GB2508848A - Providing a Policy to a Computer - Google Patents

Providing a Policy to a Computer Download PDF

Info

Publication number
GB2508848A
GB2508848A GB1222375.6A GB201222375A GB2508848A GB 2508848 A GB2508848 A GB 2508848A GB 201222375 A GB201222375 A GB 201222375A GB 2508848 A GB2508848 A GB 2508848A
Authority
GB
United Kingdom
Prior art keywords
computer
network
policies
policy
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1222375.6A
Other versions
GB201222375D0 (en
GB2508848B (en
Inventor
Dave Harding
Mark Blackburn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
1E Ltd
Original Assignee
1E Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 1E Ltd filed Critical 1E Ltd
Priority to GB1222375.6A priority Critical patent/GB2508848B/en
Publication of GB201222375D0 publication Critical patent/GB201222375D0/en
Publication of GB2508848A publication Critical patent/GB2508848A/en
Application granted granted Critical
Publication of GB2508848B publication Critical patent/GB2508848B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Computer And Data Communications (AREA)

Abstract

A network comprises a plurality of computers including, a first computer (4) and a target computer (2). It also has a source (6) of a plurality of policies, for example a database (10) at a server, and means (12) for installing policies on the computers of the network. The first computer (4) has program code for accessing the source and for selecting one of the policies. The source (6) responds to the selection to provide the selected policy to the installing means (12). The installing means has program code for automatically installing the selected policy on the target computer., thus enabling remote downloading of a policy to a target computer via a remote computing device.

Description

Providing Policy Data to a Computer
Technical Field
The present invention relates to a method, system and computer programs fin supplying policy data to a computer in a network.
Backmund It is known to provide policies to machines in a network. The machines may bc mobile telephones or general purpose computers, for example PCs. In some known systcms a server stores policies fbr machines in the network and thc policies arc deployed to the machines under the conirol of a network administrator
Summary
In accordance with one aspect of the present invention, there is provided method of providing a policy to a target computer in a network comprising a plurality of computers including a first computer, the target computer, a source of data defining a plurality of policies, and means lbr installing policies on the computers of the networlç, the method comprising accessing the source am the first computer and selecting one of the policies fbr provision to the target computer, the source responding to the selection to provide the selected policy to the installing mcans, and automatically installing the selected policy on the target computer using the installing means.
In accordance with another aspect of the present invention, there is provided a computer program product comprising program code which when run on a computer in a network comprising, a source of policies, an asset database of computers and identifiers of computers and users, and means lbr installing policies on the computers of the network responds to a request from the first computer to require an identifier of the user of the target computer, on receipt of the identifier of the user, accesses from the asset database the identifier of the target computer, in response to the identifier of the target computer provides to the first computer a list of policies appropriate to the identified target machine, and responds to selection of a policy at the first computer to provide the selected policy and the identifier of the target computer to the installing means.
The invention allows users to select policies they req uire from a policy server and to automatically install them on a target computer using a machine other than the target computer.
Further features and advantages of the invention will become apparent from the following description of illustrative embodiments of the invention, given by way of example only, which is made with reference to the accompanying drawings.
Brief Description of the Drawings
Figure 1 is a schematic block diagram of a network; Figure 2 is a schematic flow diagram of a process in accordance with an example of the invention; Figure 3 is a schematic flow diagram of a process in accordance with an example of the invention carried out at a shopping server of the network of Figure 1; and Figure 4 is a schematic block diagram of a computer as used in the network of Figure 1.
Detailed Description
Policies.
Examples of the present invention concern the provision of policies to computers in a network. A policy is a setting or a group of settings for a computer which controls one or more functions of the computer. For example a power control policy may define the circumstances when a computer changes to a lower power setting from a higher power setting. A policy may define sources of data the computer can or cannot access. A policy may define other matters.
An illustrative network-Figure 1.
A user uses a computer 2, herein referred to as a target machine. In this example the target machine 2 is a desk top machine at the user's normal place of business. The user also has another computing machine 4, in this example a "smart" mobile phone (also known as a cell phone) which has a web browser.
The mobile phone 4 and the target machine 2 arc connected to, or connectable to, a communications nctwork 14. Thc communications nctwork in this example comprises a mobile telephone network in which the mobile phone 4 operates, and an enterprise network of the user's business comprising other computers (not shown).
The enterprise network is coupled to the mobile telephone network in known manner for example the public telephone system. The enterprise network may also be connected to the Internet and/or other networks in known manner.
Also connected to the network 14 are a server 6 herein referred to as a shopping server, a systems management tool 12, for example a Systems Management Server or Configuration Manager as provided by Microsoft Corporation. The shopping server is coupled to an asset data base 10 which may be a data base of the systems management tool 12.
The asset data base 10 in this example provides data correlating the computers of the nctwork with identifiers idcnti'ing thc respective users of thc computcrs. It also provides data identifying the types of the computers; for example Windows PCs and Apple MACs amongst other types.
The shopping server is a source, or part of a source, of policies in this example. For that purpose the server has a data base of policies associated with identifiers of types of computers. The source may additionally comprise a server or servers 8 in which case the shopping server 6 may direct communications from the mobile telephone 4 to the server(s) 8. Alternatively, the shopping server may store other software but not policies for the computers of the network and direct requests for policies to the server(s) 8. Policies are assigned to single computers or to groups of computers. For each computer or group, the source of policies provides a list of one or more policies for different functions of the computer or group, the policies being suitable for the type of the computer. The policies may be the same for all computers of the same type regardless of the user.
Alternatively, some policies may be personalized for the user or groups of users.
The shopping server may be an HTTP server which is a standard web server software such as Microsoft Internet Information Server. The shopping server has a server process for listening for incoming TCP connections from clients, in this example the mobile phone 4. It also has an HTML webpage form for presentation to the mobile phone. How to providc such a server process and form is known: see for example "Computer Networks, Third Edition by Andrew S Tanenbaum. Sections 7.6.2, 7.6.3 et seq.". The user uses the form to obtain a list of policies and to select the policy required. This will be described in more detail with reference to Figure 3.
The asset database 10 is shown coupled to the shopping server 6 by a communications link 106. The shopping server 6 is shown coupled to the systems management tool 12 by a communications link 613. The systems management tool 12 is connected to the asset database 10 by a link 612. The shopping server 6 is shown coupled to the server(s) 8 by a communications link 86. Such links may be provided by the communications network 14.
Some examples of the network include a NightWatchman (NWM) management center 15 having an NWM database 16. Such an NWM management center and NWM data base 16 are provided by 1E limited. (NightWatchman is a Registered Trade Mark of IE Limited). The NWM database 16 stores power management policies. The NWM management center 15 may be linked to the configuration manager 12. It may also be linked to the communications network. 14.
The target machine may have an agent 21 of the systems management tool.
Additionally or alternatively, the target machine may have an NWM agent 22 which interacts with the NightWatchman management center 15. NightWatchman is, amongst other tunctions, a power control system which controls power consumption of computers in accordance with power control policies.
The NWIVI center interacts with the configuration manager via the network 14, but may interact directly via the a link 1215.
ProvidinQ a policy to the taruet computer-FiQure 2 Consider the following hypothetical scenario. The user of the target computer 2 has left his place of work and inadvertently left the target computer in a thu power state. He wishes to apply a power control policy to the target computer.
The user uses 52 the web browser on his smart mobile phone to access the shopping server. The user needs to be authenticated by authentication data, for example an identifier of the use. On contacting the shopping server, The authentication data is sent 53. The user may provide the identifier which identifies him. Alternatively, the identifier may be held on the mobile phone and automatically sent to the shopping server. The identifier may be a username and password. It could be any other piece of authentication data that the system will accept as authenticating the user such as a smart card certificate, a fingerprint or any other identifying data.
The shopping server uses S4 the asset database 10 and the identifier of the user to determine the identifier of the target machine and the type of the machine. The shopping server uses that information to provide the smart phone with access to a list of policies suitable for or allocated to the user's target machine. The list may be unique to the target machine or the group to which the machine belongs or a standard list for a type of machine.
The user selects 56 the required policy, in this case a power control policy.
The policies identified in the list may be stored in the shopping server 6 or be provided by the other suppliers 8 and/or stored in the NWM database 16.
Automatic Installation of the Policy In one example the shopping server provides S8 the selected policy and the identifier of the target computer to the system management tool which automatically installs the policy on the target computer in known manner.
In another example the shopping server itself has installation software and automatically installs S12 the policy.
Another example uses NightWatchman.
In one version the systems management tool has an agent 2lon the target machine which the shopping server causes to run SI 1 a NightWatchman command line locally on the target machine 2 to alter the NightWatchman settings, thereby affecting the policy.
In another version, the NightWatchman Management center database 16 is modified Si 3 in response to the selection of a policy at the shopping server such that a specific power management policy stored in the NightWatchman database is assigned to the target machine. The NWM agent 22 on the target machine 2 periodically checks S14 with the NightWatchman Management center 15 for policy; it will notice the change and then download and apply SI 5 the new policy.
Computer Programs The invention also provides computer programs which when run on the computers of the network implement the procedures described above. The computer programs are stored on a non transitory carrier, for a computer readable medium for example a hard disk, an optical disc, a magneto-optical disk, a compact disc, a magnetic tape, electronic memory including Flash memory, ROM and RAM, a RAID or any other suitable computer readable storage device.
Thc smart mobile phone has standard browser software for accessing the shopping server and selecting a policy from a list. The target machine has standard software for enabling the installation of a policy. For example it could be Active Directory Group Policy (which is included with every version of Windows) and/or if the target machine interacts with NightWatchman software the target machine has a NightWatchman client agent.
Shopping Server Program-Figure 3 The shopping server has program code for carrying out the process of Figure 3.
In step S42, a process at the shopping server 6 listens for a request from the user's browser on the cell phone 4 for access to a web form. The server 6 responds by presenting the form to the cell phone. The form includes an input box for entering the identifier of the user. In step S42, the user enters the identifier which is received by the server 6. In step S44, the server 6 accesses the asset database 10 to determines the identifier the user's target machine 2 and the type of the machine. The server then finds and presents the appropriate list of policies to the user's browser at the cell phone 4. The user at step S46 selects the required policy from the list. The server 6 responds in step S48 to the selection by sending the policy with the identifier of the target machine to the system management tool 12 for automatic installation as discussed above with reference to Figure 2.
A Computer Referring to Figure 4 an illustrative one of the computers, for example target 2 comprises, amongst other items: a CPU 222; a main memory 240 for example a hard disk drive or other storage device, for example electronic memory; a network interface 260; a display driver 280 coupled to a display device 282; human interface devices or input devices for example a keyboard 210 and a pointing device 212; and one or more busses 216; The items are conventional and interact via the buss(es) in a conventional way. The network interface couples the computer to the communications network 14. The computer also comprises a power supply 214. Programs are stored in the main memory 240 and executed by the CPU 222.
The server 6 may have the same construction but may omit the human interface devices, display driver and display.
The mobile phone may have a similar construction with the addition of wireless communications hardware and software.
Power Control Policy A power control policy may affect the power scheme which in turn affects the way the operating system schedules CPU cycles. That occurs at a level in the hierarchy of levels of organisation of a computer below the kemel of the Operating System.
A power control policy may provide settings for power control implemented by the operating system.
Variants The above embodiments are to be understood as illustrative examples of the invention. Further embodiments of the invention are envisaged. For example:-
S
a) The target machine 2 has been described as a desktop machine but it could be a laptop, tablet computer, server, mobile telephone or any other machine requiring a policy; b) The user's current machine S has been described as a smart mobile phone but it could be a laptop, tablet computer, server, or any other machine able to contact the shopping server and select a policy from a list.
e) The example of providing a policy referred to a power control policy.
However any other type of policy may be provided to the target machine.
ci) The invention may be used to provide policies of any type to any type of computing device. One example is a security system for a building and the policy is settings for the system, for example times of activation and dc-activation of the system. Another example is a climate control system for a building and the policy is time settings for the system.
e) The shopping server 6 may be used to provide application programs to the users in addition to policies.
It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.

Claims (23)

  1. Claims 1. A method of providing a policy to a target computer in a network comprising a plurality of computers including a first computer, the target computer, a source of data defining a plurality of policies, and means fix installing policies on the computers of the network the method comprising accessing the source am the first computer and selecting one of the policies fbr provision to the target computer, the source responding to the selection to provide the selected policy to the installing means, and automatically installing the selected policy on the target computer using the installing means.
  2. 2. A method according to claim 1, wherein the computers of the network are associated with respective identifiers of users, such an identifier is provided am the first computer to the source and the selected policy is installed on the target computer identified by the identifier.
  3. 3. A method according to claim 2, wherein the source identifies the target computer am data stored in a data store of the network cotrelating identifiers of users with identifiers of computers of the network.
  4. 4. Amethodaccordingtoclaim3,whereinthesaiddatastoreisanasset database of the network.
  5. 5. A method according to claim 1, 2, 3 or 4, wherein the said first computer has a web browser and the web browser is used to access a list of policies provided by the said source and to select a policy am the list lbr installation on the target computer.
  6. 6. A method according to any preceding claim, wherein the first computer is a laptop, tablet computer, mobile telephone, or any other mobile computer.
  7. 7. A method according to any preceding claim, wherein the first computer is a desktop computer or workstation.
  8. 8. A method according to any preceding claim, wherein the source comprises a server storing at least policies for the computers of the network.
  9. 9. A method according to any preceding claim, wherein the installing means comprises a network management tool and the policy is provided to the tool by thc said sourcc togcthcr with the identifier of thc target computcr.11. A method according to any one of claims 1 to 8, wherein the installing means comprises installation software at the source.12. A method according to any one of claims 1 to 7, wherein the network comprises a power control system and the power control system includes the installing means.13. A method according to claim 12, wherein the power control system includes a store for storing power control policies and a stored policy is provided to the target computer in accordance with the said selection.14. A method according to any one of claims 1 to 8, wherein the target computer comprises an agent responsive to the selected policy to change power control settings at the target computer.
  10. 10. A network comprising a plurality of computers including a first computer and a target computer, a source of data defining a plurality of policies, and means for installing policies on the computers of the network, wherein the first computer has program code for accessing the source from the first computer and for selecting one of the policies for provision to the target computer, the source has program code for responding to the selection to provide the selected policy to the installing means, and the installing means has program code for automatically installing the selected policy on the target computer.
  11. 11. A method according to claim 10, wherein the source identifies the target computer from data stored in a data store of the network correlating identifiers of users with identifiers of computers of the network.
  12. 12. A method according to claim 11, wherein the said data store is an asset database of the network.
  13. 13. A method according to claim 10, 11, or 12, wherein the said first computer has a web browser and the web browser is used to access a list of policies provided by the said source and to select a policy from the list for installation on the target computer.
  14. 14. A method according to any one of claims 10 to 13, wherein the first computer is a laptop, tablet computer, mobile telephone, or any other mobile computer.
  15. 15. A method according to any one of claims 10 to 14, wherein the first computer is a desktop computer or workstation.
  16. 16. A method according to any one of claims 10 to 15, wherein the source comprises a server storing at least policies for the computers of the network.
  17. 17. A method according to any one of claims 10 to 16, wherein the installing means comprises a network management tool and the policy is provided to the tool by the said source together with the identifier of the target computer.
  18. 18. A method according to any one of claims 10 to 16, wherein the installing means comprises installation software at the source.
  19. 19. A method according to any one of claims 1 to 15, wherein the network comprises a power control system and the power control system includes the installing means.
  20. 20. A method according to claim 19, wherein the power control system includes a store %r storing power control policies and a stored policy is provided to the target computcr in accordance with the said selection.
  21. 21. Amethod accordingto anyoneofclaims lOto 15,whereinthetarget computer comprises an agent responsive to the selected policy to change power control settings at the target computer.
  22. 22. A network according to any one of claims 10 to 21, wherein the computers of the network are associated with respective identifiers of users, such an identifier is provided from the first computer to the source and the selected policy is installed on the target computer identified by the identifier.
  23. 23. A computer program product coiipiising program code which, when run on a computer in a network comprising, a source of policies, an asset database of computers and identifiers of computers and users, and means fbr installing policies on the computers of the network, responds to a request from the first computer to require an identifier of the user of the target computer, on receipt of the identifier of the user, accesses from the asset database the identifier of the target computer, in response to the identifier of the target computer provides to the first computer a list of policies appropriate to the identified target machine, and responds to selection of a policy at the first computer to provide the selected policy and the identifier of the target computer to the installing means.
GB1222375.6A 2012-12-12 2012-12-12 Providing policy data to a computer Active GB2508848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1222375.6A GB2508848B (en) 2012-12-12 2012-12-12 Providing policy data to a computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1222375.6A GB2508848B (en) 2012-12-12 2012-12-12 Providing policy data to a computer

Publications (3)

Publication Number Publication Date
GB201222375D0 GB201222375D0 (en) 2013-01-23
GB2508848A true GB2508848A (en) 2014-06-18
GB2508848B GB2508848B (en) 2015-10-07

Family

ID=47602471

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1222375.6A Active GB2508848B (en) 2012-12-12 2012-12-12 Providing policy data to a computer

Country Status (1)

Country Link
GB (1) GB2508848B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148347A1 (en) * 2006-12-13 2008-06-19 Alcatel Lucent Policy-based management method for remote management of home devices
US20100005181A1 (en) * 2008-07-07 2010-01-07 Chengdu Huawei Symantec Technologies Co., Ltd. Method and system for controlling a terminal access and terminal for controlling an access
US20100218235A1 (en) * 2009-02-25 2010-08-26 Ganot Asaf Method and system for temporarily removing group policy restrictions remotely

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080148347A1 (en) * 2006-12-13 2008-06-19 Alcatel Lucent Policy-based management method for remote management of home devices
US20100005181A1 (en) * 2008-07-07 2010-01-07 Chengdu Huawei Symantec Technologies Co., Ltd. Method and system for controlling a terminal access and terminal for controlling an access
US20100218235A1 (en) * 2009-02-25 2010-08-26 Ganot Asaf Method and system for temporarily removing group policy restrictions remotely

Also Published As

Publication number Publication date
GB201222375D0 (en) 2013-01-23
GB2508848B (en) 2015-10-07

Similar Documents

Publication Publication Date Title
US10936078B2 (en) Account management services for load balancers
US9047387B2 (en) Secregating anonymous access to dynamic content on a web server, with cached logons
CN108965480A (en) Cloud desktop login management-control method, device and computer readable storage medium
US20190197251A1 (en) Adaptive permission token
CN107277049B (en) Access method and device of application system
CN111382421A (en) Service access control method, system, electronic device and storage medium
CN105493099A (en) Cryptographically attested resources for hosting virtual machines
US11924210B2 (en) Protected resource authorization using autogenerated aliases
US9372733B2 (en) System and method for a distribution manager
EP1986096A1 (en) Streaming a virtual desktop containing several applications for remote display to an authenticated user of a client device
US10911299B2 (en) Multiuser device staging
US20090235353A1 (en) Scalable Hosting of User Solutions
CN104615916A (en) Account management method and device and account permission control method and device
US20150020179A1 (en) Cloud computing system
KR102175317B1 (en) Virtual Desktop Infrastructure
CN111988275A (en) Single sign-on method, single sign-on server cluster and electronic equipment
CN105227577A (en) Unified database access agent equalization methods under a kind of multi-client
Ahn et al. User authentication platform using provisioning in cloud computing environment
EP3815334B1 (en) Accessing client credential sets using a key
GB2508848A (en) Providing a Policy to a Computer
US20140164583A1 (en) Providing Policy Data to a Computer
US11411813B2 (en) Single user device staging
KR20210135121A (en) Method and apparatus for providing virtual desktop environment based on biometric information of user
CN115150191B (en) Cross-region cloud management platform information interaction method and related components
US20230026409A1 (en) Remote working experience optimization systems

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20170720 AND 20170726