that inquire about preferred QPS_IDs as QCS by QCC.QueryURL: use so that be QCS inquiry URL by QCC.TestSoHHash: only produce the hash of the SoH that is provided with by SetSoH, and it compared with the hash of former storage, and if hash match and return S_OK so otherwise return S_FALSE.QueryTransactionID ( *ID): this API returns transaction id that transaction id is provided with by being provided with, that used by QCC, QEC and QPC.They should be increased to this ID in the daily record when they write down.QueryQECInfo (EnumType QECInfo): EnumType comprise from QEC, about the information of QEC.But QECInfo depends on QEC EnumType comprises following: DHCP QEC (Client IP address, Client MACaddress, PEAP QEC and IPsec QEC.QueryQuarantineState ( *Quarantine_Enable, *Quarantine/Probation/Non-quarantine): return the isolation of isolating/watching with non-isolation.TestProbationTime ( *Passed): because call SetProbationTime, whether it returns the time of checking over and done with.Do not check the time then Passed will return mistake if be provided with.QueryProbationTime ( *ProbationTime): on this connection status IF, inquire about and watch the time.If setting is not checked the time then is returned 0.(Size): QPC can keep message of some relevant connection status IF objects to SetQPCInfo for Info, Length of info, and for example it can keep strategic server name/address that isolating interface therewith together uses.The largest amount of information is 256 bytes.There is not numbering or the pointer that store.QueryQPCInfo ( *Info, *Length of info): this API allows QPC inquiry information that kept in the past, relative connection status IF.People's expectation, the return buffer size has 256 bytes at least, that is to say, can be via the limit size of SetQPCInfo setting.
Isolate cooperation customer account management IF
QCC provides two reason interfaces.One be used to read and one be used to write.Com object is singleton and provides in the operation form in the Com whole world.It provides in global form by this way: it leads to the netshell.dll in whole WINSTA examples.Interface is:
IQuarClientInfo: with this interface-ACL to everyone and can not visit at a distance.Must call any password that this comprises QCC and QCC UI under such situation: wherein QPC can't palm off caller.EnumQPC ( *QPC_IDs, *QPC_READ CLSID[]): enumerate the QPC tabulation of depositing with their QPC_READ IF of QCC and.EnumQEC ( *QEC_IDs, *QEC_READ CLSID []): be set forth in the QEC tabulation of depositing in QCC and their the QEC_READ IF.QuerySystemQuarantineState ( *Quarantine_Enable, *Quarantine/Probation/Non-quarantine): the isolation of inquiry system.QueryQPCState (QPC_ID, *Bind/unbind, *Datetime, *SoH): QCC quality control center's state of inquiry QPC_ID.Return the binding state of binding/not.API returns the time/date of upgrading SoH last time and returns current SoH.QueryQECQuarantineState (QEC_ID, *Bind/unbind, *ConnectionState IF []): inquiry is used for the QCC state of QEC_ID.Return the binding state of binding/not.If do not bind QEC ID if will empty, return the tabulation of the connection status IF that is used for QEC so.QueryStatus (QPC_ID, LANGID, *State, *Percentage, *MessageID): supply with the current state of QPC and the information that the process of its SoH is corrected in description.State is one of following: but (1) has isolated has upgraded failure.The user has to from the keeper or supports that the site gets help; (2) isolated and upgrade and carry out; (3) isolated and whole renewal success.Percentage is 0 to 100%, and returning-1 meaning is that QPC does not support percentage.Information must be the MessageID that can use with QPC_READ IF.Information also should be to be to make and so on local text to add text about QPS_Result about QPC.
IQuarCIientConfig: this interface-ACL to local system and network service, and can not be visited at a distance.This interface does not have API.
Isolate tactful customer account management IF
IQuar Policy ClientInfo: with this interface-ACL to everyone and can not visit at a distance.Must call any password that this comprises QCC and QCC UI under such situation: wherein QPC can't palm off caller.QueryFriendlyName (QPC_ID, *MessageID): this API is that the friendly name of QPC returns MessageID.QueryQPSResuIt (QPC_ID, QPS_Result, *MessageID): this API is that QPS_RESULT returns MessageID.QueryMessage (QPC_ID, LANGID, MessageID, *Message): this API is MessageID and specifies LANGID to return single sign indicating number string.Do not exist if be used for the string of LANGID, must return the string that is used for default system LANGID so.
IQuarPolicyClientConfig: this interface does not have API.
Isolated execution client-side management IF
IQuar Enforcement ClientInfo: with this interface-ACL to everyone and can not visit at a distance.QueryFriendlyName (QEC_ID, *MessageID): this API returns the Information ID of the friendly name that is used for QEC.QueryMessage (QEC_ID, LANGID, MessageID, *Message): this API returns the single sign indicating number string that is used for Information ID and specifies LANGID.Do not exist if be used for the string of LANGID, must return the string that is used for default system LANGID so.
IQuarEnforcementClientConfig: this interface does not have API.
During the QEC initialization, when QCC transmitted its class GUID for its QECQCC interface, QEC called QCCQEC-〉Bind.Receiving and binding the QCC establishment of calling and inquire about the QECQCC interface that is used for QEC.During the QPC initialization, when QCC transmitted its class GUID for its QPCQCC interface, QPC called QCCQPC-〉Bind.Receiving and binding the QCC establishment of calling and inquire about the QPCQCC interface that is used for QPC.In addition, QCC uses QECQCC-〉the possible SoH variation of NotifySoHChange notice QEC.
When QPC changed its SoH, it notified QCC by the NotifySoHChange that calls on the QCCQPC interface.QCC calls each QEC that deposits with it and is invoked at NotifySoHChange on each QECQCC interface.Each QEC checks that it is used for the isolation " interface " of " interface " of any startup isolation.For in these interfaces each, when QCC is each isolation " interface " when transmitting connection status IF, QEC calls QuerySoH.QCC will call the QPC that binds together as parameter with connection status IF for each and call QuerySoH.QCC will add any SoH for being stored in connection status IF in the QCC cache memory, correct then, and returns SoH and tabulate QEC so that can use on connection status IF.Whether QCC must be after producing the SoH tabulation, also called QuerySoHHash before returning from QuerySoH did not change from last time so that check the SoH tabulation.If it is that the SoH tabulation is that unaltered QuerySoH so should return S_FALSE that QuerySoHHash returns S_OK.If QuerySoHHash return S_FALSE so SoH tabulation be different.QCC must call SetSoHHash so that upgrade the new tabulation that hashes to SoH that keeps then.QCC also must call QueryMaxSize and comprise the not comparable largest amount of buffering of SoH tabulation bigger when producing the SoH tabulation.SoH tabulation should block in the largest amount scope, the limit number of complete SoH.
QEC is sent to the QES counterpart with the SoH tabulation then, and the QES counterpart sends to its QCS with them and handles.QCS will transmit SoHResponse and tabulate to QES so that turn back to QEC.The QEC that is just receiving SoHResponse tabulation will be invoked at the ProcessSoHResponses on the QCCQEC interface.QCC will decompose SoHResponse tabulation and call ProcessSoHResponse for each QPC that has called binding and the SoHResponse SoHResponse in tabulating.Anyly be used for not calling the SoHResponse of the QPC that ties up with deleted.When QCC handled the ProcessSoHResponses function, it used the many API on the ConnectionState IF that is sent to ProcessSoHResponses.Create and management connection status IF by QEC, and when ProcessSoHResponses finished, QCC and QPC did not allow to use connection status IF.QCC can call SetQName so that the isolation title to be set on connection status IF.QName by QCS at QCS-provide among the QCC SoH.
QEC network requests API reciprocation is described now.When QEC need make network requests, it need obtain SoH and send.The QuerySoH that it is invoked on the QCC does this work.Remove reciprocation and introduce by QEC, but not by QPC call that NotifySoHChange introduces beyond, interface with use identical with NotifySoHChange.
Quarantine?Policy?server<-Quarantine?Coordination?Server(IQuarPolicyServerBinding)
(the isolation strategic server<-isolation collaboration server (IQuarPolicyServerBinding))
With this APIACL to local system and network service.QPS provides interface so that used by QCS.QCS calls CoCreatelnstance to obtain this interface: Initialize:(QPS_ID); Uninitialize:(QPS_ID); ValidateSoH (QPS_ID, TransactionStateReadIF): call this API with its SoH of request QPS checking by QCS.QPS must call stateful transaction and read〉inquire about SoH to obtain its SoH.Read at stateful transaction if SoH buffering is empty-SoHResponse buffering among the OnValidateSoHComplete must be empty.When finishing when checking, QPS must return this immediately and call and call stateful transaction and read-OnValidateSoHComplete.
Quarantine Coordination server<-Quarantine Enforcement Server (IQuarEnforcementServerBinding) (the isolation strategic server<-isolated execution server (IQuarEnforcementServerBinding))
With this interface-ACL to local system and network service.It is conducted interviews via the interface form in the whole world by QES.ValidateSoH (QES_ID, TransactionState IF, ResponseTime): call this API to require QCS checking SoH tabulation by QES.QCS must call stateful transaction and read-〉 QuerySoH to be to obtain its SoH.QES can not know the SoH buffer format and must be sent to QCS pellucidly.This calls and must return immediately and QCS will call stateful transaction-OnValidateSoHComplete with the isolation result.Response time is that QCS must call OnValidateSoHsComplete so that result's time useful to QES.
The stateful transaction of QCS/QES (IQuarServerTransaction)
With this interface-ACL to local system and network service.This interface is provided in QES and QCS. Reference source not found.) interface is provided in QCS, QES and QPS.QueryQCSStateRead ( *QCSStateReadIF): this API returns and is interfaced to QCSStateRead.QuerySoHState: this API allows QES and QCS inquiry SoHtate interface.SetQESInterfaces (QEs_ID, QESTransactionStateIF, QES_READ IF): this API is provided with the QES stateful transaction and the QES_READ interface of stateful transaction situation use thus.QES must correctly discard these interfaces after using.SetQCSInterface (QCSTransactionStateIF): this API is provided with the QCS stateful transaction interface of stateful transaction example use thus.QES must correctly discard these interfaces after using.OnValidateSoHsComplete: after this interface is finished processing ValidateSoH, QCS will call this interface.This function call QESTransactionState-〉OnValidateSoHsComplete.SetQuarantineConfig: use this API so that specify the QCS configuration that will be used for this ValidateSoH by QES.This API allows QES to specify QCS, and described QCS client makes this request and isolated the connectivity that decision influences.QCS should increase to log information with this information.MessageID is owing to following former thereby inspection-free ID, for example: reservation, scope, domain name coupling, BOOTP.When record is inspection-free, record MessageID.SetMaxSize (MaxSize): use so that the full-size of the SoHResponse that appointment QCS returns by QES.SetClientName (Clientmachine/domain name): use so that client machine/domain name from the QCC SoH that is used to write down is set by QCS.SetClientState (Quarantine/Probation/Non-quarantine): use so that client's isolation from QCC SoH is set by QES or QCS.If QES has only QCS that this state can be set in the time of can not being provided with.SetConnectionState (Up/Down): use so that current connection status is set by QES.Clear:, can be used for resetting its state if when re-using object.
The stateful transaction of QPS (IQuarPolicyServerTransactoin)
With this interface-ACL to local system and network service.This interface is offered QES, QCS and QPS.OnValidateSoHComplete (SoHResponse): when this interface is finished processing ValidateSoH, QPS will call this interface.This function call QCSTransactionState-〉OnValidateSoHsComplete.This function call TransactionState-〉SetSoHResponse and in SoHResponse, transmitting.API must checking SoHResponse before calling SetSoHResponse.QuerySoHStateRead (SoHStateRead): this API is used to obtain the SoHStateRead interface.QueryClientState ( *Quarantine/Probation/Non-quarantine): can use so that obtain client's isolation by QPS.QueryQES ( *QES_ID, *QES_READCLSID): this API is that the QES that SetQESInterfaces calls returns QES_ID and QES_READ IF.QueryConnectionState (Up/Down): use so that inquire about current connection status by QCS.QueryQuarantineConfig: use this API so that obtain to be used for the quality control standards (QCS) configuration of this connection status IF by QCS.Configuration parameter comprises: isolation ON/OFF/watch: should be isolated and not use inspection-free if QPS informs the client, QCS should make decision.Trial period: if watch is that customer status is selected, and uses the trial period so.Quarantine Logging enabled: still user's connectivity is unaffected should to write down the isolation decision.Connectivity Exempt Non_Quartine aware clients: inspection-free any client that SoH is not set.Fault URL: because fault will turn back to client's URL.Regular expression is inspection-free: be used for beyond machine/domain name.Inspection-free reason: this transaction will be from QES by inspection-free reason.QueryTransactionID ( *ID): use this API by QCS, QES and QPS.They should be increased to this ID in the daily record when they write down.QueryMaxSize ( *MaxSize): this API allows QCS to obtain the limit size of QES acceptable, SoHResponses tabulation.QueryClientName ( *Client machine/domain name): can use so that obtain client machine/domain name by QPS, for example be used for daily record.。
Quarantine?Coordination?server<-TransactionState(IquarPolicyServerCallback)
(the isolation collaboration server<-stateful transaction (IQuarPolicyServerCallback))
QCS provides interface so that used by stateful transaction.With this interface-ACL to local system and network service.Pass through QCS-〉SetQCSInterface API, it has provided the stateful transaction example.OnValidateSoHCompIete (stateful transaction IF, Q/NQ, QPS_Result): call this API by the stateful transaction on OnValidateSoHCompIete.QPS_Result describes the HRESULT why QPS returns Q/NQ result.If QPS returns the HRESULT of INVALID_SOH, QCS should call the TransactionState-of the HRESULT that has INVALID_SOH〉OnValidateSoHsComplete.
Quarantine Enforcement server<-TransactionState (IquarEnforcementServerCallback) (the isolated execution server<-stateful transaction (IQuarEnforcementServerCallback))
(Transaction IF, Q/NQ): QES can not know the SoHResponse buffer format and must be sent to QEC pellucidly OnValidateSoHsComplete.If QPS has failed OnValidateSoHCompIete and HRESULT INVALID_SOH, perhaps QCS fails in the checking of SoH tabulation, and it should transmit the HRESULT of INVALID_SOH so.
Isolate collaboration server managing I F (QCS)
QCS provides two management interfaces, one be used to read and also one be used to write.Have only the keeper to visit and write incoming interface.Fetch interface can be by all user captures.Com object is singleton and provides in the operation form in the Com whole world.It provides in global form by this way: it leads to the netshell.dll in whole WINSTA examples.Described interface is: IQuarServerlnfo: this interface-ACL is arrived everyone.EnumQPS ( *QPS_IDs, *QPS_READ CLSID[]): enumerate tabulation to the QPS of QCS registration.IQuarServerConfig: this interface-ACL to local system and network service, and can not remotely be visited.This interface does not have API.
Isolate strategic server managing I F (QPS)
This interface-ACL to local system and network service, and can not remotely be visited.IQuarPolicyServerInfo:QueryFriendlyName (QPS_ID, *MessageID): this API returns the MessageID of the friendly name that is used for QPS.QueryQPSResult (QPS_ID, QPS_Result, *MessageID): this API returns the system identifier that is used for QPS_RESULT.QueryMessage (QPS_ID, LANGID, MessageID, *Message): this API returns the single sign indicating number string that is used for MessageID and specifies LANGID.Do not exist if be used for the string of LANGID, must return the string that is used for default system LANGID so.IQuarPoIicyServerConfig: this interface does not have API.
Isolated execution server admin IF (QES)
This interface is carried out ACL to local system and network service, and can not remotely visit.IQuarEnforcementServerInfo:QueryFriendlyName (QES_ID, *MessageID): this API returns the MessageID of the friendly name that is used for QES.QueryMessage (QES_ID, LANGID, MessageID, *Message): this API returns the single sign indicating number string that is used for MessageID and specifies LANGID.Do not exist if be used for the string of LANGID, must return the string that is used for default system LANGID so.(EnumType, QESInfo): EnumType comprises the information about the client from QES to QueryInfo.But QESInfo depends on QES comprises following: DHCP QES (ProposedClient IP address, Lease time, Client MACaddress), PEAP QES (RADIUS Attributes).IQuarEnforcementServerConfig:SetInfo (EnumType, QESInfo): use this API so that QES information is set by QES.
To element of the present invention be described in more detail in view of the API of foregoing description now.
Health Claims is the set from the information of each QPC.The state of the client of checking by each client from the information description of each QPC.SoH is sent to the QCS element, described QCS element resolve SoH and also transmit each information unit to correct QPS so that checking.QCC is responsible for the information of high-speed cache from each QPC.When the policy information of QPC changed, each QPC disclosed its information to QCC.QCC produces packet single, that comprise one or more SoH (QCC SoH is always arranged).QCC supplies with QEC with this individual data bag.QEC/QES agreement if desired, QEC/QES is responsible for fragmentation/fragment and merges.QCS produces packet single, that comprise one or more SoH response (QCS SoH Response is always arranged).QCS supplies with QES with this individual data bag.QES/QEC agreement if desired, QES/QEC is responsible for fragmentation/fragment and merges.QPC and QPS comprise by increasing new information last to SoH, are controlled at the version among the SoH.If impossible change SoH version, but QPC can distribute new QPC_ID/QPS_ID with QPS bind and call the same Product GUID of (describing subsequently) necessary use so.
QPC does one group and checks and disclose its SoH to QCC.SoH comprises QPS can be used so that check client and be in the information of correct state.QPS can return the SoH response buffering to client.What this does if this is used to notify QPC to break down, and for example, polling server is so that the inspection that obtains upgrading.It can also be used to provide information to client, such as the name of the server that should be used to obtain its information source.QPC and the service-conformance ground operation that operates in local system or the test running of network service range.Offer QCC, must only be com interface calculating local system or the network service of local computer ACL.In order to start QCC user interface (UI) being shown to the exhibition user that machine is isolated and machine is removed the information of the process of isolating about why, QPC state of supply API (describing subsequently) inquires about its state of each QPC and is upgrading client so that the QPC process that matches with its strategic server so that start QCC.Machine in the safe mode of networking should not make QCC move.If walking around to isolate, operation calls QEC so.If walking around to isolate, operation calls QPC so.
QCC is the multiplexer/controller that is used for client.QCC concentrates SoH information and the high-speed cache SoH from each QPC.When QPC provides new SoH, upgrade high-speed cache.When the QPC com object when machine unloads, the login of deletion in high-speed cache.Because at QCCQPC-〉Bind calls transmission QPC COM GUID in (subsequently describe), thereby is detected.QCC provides notifying mechanism when isolation changes, and the communication channel between QPS and QPC is given QPC.QCC keeps system's isolation and collects to offer QCC UI from the state information of each QPC and with both.QCC supplies with SoH and tabulates to QEC, and transmission SoH responds to QPC.
QCC supports to be used for the API of QPC so that above-mentioned service is offered QPC.APIACL is calculated local system or network service to only being used for local computer.QCC UI can use another API to inquire about isolation situation and other state informations so that be shown to the user.Therefore QCC UI is used for the necessary ACL of QCC API of QCC UI to everyone at the user scope internal operation.QCC is embodied as service; Whole QEC depends on this service.QCC is as the network service operation.Binding is called in QPC attempt during initialization, and if this does not call because not operation and failing of QCC, and they periodically attempt to call binding so.When its SoH changed, QPC just called NotifySoHChange.QCC will be invoked at the NotifySoHChange on each QEC.As long as system is isolated, the every interval of spending the cycle of QCC just is invoked at the NotifySoHChange on each QEC.QCC and QCS use the SoH/SoHResponse form so that exchange their information, and for example, whether it has isolated for QCS notice QCC.QCC with the SoH load buffer so that be sent to QEC.QCC and QCS will be always at first be placed on its oneself SoH in the buffer.QCC and QCS will comprise from whole QPC and the SoH of QPS.If QCC has from tabulation QCS, request QPS_ID, it must insert SoH with SoH with named order in QCS SoH after inserting QCC SoH so.
If the QEC largest amount is too little, QCC should insert complete SoH up to arriving largest amount so.QEC will transmit information as much as possible to QES/QCS/QPS.If strategy is isolated in the SoH of omission influence, will isolate machine so, but being QPS, QCS SoHResponse returns the QPS_IDs tabulation, described QPS operates on the QES/QCS/QPS server so QCC can be provided in information minimum in the retry.If QCS returns the isolation time of watching and watches the time, QCC is retained in watching the time on the connection status IF so.Time timer is watched in the QCC startup then.When the time of watching stopped, QCC triggered NotifySoHChange to whole QEC.When QEC called QuerySoH, QCC checked that connection status IF (ConnectionState IF) watches the time (Probation Time), and if watch the time expiration and return the SoH tabulation whether SoH has changed so.If system mode is to watch, the time of watching is that first connection status is watched the time before expiry time so.If QEC calls QCCQEC-〉NotifySoHChangeFailure, QCC must running timer and call QECQCC-when timer is stopped so〉NotifySoHChange.If QPC calls QuerySystemQuarantineState, QCC has necessarily merged independently the connection status isolation so that produce the individual system state so.Utilize following rule to merge separate state in the following order: any connection status in isolation-system mode is to isolate; Not-connected status in isolation and any connection status in watching state-system mode are to watch; Whole connection status in non-isolation-system mode is non-isolation.Because QCC is service, it will move in svchost and its whole dlls of unloading when it stops.The QCC display calls QEC, if API does not return in short-term (X millisecond), and this content of QCC logout and from the tabulation that QPC uses, eliminate QPC and ignore and anyly call so from this QPC.QCC monitor call QPC, if API does not return in short-term (X millisecond), this content of QCC logout and from the tabulation that QEC uses, eliminate QEC so.Service can be reset.QEC and QPC can recover owing to QCC restarts.
If QCC or any destroyed or collapse of QEC, system necessarily automatically enters isolation when SoH is invalid.Configuration QCCQPC and QCCQEC com object are so that start the QCC service automatically.Configuration QCC is so that the guiding of beginning machine.QCC is from QPC high-speed cache SoH (it is high-speed cache QCCSoH not).Cache memory is to be persistent in service and warm boot process.QCC has the registration parameter, and whether its configuration starts the isolation client.When the registration parameter was set, QCC automatically started and forbids isolating.When forbidding isolating, QuerySoH returns no SoH (comprising no QCC SoH).QCCQPC-〉NotifySoHChange do not return with having behavior.QCCQEC-〉ProcessSoHResponses processing QCS SoHResponse rather than other SoHResponses.QCC_READ-〉QueryQuarantineState returns the isolation in QCS SoHResponse.QCS sends information to the QCC in QCS SoHResponse.This information of QCS high-speed cache.Among the QCS GUID of this information index in QCS SoHResponse.
The user it will be noted that whether machine is isolated.Show this information with bilayer: whether system scope one machine is in is isolated and which QPC failure; Be connected with each-this is that each is connected for DHCP, 802.1X and VPN, this is each connection that is connected to peer machines for IPsec.For the information of system scope, when system is in isolation, display icon in system tray.Show that the spherical prompting and the user that have information text click this spherical prompting so that obtain the situation dialogue.The QCC_READ-of the QPC_ID that has QCC_ID (0,0,311 and 0) is called in the dialogue of isolation situation〉QueryStatus.QCC uses this to return state information about the QPC that does not call binding.Especially, if system is isolated and SoH Response provides to the QCC that can not pass on QPC, being used for the QCC_READ-of QCC_ID〉the QueryStatus note isolates client and loses.State session shows some the whole texts and the information of state every QPC, that show each QPC.Also show button from the webpage of the URL among the QCS SoH, and the button of display network threaded file folder.Display web page in restrictive IE browser only allows basic HTML and does not allow Active X, Java or other script, do not allow link, do not allow DHTML.The demonstration of isolation information (for example being in the machine of isolation) occurs in just on whole mutual window station of operation detector.This allows to move user that Fast User switches and all at all and is recorded on the user on the terminal server and shows isolation information.Order line is used the isolation information in the netsh display system scope.Can also and forbid shielding system by the netsh permission.QCC can trace files, the tracking of enabling/banning use of netsh.No matter when isolation changes, trace files followed in described QCC record: the Quarantine/Probation/Non-Quarantion state, QPS_Bound, Transaction ID, QESGUID, QNAME GUID QECInformation:NIC MAC Address, the IP address, can not obtain the QPC of diagnostic message from QPC, SoH Response QPS_ID that can not obtain handling and the content of SoH and SoH response.
The QEC element provides isolated execution.There are many possible QEC:DHCP, VPN, PEAP and IPsec.QEC uses a state that proves client among BoH or the SoH.DHCP QEC is conveyed to Dynamic Host Configuration Protocol server with SoH.IPsec QEC only uses BoHs.When interface arrives or leaves (go), PnP incident for example, QEC calls QCCQEC-〉NotifyInterfaceStateChange.If interface produces Mediasense connection/disconnection, QEC produces QCCQEC-so〉NotifyInterfaceStateChange.If the connectedness on interface for example change IP address, 802.1X key, or the like, QEC generates QCCQEC-so〉NotifyInterfaceStateChange.QEC and QES do not know the form of SoH tabulation and the tabulation of SoH Response buffering.When QCC calls QECQCC-〉during NotifySoHChange, QEC returns immediately and calls.If QEC finds that it can not handle NotifySoHChange owing to any reason, it can or keep bulletin can call QCCQEC-with reprocessing or it so〉NotifySoHChangeFailure and ignorance NotifySoHChange.In this case, the QCC device that will pick up counting.When that timer expiration, QCC will be invoked at the QECQCC-on whole QEC〉NotifySoHChange.
DHCP QEC acquisition comprises the buffering from the tabulation of the SoH of QCC.Dhcp client is buffered segment if necessary, and each segment is placed in the DHCP option that will send in DHCP Discover, DHCP Request and DHCP Inform.SoH is not increased to DHCP Decline and DHCP release.Employed DHCP option is a Microsoft  Vendor option.DHCP QEC and QES do not know the form of SoH tabulation, the form of independent SoH, do not know to comprise the buffering of SoHResponse yet.
PEAP QEC can use SoH or BoH.If use SoHs/SoHResponses, they must be exchanged so that provide the authentication of server and the protection of SoH/SoHResponse exchange in the PEAP channel interior so.As PEAP QEC with VPN uses together and not with client configuration during as usage policy server (for example WUS), QPS will interrupt (fail) client so.If QPC need be about its structural information of strategic server, QPS will provide this information to QPC in its SoHResponse so, and for example WUS QPS will be placed on the WUS server name among the SoHResponse.
IPsec QEC uses BoH.This means that IPsec carries out shielding system and need adopt isolator.If isolator checking SoH and SoH send BoH so through checking.
In one embodiment of the invention, isolator is a Dynamic Host Configuration Protocol server.The Dynamic Host Configuration Protocol server machine comprises DHCP QES, described QCS and described QPS.DHCP QES handle to isolate DHCP option, collects SoH information and generates the tabulation of SoH and utilize QCSQES-〉ValidateSoH is passed to QCS with this tabulation.QCS splits each SoH and utilize QPCQCS-〉ValidateSoH is passed to correct QPS with each SoH.Call QCSQPS-by QPS〉OnValidateSoHComplete, QCS collects from the result of each QPS, and by calling TransactionState-〉OnValidateSoHComplete gives DHCP QES with result notification.DHCP QES obtains non-isolation DHCP option, if client will be placed into isolation, it obtains to isolate option and uses and isolate the non-isolation option that the option replacement equates so, and deletion is appointed as and is not sent to any option of isolating client.
Their SoH of QPS checking, the strategic server of visiting them in case of necessity.Each QPS returns and isolates or the non-QCS of being partitioned to.QPS can also return the information (SoHResponse) that some QCS will send to QCC, and described QCC passes to QPC with it.QEC/QCC be sent in SoH among DHCP Discover and the DHCP Request and QCS/QES handle these and be sent in DHCP Offer and DHCP Ack in SoH Responses.This allows to be isolated into BOOTP and dhcp client and works.Dynamic Host Configuration Protocol server is found scope and isolation property and was called TransactionState-in the past calling ValidateSoH〉SetQuarantineConfig and TransactionState-〉SetConnectivityExempt, so ConnectivityExempt sign or the like is known.Dynamic Host Configuration Protocol server calls ValidateSoH so that the following DHCP grouping that enters: DHCP Discover, DHCPRequest and DHCP Inform.This allows quality control standard to surmount (override) whole DHCP isolation processing.This Dynamic Host Configuration Protocol server is never called the ValidateSoH that is used for DHCP Decline and DHCP Release.Except that Dynamic Host Configuration Protocol server had the effective I P address that is used for client, this Dynamic Host Configuration Protocol server was never called the QCS that is used for DHCP Discover and DHCP request.Except that client had the effective time limit of the lease (lease), it did not call QCS for DHCP Inform.Do like this so that QCS does not handle or can not provide for it for DHCP the client speed buffering information of IP address.
If Dynamic Host Configuration Protocol server is isolated and RQC/RQS isolates together and uses, should apply for so being used for Dynamic Host Configuration Protocol server following structure will: acquisition is used for the IP address of VPN client if vpn server is utilizing Dynamic Host Configuration Protocol server.Should use dhcp scope and this scope of separation will forbid that DHCP isolates so.If vpn server does not utilize Dynamic Host Configuration Protocol server to obtain to be used for the IP address of VPN client, but dhcp scope is configured as Dynamic Host Configuration Protocol server to return the DHCP option that is used for the DHCP announcement information, should uses the dhcp scope of separation and this scope will forbid that DHCP isolates so.DHCP is SoH Responses tabulation segmentation if necessary, and each segment is placed in the DHCP option that will send in DHCP Offer and DHCPACK.SoHResponses is not added to DHCP NAK.Dynamic Host Configuration Protocol server is followed the tracks of following numeral and is regarded performance counter and show them in DHCP MMC: activate the number of leasing in the isolation; In non-isolation, activate the number of leasing; In watching, activate the number of leasing; Lose the number of isolating request.If QCSQES-by QCS〉the ValidateSoH failure, if isolation structure is activated or watches so, Dynamic Host Configuration Protocol server will be lost this request.If this thing happens, QES adds per 5 minutes generation logouts and loses the request number in the end 5 minutes.If OnValidateSoHComplete has finished with having fault, Dynamic Host Configuration Protocol server will be isolated client so.Because QCS must at first be placed on QCSSoHResponses in the SoHResponses tabulation, therefore this situation will can not take place.The limit size of definition QCS SoHResponse is less than the DHCP MaxSize that is used for the SoHResponses tabulation.Dynamic Host Configuration Protocol server has the registration configuration parameter so that specify QCS to be used for the opening time of each ValidateSoH.Response opening time (Response Timeout): QCS waits for that QPS calls the millisecond number of OnValidateSoHComplete from the QCS that calls ValidateSoH.At QCSQES-〉this is sent to QCS among the ValidateSoH.
QCS is used to verify the SoH tabulation.The SoH tabulation offers QCS (comprising Quarantine Server QES) from QES.QCS decomposes the SoH tabulation and transmits each SoH to correct QPS.If QPS is invalid to SoH, so described SoH is omitted and is ignored.QCS collects the result and produces single result from each QPS.Whether this result is used for decision and isolates.QCS has overall isolation/non-isolation configuration so that allow configuration and test macro under the situation of not isolating.By boolean's equation: (QPS_ID1 ‖ QPS_ID2) ﹠amp; ﹠amp; QPS_ID3, QCS merges to QPS result among the single result.This means the result in order not isolate, QPS_ID1 or QPS_ID2 must return non-isolation and QPS_ID3 must return non-isolation.QCS can be configured to watch and watch cycle rather than isolation.When QPS result is isolation, QCS can be configured to return to isolation.In all cases, QCS should be with outcome record in the examination log file.QCS also produces about each SoH checking request and result's log information and with the daily record result and stores in the examination log file.The network manager revises this equation to start or to forbid checking that QPS is easy.This allows the keeper easily to forbid checking when the problem that has special inspection takes place, if for example AV strategic server existing problems are forbidden AV QPS so.
Use QCS by DHCP QES with by Quarantine Server QES.Even when QEC does not provide SoH, still call QCS by QES.When not supporting to isolate, client will handle this situation.This allows the QCS decision to be used for the strategy of these clients.QCS can select to isolate or do not isolate these clients and not support the client of isolating.Whether decision is done like this must be to be disposed by the network manager.The QCS high-speed cache is from the result of QPS.When SoH tabulation and SoH Responses tabulate when identical, isolation/non-isolation/watch is used for a short-term, and default value is 30 seconds.Can utilize the registration variable to change default time.If on SoH tabulation high-speed cache, find coupling, call QCSQPS-so〉the whole QPS of Bind are not with their SoH be called (so just having SoH if perhaps be not used in the SoH of QPS-ID).The QCS running timer is used for Response Timeout millisecond then.If any QPS that is called had not called OnValidateSoHComplete, QCS will call OnValidateSoHComplete together with so far result and SoHResponses tabulation so far so; Otherwise when the QPS of last time expectation called QCSQPS-〉during OnValidateSoHComplete, QCS calls QESTransactionState-〉OnValidateSoHsComplete.QCS must verify the SoH tabulation before what its processing in office.If authentication failed, QCS calls TransactionState-together with fault so〉OnValidateSoHComplete.Because different clients can have the different SoH that depend on QPC, so cache memory is that identical QPS stores a plurality of SoH.If the ValidateSoH request does not have the SoH tabulation, the sky of QCS transmission SoHResponses is shown to client so.QCS packs response message into buffering so that be sent to QES.Be QCS configuration isolation name, i.e. GUID.In QCS SoH Response, will isolate name and be sent to QCC.QCS also generates QCS name GUID and it is included among each QCS SoH Response in carrying out for the first time.QCC uses this GUID so that identify different QCS and the information of tracking such as preferably the QPS_ID of each QCS tabulates.
If connect the clients to two or have on the different networks of isolating titles more, so the QPS on each network can have different inspection settings therefore their QPC can have different SoH.If be sent to a plurality of SoH that QPC and QPC support to be used for different strategic servers with isolating title, described QPC can issue the SoH with respect to concrete isolation title.If QPC only handles single strategic server, the SoH of title is not isolated in its distribution so.QCS will be invoked at the ValidateSoH on the QPS, and described QPS has called binding, if but in the SoH tabulation, there is not SoH, the ValidateSoH to QPS calls the SoH buffering that comprises sky so.This allows also can call QPS even without QPC is installed, and support QPS checks client and need not for example network ids of client's terminal software.In this case, QPS can not supply the isolation that SoH Response and dependence external information and stateful transaction IF information decide client.
QCS is used to search machine object in AD from the machine name of QCC SoH.If it is inspection-free that machine object exist to be isolated connectivity, on machine object, check variable so, and if machine be that to isolate connectivity inspection-free, should return non-isolation by QCS so.Be provided on the COMPUTER CALCULATION UI in ActiveDirectory isolating inspection-free variable.Only QCS just handles inspection-freely after whole other QCS handle, and this QCS processing for example is to call QPSQCS-〉ValidateSoH and QCSQPS-〉OnValidateSoHComplete.QCS applies for any inspection-free then.This means that QPS can produce SoHResponses for their QPC.When mounted, QPS passes through QCSQPS-〉Register registers to QCS.Register is via the registration parameter.QCS creates the QPS com object as the object outside the proc object.If QCS monitoring registration table and have to increase and create new com object, and if QPS delete the QCS QPS that stops using so from registration table.
The QES UI that is used for Dynamic Host Configuration Protocol server comprises the UI that is used for QCS.The configuration parameter that is provided with by SetQuarantineConfig has: isolation ON/OFF/watch, watch the cycle, isolate log enable, inspection-free non-isolation that client is known is known, fault URL and based on the regular expression outside the domain name.Isolation is opened (Quarantine State On) and is started QCS checking SoH.QCS checking SoH is forbidden in isolation pass (Quarantine State off).The connectivity (Connectivity) that QCS will return the unknown number (Unknow) of the state that is used to adapt to and not influenced by the connectivity state.Watch and start QCS so that checking SoH, and return correct accusation state but when client becomes non-accusation, the connectivity state is set to watch a period of time.The cycle of watching is when client becomes non-adaptation, and the client of non-adaptation is not connected the sex time.
Isolate policy client and isolate the responsible inspection that realizes a cover about client of strategic server (together with strategic server).The isolation strategic server need be maked decision according to the result of client inspection and be reported the client inspection to the isolation collaboration server is that get well or bad.Check to carry out and depend on the isolation policy client.In the one embodiment of the invention, the unique QPC that is embedded in Windows  inside will be WUS.WUS will only check the patch level of relative WUS server, and described WUS server only disposes Microsoft  OS patch.If QPS can require the client element, for example network ids is just checked client, and system might comprise QPS and needn't comprise QPC so.In this case, QPS need not the SoH from QPC, just can respond QCS together with isolation/non-isolation.When using such QPS, QCS calls QPS but SoH is not provided.Therefore QPS can determine that client machine is " unsound ".
Preferably, QPS is back to QPC in the SoHResponse address/name of the strategic server that QPC should get in touch.Expectation QPC handle communicating by letter of its own and its strategic server and when needs retry communicate by letter.Preferably, QPS sends to QPC and checks its strategy and its strategic server when prompting is interrupted SoH with convenient QPS in SoHResponse.That QPC is responsible for protecting is that their use, with the identity of the strategic server of acquisition strategy configuration information.QPC can support a plurality of strategic servers that are used to produce SoH information.Each QName GUID should follow the tracks of different SoH information.Concerning domestic appliance, it is correct being configured so that obtain upgrading from Windows  Update to it.When ProcessSoHResponse is called, QPC will can not expect can with being connected of its strategic server.When calling ProcessSoHResponse, may be also configuration of IP address not.QPC should use the IP address that this is announced API.QPS will can not change any information in the stateful transaction, and this stateful transaction only is used for inquiry.It will can not increase any reference calculation on this com object.QPS should return any calling to ValidateSoH and internally with these request queues immediately.If QPS need be conveyed to its strategic server, it will can not ask serialization with other ValidateSoH with this communication so.If QPS can't line up in ValidateSoH, it should interrupt this immediately and calls so, and expectation QPS can line up and handle many these requests concurrently.QPS should be embodied as the equipment of multithreading.
At its interface of registration, or the like the time, QPC and QPS need follow and be used for the normal rule that COM installs.When mounted, QPC and QPS do not need to notify QCC or QCS.When the BindAPI on QCCQPC or QCSQPS interface is called, QCC and QCS will bring into use new QPC or QPS.QPS installs and must register and unregistered registration table by following the setting: when installing and unload QCS, it needs QPS to notify QCS by registration table.When the QCS unlatching and when revising registration table, QCS uses CoCreateInstance to create the outward appearance of the proc example of each QPSQCS interface.Register (QPS_ID, Product GUID, QPSQCS CLSID, QPS_READ CLSID): this API is embodied as registration table.When QPS was installed, QPS must upgrade this registration table.Unregister (QPS_ID): this API is embodied as registration table.When unloading QPC or QPS, should be included in this registration office whole COM register information and All Files with deleting chips whole in this system.
The WUS client obtains the patch tabulation that this client should have been installed from the WUS server.Whether the inspection of WUS client has installed described patch, and if do not have, download described patch and described patch is installed from the WUS server or from Windowsupdate.com so.WUS uses cookie relevant with Machine Records, signature to come identify customer end, and described Machine Records comprises the information of lock in time last time successively.But WUS keeps this IP address searches without this in Machine Records.QCS and QCC give QPC and QPS communication channel, and QPC can send information to QPS to discern this client and supply condition information to QPS.If necessary, QPS can provide intelligence to QPC.For WUS,, client checks that QPS provides the WUS server name that the WUS client need be used so if interrupting QPS.This allows for the WUS client WUS is provided server.
With reference now to Fig. 7, the reciprocation of detailed components is described.The overall following work of reciprocation: when SoH changed, QPC used QCCQPC-〉NotifySoHChange notifies QCC.When SoH tabulation changed, QCC used QECQCC-〉NotifySoHChange notifies whole QEC.When QEC needs SoH when tabulation, it uses QCCQEC-〉QuerySoH is from the QCC request list.QEC uses the mechanism that depends on QEC/QES to send SoH and tabulates to QES, and for example DHCP uses DHCP option.For any QCCQPC-that called〉QPC of Bind, QCC calls QPCQCC-〉QuerySoH, QCC increases any additional SoH from the SoH cache memory then.QCC returns this and tabulates to QEC then.QES uses QCSQES-〉ValidateSoH is sent to QCS with SoH tabulation.QCS decomposes the SoH tabulation and uses QPSQCS-〉ValidateSoH transmits each SoH to correct QPS.Whether the SoH of each QPS checking client and SoH correctly are back to QCS.QPS can optionally ask QCS to transmit some information to QPC in the SoHResponse buffering.QCS collects whole results and produces single isolation/non-isolation result and the SoHResponse tabulation from different QPS.QCS is increased to its oneself SoHResponse in this tabulation and this result and tabulation is sent to QES.QES checks isolation/non-isolation result and carries out isolation in the mode of forcing appointment that for example DHCP does not provide default gateway.QES transmits SoHResponses and tabulates to QEC.QEC uses QCCQEC-〉ProcessSoHResponses transmits information client and tabulates to QCC.QCC decomposes the SoHResponses tabulation and uses QPCQCC-〉ProcessSoHResponse transmits correct SoHResponse to correct QPC.QCC handles its oneself SoHResponse.The SoHResponse of QCC comprises the information of whether isolating this client about server.QCC use isolate/watch/non-isolation information comes to user's display message.At Maui, be unshielded via communication QEC/QES, between QCC and QCS.Can protect QPC/QPS communication by QPC/QPS, but this surpasses outside the scope of isolation platform.
Because dhcp client is from the webserver (Dynamic Host Configuration Protocol server) request Internet resources, thereby Dynamic Host Configuration Protocol server can comprise QPS.QPC and QPS/ strategic server, for example SMS or WUS, the strategy that will be used for client is from being sent to this client from server.QPC will look at whether there was renewal with the interval polling server of managing definition.When the SoH of machine changes, QPC will notify QCC.When SoH changed, QCC notified whole QEC.When QEC (dhcp client) wanted to ask the IP address or upgrades the IP address, it was from QPC and the SoH cache memory obtains SoH and use one or more DHCP option that it is passed to Dynamic Host Configuration Protocol server.QES (Dynamic Host Configuration Protocol server) supplies with QCS with the SoH tabulation, and described QCS transmits each SoH to correct QPS.Each QPS can get in touch with its strategic server so that checking, and the SoH that is used for client is be used for this client correct in current, for example offhand installation patch on this client.If client is current and correct, QPS returns success to QCS.If whole QPS returns success to QCS, QCS returns success to Dynamic Host Configuration Protocol server so.This Dynamic Host Configuration Protocol server returns correct DHCP option to dhcp client then.Dynamic Host Configuration Protocol server receiving Discover, Request or Inform information when no matter whether information comprises the SoH DHCP option, always will call QCS.This allows the QCS decision how to handle not support the client of isolating.When DHCP QEC communicated by letter with non-isolation startup Dynamic Host Configuration Protocol server, it must be worked.This will allow client to work on non-isolation startup network.
When isolated communication that PEAP QEC does not start with radius server, it must be worked.This will allow client to work on non-isolation startup network.When PEAP QEC need provide SoH to RADIUS QES, it called QuerySoH.When this depends on the media that PEAP moves thereon: during VPN, when setting up the VPN channel, call PEAP.VPN does not rerun PEAP.802.1X: when 802.1X need authenticate or reauthentication is called PEAP during to NAS.This situation can take place repeatedly in communication period.Because the IPsec client is directly from another client-requested Internet resources, reciprocity IPsec client can't directly be used QPS.QCC must use Quarantine Server to obtain BoH.BoH can take several forms: the Kerberos that is used for setting up with institute requested service device IPSec SA proves (Ticket); Relevant with the gpo (GPO) that is applied to machine according to group member's (being called " cleaning group ") or prove with the existing non-relevant Kerberos of explanation that starts the machine; Be used to set up IPSecSA X.509 or the XRML certificate.The IPSec strategy of the foundation of management SA is detectable with BoH, and if its state change such as it and no longer adapt to strategy, must be that client is not detectable so.
If client is in the state of watching, so X.509 or the XRML certificate only effective for the phase of checking.If client is in the state of watching, and the cleaning group is used to manage the distribution of kerberos proof, two necessary conditions of so necessary support.The term of validity of Kerberos proof can not be longer than this trial period.If client does not provide the SoH of renewal when watching expiration, QES must take appropriate steps so that this client is deleted from the cleaning group so.QPC and QPS/ strategic server, for example SMS or WUS, the strategy that will be used for client is passed on this client from server.QPC polling server frequently looks at whether there was renewal.When " health status " of machine changed, QPC will be to the open SoH of QCC.QCC will collect SoH to the SoH tabulation from each QPC.When SoH changed, QCC notified whole QEC.QS client QEC obtains the SoH tabulation and sends it to isolator QES when receiving this announcement.Isolator QES offers QCS with the SoH tabulation, and described QCS transmits each SoH to correct QPS.Each QPS can get in touch with its strategic server so that checking, and the SoH that is used for client is be used for this client correct in current, for example offhand installation patch on this client.If client is current and correct, QPS returns success to QCS.If whole QPS returns success to QCS, QCS returns success to isolator QES so.If certificate is used to set up IPsec SAs, if QCS returns success to isolator QES so, isolator QES just returns BoH to QS QEC so.QS QEC returns BoH to the QCC with its high-speed cache then.If used the cleaning group, QES will increase this client to the cleaning group, and return QUAR_SUCCESS to this client.
If this is the checking first time of this particular clients, this client can continue now and ask TGT from TGS.If this client has had TGT and this client interrupt strategy inspection, QES must eliminate this client and notify this client of TGS no longer to adapt to strategy from the cleaning group so.Special recommendation be, beyond the correctness that strategy adapts to, TGT is invalid, it is effective not sending SGT from TGT thus except that cycle.QCC sends notice to whole QEC then, and BoH changes.When request IPsec IKE SA is set to equity,, so it is passed to reciprocity IPsec if it is used to show BoH from BoH cache memory acquisition BoH and certificate.If use the cleaning group, so client will be used TGT so that ask SGT to use proof to set up SA as usual so.Equity IPsec transmits BoH/ and proves to QCS, and described QCS verifies it and return success to reciprocity IPsec that described then reciprocity IPsec accepts remote I KE communication.
Illustrate for example and describe for the purpose of, by the agency of the foregoing description of various embodiments of the present invention.More than describe neither detailed, more be not intended to limit the invention to disclosed definite embodiment.According to above-mentioned instruction, may make many modifications or variation.At the embodiment of the argumentation of this selection and description is for the best illustration of the principle of the invention and practical application thereof is provided, thereby makes those of ordinary skills can utilize the present invention in each embodiment and carry out various modifications as being suitable for special use.When explaining claims according to clear, the legal and just scope of being given, whole above-mentioned modifications and variations are within the scope of the invention that is determined by claims.

Claims (20)

1, a kind of Network Isolation client is used for carrying out comprising alternately with the server of carrying out the isolation strategy:
At least one is by the execution client of procotol and server communication; And
Obtain the collaboration client of at least one Health Claims from least one policy client, wherein collaboration client provides an interface, communicate by described at least one policy client of described interface and collaboration client, and described collaboration client is assembled into the Health Claims tabulation with described at least one Health Claims, and provides described Health Claims tabulation to described at least one execution client.
2, Network Isolation client as claimed in claim 1 is characterized in that, described at least one execution client uses the Health Claims tabulation to obtain the right from the server access Internet resources.
3, Network Isolation client as claimed in claim 1 is characterized in that, described at least one execution client is in dhcp client end, VPN client and the IPsec client.
4, Network Isolation client as claimed in claim 1 is characterized in that, described collaboration client communicates by interface and described at least one policy client that is provided by described at least one policy client.
5, Network Isolation client as claimed in claim 1 is characterized in that, described collaboration client and execution client all are included in the operation system of computer.
6, Network Isolation client as claimed in claim 1 is characterized in that, described at least one policy client obtains network strategy from least one strategic server, and produce the expression main frame be observe network strategy Health Claims.
7, a kind of computer-readable medium comprises being used for the computer-readable instruction that enforcement of rights requires 1 method.
8, a kind of client is observed the method for Network Isolation strategy, comprising:
From one or more strategic server acquisition strategies;
The executive system diagnosis is to determine whether client observes the strategy that is obtained;
If client fails to observe the strategy that is obtained, then correct the safe condition of client;
Generation Health Claims tabulation, each Health Claims represent that client defers to corresponding strategy; And
The Health Claims tabulation is sent to Quarantine Server to be used for affirmation.
9, method as claimed in claim 8 is characterized in that, the safe condition of correcting client comprises from repairing server downloads software patch.
10, method as claimed in claim 8 is characterized in that, each Health Claims is generated by policy client, is used for determining the strategy whether client abides by the regulations.
11, method as claimed in claim 8, it is characterized in that, comprise further that if the Health Claims tabulation is identified then receive healthy inventory from Quarantine Server, wherein said healthy inventory other computer representation client on Quarantine Server and network is observed the security strategy of network.
12, method as claimed in claim 8, it is characterized in that, the tabulation of described Health Claims is carried out client by agreement and is sent to Quarantine Server, and wherein to carry out the performed agreement of client be a kind of in DHCP, VPN agreement, IPsec agreement and the IEEE 802.1X agreement to agreement.
13, a kind of computer-readable medium comprises being used for the computer-readable instruction that enforcement of rights requires 8 method.
14, a kind of Network Isolation server is used to carry out the Network Isolation strategy, comprising:
At least one that is used for by procotol and at least one client communication carried out server; And
Be used for receiving the Health Claims tabulation that comprises at least one Health Claims, and be used to inquire about at least one strategic server to verify the collaboration server of described at least one Health Claims from carrying out server.
15, Network Isolation server as claimed in claim 14 is characterized in that, if each Health Claims all is verified, collaboration server is indicated described at least one the client-access Internet resources of described at least one execution server granted so.
16, Network Isolation server as claimed in claim 14, it is characterized in that, all be identified if not each Health Claims, described at least one the execution server of collaboration server indication is carried out the isolation strategy that obtains from described at least one strategic server so.
17, Network Isolation server as claimed in claim 14 is characterized in that, collaboration server provides a port, communicates by letter with collaboration server by described at least one strategic server of this port.
18, Network Isolation server as claimed in claim 14 is characterized in that, collaboration server is communicated by letter with at least one strategic server by the interface that is provided by described at least one strategic server.
19, a kind of method that is used for the Network Isolation management comprises:
Receive the healthy inventory that obtains from the client of request Internet resources from Remote Dynamic host control protocol (DHCP) server, described healthy inventory has reflected the system mode of client;
Confirm described healthy inventory;
If Health Claims is effective, then indicate Dynamic Host Configuration Protocol server to permit this request;
If Health Claims is invalid, indicates Dynamic Host Configuration Protocol server to disapprove this request so and client is isolated.
20, a kind of computer-readable medium comprises being used for the computer-readable instruction that enforcement of rights requires 19 method.
CN 200510089633 2004-04-27 2005-04-27 System and methods for providing network quarantine Pending CN1761209A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US56552504P 2004-04-27 2004-04-27
US60/565,525 2004-04-27
US10/973,970 2004-10-27

Publications (1)

Publication Number Publication Date
CN1761209A true CN1761209A (en) 2006-04-19

Family

ID=36707161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510089633 Pending CN1761209A (en) 2004-04-27 2005-04-27 System and methods for providing network quarantine

Country Status (1)

Country Link
CN (1) CN1761209A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102217228A (en) * 2007-09-26 2011-10-12 Nicira网络公司 Network operating system for managing and securing networks
CN101616137B (en) * 2008-06-26 2013-02-27 中兴通讯股份有限公司 Safe access method and isolation method of host machine and safe access and isolation system
CN104182619A (en) * 2014-08-05 2014-12-03 上海市精神卫生中心 Intelligent terminal based system and method for realizing acquiring and processing of emotional characteristic parameters
CN110061989A (en) * 2019-04-19 2019-07-26 航天云网数据研究院(江苏)有限公司 A kind of full partition method of data acquisition gateway
CN112565158A (en) * 2019-09-25 2021-03-26 阿里巴巴集团控股有限公司 Data access method, device, system, electronic equipment and computer readable medium
CN113536246A (en) * 2021-07-13 2021-10-22 杭州安恒信息技术股份有限公司 Tracing portrait method for file flow and related device

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11683214B2 (en) 2007-09-26 2023-06-20 Nicira, Inc. Network operating system for managing and securing networks
CN102217228B (en) * 2007-09-26 2014-07-16 Nicira股份有限公司 Network operating system for managing and securing networks
US9083609B2 (en) 2007-09-26 2015-07-14 Nicira, Inc. Network operating system for managing and securing networks
US9876672B2 (en) 2007-09-26 2018-01-23 Nicira, Inc. Network operating system for managing and securing networks
CN104113433B (en) * 2007-09-26 2018-04-10 Nicira股份有限公司 Management and the network operating system of protection network
CN102217228A (en) * 2007-09-26 2011-10-12 Nicira网络公司 Network operating system for managing and securing networks
US10749736B2 (en) 2007-09-26 2020-08-18 Nicira, Inc. Network operating system for managing and securing networks
CN101616137B (en) * 2008-06-26 2013-02-27 中兴通讯股份有限公司 Safe access method and isolation method of host machine and safe access and isolation system
CN104182619A (en) * 2014-08-05 2014-12-03 上海市精神卫生中心 Intelligent terminal based system and method for realizing acquiring and processing of emotional characteristic parameters
CN104182619B (en) * 2014-08-05 2017-06-06 上海市精神卫生中心 The system and method for emotional characteristics parameter acquisition and treatment is realized based on intelligent terminal
CN110061989A (en) * 2019-04-19 2019-07-26 航天云网数据研究院(江苏)有限公司 A kind of full partition method of data acquisition gateway
CN110061989B (en) * 2019-04-19 2021-07-13 航天云网数据研究院(江苏)有限公司 Data acquisition gateway full-isolation method
CN112565158B (en) * 2019-09-25 2022-10-04 阿里巴巴集团控股有限公司 Data access method, device, system, electronic equipment and computer readable medium
CN112565158A (en) * 2019-09-25 2021-03-26 阿里巴巴集团控股有限公司 Data access method, device, system, electronic equipment and computer readable medium
US11863520B2 (en) 2019-09-25 2024-01-02 Alibaba Group Holding Limited Data access methods and systems
CN113536246A (en) * 2021-07-13 2021-10-22 杭州安恒信息技术股份有限公司 Tracing portrait method for file flow and related device
CN113536246B (en) * 2021-07-13 2024-03-22 杭州安恒信息技术股份有限公司 File flow tracing portrait method and related device

Similar Documents

Publication Publication Date Title
US10757094B2 (en) Trusted container
JP6982006B2 (en) Hardware-based virtualization security isolation
US9294478B2 (en) Hardware-based device authentication
JP5038531B2 (en) Authentication limited to trusted equipment
US10432616B2 (en) Hardware-based device authentication
JP6917474B2 (en) Credential processing method, device, and application APP for network connection
US7669235B2 (en) Secure domain join for computing devices
JP5792732B2 (en) Modular device authentication framework
US7941831B2 (en) Dynamic update of authentication information
US8370905B2 (en) Domain access system
KR20060047551A (en) System and methods for providing network quarantine
CN1152333C (en) Method for realizing portal authentication based on protocols of authentication, charging and authorization
US20050132229A1 (en) Virtual private network based on root-trust module computing platforms
US20070174901A1 (en) System and method for automatic wireless network password update
US8136144B2 (en) Apparatus and method for controlling communication through firewall, and computer program product
CN1787435A (en) Providing tokens to access federated resources
CN101064628A (en) Household network appliance safe management system and method
JP2014099030A (en) Device unit, control method, and program thereof
CN1761209A (en) System and methods for providing network quarantine
US9275204B1 (en) Enhanced network access-control credentials
US7558845B2 (en) Modifying a DHCP configuration for one system according to a request from another system
JP5687455B2 (en) Server, terminal, program, and service providing method
JP2011076504A (en) Virtual machine, program for ther same, system and method for providing application service
WO2018157782A1 (en) Credential information processing method and apparatus for network connection, and application (app)
WO2010103800A1 (en) Server, terminal, program, and service providing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication