US20150020186A1 - Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices - Google Patents
Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices Download PDFInfo
- Publication number
- US20150020186A1 US20150020186A1 US14/341,651 US201414341651A US2015020186A1 US 20150020186 A1 US20150020186 A1 US 20150020186A1 US 201414341651 A US201414341651 A US 201414341651A US 2015020186 A1 US2015020186 A1 US 2015020186A1
- Authority
- US
- United States
- Prior art keywords
- dsc
- dsm
- network
- file
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0806—Configuration setting for initial configuration or provisioning, e.g. plug-and-play
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
- H04L61/2528—Translation at a proxy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
Definitions
- Embodiments of the invention generally relate to network devices. More particularly, an aspect of an embodiment of the invention relates to a central management station for automatic distribution of configuration information to remote devices.
- Firewall configuration is typically based on conservative thinking and designed to be rigorous in defending information and access.
- Data security is the leading obstacle to remote monitoring and control because a company's security policies are critical to business operations and cannot be hampered, even to increase company profitability. Therefore, the integrity of firewalls must be maintained.
- changing security specifications in order to allow for remote access is not an option.
- a method, apparatus, and system are described for a central management system to configure remote devices.
- DSM device service manager server
- a device service manager server may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in the DSM's registry for that DSC.
- DSCs device service controllers
- FIG. 1 illustrates a block diagram of an embodiment of a system to access to and from networked devices in networks protected by firewalls;
- FIG. 2 a illustrates a block diagram of an embodiment of system having a device service manager server located exterior to a first domain protected by a first firewall and a second domain protected by a second firewall;
- FIG. 2 b illustrates a block diagram of an embodiment of a system with DSCs each having a conduit manager configured to provide a direct communication tunnel to the DSM by authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeping that connection open for future bi-directional communication on the established TCP/IP stream connection;
- FIG. 3 illustrates a block diagram of an embodiment of a system having a central DSM and local DSCs to access to and from networked devices in networks protected by firewalls;
- FIG. 4 illustrates a state diagram of an embodiment of the Conduit Manager in the DSC
- FIG. 5 illustrates a block diagram of an embodiment of an automated centralized administration of a distributed system
- FIG. 6 illustrates a block diagram of an example embodiment of a DSM
- FIG. 7 illustrates a block diagram of an example embodiment of a DSC
- FIG. 8 illustrates a block diagram of an embodiment of the DSM distributing configuration information to the DSCs via an executable boot up file in the DSC.
- a device service manager server may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that each has a management module to manage an access module to proxy communications for networked devices behind a firewall on a wide area network relative to a location of the DSM on the wide area network.
- DSCs device service controllers
- the DSM serves as a central management station for a distribution of configuration information to the DSCs.
- An executable boot up file in the DSC is scripted with code to determine a unique ID of that individual DSC device, to determine the DSC's current IP address, to supply the DSM's IP address on the wide area network, and to activate code to initiate communications with the DSM.
- a device configuration engine in the DSC without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes a master copy of the device configuration file in the DSM's registry.
- FIG. 1 illustrates a block diagram of an embodiment of a system to access to and from networked devices in networks protected by firewalls.
- the first network 104 may contain a host console 108 associated with the first DSC 102 .
- the host console 108 controls and manages a subset of equipment in a second network 116 protected by a second firewall 114 .
- the second network 116 is located over the Internet from the first network 104 and the host controller 108 .
- the first device service controller 102 in the first network 104 and a second device service controller 112 in a second network 116 cooperate with a device service manager server (DSM) 110 located on the Internet to provide highly secure remote access to the subset of equipment in the second network 116 through the firewalls 106 , 114 .
- DSM device service manager server
- the device service manager server 110 has an IP redirector program 118 containing code to perform machine-to-machine communications, via a direct communication tunnel, with each device service controller through the firewalls 106 , 114 .
- the subset of equipment in the second network 116 may for example, include a server, a PLC device, a motion controller, automation equipment, a printer, a security system and a personal computer.
- the user from the host console 108 opens a connection to a designated port on a local DSC, i.e. the first DSC 102 , operating in Host Controller Mode.
- This local DSC will accept the connection and hold the connection pending the establishment of a connection through to the target device.
- This local DSC will then initiate a connection to the controlling DSM 110 , which will map the connection to a corresponding managed device IP address and port.
- the local DSC sends its identification information to successfully authenticate itself to the DSM 110 .
- the associated DSC responsible for the target device i.e. the second DSC 112 , will periodically open a secure tunnel with the DSM 110 and determine if there is a pending connection.
- the DSM 110 will instruct the DSC to initiate a proxy connection to the DSM 110 , through which it will pass the traffic for the pending connection.
- the local DSC behind the firewall holds the direct communication tunnel with the DSM 110 open if there is a pending connection.
- the direct communication tunnel between the first DSC 102 and the DSM 110 as well as the direct communication tunnel between the second DSC 112 and DSM 110 combine to allow secure access and management of equipment in a network protected by a firewall from a device external to the network protected by the firewall while maintaining a network's IT policy and the integrity of the network's firewall.
- the connection points to the first DSC 102 and the second DSC 112 are not publicly exposed outside their respective networks to devices external to their networks because the DSCs 102 , 112 are located behind their respective firewall 106 , 114 to increase security of the communications through the direct communication tunnel.
- the DSC can immediately begin providing secure access to any device such as the PLC device, in the network that has been designated as visible to a participating DSC.
- the designated visible devices have been authorized by the user of the second network 116 to be published.
- visible associated devices have been authorized by the owner of that domain to be visible/published to the virtual device network VDN (i.e. the VDN includes the equipment in the first and second networks 104 , 116 that have been authorized to be visible).
- the example subset of equipment in the second network authorized to have their information visibly published to the VDN include a server, a PLC device, a motion controller, and the automation equipment, while the printer, a security system and a personal computer have not been authorized by the user to be visible to the VDN.
- the local DSC discovers the components within its network and presents the owner of that domain with a graphic user interface asking which network components the owner wishes to make visible/publish their information.
- the local DSC collects this information, stores this information, and sends the publish information to the DSM.
- the information can include the DSC's identifier and IP address, and each component's IP address, name, capabilities, protocols supported, etc, within that DSC's network.
- FIG. 5 illustrates a block diagram of an embodiment of an automated centralized administration of a distributed system.
- the heart of the system is the DSM 510 .
- the Device Services Manager manages a collection of DSCs 502 , 512 , 513 , and 515 .
- the DSM 510 may have an IP redirector module 518 configured to cooperate with the two or more DSCs 502 , 512 , 513 , 515 that are behind a firewall, such as firewalls 506 , 514 , 517 , and 519 , on a wide area network relative to a location of the DSM 510 on the wide area network.
- the DSM 510 serves as a central management station for automatic distribution of configuration information to the DSCs 502 , 512 , 513 , and 515 .
- An executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM 510 then sends an initial configuration file to the DSM 510 .
- the DSM 510 makes a master copy of the device configuration file in the DSM's registry for that DSC.
- Each DSC 502 , 512 , 513 , 515 and the DSM 510 work in concert to provide end-to-end access between associated devices in different Domains.
- the DSM 510 serves as a proxy connection point for participating DSCs 502 , 512 , 513 , 515 .
- the DSM 110 is a dedicated appliance that relays connections between user hosts and destination devices.
- Individual DSC 502 , 512 , 513 , 515 serve as a low cost point of presence on participating LANs.
- Each DSC 502 , 512 , 513 , 515 is capable of acting simultaneously as both a Host Controller (which originates connections from host systems) and a Device Controller (which receives and manages incoming connections to individual remote devices).
- Each DSC 502 , 512 , 513 , 515 is configured to proxy connections for both itself and its associated network devices to its parent DSM 510 located beyond the local LAN.
- a newly installed DSC functions like a newly installed computer.
- the DSC just needs to establish a single out-bound connection to the DSM controlling the VDN.
- the outbound connection is a conduit communication link between the DSC acting as a Host Controller and the DSM. Once this connection is established, all system configuration, commands and network traffic can pass through the encrypted channel.
- the DSC successfully authenticates to the DSM, it can immediately begin providing secure access to individual pieces of pre-authorized equipment.
- the DSM and its participating DSCs provide a secure and totally transparent remote access solution.
- the DSC uploads the software via the local drive port and the rest is scripted by the executable file itself to do the rest.
- the device service manager server 510 may cooperate with one or more device service controllers 502 , 512 , 513 , 515 to manage 1 , 000 's of associated network devices behind firewalls at locations all over the world—securely, through a central point of contact.
- Each device service controller 502 , 512 , 513 , 515 is configured to connect and manage individual pieces of equipment located behind a firewall and itself is located behind the firewall relative to the location of device service manager server.
- FIG. 8 illustrates a block diagram of an embodiment of the DSM distributing configuration information to the DSCs, such as a first DSC 802 , via an executable boot up file uploaded via a drive port 834 in the DSC 810 .
- An administrator of the DSM 810 creates a boot up file and embeds a copy of this executable boot up file on a thumb drive.
- the thumb drive loaded with the executable boot up file accompanies and is shipped with the DSC device 802 .
- the executable boot up file in the DSC 802 is scripted with code to at least 1) determine a unique ID of that individual DSC device, 2) determine the DSC's current IP address, 3) supply the DSM's IP address on the wide area network, and 4) activate code to initiate communications with the DSM 810 .
- the DSC device 802 uploads the boot up file from the thumb drive via the drive port 834 , uses the contents of the boot up file to automatically create the secure communication channel via SSH between the DSC 802 and the DSM 810 and connects to the DSM 810 at its IP address on the WAN.
- the DSC 802 then authenticates itself to the DSM 810 via the unique ID, device MAC address, and/or potentially associated DNS entry.
- the DSM 810 looks up the authenticating information in a reference table maintained in the DSM 810 .
- the configuration of individual DSCs occurs by a user at the remote location of the DSC, merely inserting the appropriate portable computer readable medium, such as a thumb Universal Serial Bus (USB) Flash device, containing the boot up file with the initial configuration setting for the DSC into the USB slot on that device, applying power the unit, and waiting for the DSC LED to go green, indicating that it has successfully booted.
- the user then pushes the FLASH button, which causes the DSC to read the boot up file from the USB Flash device and attempt to contact the DSM. Once the DSC has successfully done so, the DSM LED shall also go green to indicate successful connection.
- USB Universal Serial Bus
- both the DSC LED and the ACTIVITY LED shall flash green, indicating progress in downloading configuration updates. Once the configuration of the DSC is complete, The DSC LED shall again go steady green, indicating that it is ready to start passing traffic.
- FIG. 6 illustrates a block diagram of an example embodiment of a DSM.
- the DSM 110 may contain components such as an IP redirector 618 that includes a Tunnel Manager in the DSM 610 , a user interface, a database 620 that includes a registry, an association manager, a policy manager, a replication manager, and other similar components.
- FIG. 7 illustrates a block diagram of an example embodiment of a DSC.
- the DSC 702 may contain components such as an Access Subsystem that includes the following components: an Association Manager; Conduit manager 724 ; a tunnel manager; and a network manifold 726 .
- the DSC may also include a local database 728 that includes a registry, a Discovery manager 730 , device configuration manager, a device monitoring manager, an automation sub system including a device configuration engine 743 , a user interface, a power supply 732 , a drive port 734 , and other similar components.
- the device configuration engine 743 in the DSC 702 without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel, such as via a secure protocol, an encrypted email, or similar method, to the DSM (with individual devices differentiated by device ID, device MAC address and/or potentially associated DNS entry).
- a secure communication channel such as via a secure protocol, an encrypted email, or similar method
- the DSM IP redirector module 618 receives this configuration information.
- the DSM 610 has a user data replication manager module 645 to create a device configuration/replication file with this configuration information and additional information and to make a master copy of the device configuration file in the DSM's registry 620 .
- the user data replication manager module 645 then distributes this configuration information back out to the appropriate DSCs in response to the DSC's registering with the DSM 610 or in response to a given DSC performing a system reset.
- the DSM 610 may also send updates of firmware, software patches, etc. in response to the boot up call.
- the DSC 702 may be a stand alone device deployed in an existing network.
- the deployment consists of merely physically plugging in the power to a power connection and power supply circuit of the DSC, plugging in the Ethernet network connection, and inserting the supplied thumb drive into a drive port 734 (i.e. USB flash drive into USB port). That is it!
- the DSC 702 is a stand alone device that connects up to the existing network without needing client software to be installed on another host device in that existing network and no network configuration settings are required from an end-user to properly install the DSC onto the existing network. Therefore, avoiding that many enterprise IT departments do not allow unauthorized third party applications to be installed onto their systems.
- the DSC 702 then resides on the existing network and mediates communication onto that LAN. No networking knowledge is necessary and access to this remote device is automatically configured. No end-user configuration or software installation is required to properly install the DSC onto the existing network.
- An auto discovery presence manager program 730 resident in each DSC 702 finds networked equipment on the existing LAN and establishes an instant point of presence on that local network.
- the discovery presence manager program 730 discovers associated devices on the network by using a polling technique.
- the discovery presence manager program 730 has a Graphical User Interface (GUI) 749 to ask a user of network whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the DSM.
- GUI Graphical User Interface
- the DSC device 702 collects and sends out the initial configuration file with the designated visible network device information to the central management DSM via the secure channel, which the DSM automatically registers both the local DSC and any associated network devices in the DSM-hosted Identity Registry.
- the Auto Discovery service 730 waits to discover network equipment on the existing LAN until the DSM sends back a copy of the master configuration file as well as any firmware and software updates.
- the graphic user interface 749 is configured for the DSM administrator to configure Automated Device Discovery for each associated DSC. Multiple individual scan records may be created which specify either SNMPv1, SNMPv2 or another protocol as the search mechanism. When Automated Device Discovery is activated, scan records are copied to the appropriate DSC, which shall use them to initiate periodic scans of their local LAN for attached network devices.
- the DSC When a device is discovered, the DSC shall create a Discovery record, which shall include as a minimum the IP address of the discovered device, the discovery protocol used to locate the discovered network device and the identifier of the discovering DSC.
- the resulting Discovery records shall be replicated back to the DSM for use by the DSM's Association, Configuration and Monitoring Service components.
- Each such Discovery record shall be assigned a unique ID, which shall allow the administrator to disambiguate references to individual configurations and discovered devices.
- the DSM then sends back a local copy for the DSC to store in its registry 728 .
- each DSC 702 of the two or more DSCs serves as a local registration authority, accepting registration requests from associated network devices on the existing local LAN, as well as polling for associated network devices on the local LAN.
- the DSC 702 will maintain a registry 728 of associated devices and will be able to automatically register both themselves and associated devices with its parent DSM registry.
- Each DSC 702 feeds this data to the parent DSM.
- Each DSC 702 participates in device discovery and directory service by registering associated devices discovered by using polling techniques.
- the DSM 610 provides centralized administration of the distributed system of DSC across the wide area network and proxy communications between those DSCs.
- An administrator with a GUI 651 from the DSM 610 creates a full device configuration record in Central Registry 620 from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device, persistent state information, etc.
- the Central Configuration Registry 620 stores the configuration information and the user data replication manager makes a master copy of the device configuration file stored in the DSM 610 .
- the central registry 620 provides registry service for the associated DSCs and their customer network devices, and support services including dynamic Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP) and Dynamic Host Configuration Protocol (DHCP).
- DNS Dynamic Domain Name System
- LDAP Lightweight Directory Access Protocol
- DHCP Dynamic Host Configuration Protocol
- a graphic user interface 651 of the DSM 610 is also configured for the DSM administrator to specify individual device associations, which are defined as a pairing of an existing device configuration with a specific discovered DSC device. Once a device has been associated, the DSM 610 may apply appropriate configuration changes and shall begin forwarding proxy connections to the DSC for network equipment as per a preset set of Access Rules maintained in the IP redirector module 618 in the DSM 610 .
- an appropriate icon may appear in the Device Monitoring Service view of the graphic user interface 651 .
- the user may then associate each such registered device with a previously created configured record.
- additional device settings including Discovery search records
- Discovery search records can be automatically downloaded to the DSC device. Based upon these settings, the DSC will then begin discovering additional network devices and passing traffic.
- the User Data Replication Manager 645 in the DSM 610 provides a mechanism for data to be replicated from a DSC to a DSM.
- the User Data Replication Manager 645 in the DSM 610 generates a local copy of the device configuration file including the configuration record for that DSC.
- the DSC uses the secured communications channel implemented in SSH to fetch the local copy of the device configuration file from the central registry 620 , and then the DSC updates its locally stored copy of the device configuration file. Thus, a shadow configuration registry is maintained on the remotely managed DSC device.
- the DSC then signals to DSM 610 that the update is complete and the DSM 610 updates the DSC's status of remote configuration in the Central Registry 620 of the DSM 610 .
- the DSC periodically calls the User Data Replication Manager 645 to see if updates to configuration files, firmware etc. are downloadable. Whatever changes are needed come from the central point being the DSM. All subsequent updates are automatically copied to remote device through an automatically maintained secure communications channel.
- the DSC serves as a local registration authority, accepting registration requests from associated devices on the local LAN, as well as polling for associated devices on the local LAN.
- the DSC maintains a registry of associated devices and has logic or software configured to automatically register both themselves and associated devices with its parent DSM central Registry 620 . This information can then be made available via LDAP and Dynamic DNS, as well as associated directory service application interfaces. Also, the service provider can access authorized remote equipment without changing the network configuration or their customers' existing software.
- the web interface and built-in directed navigation” system provides graphical views for easy navigation and control.
- the DSM may also have a Discovery Entity Manager, a Device Monitor, and a Configuration Manager.
- the Discovery Entity Manager manages Device Entities based on entries discovered by the Presence Manager.
- the Device Monitor Keeps track of the state of the device.
- Configuration manager provides a mechanism for configuring associated network devices.
- the Device Management Subsystem may include the following.
- Term Description Discovery Entity Manages Device Entities based on entries Manager discovered by the Presence Manager Device Monitor Keeps track of the state of the device Configuration Manager Provides a mechanism for configuring Associated Devices
- the DSM GUI interface allows the DSM administrator to configure Automated Device Discovery for each associated DSC and specify a protocol as the search mechanism.
- the administrator provides a starting IP address and an optional ending address (indicating that the Discovery Service shall search the entire specified range).
- the administrator may also specify an optional port number, which if supplied will be used in place of the default protocol port. If using SNMP as the protocol, the administrator can also provide an optional community string.
- the Device Entity Manager takes information from presence records, then attempts to pull more information from the device in order to determine its Id. It then populates the Entity Table with the information gathered from the presence records.
- the purpose of this is to attempt to recognize devices with multiple network interfaces as a single device.
- the entity table looks like this:
- the key for this record is the combination of Id, Protocol, and Parent Id.
- the Device Monitor and Config Manager are responsible for picking the info from the latest entry.
- the Device Monitor scans the Entity table and the Physical Device Configuration Attribute table and fills/updates any attributes with configuration it's able to poll (inconsistent use of poll/pull—not sure which is correct) from the device.
- the configuration attributes include all sellable parameters of a device: port settings, speeds, power levels, web servers, web server ports, etc.
- the Physical Configuration Attribute table looks like:
- Attribute Attribute name Value Attribute Value Can Read True if this is a value that can be read from the device. Can Write True if this is a value that can be written to the device. Last Updated When this attribute was last updated from the device. Last Queried
- the configuration manager is responsible for comparing a Virtual Configuration Attribute record with its associated Physical Configuration Attribute record.
- the Virtual Configuration Attribute table looks like:
- the DSC Device Management Subsystem may consist of the following components: a Discovery Presence Manager 730 , which manages Devices discovered by the Presence Agents; and multiple Discovery Presence Agents, which each agent attempts to discover associated network devices on a network using a specific protocol. (e.g. ping (ICMP), ARP, 77fe, SNMP, UPnP, etc.)
- a Discovery Presence Manager 730 which manages Devices discovered by the Presence Agents
- multiple Discovery Presence Agents which each agent attempts to discover associated network devices on a network using a specific protocol. (e.g. ping (ICMP), ARP, 77fe, SNMP, UPnP, etc.)
- the Discovery Presence Manager 730 is responsible for the initial phase of discovery. Given parameters for a network scan (e.g. IP inclusion/exclusion ranges, scan times, network polls/sec, etc.), the Presence Manager calls a Presence Agent for each protocol in the discovery process. Presence detection results in a minimal set of information about a device. The Presence record looks something like this:
- the Discovery Presence Agents perform the actual act of detection with a specific protocol. Each agent is responsible for a specific protocol.
- the Platform Subsystem consists of the following components:
- the Local Message Bus may be implemented via LEBUS. This provides a simple one-way, one-to-many communication of transient events between processes on a local system.
- the DSM's Registry is considered authoritative.
- the DSC may gather new information, but that information is sent to the DSM.
- OEM/VAR integration is allowed via an API into the Registry and databases are used.
- the DSC just needs to establish a single out-bound connection to the DSM controlling the VDN. Once this connection is established, all system configuration, commands and network traffic can pass through the encrypted channel.
- the DSC successfully authenticates to the DSM, it can immediately begin providing secure access to individual pieces of pre-authorized equipment.
- the device server controller that provides DHCP-like auto-configuration for associated devices in its network.
- the DSM GUI interface the DNA administrator saves a DSC device configuration through the web interface to a file on the browser host.
- Such files shall be digitally signed, to prevent unauthorized modification or alteration and may be emailed, copied across the net or onto a USB Flash memory drive.
- the DSC shall read the file, verify the digital signature and device settings, and if valid, apply these settings to the device. No previous connection to the DSM is required for this to work.
- the DSM GUI interface the DNA administrator allows a save of a complete DSC system image through the web interface to a file on the browser host.
- files shall be digitally signed, to prevent unauthorized modification or alteration and may be emailed, copied across the net or onto a USB Flash memory drive.
- the DSC shall read the file, verify the digital signature and device settings, and if valid, replace the current system image with the new image.
- Such an image may include basic Registry settings, including a URL for the parent DSM.
- FIG. 2 a illustrates a block diagram of an embodiment of system having a device service manager server located exterior to a first domain protected by a first firewall and a second domain protected by a second firewall.
- Each DSC 202 , 212 is configured with hardware logic and software to act as both 1 ) a Host Controller (which establishes connections for both itself and its associated devices in the first domain 204 to the DSM 210 located beyond the first firewall 206 and 2 ) a Device Controller (which receives and manages incoming connections from the DSM 110 to individual remote target devices in the second domain 216 protected by the second firewall 214 .
- a domain may be any network separated by a firewall or different subnets.
- the DSC will be able to proxy connections for both itself and its associated devices to its parent DSM located beyond the local domain.
- Each DSC may be configured to periodically send an outbound communication to check with the DSM to see if any pending TCP connections are waiting.
- the first DSC 202 and the second DSC, 212 have a Conduit Manager to provide the direct network communication tunnel to the DSM 210 by authenticating itself to the DSM 210 and establishing an outgoing TCP/IP stream connection to the DSM 210 .
- the DSC keeps that connection open for future bi-directional communication on the outgoing TCP/IP stream connection.
- the established and authenticated, bi-directional communication, TCP/IP stream connection may be known as a direct network communication tunnel or conduit tunnel.
- the IP redirector of the DSM 210 sends routed packets down a first established TCP/IP stream connection to the first DSC 202 and sends routed packets down a second established TCP/IP stream connection to the second DSC 212 .
- the IP redirector of the DSM 210 routes packets for a network component in the first domain 204 behind the first firewall 206 down the first established TCP/IP stream connection to the first DSC 202 .
- the IP redirector of the DSM 210 also routes packets for a network component in the second domain 216 behind the second firewall 214 down a second established TCP/IP stream connection to the second DSC 212 .
- TCP/IP is a bi-directional stream protocol
- the DSM 210 can send routed packets down the open communication conduit tunnel and receive traffic from each DSC 202 , 212 .
- the host console 208 and the subset of equipment in the second network form part of the VDN in which the host console 208 controls and manages the subset in second network by the second DSC 212 traversing outbound through a local firewall and/or a customer's NAT routers to access the subset of equipment on the remote network.
- the host console 208 establishes a single out-bound connection to the DSM 210 controlling the VDN, which allows two-way communications, and then holds that out-bound connection open.
- the VDN via the DSCs cooperating with the DSM 210 may create dedicated TCP/IP connections between any two points on the Internet.
- FIG. 2 b illustrates a block diagram of an embodiment of a system with DSCs each having a conduit manager configured to provide a direct communication tunnel to the DSM by authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeping that connection open for future bi-directional communication on the established TCP/IP stream connection.
- a host console 208 b connects to a remote DSC 212 b via a local DSC and the DSM 210 b .
- the local and the remote DSC 212 b can both hold open a direct communication tunnel between themselves and the DSM 210 b for bi-directional communications.
- the direct TCP communication tunnel is a two-way TCP/IP stream connection/TCP session that is held opened to the DSM 210 b .
- the traffic on the incoming connection is then relayed through that session.
- the Conduit Manager in the remote DSC 212 b may use a certificate-based SSH (Secure Shell) encryption protocol to ensure secure, end-to-end communication between the host console 208 b and the destination target device, such as a Motion Controller, via the direct TCP communication tunnel.
- SSH Secure Shell
- the direct TCP communication tunnel can also be a simple TCP port forwarder.
- the program is just listening to a local TCP port and all the received data will get sent to a remote host, the DSM.
- the direct TCP communication tunnel allows the user to bypass a firewall that does not allow a remote device to make inbound TCP/IP connections to your server.
- the remote DSC is also de-multiplexing the traffic from the direct communication tunnel to the network components on its associated local area network by decoding the header on the traffic and forwarding that traffic onto the target network component.
- the TCP packet header information in general identifies both the source port originally sending the data and the target destination port receiving the packet.
- FIG. 3 illustrates a block diagram of an embodiment of a system having a central DSM and local DSCs to access to and from networked devices in networks protected by firewalls.
- the virtual device network is created by the DSM 310 and DSCs 302 , 312 and the network devices associating with each DSC.
- the VDN in FIG. 3 operates similarly to the above descriptions for FIGS. 1 , 2 a , and 2 b except where noted.
- the IP redirector may have portions resident in both the DSC and the DSM.
- the IP redirector may include the access subsystem device management system and registry.
- the Conduit Manager 724 in the DSC notifies local DSC processes that the SSH session to the DSM has been fully established.
- the conduit's SSH shell session is attached to the IP redirector program portion in the DSM.
- the IP redirector program then sends periodic beacon packets that the DSC can use to ensure the direct communication tunnel is established and active.
- Some minor protocol capabilities may be present to allow the DSC/DSM 110 to perform bandwidth/latency estimates.
- SSH's TCP port-forwarding feature can be used to pass all other control and tunnel data between the DSM and DSC.
- the Conduit Manager 724 may also negotiate the “remote” port it can listen on from the DSM.
- FIG. 4 illustrates a state diagram of an embodiment of the Conduit Manager in the DSC.
- the Conduit Manager contains code to start and stop the direct TCP communication tunnel, determine when this direct TCP communication tunnel is idle or unexpectedly interrupted, etc.
- the Conduit manager checks to see if any SSH tunnel is already established with the DSM. If not, in block 404 , the Conduit manager establishes a full or partial SSH session.
- the Conduit manager negotiates authentication of that DSC with the DSM by each verifying their identity.
- the DSC redirects the socket and refreshes the tunnel timer.
- the DSM 610 has an IP redirector program that consists of multiple routines implemented in software, logic or a combination of both.
- the DSC may also contain a portion of the IP redirector program.
- the IP redirector program may include portions in the DSC such as the Conduit Manager in the DSC, which has code scripted to provide basic secured network communication and manage the conduit tunnel between a DSC and the DSM and the Tunnel Manager in the DSC.
- the Tunnel Manager 624 portion of the IP redirector in the DSM 610 has code scripted to provide a secured multiplexed TCP session between the DSM and a DSC operating in Demux mode and the DSM and a DSC operating in Mux mode.
- a machine-readable medium includes any mechanism that provides (e.g., stores and/or transmits) information in a form readable by a machine (e.g., a computer).
- a machine-readable medium includes read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; Digital VideoDisc (DVD's), EPROMs, EEPROMs, FLASH memory, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
- the logic consists of electronic circuits that follow the rules of Boolean Logic, software that contain patterns of instructions, or any combination of both.
Abstract
A method, apparatus, and system are described for a central management system to configure remote devices. A device service manager server (DSM) may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in the DSM's registry for that DSC.
Description
- This application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/982,388, entitled “Means of Providing Virtual IP Address to Automatically Access Remote Network Devices” filed Oct. 24, 2007.
- A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the software engine and its modules, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
- Embodiments of the invention generally relate to network devices. More particularly, an aspect of an embodiment of the invention relates to a central management station for automatic distribution of configuration information to remote devices.
- The challenge of establishing remote access for service organizations lies in overcoming two major hurdles. The first being the need to establish remote access within the parameters of a secure firewall. Firewall configuration is typically based on conservative thinking and designed to be rigorous in defending information and access. Data security is the leading obstacle to remote monitoring and control because a company's security policies are critical to business operations and cannot be hampered, even to increase company profitability. Therefore, the integrity of firewalls must be maintained. Typically, changing security specifications in order to allow for remote access is not an option.
- A method, apparatus, and system are described for a central management system to configure remote devices. A device service manager server (DSM) may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in the DSM's registry for that DSC.
- The drawings refer to embodiments of the invention in which:
-
FIG. 1 illustrates a block diagram of an embodiment of a system to access to and from networked devices in networks protected by firewalls; -
FIG. 2 a illustrates a block diagram of an embodiment of system having a device service manager server located exterior to a first domain protected by a first firewall and a second domain protected by a second firewall; -
FIG. 2 b illustrates a block diagram of an embodiment of a system with DSCs each having a conduit manager configured to provide a direct communication tunnel to the DSM by authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeping that connection open for future bi-directional communication on the established TCP/IP stream connection; -
FIG. 3 illustrates a block diagram of an embodiment of a system having a central DSM and local DSCs to access to and from networked devices in networks protected by firewalls; -
FIG. 4 illustrates a state diagram of an embodiment of the Conduit Manager in the DSC; -
FIG. 5 illustrates a block diagram of an embodiment of an automated centralized administration of a distributed system; -
FIG. 6 illustrates a block diagram of an example embodiment of a DSM; -
FIG. 7 illustrates a block diagram of an example embodiment of a DSC; and -
FIG. 8 illustrates a block diagram of an embodiment of the DSM distributing configuration information to the DSCs via an executable boot up file in the DSC. - While the invention is subject to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. The invention should be understood to not be limited to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
- In the following description, numerous specific details are set forth, such as examples of specific data signals, named components, connections, networks, etc., in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well known components or methods have not been described in detail but rather in a block diagram in order to avoid unnecessarily obscuring the present invention. Further specific numeric references such as first network, may be made. However, the specific numeric reference should not be interpreted as a literal sequential order but rather interpreted that the first network is different from a second network. Thus, the specific details set forth are merely exemplary. The specific details may be varied from and still be contemplated to be within the spirit and scope of the present invention.
- In general, the various methods and apparatus are described to provide a central management system to configure remote devices. A device service manager server (DSM) may have an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that each has a management module to manage an access module to proxy communications for networked devices behind a firewall on a wide area network relative to a location of the DSM on the wide area network. The DSM serves as a central management station for a distribution of configuration information to the DSCs. An executable boot up file in the DSC is scripted with code to determine a unique ID of that individual DSC device, to determine the DSC's current IP address, to supply the DSM's IP address on the wide area network, and to activate code to initiate communications with the DSM. A device configuration engine in the DSC without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes a master copy of the device configuration file in the DSM's registry.
-
FIG. 1 illustrates a block diagram of an embodiment of a system to access to and from networked devices in networks protected by firewalls. - A first device service controller 102 (DSC) in a
first network 104 protected by afirst firewall 106. Thefirst network 104 may contain ahost console 108 associated with the first DSC 102. Thehost console 108 controls and manages a subset of equipment in asecond network 116 protected by asecond firewall 114. Thesecond network 116 is located over the Internet from thefirst network 104 and thehost controller 108. The firstdevice service controller 102 in thefirst network 104 and a seconddevice service controller 112 in asecond network 116 cooperate with a device service manager server (DSM) 110 located on the Internet to provide highly secure remote access to the subset of equipment in thesecond network 116 through thefirewalls service manager server 110 has anIP redirector program 118 containing code to perform machine-to-machine communications, via a direct communication tunnel, with each device service controller through thefirewalls second network 116 may for example, include a server, a PLC device, a motion controller, automation equipment, a printer, a security system and a personal computer. - In operation, the user from the
host console 108 opens a connection to a designated port on a local DSC, i.e. the first DSC 102, operating in Host Controller Mode. This local DSC will accept the connection and hold the connection pending the establishment of a connection through to the target device. This local DSC will then initiate a connection to the controlling DSM 110, which will map the connection to a corresponding managed device IP address and port. The local DSC sends its identification information to successfully authenticate itself to the DSM 110. The associated DSC responsible for the target device, i.e. the second DSC 112, will periodically open a secure tunnel with the DSM 110 and determine if there is a pending connection. If there is a pending connection, the DSM 110 will instruct the DSC to initiate a proxy connection to the DSM 110, through which it will pass the traffic for the pending connection. The local DSC behind the firewall holds the direct communication tunnel with the DSM 110 open if there is a pending connection. - The direct communication tunnel between the first DSC 102 and the DSM 110 as well as the direct communication tunnel between the second DSC 112 and DSM 110 combine to allow secure access and management of equipment in a network protected by a firewall from a device external to the network protected by the firewall while maintaining a network's IT policy and the integrity of the network's firewall. The connection points to the first DSC 102 and the second DSC 112 are not publicly exposed outside their respective networks to devices external to their networks because the
DSCs respective firewall second network 116 to be published. - As discussed, visible associated devices have been authorized by the owner of that domain to be visible/published to the virtual device network VDN (i.e. the VDN includes the equipment in the first and
second networks - The local DSC discovers the components within its network and presents the owner of that domain with a graphic user interface asking which network components the owner wishes to make visible/publish their information. The local DSC collects this information, stores this information, and sends the publish information to the DSM. The information can include the DSC's identifier and IP address, and each component's IP address, name, capabilities, protocols supported, etc, within that DSC's network.
-
FIG. 5 illustrates a block diagram of an embodiment of an automated centralized administration of a distributed system. - The heart of the system is the
DSM 510. The Device Services Manager manages a collection ofDSCs - The
DSM 510 may have anIP redirector module 518 configured to cooperate with the two or more DSCs 502, 512, 513, 515 that are behind a firewall, such asfirewalls DSM 510 on the wide area network. TheDSM 510 serves as a central management station for automatic distribution of configuration information to theDSCs DSM 510 then sends an initial configuration file to theDSM 510. TheDSM 510 makes a master copy of the device configuration file in the DSM's registry for that DSC. - Each
DSC DSM 510 work in concert to provide end-to-end access between associated devices in different Domains. TheDSM 510 serves as a proxy connection point for participatingDSCs DSM 110 is a dedicated appliance that relays connections between user hosts and destination devices. -
Individual DSC DSC DSC parent DSM 510 located beyond the local LAN. - To the remote network, a newly installed DSC functions like a newly installed computer. To access devices on a remote network, the DSC just needs to establish a single out-bound connection to the DSM controlling the VDN. The outbound connection is a conduit communication link between the DSC acting as a Host Controller and the DSM. Once this connection is established, all system configuration, commands and network traffic can pass through the encrypted channel. When the DSC successfully authenticates to the DSM, it can immediately begin providing secure access to individual pieces of pre-authorized equipment.
- With no client software to install on a PC or local server by the user and no changes required to either the network configuration or application software at either end of the connection, the DSM and its participating DSCs provide a secure and totally transparent remote access solution. The DSC uploads the software via the local drive port and the rest is scripted by the executable file itself to do the rest.
- Thus, the device
service manager server 510 may cooperate with one or moredevice service controllers device service controller -
FIG. 8 illustrates a block diagram of an embodiment of the DSM distributing configuration information to the DSCs, such as afirst DSC 802, via an executable boot up file uploaded via a drive port 834 in theDSC 810. An administrator of theDSM 810 creates a boot up file and embeds a copy of this executable boot up file on a thumb drive. The thumb drive loaded with the executable boot up file accompanies and is shipped with theDSC device 802. The executable boot up file in theDSC 802 is scripted with code to at least 1) determine a unique ID of that individual DSC device, 2) determine the DSC's current IP address, 3) supply the DSM's IP address on the wide area network, and 4) activate code to initiate communications with theDSM 810. - The
DSC device 802 uploads the boot up file from the thumb drive via the drive port 834, uses the contents of the boot up file to automatically create the secure communication channel via SSH between theDSC 802 and theDSM 810 and connects to theDSM 810 at its IP address on the WAN. TheDSC 802 then authenticates itself to theDSM 810 via the unique ID, device MAC address, and/or potentially associated DNS entry. TheDSM 810 then looks up the authenticating information in a reference table maintained in theDSM 810. - In an embodiment, the configuration of individual DSCs occurs by a user at the remote location of the DSC, merely inserting the appropriate portable computer readable medium, such as a thumb Universal Serial Bus (USB) Flash device, containing the boot up file with the initial configuration setting for the DSC into the USB slot on that device, applying power the unit, and waiting for the DSC LED to go green, indicating that it has successfully booted. The user then pushes the FLASH button, which causes the DSC to read the boot up file from the USB Flash device and attempt to contact the DSM. Once the DSC has successfully done so, the DSM LED shall also go green to indicate successful connection. As will be discussed in more detail later, if there is additional configuration information to download, both the DSC LED and the ACTIVITY LED shall flash green, indicating progress in downloading configuration updates. Once the configuration of the DSC is complete, The DSC LED shall again go steady green, indicating that it is ready to start passing traffic.
-
FIG. 6 illustrates a block diagram of an example embodiment of a DSM. TheDSM 110 may contain components such as anIP redirector 618 that includes a Tunnel Manager in theDSM 610, a user interface, adatabase 620 that includes a registry, an association manager, a policy manager, a replication manager, and other similar components. -
FIG. 7 illustrates a block diagram of an example embodiment of a DSC. TheDSC 702 may contain components such as an Access Subsystem that includes the following components: an Association Manager;Conduit manager 724; a tunnel manager; and anetwork manifold 726. The DSC may also include alocal database 728 that includes a registry, aDiscovery manager 730, device configuration manager, a device monitoring manager, an automation sub system including adevice configuration engine 743, a user interface, apower supply 732, a drive port 734, and other similar components. - Referring to
FIG. 7 , as discussed, thedevice configuration engine 743 in theDSC 702 without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel, such as via a secure protocol, an encrypted email, or similar method, to the DSM (with individual devices differentiated by device ID, device MAC address and/or potentially associated DNS entry). - Referring to
FIG. 6 , the DSMIP redirector module 618 receives this configuration information. TheDSM 610 has a user datareplication manager module 645 to create a device configuration/replication file with this configuration information and additional information and to make a master copy of the device configuration file in the DSM'sregistry 620. The user datareplication manager module 645 then distributes this configuration information back out to the appropriate DSCs in response to the DSC's registering with theDSM 610 or in response to a given DSC performing a system reset. Note, theDSM 610 may also send updates of firmware, software patches, etc. in response to the boot up call. - Referring to
FIG. 7 , theDSC 702 may be a stand alone device deployed in an existing network. The deployment consists of merely physically plugging in the power to a power connection and power supply circuit of the DSC, plugging in the Ethernet network connection, and inserting the supplied thumb drive into a drive port 734 (i.e. USB flash drive into USB port). That is it! Thus, theDSC 702 is a stand alone device that connects up to the existing network without needing client software to be installed on another host device in that existing network and no network configuration settings are required from an end-user to properly install the DSC onto the existing network. Therefore, avoiding that many enterprise IT departments do not allow unauthorized third party applications to be installed onto their systems. TheDSC 702 then resides on the existing network and mediates communication onto that LAN. No networking knowledge is necessary and access to this remote device is automatically configured. No end-user configuration or software installation is required to properly install the DSC onto the existing network. - An auto discovery
presence manager program 730 resident in eachDSC 702 finds networked equipment on the existing LAN and establishes an instant point of presence on that local network. The discoverypresence manager program 730 discovers associated devices on the network by using a polling technique. The discoverypresence manager program 730 has a Graphical User Interface (GUI) 749 to ask a user of network whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the DSM. TheDSC device 702 then collects and sends out the initial configuration file with the designated visible network device information to the central management DSM via the secure channel, which the DSM automatically registers both the local DSC and any associated network devices in the DSM-hosted Identity Registry. This information can then be made available via dynamic DNS, LDAP and DHCP, as well as associated web-based directory service application interfaces. In an embodiment, theAuto Discovery service 730 waits to discover network equipment on the existing LAN until the DSM sends back a copy of the master configuration file as well as any firmware and software updates. - The
graphic user interface 749 is configured for the DSM administrator to configure Automated Device Discovery for each associated DSC. Multiple individual scan records may be created which specify either SNMPv1, SNMPv2 or another protocol as the search mechanism. When Automated Device Discovery is activated, scan records are copied to the appropriate DSC, which shall use them to initiate periodic scans of their local LAN for attached network devices. - When a device is discovered, the DSC shall create a Discovery record, which shall include as a minimum the IP address of the discovered device, the discovery protocol used to locate the discovered network device and the identifier of the discovering DSC. The resulting Discovery records shall be replicated back to the DSM for use by the DSM's Association, Configuration and Monitoring Service components. Each such Discovery record shall be assigned a unique ID, which shall allow the administrator to disambiguate references to individual configurations and discovered devices. The DSM then sends back a local copy for the DSC to store in its
registry 728. - Thus, each
DSC 702 of the two or more DSCs serves as a local registration authority, accepting registration requests from associated network devices on the existing local LAN, as well as polling for associated network devices on the local LAN. TheDSC 702 will maintain aregistry 728 of associated devices and will be able to automatically register both themselves and associated devices with its parent DSM registry. EachDSC 702 feeds this data to the parent DSM. EachDSC 702 participates in device discovery and directory service by registering associated devices discovered by using polling techniques. - Referring to
FIG. 6 , theDSM 610 provides centralized administration of the distributed system of DSC across the wide area network and proxy communications between those DSCs. An administrator with aGUI 651 from theDSM 610 creates a full device configuration record inCentral Registry 620 from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device, persistent state information, etc. TheCentral Configuration Registry 620 stores the configuration information and the user data replication manager makes a master copy of the device configuration file stored in theDSM 610. - The
central registry 620 provides registry service for the associated DSCs and their customer network devices, and support services including dynamic Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP) and Dynamic Host Configuration Protocol (DHCP). - A
graphic user interface 651 of theDSM 610 is also configured for the DSM administrator to specify individual device associations, which are defined as a pairing of an existing device configuration with a specific discovered DSC device. Once a device has been associated, theDSM 610 may apply appropriate configuration changes and shall begin forwarding proxy connections to the DSC for network equipment as per a preset set of Access Rules maintained in theIP redirector module 618 in theDSM 610. - As detected DSCs are found and registered, an appropriate icon may appear in the Device Monitoring Service view of the
graphic user interface 651. The user may then associate each such registered device with a previously created configured record. Once that is done, additional device settings (including Discovery search records) can be automatically downloaded to the DSC device. Based upon these settings, the DSC will then begin discovering additional network devices and passing traffic. - The User
Data Replication Manager 645 in theDSM 610 provides a mechanism for data to be replicated from a DSC to a DSM. The UserData Replication Manager 645 in theDSM 610 generates a local copy of the device configuration file including the configuration record for that DSC. The DSC uses the secured communications channel implemented in SSH to fetch the local copy of the device configuration file from thecentral registry 620, and then the DSC updates its locally stored copy of the device configuration file. Thus, a shadow configuration registry is maintained on the remotely managed DSC device. The DSC then signals toDSM 610 that the update is complete and theDSM 610 updates the DSC's status of remote configuration in theCentral Registry 620 of theDSM 610. - The DSC periodically calls the User
Data Replication Manager 645 to see if updates to configuration files, firmware etc. are downloadable. Whatever changes are needed come from the central point being the DSM. All subsequent updates are automatically copied to remote device through an automatically maintained secure communications channel. - After setup, the DSC serves as a local registration authority, accepting registration requests from associated devices on the local LAN, as well as polling for associated devices on the local LAN. The DSC maintains a registry of associated devices and has logic or software configured to automatically register both themselves and associated devices with its parent DSM
central Registry 620. This information can then be made available via LDAP and Dynamic DNS, as well as associated directory service application interfaces. Also, the service provider can access authorized remote equipment without changing the network configuration or their customers' existing software. The web interface and built-in directed navigation” system provides graphical views for easy navigation and control. - In an embodiment, the DSM may also have a Discovery Entity Manager, a Device Monitor, and a Configuration Manager. The Discovery Entity Manager manages Device Entities based on entries discovered by the Presence Manager. The Device Monitor Keeps track of the state of the device. Configuration manager provides a mechanism for configuring associated network devices.
- The Device Management Subsystem may include the following.
-
Term Description Discovery Entity Manages Device Entities based on entries Manager discovered by the Presence Manager Device Monitor Keeps track of the state of the device Configuration Manager Provides a mechanism for configuring Associated Devices - As discussed, the DSM GUI interface allows the DSM administrator to configure Automated Device Discovery for each associated DSC and specify a protocol as the search mechanism. When specifying the search, the administrator provides a starting IP address and an optional ending address (indicating that the Discovery Service shall search the entire specified range). The administrator may also specify an optional port number, which if supplied will be used in place of the default protocol port. If using SNMP as the protocol, the administrator can also provide an optional community string.
- The Device Entity Manager takes information from presence records, then attempts to pull more information from the device in order to determine its Id. It then populates the Entity Table with the information gathered from the presence records.
- The purpose of this is to attempt to recognize devices with multiple network interfaces as a single device.
- The entity table looks like this:
-
Field Description Id The Id of the device Protocol What protocol was used for the scan Parent Id Id of the parent (i.e. the DSC that found the device) MAC Address IP address of device IP Address IP address of device Last Up When this device was last found to be “up” Scan Time When this device was last scanned - The key for this record is the combination of Id, Protocol, and Parent Id. The reason Parent Id should be there is to handle the case of devices that may be unplugged from one DSC domain and re-plugged into a new DSC domain.
- The Device Monitor and Config Manager are responsible for picking the info from the latest entry.
- The Device Monitor scans the Entity table and the Physical Device Configuration Attribute table and fills/updates any attributes with configuration it's able to poll (inconsistent use of poll/pull—not sure which is correct) from the device.
- The configuration attributes include all sellable parameters of a device: port settings, speeds, power levels, web servers, web server ports, etc.
- The Physical Configuration Attribute table looks like:
-
Field Description Id The Id of the device Attribute Attribute name Value Attribute Value Can Read True if this is a value that can be read from the device. Can Write True if this is a value that can be written to the device. Last Updated When this attribute was last updated from the device. Last Queried - The configuration manager is responsible for comparing a Virtual Configuration Attribute record with its associated Physical Configuration Attribute record.
- When differences occur, it will send those configurations to the device in question. The Virtual Configuration Attribute table looks like:
-
Field Description Id The Id of the device Attribute Attribute name Value Attribute Value Enable True if this is an “active” configuration that should be sent to the device. Last When this attribute was last sent from the configuration Pushed manager. - Referring to
FIG. 7 , the DSC Device Management Subsystem may consist of the following components: aDiscovery Presence Manager 730, which manages Devices discovered by the Presence Agents; and multiple Discovery Presence Agents, which each agent attempts to discover associated network devices on a network using a specific protocol. (e.g. ping (ICMP), ARP, 77fe, SNMP, UPnP, etc.) - The
Discovery Presence Manager 730 is responsible for the initial phase of discovery. Given parameters for a network scan (e.g. IP inclusion/exclusion ranges, scan times, network polls/sec, etc.), the Presence Manager calls a Presence Agent for each protocol in the discovery process. Presence detection results in a minimal set of information about a device. The Presence record looks something like this: -
Field Description MAC Address IP address of device Protocol What protocol was used for the scan Parent Id Id of Parent (i.e. the DSC that found the device) IP Address IP address of device Scan Time When this device was last scanned via this protocol Last Up When this device was last found to be “up” via this protocol - Note, the MAC address+Protocol+Parent Id should be unique.
- The Discovery Presence Agents perform the actual act of detection with a specific protocol. Each agent is responsible for a specific protocol. The Platform Subsystem consists of the following components:
-
Term Description Local Message A method of providing event information to all Bus processes in a system Registry A persistent data store Process Manager Ensures the proper services are running - The Local Message Bus may be implemented via LEBUS. This provides a simple one-way, one-to-many communication of transient events between processes on a local system.
- In the DSC-DSM System, the DSM's Registry is considered authoritative. The DSC may gather new information, but that information is sent to the DSM.
- OEM/VAR integration is allowed via an API into the Registry and databases are used.
- To access devices on a remote network the DSC just needs to establish a single out-bound connection to the DSM controlling the VDN. Once this connection is established, all system configuration, commands and network traffic can pass through the encrypted channel. When the DSC successfully authenticates to the DSM, it can immediately begin providing secure access to individual pieces of pre-authorized equipment. The device server controller that provides DHCP-like auto-configuration for associated devices in its network.
- In an alternative embodiment, the DSM GUI interface the DNA administrator saves a DSC device configuration through the web interface to a file on the browser host. Such files shall be digitally signed, to prevent unauthorized modification or alteration and may be emailed, copied across the net or onto a USB Flash memory drive. In this last case, if the USB Flash is inserted into the target DSC and the front panel pushbutton is activated, the DSC shall read the file, verify the digital signature and device settings, and if valid, apply these settings to the device. No previous connection to the DSM is required for this to work.
- In addition, the DSM GUI interface the DNA administrator allows a save of a complete DSC system image through the web interface to a file on the browser host. Such files shall be digitally signed, to prevent unauthorized modification or alteration and may be emailed, copied across the net or onto a USB Flash memory drive. In this last case, if the USB Flash is inserted into the target DSC and the DSC is booted while the front panel pushbutton is held down, the DSC shall read the file, verify the digital signature and device settings, and if valid, replace the current system image with the new image. Such an image may include basic Registry settings, including a URL for the parent DSM.
-
FIG. 2 a illustrates a block diagram of an embodiment of system having a device service manager server located exterior to a first domain protected by a first firewall and a second domain protected by a second firewall. - Each
DSC first domain 204 to the DSM 210 located beyond thefirst firewall 206 and 2) a Device Controller (which receives and manages incoming connections from theDSM 110 to individual remote target devices in thesecond domain 216 protected by thesecond firewall 214. Note, a domain may be any network separated by a firewall or different subnets. The DSC will be able to proxy connections for both itself and its associated devices to its parent DSM located beyond the local domain. Each DSC may be configured to periodically send an outbound communication to check with the DSM to see if any pending TCP connections are waiting. - In an embodiment, the
first DSC 202 and the second DSC, 212 have a Conduit Manager to provide the direct network communication tunnel to the DSM 210 by authenticating itself to the DSM 210 and establishing an outgoing TCP/IP stream connection to the DSM 210. The DSC keeps that connection open for future bi-directional communication on the outgoing TCP/IP stream connection. The established and authenticated, bi-directional communication, TCP/IP stream connection may be known as a direct network communication tunnel or conduit tunnel. The IP redirector of the DSM 210 sends routed packets down a first established TCP/IP stream connection to thefirst DSC 202 and sends routed packets down a second established TCP/IP stream connection to thesecond DSC 212. The IP redirector of the DSM 210 routes packets for a network component in thefirst domain 204 behind thefirst firewall 206 down the first established TCP/IP stream connection to thefirst DSC 202. The IP redirector of the DSM 210 also routes packets for a network component in thesecond domain 216 behind thesecond firewall 214 down a second established TCP/IP stream connection to thesecond DSC 212. Note, because TCP/IP is a bi-directional stream protocol, the DSM 210 can send routed packets down the open communication conduit tunnel and receive traffic from eachDSC - The host console 208 and the subset of equipment in the second network form part of the VDN in which the host console 208 controls and manages the subset in second network by the
second DSC 212 traversing outbound through a local firewall and/or a customer's NAT routers to access the subset of equipment on the remote network. The host console 208 establishes a single out-bound connection to the DSM 210 controlling the VDN, which allows two-way communications, and then holds that out-bound connection open. The VDN via the DSCs cooperating with the DSM 210 may create dedicated TCP/IP connections between any two points on the Internet. -
FIG. 2 b illustrates a block diagram of an embodiment of a system with DSCs each having a conduit manager configured to provide a direct communication tunnel to the DSM by authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeping that connection open for future bi-directional communication on the established TCP/IP stream connection. Ahost console 208 b connects to aremote DSC 212 b via a local DSC and theDSM 210 b. The local and theremote DSC 212 b can both hold open a direct communication tunnel between themselves and theDSM 210 b for bi-directional communications. The direct TCP communication tunnel is a two-way TCP/IP stream connection/TCP session that is held opened to theDSM 210 b. The traffic on the incoming connection is then relayed through that session. The Conduit Manager in theremote DSC 212 b may use a certificate-based SSH (Secure Shell) encryption protocol to ensure secure, end-to-end communication between thehost console 208 b and the destination target device, such as a Motion Controller, via the direct TCP communication tunnel. After the traffic has been communicated, then the TCP session may then be closed. Thus, the direct TCP communication tunnel may be implemented via SSH. - In an embodiment, the direct TCP communication tunnel can also be a simple TCP port forwarder. The program is just listening to a local TCP port and all the received data will get sent to a remote host, the DSM. The direct TCP communication tunnel allows the user to bypass a firewall that does not allow a remote device to make inbound TCP/IP connections to your server.
- The remote DSC is also de-multiplexing the traffic from the direct communication tunnel to the network components on its associated local area network by decoding the header on the traffic and forwarding that traffic onto the target network component. The TCP packet header information in general identifies both the source port originally sending the data and the target destination port receiving the packet.
-
FIG. 3 illustrates a block diagram of an embodiment of a system having a central DSM and local DSCs to access to and from networked devices in networks protected by firewalls. The virtual device network is created by theDSM 310 andDSCs 302, 312 and the network devices associating with each DSC. The VDN inFIG. 3 operates similarly to the above descriptions forFIGS. 1 , 2 a, and 2 b except where noted. The IP redirector may have portions resident in both the DSC and the DSM. - Referring to
FIG. 7 , the IP redirector may include the access subsystem device management system and registry. TheConduit Manager 724 in the DSC notifies local DSC processes that the SSH session to the DSM has been fully established. The conduit's SSH shell session is attached to the IP redirector program portion in the DSM. The IP redirector program then sends periodic beacon packets that the DSC can use to ensure the direct communication tunnel is established and active. Some minor protocol capabilities may be present to allow the DSC/DSM 110 to perform bandwidth/latency estimates. SSH's TCP port-forwarding feature can be used to pass all other control and tunnel data between the DSM and DSC. TheConduit Manager 724 may also negotiate the “remote” port it can listen on from the DSM. -
FIG. 4 illustrates a state diagram of an embodiment of the Conduit Manager in the DSC. The Conduit Manager contains code to start and stop the direct TCP communication tunnel, determine when this direct TCP communication tunnel is idle or unexpectedly interrupted, etc. Inblock 402, when a pending TCP connection request comes in, the Conduit manager checks to see if any SSH tunnel is already established with the DSM. If not, inblock 404, the Conduit manager establishes a full or partial SSH session. Inblock 406, the Conduit manager negotiates authentication of that DSC with the DSM by each verifying their identity. - After the SSH session has been fully established and an identity of the DSC responsible for the point of origin is authenticated with the DSM, then in
block 408 traffic is allowed to pass in both directions in the direct communication tunnel. - In
block 410, if the tunnel has already been established, the DSC redirects the socket and refreshes the tunnel timer. - Referring to
FIG. 6 , theDSM 610 has an IP redirector program that consists of multiple routines implemented in software, logic or a combination of both. The DSC may also contain a portion of the IP redirector program. The IP redirector program may include portions in the DSC such as the Conduit Manager in the DSC, which has code scripted to provide basic secured network communication and manage the conduit tunnel between a DSC and the DSM and the Tunnel Manager in the DSC. - The
Tunnel Manager 624 portion of the IP redirector in theDSM 610 has code scripted to provide a secured multiplexed TCP session between the DSM and a DSC operating in Demux mode and the DSM and a DSC operating in Mux mode. - The above processes may be implemented by software code written in a given programming language, hardware logic components and other electrical circuits, or some combination of both.
- Accordingly, in an embodiment, the software used to facilitate the algorithms discussed above can be embodied onto a machine-readable medium. A machine-readable medium includes any mechanism that provides (e.g., stores and/or transmits) information in a form readable by a machine (e.g., a computer). For example, a machine-readable medium includes read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; Digital VideoDisc (DVD's), EPROMs, EEPROMs, FLASH memory, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
- Some portions of the detailed descriptions above are presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. These algorithms may be written in a number of different software programming languages. Also, an algorithm may be implemented with lines of code in software, configured logic gates in software, or a combination of both.
- It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the above discussions, it is appreciated that throughout the description, discussions utilizing terms such as “processing” or “computing” or “calculating” or “determining” or “displaying” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers, or other such information storage, transmission or display devices.
- In an embodiment, the logic consists of electronic circuits that follow the rules of Boolean Logic, software that contain patterns of instructions, or any combination of both.
- While some specific embodiments of the invention have been shown the invention is not to be limited to these embodiments. For example, most functions performed by electronic hardware components may be duplicated by software emulation. Thus, a software program written to accomplish those same functions may emulate the functionality of the hardware components in input-output circuitry. The invention is to be understood as not limited by the specific embodiments described herein, but only by scope of the appended claims.
Claims (22)
1. An apparatus, comprising:
a device service manager server (DSM) having an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that each have a management module to manage an access module to proxy communications for networked devices behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file in the DSC is scripted with code to at least include to determine a unique ID of that individual DSC device, to determine a current IP address of the DSC, to supply an IP address on the wide area network of the DSM, and to activate code to initiate communications with the DSM, wherein a device configuration engine in the DSC without a prompt by the DSM then sends an initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied IP address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes a master copy of the device configuration file in a registry of the DSM.
2. The apparatus of claim 1 , wherein a copy of the executable boot up file is embedded in a thumb drive with the executable boot up file scripted to request no network configuration settings from an end-user to properly install the DSC onto an existing network, where the thumb drive accompanies the DSC device and the DSC is a stand alone device further including a power connection and a network connection, which is deployed in the existing network by merely physically plugging in power to the power connection, plugging in the network connection to the existing network, and inserting the supplied thumb drive into a drive port.
3. The apparatus of claim 2 , wherein the DSC uploads the boot up file from the thumb drive via the drive port, uses contents of the executable boot up file to establish the secure communication channel, implemented via SSH, between the DSC and the DSM, connects to the DSM at its IP address on the WAN implemented via the Internet, and then authenticates itself via the unique ID to the DSM, wherein the DSM then looks up the unique ID in a reference table maintained in the DSM.
4. The apparatus of claim 1 , wherein the user data replication manager module distributes the device configuration file back out across the wide area network to the appropriate DSC in response to the DSC's registering with the registry in the DSM and also in response to a given DSC performing a system reset.
5. The apparatus of claim 1 , further comprising:
an auto discovery service resident in each DSC configured to find networked equipment on a local network, and the auto discovery service is configured to discover associated network devices on the local network by using a polling technique, wherein the DSC has a Graphical User Interface (GUI) to ask whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the DSM, and then the DSC device collects and sends out the initial configuration file with the designated visible network device information to the DSM via the secure communication channel, which the DSM automatically registers both the DSC and any associated network devices in the DSM-hosted Identity Registry.
6. The apparatus of claim 1 , further comprising:
a graphic user interface of the DSM to configure an automated device discovery service for each associated DSC, which creates multiple individual scan records that specify a specific protocol as a search mechanism, wherein when the automated device discovery service is activated, scan records are copied to the appropriate DSC, which uses the scan records to initiate periodic scans of the DSC's local LAN for attached network devices.
7. The apparatus of claim 6 , further comprising:
a discovery record created by the DSC for each network device discovered, and the discovery record includes at least an IP address of the discovered device, the discovery protocol used to locate the discovered network device, and an identifier of the discovering DSC; wherein resulting discovery records are replicated back to the DSM for use by the DSM.
8. The apparatus of claim 5 , wherein a graphic user interface of the DSM creates a full device configuration record in the registry from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device and a master copy of the device configuration file is stored in the DSM.
9. The apparatus of claim 1 , wherein the DSM provides registry service for each associated DSC and their network devices, as well as support services including dynamic Domain Name System (DNS), Lightweight Directory Access Protocol (LDAP) and Dynamic Host Configuration Protocol (DHCP).
10. The apparatus of claim 1 , further comprising:
a graphic user interface of the DSM configured to specify individual device associations, which are defined as a pairing of an existing device configuration with a specific discovered DSC device, wherein once a device has been associated, the DSM applies appropriate configuration changes and begins forwarding proxy connections to the DSC for network equipment as per a preset set of Access Rules maintained in the DSM.
11. The apparatus of claim 8 , further comprising:
a data replication manager in the DSM generates a local copy of the device configuration file from the master copy and then sends the local copy to the DSC for use and storage in the DSC.
12. The apparatus of claim 11 , wherein the DSC uses the secured communications channel implemented in SSH to fetch the local copy of the device configuration file from the DSM, and then the DSC updates its locally stored copy of the device configuration file, where the DSC then signals to DSM that the update is complete and the DSM updates the DSC's status of remote configuration in the registry of the DSM.
13. The apparatus of claim 1 , wherein the DSM provides centralized administration of a distributed system of DSC across the wide area network and proxy communications between those DSCs, where each DSC of the two or more DSCs serves as a local registration authority, accepting registration requests from associated network devices on a local network, as well as polling for associated network devices on the LAN.
14. An apparatus, comprising:
a device service controller (DSC) having a power connection, a network connection, a port for a portable computer readable medium, code resident in the DSC to read configuration information in the portable computer readable medium with an executable boot up file when prompted, and an access module to proxy communications for networked devices on a local area network with the DSC, wherein the executable boot up file in the DSC is scripted to at least include device configuration information to determine a unique ID of that DSC device, determine the DSC's current IP address, supply the IP address of a device service manager server (DSM) on the wide area network, and code to initiate communications with the DSM, and where the DSC uploads the executable boot up file from the portable computer readable medium, uses contents of the boot up file to establish a secure communication SSH channel between the DSC and the DSM, connects to the DSM at its IP address on the wide area network, authenticates itself to the DSM, and then the DSM distributes a device configuration file to be locally used by the DSC based on the device configuration information supplied from the DSC to the DSM.
15. The apparatus of claim 14 , further comprising:
a device configuration engine in the DSC configured to without a prompt by the DSM to send the device configuration information in an initial configuration file with at least the unique ID of the DSC device and the DSC's current IP address information via the secure communication channel to the DSM, and an IP redirector module receives this configuration information in the DSM, wherein DSM also has a user data replication manager module to create the device configuration file with the supplied device configuration information and additional information and then to make a master copy of the device configuration file in the DSM's registry.
16. The apparatus of claim 15 , wherein the DSC has a module configured to serve as a local registration authority accepting registration requests from associated network devices on a local network, the user data replication manager module distributes the device configuration file back out across the wide area network to the appropriate DSCs in response to the DSC's registering with the DSM and also in response to a given DSC performing a system reset, and the portable computer readable medium is a Universal Service Bus drive.
17. A method for administration of a distributed system of remote device controllers across a wide area network and proxy communications between those remote device controllers, comprising:
cooperating a central management station with two or more remote device controllers in the distributed system of remote device controllers, where a first remote device controller of the two or more remote device controllers proxy communications thru the central management station for networked devices behind a firewall on the wide area network relative to a location of the central management station on the wide area network;
distributing configuration information to the first remote device controller via a portable computer readable medium;
reading configuration information in the portable computer readable medium with an executable boot up file when prompted because the firewall can block direct communications with the first remote controller;
determining device configuration information including a current IP address of the first remote device controller and other information unique to the first remote device controller;
initiating a secure communication channel with an IP address of the central management station supplied in the configuration information in the portable computer readable medium;
creating the secure communication channel with the central management station via opening an outward bound bi-directional connection through the firewall with the central management station,
sending an initial configuration file with at least the first remote device controller's current IP address and other information unique to the first remote device controller via the secure communication channel to the central management station;
receiving this configuration information and creating a device configuration file with the configuration information and additional information and then making a master copy of the device configuration file in the central management station's registry;
generating a local copy of the device configuration file from the master copy; and
distributing the local copy to the remote device controller for use and storage in the first remote device controller.
18. The method of claim 17 , further comprising:
deploying the first remote device controller in a local network protected the firewall by merely supplying power to the first remote device controller, plugging in the network connection of the first remote device controller to the local network, and reading the configuration information from the supplied portable computer readable medium.
19. The method of claim 17 , further comprising:
accepting registration requests from associated network devices on a local network;
polling for associated network devices on the LAN;
reporting whether each discovered piece of network equipment protected by the firewall should be visible for remote access by at least the central management station; and
sending out the initial configuration file also including the designated visible network device information to the central management station via the secure channel, which the central management station registers both the first remote device controller and any associated network devices in the central management station's registry.
20. The method of claim 17 , further comprising:
creating a full device configuration record in a central registry from the initial configuration file with additional information including making pair associations of an existing device configuration with a specific discovered device.
21. An apparatus, comprising:
a device service manager server (DSM) having an IP redirector module configured to cooperate with two or more device service controllers (DSCs) that are behind a firewall on a wide area network relative to a location of the DSM on the wide area network, where the DSM serves as a central management station for a distribution of configuration information to the DSCs, wherein an executable boot up file uploaded via a drive port in that DSC is scripted to gather configuration information for that DSC and network devices on the same network as that DSC and without a prompt by the DSM then sends an initial configuration file to the DSM which makes a master copy of the device configuration file in a registry of the DSM for that DSC.
22. The apparatus of claim 21 , wherein an executable boot up file uploaded via a drive port in that DSC is scripted with code to at least include to determine a unique ID of that individual DSC device, to determine a current IP address of the DSC, to supply an IP address on the wide area network of the DSM, to determine an IP address of any network devices on the same network as that DSC, and to activate code to initiate communications with the DSM, wherein a device configuration engine in the DSC without a prompt by the DSM then sends the initial configuration file with at least the unique ID of that individual DSC device and the DSC's current IP address information via a secure communication channel to the supplied IP address of the DSM, and the IP redirector module receives this configuration information, cooperates with a user data replication manager module in the DSM to create a device configuration file with the initial configuration information and additional information and then makes the master copy of the device configuration file in the DSM's registry.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/341,651 US20150020186A1 (en) | 2007-10-24 | 2014-07-25 | Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US98238807P | 2007-10-24 | 2007-10-24 | |
PCT/US2008/081181 WO2009055716A1 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
US30606910A | 2010-05-21 | 2010-05-21 | |
US14/341,651 US20150020186A1 (en) | 2007-10-24 | 2014-07-25 | Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/306,069 Continuation US8825816B2 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
PCT/US2008/081181 Continuation WO2009055716A1 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150020186A1 true US20150020186A1 (en) | 2015-01-15 |
Family
ID=40580064
Family Applications (7)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/306,042 Abandoned US20100235481A1 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
US12/306,069 Expired - Fee Related US8825816B2 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
US12/306,145 Abandoned US20100241762A1 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central station to allocate virtual ip addresses |
US12/857,408 Abandoned US20110035470A1 (en) | 2007-10-24 | 2010-08-16 | Various Methods and Apparatuses for Tunneling of UDP Broadcasts |
US12/878,673 Expired - Fee Related US8793353B2 (en) | 2007-10-24 | 2010-09-09 | Systems and methods for creation of reverse virtual internet protocol addresses |
US13/080,566 Abandoned US20110246630A1 (en) | 2007-10-24 | 2011-04-05 | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
US14/341,651 Abandoned US20150020186A1 (en) | 2007-10-24 | 2014-07-25 | Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices |
Family Applications Before (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/306,042 Abandoned US20100235481A1 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
US12/306,069 Expired - Fee Related US8825816B2 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central management station for automatic distribution of configuration information to remote devices |
US12/306,145 Abandoned US20100241762A1 (en) | 2007-10-24 | 2008-10-24 | Various methods and apparatuses for a central station to allocate virtual ip addresses |
US12/857,408 Abandoned US20110035470A1 (en) | 2007-10-24 | 2010-08-16 | Various Methods and Apparatuses for Tunneling of UDP Broadcasts |
US12/878,673 Expired - Fee Related US8793353B2 (en) | 2007-10-24 | 2010-09-09 | Systems and methods for creation of reverse virtual internet protocol addresses |
US13/080,566 Abandoned US20110246630A1 (en) | 2007-10-24 | 2011-04-05 | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
Country Status (6)
Country | Link |
---|---|
US (7) | US20100235481A1 (en) |
EP (3) | EP2203832A4 (en) |
JP (3) | JP5456683B2 (en) |
CN (3) | CN101952810B (en) |
CA (3) | CA2703210A1 (en) |
WO (3) | WO2009055716A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180046171A1 (en) * | 2015-04-02 | 2018-02-15 | Agito Motion Systems Ltd | Centralized networked topology for motion related control system |
US20190182213A1 (en) * | 2017-12-13 | 2019-06-13 | Teloip Inc. | System, apparatus and method for providing a unified firewall manager |
US10360010B1 (en) * | 2017-07-21 | 2019-07-23 | Jpmorgan Chase Bank, N.A. | Method and system for implementing an ATM management and software policy tool |
US10579362B1 (en) * | 2017-07-21 | 2020-03-03 | Jpmorgan Chase Bank, N.A. | Method and system for implementing an ATM phone home and scrapper mapping tool |
US10944819B2 (en) | 2018-10-26 | 2021-03-09 | Hewlett Packard Enterprise Development Lp | Replication of an encrypted volume |
US11233850B2 (en) * | 2018-04-17 | 2022-01-25 | Hewlett Packard Enterprise Development Lp | Replicating data over a public network |
Families Citing this family (88)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070214232A1 (en) * | 2006-03-07 | 2007-09-13 | Nokia Corporation | System for Uniform Addressing of Home Resources Regardless of Remote Clients Network Location |
US8548607B1 (en) * | 2008-11-03 | 2013-10-01 | Autani Corp. | Automation system network management, architectures, and methods and applications thereof |
US20110040858A1 (en) * | 2009-08-13 | 2011-02-17 | Qualcomm Incorporated | Location determination during network address lookup |
JP5304555B2 (en) * | 2009-09-11 | 2013-10-02 | ブラザー工業株式会社 | Terminal device, communication method, and communication program |
US20110110377A1 (en) * | 2009-11-06 | 2011-05-12 | Microsoft Corporation | Employing Overlays for Securing Connections Across Networks |
US8310950B2 (en) * | 2009-12-28 | 2012-11-13 | Oracle America, Inc. | Self-configuring networking devices for providing services in a nework |
AU2011222509C1 (en) | 2010-03-05 | 2015-05-28 | Infrared5, Inc. | System and method for two way communication and controlling content in a web browser |
US8667574B2 (en) * | 2010-05-10 | 2014-03-04 | Canon Kabushiki Kaisha | Assigning a network address for a virtual device to virtually extend the functionality of a network device |
US8756311B2 (en) * | 2010-05-28 | 2014-06-17 | Openpeak Inc. | Shared heartbeat service for managed devices |
US8832236B2 (en) * | 2010-06-21 | 2014-09-09 | Fisher-Rosemount Systems, Inc. | Methods, apparatus and articles of manufacture to replace field devices in process control systems |
AU2011211426A1 (en) * | 2010-08-16 | 2012-03-01 | Lantronix, Inc. | Various methods and apparatuses for tunneling of UDP broadcasts |
US20130160082A1 (en) * | 2010-08-31 | 2013-06-20 | Lantronix, Inc. | Medical Device Connectivity to Hospital Information Systems Using Device Server |
EP2614455A4 (en) * | 2010-09-08 | 2015-04-15 | Lantronix Inc | Graphical tools for obtaining data from a medical device |
EP2622495A4 (en) * | 2010-09-27 | 2015-08-12 | Lantronix Inc | Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses |
KR101423743B1 (en) * | 2010-10-29 | 2014-08-01 | 한국전자통신연구원 | Method for supporting network-based mobility in virtual network environment that can be direct communication based on virtual IP |
US8825839B2 (en) * | 2010-11-24 | 2014-09-02 | Unisys Corporation | Snooping DNS messages in a server hosting system providing overlapping address and name spaces |
CN102571390B (en) * | 2010-12-10 | 2015-07-08 | 华为终端有限公司 | Equipment management method, equipment and system |
CN102572871B (en) * | 2010-12-30 | 2015-08-19 | 中国移动通信集团浙江有限公司 | A kind of method for supervising and device |
US9143480B2 (en) * | 2011-01-10 | 2015-09-22 | Secure Global Solutions, Llc | Encrypted VPN connection |
WO2012103930A1 (en) * | 2011-01-31 | 2012-08-09 | Telefonaktiebolaget L M Ericsson (Publ) | Determining a location address for shared data |
US9531754B2 (en) * | 2011-02-22 | 2016-12-27 | Dome 9 Security Ltd. | Methods, circuits, apparatus, systems and associated software applications for providing security on one or more servers, including virtual servers |
FI123551B (en) * | 2011-02-22 | 2013-07-15 | Tosibox Oy | Procedure and arrangement for the implementation of remote control in real estate |
CN102098309B (en) * | 2011-02-22 | 2014-04-16 | 杭州华三通信技术有限公司 | Device and method for realizing multiuser access to USB equipment |
US10009315B2 (en) | 2011-03-09 | 2018-06-26 | Amazon Technologies, Inc. | Outside live migration |
US9104993B2 (en) | 2011-04-28 | 2015-08-11 | Lantronix, Inc. | Asset management via virtual tunnels |
US8769072B2 (en) | 2011-05-31 | 2014-07-01 | General Electric Company | Systems and methods for identifying foundation fieldbus linking devices |
US8762528B2 (en) | 2011-05-31 | 2014-06-24 | General Electric Company | Systems and methods for write protecting foundation fieldbus linking devices |
US8713166B2 (en) | 2011-05-31 | 2014-04-29 | General Electric Company | Systems and methods for facilitating communication with foundation fieldbus linking devices |
US8868732B2 (en) | 2011-05-31 | 2014-10-21 | General Electric Company | Systems and methods for facilitating communication with foundation fieldbus linking devices |
US9130853B2 (en) * | 2011-05-31 | 2015-09-08 | General Electric Company | Systems and methods for identifying foundation fieldbus linking devices |
US8417669B2 (en) * | 2011-06-01 | 2013-04-09 | Sybase Inc. | Auto-correction in database replication |
WO2012170849A2 (en) * | 2011-06-08 | 2012-12-13 | Marvell World Trade Ltd. | Method and apparatus for dynamically adjusting a configurable parameter of a discovery protocol during discovery of devices in a wireless network |
US9021017B2 (en) * | 2011-09-03 | 2015-04-28 | Barracuda Networks, Inc. | Configuring a plurality of diverse devices/services from an adaptive configuration control hyper-server apparatus |
US8438240B2 (en) * | 2011-09-27 | 2013-05-07 | Cloudflare, Inc. | Distributing transmission of requests across multiple IP addresses of a proxy server in a cloud-based proxy service |
US8621038B2 (en) | 2011-09-27 | 2013-12-31 | Cloudflare, Inc. | Incompatible network gateway provisioned through DNS |
US9276974B2 (en) * | 2011-10-12 | 2016-03-01 | MarketChorus, Inc. | Topical activity monitor and identity collector system and method |
CN103297448B (en) * | 2012-02-24 | 2016-08-03 | 华为技术有限公司 | The fusion method of private cloud storage and system |
US9258380B2 (en) * | 2012-03-02 | 2016-02-09 | Realtek Semiconductor Corp. | Cross-platform multimedia interaction system with multiple displays and dynamically-configured hierarchical servers and related method, electronic device and computer program product |
WO2013143611A1 (en) * | 2012-03-30 | 2013-10-03 | Nokia Siemens Networks Oy | Centralized ip address management for distributed gateways |
US9798457B2 (en) | 2012-06-01 | 2017-10-24 | Microsoft Technology Licensing, Llc | Synchronization of media interactions using context |
US9381427B2 (en) * | 2012-06-01 | 2016-07-05 | Microsoft Technology Licensing, Llc | Generic companion-messaging between media platforms |
US9258704B2 (en) * | 2012-06-27 | 2016-02-09 | Advanced Messaging Technologies, Inc. | Facilitating network login |
US9052955B2 (en) * | 2012-07-25 | 2015-06-09 | Cisco Technology, Inc. | System and method for seamless application hosting and migration in a network environment |
US8687518B1 (en) * | 2012-09-20 | 2014-04-01 | Ixia | Automatic address configuration in a network test system |
KR20140092630A (en) * | 2013-01-16 | 2014-07-24 | 삼성전자주식회사 | User's device, communication server and control method thereof |
US9690746B1 (en) * | 2013-03-08 | 2017-06-27 | Crimson Corporation | Computing devices for sending and receiving configuration information |
US10263839B2 (en) * | 2013-03-15 | 2019-04-16 | Fortinet, Inc. | Remote management system for configuring and/or controlling a computer network switch |
WO2014184711A2 (en) * | 2013-05-13 | 2014-11-20 | Yandex Europe Ag | Method of and system for providing a client device with an automatic update of an ip address associated with a domain name |
CN103327136A (en) * | 2013-07-01 | 2013-09-25 | 浪潮电子信息产业股份有限公司 | Method for managing ip address of server management network card under dhcp network |
US8990376B1 (en) | 2013-11-01 | 2015-03-24 | Microsoft Technology Licensing, Llc | Managing server membership |
US9794218B2 (en) * | 2014-04-29 | 2017-10-17 | Trustiosity, Llc | Persistent network addressing system and method |
EP3155761B1 (en) * | 2014-06-02 | 2021-03-17 | Idevices, LLC | Systems and methods for secure communication over a network using a linking address |
CN103997760B (en) * | 2014-06-03 | 2017-03-22 | 洛阳愿景科技有限公司 | Data packing and collecting method for user electricity information collecting system |
WO2016009505A1 (en) * | 2014-07-16 | 2016-01-21 | かもめエンジニアリング株式会社 | Communication method and communication system |
US10374876B2 (en) * | 2014-12-11 | 2019-08-06 | British Telecommunications Public Limited Company | Configuration of server apparatus |
EP3035626A1 (en) * | 2014-12-19 | 2016-06-22 | TeliaSonera AB | Establishment of a system connection, a server and a system thereto |
CN104702591B (en) * | 2014-12-29 | 2019-06-28 | 国家电网公司 | A kind of method and system based on port forwarding multiplexing technology firewall-penetrating |
US10469313B2 (en) * | 2015-01-29 | 2019-11-05 | Nec Corporation | Data file registration management system, method, management apparatus, and recording medium |
US10455055B2 (en) * | 2015-04-02 | 2019-10-22 | Avaya Inc. | System and method for customization of a local application |
CN106161368B (en) | 2015-04-07 | 2020-04-14 | 阿里巴巴集团控股有限公司 | Method, device and system for remotely accessing cloud application |
CN105187243A (en) * | 2015-08-20 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Configuration upgrading system, configuration upgrading method and routing equipment |
IL240909A (en) | 2015-08-27 | 2017-04-30 | Syber 2 0 (2015) Ltd | Port scrambling for computer networks |
CN106685896B (en) * | 2015-11-09 | 2019-08-20 | 中国科学院声学研究所 | Clear data acquisition method and system in a kind of SSH agreement multilevel access |
WO2017114773A1 (en) * | 2015-12-28 | 2017-07-06 | Koninklijke Kpn N.V. | Establishment of a connection between two local devices connected to different networks |
EP3398376B1 (en) | 2015-12-28 | 2023-01-25 | Koninklijke KPN N.V. | Method and system for controlling access for a user equipment to a local device |
WO2017115356A1 (en) | 2015-12-31 | 2017-07-06 | Cyber 2.0 (2015) Ltd. | Monitoring traffic in a computer network |
JP6509774B2 (en) * | 2016-04-27 | 2019-05-08 | 双葉電子工業株式会社 | Communication system, transmitter, receiver and communication method |
US10749840B2 (en) | 2016-07-08 | 2020-08-18 | Waldemar Augustyn | Network communication method and apparatus |
CN106549956B (en) * | 2016-11-02 | 2019-12-24 | 惠州高盛达科技有限公司 | Local area network communication method combining UDP and TCP |
US20180234506A1 (en) * | 2017-02-14 | 2018-08-16 | Gu Zhang | System and methods for establishing virtual connections between applications in different ip networks |
CN107343058B (en) * | 2017-07-06 | 2020-09-04 | 北京网瑞达科技有限公司 | IP address distribution system and working method thereof |
JP2019179476A (en) * | 2018-03-30 | 2019-10-17 | オムロン株式会社 | Support apparatus, support program, and setting method |
EP3565221B1 (en) * | 2018-04-30 | 2020-10-28 | Siemens Aktiengesellschaft | Method for registering device names assigned to industrial automation devices or communication devices in a name service system and control component |
CN108989388B (en) * | 2018-06-08 | 2021-03-05 | 河海大学常州校区 | Remote valve control system and method based on OneNet platform |
US11190490B2 (en) * | 2018-10-02 | 2021-11-30 | Allstate Insurance Company | Embedded virtual private network |
CN112913196B (en) * | 2018-10-30 | 2023-06-06 | 慧与发展有限责任合伙企业 | Software-defined wide area network uplink selection with virtual IP addresses for cloud services |
US10778514B1 (en) | 2019-08-23 | 2020-09-15 | Noble Systems Corporation | Universal configurations |
US11784874B2 (en) | 2019-10-31 | 2023-10-10 | Juniper Networks, Inc. | Bulk discovery of devices behind a network address translation device |
US11159370B2 (en) * | 2019-10-31 | 2021-10-26 | Juniper Networks, Inc. | Bulk discovery of devices behind a network address translation device |
CN111131264B (en) * | 2019-12-26 | 2022-12-23 | 视联动力信息技术股份有限公司 | Video networking communication method and first video networking client |
CN111245914B (en) * | 2020-01-06 | 2022-07-22 | 北京小米松果电子有限公司 | Analog communication method and device of terminal equipment and storage medium |
CN111885174B (en) * | 2020-07-27 | 2023-01-17 | 佛山市霖罕崞信息科技有限公司 | Method and system for processing nodes in different network segments |
CN112929435A (en) * | 2021-02-03 | 2021-06-08 | 胡轶翔 | Inter-intranet communication method and communication equipment realized on IP layer |
US11464073B2 (en) * | 2021-02-11 | 2022-10-04 | Hewlett Packard Enterprise Development Lp | Automatic deployment of wireless or wired networks through clustering of gateways and tunneling of data traffic to the gateways |
CN113286010B (en) * | 2021-03-29 | 2022-12-02 | 深圳艾灵网络有限公司 | PLC communication method, device and storage medium based on local area network |
US11929981B2 (en) | 2021-09-15 | 2024-03-12 | Honeywell International Inc. | Batch assignment of IP addresses in a building control network |
CN114867077B (en) * | 2022-04-12 | 2023-11-07 | 中国电信股份有限公司 | Multi-hop route realization method, device, equipment and storage medium |
CN116233273B (en) * | 2023-05-09 | 2023-08-01 | 国网信息通信产业集团有限公司 | Message transmission system and method based on 5G communication network |
Family Cites Families (99)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5790548A (en) * | 1996-04-18 | 1998-08-04 | Bell Atlantic Network Services, Inc. | Universal access multimedia data network |
US6055575A (en) * | 1997-01-28 | 2000-04-25 | Ascend Communications, Inc. | Virtual private network system and method |
TW371736B (en) * | 1997-10-08 | 1999-10-11 | Yen-Yuan Chianh | Virtual IP gate and its IP construction |
JPH11122301A (en) * | 1997-10-20 | 1999-04-30 | Fujitsu Ltd | Address conversion connection device |
US6226751B1 (en) * | 1998-04-17 | 2001-05-01 | Vpnet Technologies, Inc. | Method and apparatus for configuring a virtual private network |
US6516417B1 (en) * | 1998-08-07 | 2003-02-04 | Nortel Networks, Limited | Virtual private networks |
US6615357B1 (en) * | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
US6850962B1 (en) * | 1999-05-07 | 2005-02-01 | Commercequest, Inc. | File transfer system and method |
US6725281B1 (en) * | 1999-06-11 | 2004-04-20 | Microsoft Corporation | Synchronization of controlled device state using state table and eventing in data-driven remote device control model |
US6523068B1 (en) * | 1999-08-27 | 2003-02-18 | 3Com Corporation | Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association |
WO2001025894A1 (en) * | 1999-10-05 | 2001-04-12 | Ejasent Inc. | Snapshot virtual-templating |
US6781982B1 (en) * | 1999-10-26 | 2004-08-24 | 3Com Corporation | Method and system for allocating persistent private network addresses between private networks |
FI20000574A (en) * | 2000-03-13 | 2001-09-14 | Nokia Mobile Phones Ltd | Load balancing in a communication system supporting IP mobility |
JP3574372B2 (en) * | 2000-03-14 | 2004-10-06 | Kddi株式会社 | DNS server, terminal and communication system |
US6948003B1 (en) * | 2000-03-15 | 2005-09-20 | Ensim Corporation | Enabling a service provider to provide intranet services |
US6631416B2 (en) * | 2000-04-12 | 2003-10-07 | Openreach Inc. | Methods and systems for enabling a tunnel between two computers on a network |
US7181542B2 (en) * | 2000-04-12 | 2007-02-20 | Corente, Inc. | Method and system for managing and configuring virtual private networks |
US7111163B1 (en) * | 2000-07-10 | 2006-09-19 | Alterwan, Inc. | Wide area network using internet with quality of service |
US6829250B2 (en) * | 2000-08-10 | 2004-12-07 | Verizon Communications Inc. | Automatic programming of customer premises equipment for vertical services integration |
US20020124090A1 (en) * | 2000-08-18 | 2002-09-05 | Poier Skye M. | Method and apparatus for data communication between a plurality of parties |
US7003481B2 (en) * | 2000-08-25 | 2006-02-21 | Flatrock Ii, Inc. | Method and apparatus for providing network dependent application services |
US20020038339A1 (en) * | 2000-09-08 | 2002-03-28 | Wei Xu | Systems and methods for packet distribution |
EP1364510B1 (en) | 2000-10-26 | 2007-12-12 | Prismedia Networks, Inc. | Method and system for managing distributed content and related metadata |
US6850982B1 (en) * | 2000-12-19 | 2005-02-01 | Cisco Technology, Inc. | Methods and apparatus for directing a flow of data between a client and multiple servers |
US7159111B1 (en) * | 2001-01-29 | 2007-01-02 | Microsoft Corporation | Isolation of communication contexts to facilitate communication of data |
US6687245B2 (en) * | 2001-04-03 | 2004-02-03 | Voxpath Networks, Inc. | System and method for performing IP telephony |
US7068646B2 (en) * | 2001-04-03 | 2006-06-27 | Voxpath Networks, Inc. | System and method for performing IP telephony including internal and external call sessions |
US7231430B2 (en) * | 2001-04-20 | 2007-06-12 | Egenera, Inc. | Reconfigurable, virtual processing system, cluster, network and method |
JP4352630B2 (en) * | 2001-04-27 | 2009-10-28 | 沖電気工業株式会社 | Connection proxy device |
US7788345B1 (en) * | 2001-06-04 | 2010-08-31 | Cisco Technology, Inc. | Resource allocation and reclamation for on-demand address pools |
US7197549B1 (en) * | 2001-06-04 | 2007-03-27 | Cisco Technology, Inc. | On-demand address pools |
US20020186698A1 (en) * | 2001-06-12 | 2002-12-12 | Glen Ceniza | System to map remote lan hosts to local IP addresses |
US7313819B2 (en) * | 2001-07-20 | 2007-12-25 | Intel Corporation | Automated establishment of addressability of a network device for a target network environment |
JP4186446B2 (en) * | 2001-09-11 | 2008-11-26 | 株式会社日立製作所 | Address translation method |
US7274684B2 (en) * | 2001-10-10 | 2007-09-25 | Bruce Fitzgerald Young | Method and system for implementing and managing a multimedia access network device |
JP4040403B2 (en) * | 2001-11-27 | 2008-01-30 | ソニー株式会社 | Information processing apparatus and method, recording medium, and program |
US8108524B2 (en) * | 2001-12-18 | 2012-01-31 | Perftech, Inc. | Internet connection user communications system |
US20030140142A1 (en) * | 2002-01-18 | 2003-07-24 | David Marples | Initiating connections through firewalls and network address translators |
US20030182363A1 (en) * | 2002-03-25 | 2003-09-25 | James Clough | Providing private network local resource access to a logically remote device |
JP3776821B2 (en) * | 2002-03-28 | 2006-05-17 | 富士通株式会社 | Address access system and method |
US7624437B1 (en) * | 2002-04-02 | 2009-11-24 | Cisco Technology, Inc. | Methods and apparatus for user authentication and interactive unit authentication |
US7159242B2 (en) * | 2002-05-09 | 2007-01-02 | International Business Machines Corporation | Secure IPsec tunnels with a background system accessible via a gateway implementing NAT |
US7058796B2 (en) * | 2002-05-20 | 2006-06-06 | Airdefense, Inc. | Method and system for actively defending a wireless LAN against attacks |
US7937471B2 (en) * | 2002-06-03 | 2011-05-03 | Inpro Network Facility, Llc | Creating a public identity for an entity on a network |
CN100337450C (en) * | 2002-08-05 | 2007-09-12 | 华为技术有限公司 | Communication method between virtual local area webs |
DE60221917T2 (en) * | 2002-11-27 | 2008-05-15 | Research In Motion Ltd., Waterloo | DATA TRANSMISSION FROM A HOSTSERVER VIA TUNNELSERVER TO A WIRELESS DEVICE AND ALLOCATION OF A TEMPORARY IPV6 ADDRESS TO A TEMPORARY IPV4 ADDRESS FOR COMMUNICATION IN AN IPV4 WIRELESS NETWORK WITH THE DEVICE |
CN1301611C (en) * | 2003-01-21 | 2007-02-21 | 三星电子株式会社 | Gateway for supporting communications between network devices of different private networks |
US20040249974A1 (en) * | 2003-03-31 | 2004-12-09 | Alkhatib Hasan S. | Secure virtual address realm |
US7949785B2 (en) * | 2003-03-31 | 2011-05-24 | Inpro Network Facility, Llc | Secure virtual community network system |
US7266715B1 (en) * | 2003-04-29 | 2007-09-04 | Cisco Technology, Inc. | Methods and apparatus for maintaining a virtual private network connection |
US7313605B2 (en) * | 2003-07-03 | 2007-12-25 | At&T Corp. | Externally controlled reachability in virtual private networks |
US7640319B1 (en) * | 2003-09-30 | 2009-12-29 | Nortel Networks Limited | Gateway shared by multiple virtual private networks |
US8661158B2 (en) * | 2003-12-10 | 2014-02-25 | Aventail Llc | Smart tunneling to resources in a network |
US20050198233A1 (en) * | 2004-01-07 | 2005-09-08 | Microsoft Corporation | Configuring network settings of thin client devices using portable storage media |
WO2005074208A1 (en) * | 2004-01-30 | 2005-08-11 | Matsushita Electric Industrial Co., Ltd. | Information processing device, server, communication system, address decision method, address modification method, and program |
US8065418B1 (en) * | 2004-02-02 | 2011-11-22 | Apple Inc. | NAT traversal for media conferencing |
JP2005301999A (en) * | 2004-03-19 | 2005-10-27 | Ricoh Co Ltd | Remote management system, device to be managed by same, communication control method, program, and recording medium |
JP2005277498A (en) | 2004-03-23 | 2005-10-06 | Fujitsu Ltd | Communication system |
WO2006003874A1 (en) * | 2004-06-30 | 2006-01-12 | Matsushita Electric Industrial Co., Ltd. | Communication device, communication setting method, communication setting program, and recording medium containing the communication setting program |
US8571011B2 (en) * | 2004-08-13 | 2013-10-29 | Verizon Business Global Llc | Method and system for providing voice over IP managed services utilizing a centralized data store |
US8200827B1 (en) * | 2004-10-25 | 2012-06-12 | Juniper Networks, Inc. | Routing VoIP calls through multiple security zones |
US7779461B1 (en) * | 2004-11-16 | 2010-08-17 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting multi-access VPN tunnels |
US7974223B2 (en) * | 2004-11-19 | 2011-07-05 | Corrigent Systems Ltd. | Virtual private LAN service over ring networks |
JP4339234B2 (en) * | 2004-12-07 | 2009-10-07 | 株式会社エヌ・ティ・ティ・データ | VPN connection construction system |
US8194640B2 (en) * | 2004-12-31 | 2012-06-05 | Genband Us Llc | Voice over IP (VoIP) network infrastructure components and method |
NO323215B1 (en) * | 2005-02-04 | 2007-01-29 | Tandberg Telecom As | Firewall / NAT Protected Network Monitoring and Configuration Procedure |
US7373661B2 (en) * | 2005-02-14 | 2008-05-13 | Ethome, Inc. | Systems and methods for automatically configuring and managing network devices and virtual private networks |
US7748035B2 (en) * | 2005-04-22 | 2010-06-29 | Cisco Technology, Inc. | Approach for securely deploying network devices |
EP1913729A4 (en) | 2005-07-04 | 2013-11-13 | Sk Telecom Co Ltd | Home network system, method of controlling the same, method of setting residential gateway for the same, and method of processing event protocol for the same |
JP4712481B2 (en) * | 2005-08-10 | 2011-06-29 | パナソニックシステムネットワークス株式会社 | Communication method and apparatus |
JP4327142B2 (en) * | 2005-09-29 | 2009-09-09 | パナソニック株式会社 | Information processing system, tunnel communication device, tunnel communication method, proxy response device, and proxy response method |
JP4038221B2 (en) * | 2005-12-08 | 2008-01-23 | フリービット株式会社 | Relay device and connection method between client device and server |
US7929012B2 (en) * | 2006-01-05 | 2011-04-19 | Cisco Technology, Inc. | Method and architecture for distributed video switching using media notifications |
US20070203974A1 (en) * | 2006-02-09 | 2007-08-30 | Baskey Michael E | Method and system for generic application liveliness monitoring for business resiliency |
US7921194B2 (en) * | 2006-03-09 | 2011-04-05 | Samsung Electronics Co., Ltd. | Method and system for remote access to universal plug and play devices |
WO2007149140A2 (en) * | 2006-03-30 | 2007-12-27 | Antlabs | System and method for providing transactional security for an end-user device |
US20070258464A1 (en) * | 2006-05-05 | 2007-11-08 | Dan Hall | Method and system for IP addressing |
CN101518041A (en) * | 2006-09-20 | 2009-08-26 | 阿尔卡特朗讯 | Systems and methods for implementing generalized conferencing |
US9094784B2 (en) * | 2006-10-10 | 2015-07-28 | Qualcomm Incorporated | Registration of a terminal with a location server for user plane location |
JP5072864B2 (en) * | 2006-12-27 | 2012-11-14 | パナソニック株式会社 | Communication system and domain management device |
US8050267B2 (en) * | 2007-02-19 | 2011-11-01 | Cisco Technology, Inc. | Simple virtual private network for small local area networks |
US7840701B2 (en) * | 2007-02-21 | 2010-11-23 | Array Networks, Inc. | Dynamic system and method for virtual private network (VPN) packet level routing using dual-NAT method |
US20080285436A1 (en) * | 2007-05-15 | 2008-11-20 | Tekelec | Methods, systems, and computer program products for providing site redundancy in a geo-diverse communications network |
US8340103B2 (en) * | 2007-05-29 | 2012-12-25 | Ca, Inc. | System and method for creating a secure tunnel for communications over a network |
JP4816572B2 (en) * | 2007-05-30 | 2011-11-16 | 富士ゼロックス株式会社 | Virtual network connection system and apparatus |
JP4803116B2 (en) * | 2007-05-31 | 2011-10-26 | 富士ゼロックス株式会社 | Virtual network connection device and program |
JP2009017429A (en) * | 2007-07-09 | 2009-01-22 | Fujitsu Ltd | Network relay control program, network relay control apparatus, and network relay control method |
JP4425298B2 (en) * | 2007-08-01 | 2010-03-03 | 富士通株式会社 | Packet routing control method, packet routing control program, terminal device, and VPN server |
JP4430091B2 (en) * | 2007-08-17 | 2010-03-10 | 富士通株式会社 | Packet routing control method, packet routing control program, terminal device, and VPN server |
US8838965B2 (en) * | 2007-08-23 | 2014-09-16 | Barracuda Networks, Inc. | Secure remote support automation process |
US8422397B2 (en) * | 2007-12-28 | 2013-04-16 | Prodea Systems, Inc. | Method and apparatus for rapid session routing |
EP2253123B1 (en) * | 2008-03-20 | 2013-08-07 | Telefonaktiebolaget L M Ericsson (PUBL) | Method and apparatus for communication of data packets between local networks |
US8429739B2 (en) * | 2008-03-31 | 2013-04-23 | Amazon Technologies, Inc. | Authorizing communications between computing nodes |
US8046480B2 (en) * | 2008-03-31 | 2011-10-25 | Amazon Technologies, Inc. | Embedding overlay virtual network addresses in underlying substrate network addresses |
US8369343B2 (en) * | 2008-06-03 | 2013-02-05 | Microsoft Corporation | Device virtualization |
FR2933834A1 (en) * | 2008-07-11 | 2010-01-15 | Canon Kk | METHOD FOR MANAGING DATA STREAM TRANSMISSION ON A TUNNEL TRANSPORT CHANNEL, TUNNEL HEAD, COMPUTER PROGRAM PRODUCT, AND CORRESPONDING STORAGE MEDIUM. |
JP2010114665A (en) * | 2008-11-06 | 2010-05-20 | Toshiba Corp | Method of controlling communication data and computer system |
US7921197B2 (en) * | 2008-11-19 | 2011-04-05 | Vmware, Inc. | Dynamic configuration of virtual machines |
US20100166002A1 (en) * | 2008-12-31 | 2010-07-01 | Motorola, Inc. | System and method of connecting two networks |
-
2008
- 2008-10-24 JP JP2010531285A patent/JP5456683B2/en active Active
- 2008-10-24 WO PCT/US2008/081181 patent/WO2009055716A1/en active Application Filing
- 2008-10-24 EP EP08841810A patent/EP2203832A4/en not_active Withdrawn
- 2008-10-24 US US12/306,042 patent/US20100235481A1/en not_active Abandoned
- 2008-10-24 US US12/306,069 patent/US8825816B2/en not_active Expired - Fee Related
- 2008-10-24 CN CN2008801232865A patent/CN101952810B/en not_active Expired - Fee Related
- 2008-10-24 CA CA2703210A patent/CA2703210A1/en not_active Abandoned
- 2008-10-24 US US12/306,145 patent/US20100241762A1/en not_active Abandoned
- 2008-10-24 CN CN2008801233232A patent/CN101952811A/en active Pending
- 2008-10-24 EP EP08842356A patent/EP2203833A4/en not_active Withdrawn
- 2008-10-24 CA CA2703204A patent/CA2703204C/en not_active Expired - Fee Related
- 2008-10-24 JP JP2010531288A patent/JP2011501624A/en active Pending
- 2008-10-24 WO PCT/US2008/081186 patent/WO2009055717A1/en active Application Filing
- 2008-10-24 CA CA2703206A patent/CA2703206C/en not_active Expired - Fee Related
- 2008-10-24 JP JP2010531284A patent/JP5318111B2/en not_active Expired - Fee Related
- 2008-10-24 CN CN200880123209XA patent/CN101918926B/en not_active Expired - Fee Related
- 2008-10-24 WO PCT/US2008/081191 patent/WO2009055722A1/en active Application Filing
- 2008-10-24 EP EP08840832A patent/EP2203831A4/en not_active Withdrawn
-
2010
- 2010-08-16 US US12/857,408 patent/US20110035470A1/en not_active Abandoned
- 2010-09-09 US US12/878,673 patent/US8793353B2/en not_active Expired - Fee Related
-
2011
- 2011-04-05 US US13/080,566 patent/US20110246630A1/en not_active Abandoned
-
2014
- 2014-07-25 US US14/341,651 patent/US20150020186A1/en not_active Abandoned
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180046171A1 (en) * | 2015-04-02 | 2018-02-15 | Agito Motion Systems Ltd | Centralized networked topology for motion related control system |
US10601608B2 (en) * | 2015-04-02 | 2020-03-24 | Agito Motion Systems Ltd. | Centralized networked topology for motion related control system |
US10360010B1 (en) * | 2017-07-21 | 2019-07-23 | Jpmorgan Chase Bank, N.A. | Method and system for implementing an ATM management and software policy tool |
US10579362B1 (en) * | 2017-07-21 | 2020-03-03 | Jpmorgan Chase Bank, N.A. | Method and system for implementing an ATM phone home and scrapper mapping tool |
US20190182213A1 (en) * | 2017-12-13 | 2019-06-13 | Teloip Inc. | System, apparatus and method for providing a unified firewall manager |
US10785190B2 (en) * | 2017-12-13 | 2020-09-22 | Adaptiv Networks Inc. | System, apparatus and method for providing a unified firewall manager |
US11233850B2 (en) * | 2018-04-17 | 2022-01-25 | Hewlett Packard Enterprise Development Lp | Replicating data over a public network |
US10944819B2 (en) | 2018-10-26 | 2021-03-09 | Hewlett Packard Enterprise Development Lp | Replication of an encrypted volume |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20150020186A1 (en) | Various Methods and Apparatuses for a Central Management Station for Automatic Distribution of Configuration Information to Remote Devices | |
US20140181248A1 (en) | Simple Remote Access Through Firewalls For Networked Devices and Applications | |
US8571038B2 (en) | Method to tunnel UDP-based device discovery | |
US20020023210A1 (en) | Method and system for managing and configuring virtual private networks | |
JP3831364B2 (en) | Communication system and security policy distribution method in the communication system | |
US20110141944A1 (en) | Topology discovery of a private network | |
FR2801754A1 (en) | Double IP address assignment procedure uses configuration file allows resource control across networks of LANs. | |
EP2421201A1 (en) | Various methods and apparatuses for tunneling of UDP broadcasts | |
WO2015059128A1 (en) | A forwarder selection protocol for a network and a respective cpe device | |
Cisco | Release Notes for the Cisco VPN 5000 Concentrator Software Version 6.0.21.0002 | |
Cisco | Release Notes for the Cisco VPN 5000 Concentrator Software Version 6.0.21.0001 | |
Cisco | Release Notes for the Cisco VPN 5000 Concentrator Software Version 6.0.21.0003 | |
Cisco | Release Notes for Cisco VPN 3000 Series Concentrator, Release 3.6.1 | |
CA2502321C (en) | A security management method for an integrated access device of network | |
Headquarters | IP Addressing: DHCP Configuration Guide, Cisco IOS Release 12.4 | |
Yoshihara et al. | A zeroconf approach to secure and easy-to-use remote access to networked appliances |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |