A server appliance self-adaptively configures to the operating parameters of a communications network to enable remote configuration control exclusively via the communications network. The server appliance includes a host computer system including a network interface controller and an operating system, executable by the host computer system, that is configurable by a defined set of network values for transmitting and receiving data packets through the network interface controller without network configuration conflicts. A control program, executable by the host computer system in conjunction with the operating system, determines, on initial start-up and specifically with respect to the communications network, an initial set of network values to configure the operating system. The control program is subsequently responsive to a first broadcast data packet containing network configuration parameters that are used to determine and apply a second set of network values to configure the operating system, which are then applied as the operating configuration of the operating system with respect to the network.
|
32. A method of communicating between computers over a network independent of conflicts and omissions in the network protocol configuration of said computers with respect to said network, said method comprising the steps of:
a) a first second one of the computers determining identifiers of others of the computers to establish a unique identifier for the first second computer to enable transmitting and receiving of messages through said network without network configuration conflicts;
b) the first computer broadcasting on the network an unrestricted first network broadcast message, the first message including information sufficient to enable a the second computer that receives the first message to transmit a message on the network;
c) the a first computer receiving a second message transmitted on said network by the second computer, wherein said second is message includes a unique identifier of the second computer;
d) in response to receiving the second message, the first computer broadcasting on the network a restricted third network broadcast message that is restricted to the second computer by the unique identifier, the third message conveying information to configure the second computer for communicating on the network.
12. A method of communicating between computers is over a network independent of conflicts and omissions in the network protocol configuration of said computers systems with respect to said network, said method comprising the steps of:
a) providing for establishment of a unique identifier for a first one of the computers by determining identifiers of others of the computers to enable transmitting and receiving of messages through said network without network configuration conflicts:
b) the a first computer receiving on the network a first network message broadcast onto said network by a second computer;
c) the first computer using information conveyed by the first message to enable the first computer to transmit a message on the network;
d) the first computer broadcasting a second network is message onto said network, wherein said second network message includes a unique identifier of the first computer within a predefined data portion of said second network message;
e) the first computer receiving on the network a third network message broadcast by the second computer and determining whether said predefined data portion of said third network message includes said unique identifier, wherein the presence of said unique identifier signifies that said third network message is intended for said first computer; and
f) in response to said determining, the first computer using information conveyed by the third network message to configure the first computer for communicating on the network.
7. A device coupleable to a communications network and capable of adapting to the operating network environment of said communications network subject to network protocol configuration requirements communicated through said communications network, said device comprising:
a) a host computer system including a network interface coupleable to said communications network;
b) an operating system, executable by said host computer system, that is configurable by a defined set of network values for transmitting and receiving messages through said network interface without network configuration conflicts, the operating system including a network protocol stack supporting the sending and receiving of network messages, including broadcast network messages; and
c) a control program, responsive to a first broadcast network message received by said host computer system from said communications network by determining from the first message information sufficient to enable the device to transmit a message on the network and by causing the host computer system to transmit on the network a second broadcast network message that includes a predetermined unique identifier of said device, the control program further responsive to a third broadcast network message received by said host computer system from said communications network and directed to the device by the identifier and containing network configuration parameters, by using the contained network parameters to configure the device for communicating on the network.
27. A first device coupleable to a communications network supporting selfdaptive self-adaptive initial configuration to the parameters of said communications network to enable remote configuration control exclusively via said communications network of a second device coupleable to the network, said first device comprising:
a) a network interface for coupling to the communications network;
b) means configured by a defined set of network values for transmitting and receiving messages through said network interface without network configuration conflicts and that supports broadcast transmissions of messages through said network interface; and
c) means for transmitting over the communications network a first unrestricted broadcast message whose receipt enables the second device to determine therefrom, specifically with respect to said communications network, and to apply to the second device an initial set of network values to configure the second device for broadcasting a message on the communications network; and
d) means responsive to receipt of a second message sent over the communications network by the second device and conveying an identifier of the second device, for transmitting over the communications network a third broadcast message and restricting the third broadcast message to the second device by means of the identifier, the third message containing network configuration parameters that enable the second device upon receiving the third message to determine and apply to the second device network values for transmitting and receiving messages through said communications network without network configuration conflicts.
1. A device coupleable to a communications network supporting self-adaptive initial configuration to the parameters of said communications network to enable remote configuration control of said device exclusively via said communications network, said device comprising:
a) a host computer system including a network interface for coupling to the communications network;
b) an operating system, executable by said host computer system, that is configurable by a defined set of network values for transmitting and receiving messages through said network interface controller without network configuration conflicts and that supports broadcast transmissions of messages through said network interface controller; and
c) a control program, executable by said host computer system in conjunction with said operating system, that responds to receipt over the communications network of a first broadcast message by determining therefrom, specifically with respect to said communications network, and applying an initial set of network values to configure said operating system for the communications network, and by using the initial set of network values to transmit a second message over the communications network conveying an identifier of the device, said control program being subsequently responsive to receipt over the communications network of a third broadcast message directed to the device by means of the identifier and containing network configuration parameters for said device by using said network configuration parameters to determine and apply network values of the defined set of network values to configure said operating system for the communications network.
22. A device coupleable to a communications network and capable of initially adapting to the operating network environment of said communications network subject to network protocol configuration requirements communicated exclusively through said communications network, said device comprising:
a) a host computer system including a network interface controller coupleable to said communications network;
b) an operating system, executable by said host computer system, that is configurable by a defined set of network values for transmitting and receiving messages through said network interface without network configuration conflicts, the operating system including a network protocol stack supporting the sending and receiving of network messages, including broadcast network messages, said network protocol stack being responsive to a predetermined set of types of unique identifiers for determining the source and destination of network messages; and
c) a control program responsive to a first broadcast network message received by said host computer from said communications network by determining from identifiers of the predetermined set that are included in the first message information sufficient to enable the device to transmit a message on the network, and causing the host computer to transmit on the network a second broadcast message that includes a predetermined unique identifier of said device that is of a type exclusive of said predetermined set of types, the control program further responsive to a third broadcast network message received by said host computer from said communications network, wherein said third broadcast message is uniquely identified to said device by inclusion of the unique identifier and wherein said third broadcast network message includes network protocol configuration parameters from which said control program determines and implements a derived network protocol configuration compatible with the operating network environment of said communications network.
2. The device of
3. The device of
the first broadcast message is an unrestricted broadcast message;
the second message is a broadcast message carrying a unique said identifier of the device; and
the third broadcast message is a restricted broadcast message that is restricted to the device by the unique identifier.
4. The device of
the identifier comprises
a media access control (MAC) address of a network interface card (NIC) of the network interface.
6. The device of
the device comprises a dynamic host configuration protocol (DHCP) server for the communications network.
8. The device of
the first broadcast network message is an unrestricted broadcast message; and
the third broadcast network message is a restricted broadcast message that is restricted to the device by the unique identifier of the device.
9. The device of
the unique identifier comprises
a media access control (MAC) address of a network interface card (NIC) of the network interface.
11. The device of
the device comprises a dynamic host configuration protocol (DHCP) server for the communications network.
13. The method of
a) the second computer encrypting said third network message with the unique identifier prior to the broadcasting of said third network message; and
b) the first computer decrypting said second network message after receiving the broadcast of said third network message.
14. The method of
the first computer sending to the second computer a fourth network message which includes network configuration information reflective of said network configuration parameters as adapted by said first computer.
15. The method of
a) determining, from said network configuration parameters, a derived network protocol configuration compatible with said network; and
b) applying said derived network protocol configuration to said first computer to permit communications between said computers subject to the applied network protocol configuration of said a computers.
16. The method of
the first computer broadcasting the fourth network message onto said network, wherein said fourth network message includes said unique identifier and said derived network protocol configuration within said predefined data portion; and
the method further comprises
the first computer receiving a broadcast of a fifth network message from said network, determining whether said predefined data portion of said fifth network message includes said unique identifier, and determining from the fifth network message whether said network configuration controller has accepted said derived network protocol configuration.
17. The method of
a) encrypting said predefined data portion of said fourth network message prior to broadcasting of said fourth network message; and
b) decrypting said predefined data portion of said fifth network message after receiving the broadcast of fifth network message.
18. The method of
the first network message is an unrestricted broadcast message; and
the third network message is a restricted broadcast message that is restricted to the first computer by the unique identifier.
19. The method of
the unique identifier comprises
a media access control (MAC) address of a network interface card (NIC) of the first computer.
20. The method of
the first computer is a server and the second computer is a client of the server.
21. The method of
the first computer comprises a dynamic host configuration protocol (DHCP) server of the communications network.
23. The device of
the first broadcast network message in an unrestricted broadcast message; and
the third broadcast message is a restricted broadcast message that is restricted to the device by the unique identifier.
24. The device of
the unique identifier comprises a media access control (MAC) address of a network interface card (NIC) of the network interface controller.
26. The device of
the device comprises a dynamic host configuration protocol (DHCP) server for the communications network.
28. The first device of
the second message is a broadcast message carrying a unique said identifier of the second device.
29. The first device of
the unique identifier comprises a media access control (MAC) address of a network interface card (NIC) of the second device.
30. The first device of
the second device is a server device; and
the first device is a client device of the server device.
31. The first device of
the second device comprises a dynamic host configuration protocol (DHCP) server for the communications network; and
the first device comprises a client of the DHCP server.
33. The method of
the second message is a network broadcast message broadcast on the network by the second computer.
34. The method of
the unique identifier comprises
a media access control (MAC) address of a network interface card (NIC) of the second computer.
35. The method of
the second computer is a server; and
the first computer is a client of the server.
36. The method of
the second computer comprises a dynamic host configuration protocol (DHCP) server of the communications network; and
the first computer comprises a client of the DHCP server.
|
|||||||||||||||||||
1. Field of the Invention
The present invention is generally related to the configuration and management of network connected computer systems and, in particular, to a server appliance that is automatically network adaptive to an otherwise unknown connected network and, further, is configurable securely over the network without requiring prior local configuration of the server.
2. Description of the Related Art
Although network connectivity has grown substantially both in the number of connected users and the scope of information that is available through public and private networks, fundamental configuration and reconfiguration problem remain. That is, in conventional networking systems, significant initial and ongoing maintenance is required to manage the individual network connection of each computer system with a particular network. This is conventionally true, whether the computer system is in a small network environment or just one of hundreds or more servers in a data-center facility.
The management of individual network connections represents a significant cost to users, to network computer providers, and to the network service providers. Until a computer system is properly configured and attached to the network, remote diagnostics and other centrally administrable configuration tests cannot be run. Conversely, an incorrectly configured computer system can significantly impair if not halt the functioning of an otherwise normally operating network. Thus, where the computer system user is not immediately familiar with the network connectively initialization process or is uninterested in performing the process themselves, an on-site service technician is required to configure DRAWINGSdrawingsLAN, LAN network 14 that can exchange network broadcast data packets with the LAN network 14. Thus, the locally connected client computer system 24 and the server appliance 12 are both immediately within the potential scope of configuration control of the configuration control application. The server appliance 28 will be within the scope of configuration control once the configuration of the server appliance 12 is established to enable the routing of broadcast data packets between the networks 14, 16. Conversely, a configuration control boundary is preferably established by the router 20 by blocking all broadcast data packets to or from the Internet 18. Although the router 20 blocks the routing of broadcasts between network segments, the router 20 may nonetheless respond to and be configured in response to broadcasts that can be sufficiently authenticated by the router 20.
The server appliances 12, 28 preferably execute a network operating system, such as the Linux™ operating system, which supports the execution of an application level program that implements the configuration protocols of the present invention. As shown in
A configuration management application 56 is preferably executed on each of the server appliances 12, 28, within the application execution environment supported by the operating system kernel 32. In accordance with the preferred embodiments of the present invention, the configuration management application supports a socket-level connection through the operating system kernel 32 with the TCP/IP stack. This allows fully qualified IP address TCP connections to be established through the TCP 34 and IP 38 layers to other computer systems present on a locally connected network, network 14, 16. IP broadcast connections are routed through the operating system kernel 32 and the UDP layer 36. Thus, the configuration management application 56 has the ability, consistent with the preferred embodiments of the present invention, to establish broadcast-based communications with other computer systems through the locally connected network 14, 16.
A modified DHCP server 58 is also preferably provided and potentially executed on each of the server appliances 12, 28. The configuration management application 56 is preferably capable of both enabling and disabling execution of the DHCP server 58. Through the modification of the DHCP server 58, the configuration management application is also able to direct the operation of the DHCP server to issue a DHCP protocol discovery request and to receive the results of that request. Specifically, a conventional DHCP server receives and responds to DHCP discovery requests from a network 14, 16, which are originated by remote DHCP clients. The DHCP server 58 is modified to allow the server 58 to itself issue a discover request to the networks 14, 16 in order to identify the operating presence of any remote DHCP server connected to and serving the networks 14, 16. The presence or absence of a responding remote DHCP server on the networks 14, 16 is reported back to the configuration management application 56.
Additionally, the configuration management application 56 is preferably capable of using the conventional capabilities of the operating system kernel 32 to provide and set IP alias addresses and static ARP addresses. Thus, an IP alias can be specified by the configuration management application through the appropriate operating system kernel 32 interface to have the IP address set 60 in the IP table 40 as an equivalent IP identifier for the TCP/IP stock stack. The IP layer 38 will therefore operate to recognize the IP alias address as a proper source and destination address for this TCP/IP stock stack.
Similarly, static ARP table 44 entries can be explicitly specified by the configuration management application 56. These entries are then set 60 in the ARP table 44 along with those entries that are automatically discovered from the attached networks 14, 16 through the conventional operation of the ARP protocols. Consequently, systems, systems such as the configuration management client can be explicitly identified by an ARP entry where such an entry would not otherwise be automatically entered.
Finally, a status flag 62 is preferably provided as an indicator of the configuration status of the network server 12, 28. This status flag 62 is preferably persistent through the use of some non-volatile memory, such as a NVRAM or a disk file. Since the server appliances 12, 28 utilize an Intel®-type industry standard architecture motherboard, which includes a battery-backed CMOS memory, server appliances without local disks could use the CMOS memory to store the status flag 62. In the preferred embodiments of the present invention, however, the operating system is loaded and operated from a local disk. A registry data structure, stored in a disk file, is preferably used to store the status flag 62. This registry is also preferably used to store other persistent information defining the configuration parameters of the server appliance 12.
The boot-up process implemented by a server appliance 12 generally in accordance with the present invention is shown in FIG. 3. Sections of the preferred process implementation are also provided in pseudocode form in Tables 1 through 4. Each time the server appliance 12 starts, a conventional power-on self-test (POST) and operating system load process 72 is performed. The configuration management application 56 is preferably started automatically as a background or daemon process. A current IP address and netmask are assumed by the server appliance 12. These values are the default values set during the factory construction of the sever appliance 12, where the server appliance 12 has not been previously configured. Alternately, the IP and netmask are assumed from their last configured values, which may be values corresponding to the currently connected network or another entirely different network against which the server appliance was previously configured.
TABLE 1
IP Check, Scan and Set
If (checkIPConflict(serverLAN.ipAddress) == TRUE) {
/* Use ARP protocol to find out whether the boot up LAN IP Address
assignment conflicts with another device in the network */
If (SERVER_UNINTIALIZED == TRUE) {
serverLAN.ipAddress == findAvailableIP(serverLAN);
/* find an available IP Address in the server network space.
Note: there is no client network known yet. */
setIP(serverLAN.ipAddress);
/* change the LAN IP Address to the available IP */
} else {
serverLAN.err = ERR_LAN_IP_ADDRESS_CONFLICT;
// Set error flag
errAlarm( );
// Report the fatal errors.
// This fatal error could be reported via several means:
// broadcast in the existing network
// email, paging, set alarm tone
serverLAN.ipAlias = findAvailableIP(serverLAN);
// find an available IP Address in the server network
setIPAlias(serverLAN.ipAlias, serverNet);
/* Set IP Alias for LAN interface with an avaialbe IP in the server
network */
}
}
In order to support a wide tolerance to different potential start-up circumstances, the validity of the assumed IP and netmask values are not determined from the state of the status flag 62. Where a server appliance 12 is formally prepared to be moved to another network, the status flag 62 may be reset to indicate that the server appliance 12 is in an uninitialized (SERVER_UNINTIALIZED) state. The IP address and netmask values may also be reset to their default values. To tolerate the absence of any such preparation, the present invention provides for an initial IP address conflict check 74, as indicated by the call to the checkIPConflict() routine in Table 1, independent of the state of the status flag 62. As reflected in the routine summary in Table 2, this call initiates an ARP interrogation of the locally connected network to obtain a list of all known IP addresses that are actively connected to the network. A comparison is then made to determine whether the IP address assumed by the server appliance 12 will be in conflict with the IP address assigned to any other computer system connected to the local network.
TABLE 2
checkIPconflict
STRUCT_PHYS_ADDR *checkIPconflict(STRUCT_IP ipAddress) {
/* Use gratuitous ARP protocol to obtain the list of PHYS_ADDR of
all network device with ipAddress.
- Return a pointer to the buffer that contains the physical addresses
of the devices with ipAddress (which indicate a conflict condition).
- Return NULL if there is no conflict.
Note: the ARP sender does not answer the ARP request and is
excluded. */
}
The IP conflict check implemented by the present invention makes no assumption about the nature of the local network, specifically in regard to how IP addresses are assigned. There is no reliance on the prior existence and proper configuration of a DHCP server on the local network. Further, there is no requirement for preconfiguring the server appliance 12 to specifically use either a network compatible static IP address or to operate as a DHCP client to acquire a compatible IP address. As will be evident, the present invention operates from the assumed IP address and netmask even if those values are incompatible with the local network.
Where an IP address conflict is detected, and where the status flag 62 indicates that the server appliance 12 has apparently been configured for the current local network 76, an error message is generated 78. Preferably, this message is provided to alert the system administrator of the occurrence of an unexpected IP address conflict.
Regardless of the state of the status flag 62, the present invention provides for automatically resolving any detected IP address conflict. The list of IP addresses in use is scanned 80 (Table 3) to identify an IP address that is not in use. Preferably, where the server appliance is uninitialized, an unused IP address is selected and set 82 as the IP address of the server appliance 12.
TABLE 3
findAvailIP
STRUCT_IP findAvailIP(NET_INFO netInfo) {
/* Sequence through all possible IP address of the network specified in
netInfo to locate an available IP address by using the checkIPconflict( )
routine.
Return the first IP that has no conflict.
Return all ones (binary) if there is no IP available in the network.
*/
}
Where the state of the server flag 62 indicates that the server appliance 12 has been previously configured, the assumption is made that another device or computer system has been erroneously configured and is the source of the conflict. An error message is preferably generated 78. A scan 80 is then performed and a free IP address is selected. While this IP address might be set as a new IP address for the server appliance 12, preferably the IP address is set 82 as an IP alias for the server appliance 12, respecting the presumed choice of the IP address earlier configured into the server appliance.
Depending 84 on the state of the status flag 62, either a probe of the locally connected network or a previously configured registry value will determine whether a DHCP server is started on the server appliance 12. As indicated in Table 4, a DHCP configuration registry value is checked 86 on an initialized server appliance 12 to determine whether to start 88 the DHCP server 58. The server appliance 12 then enters the normal run state 90 of the operating system 32. The configuration management system 56, however, remains operative in a wait state receptive to further configuration management commands to configure or reconfigure the server appliance 12.
TABLE 4
DHCP Detect
/* Probe the network for an existing DHCP Server if this is an
unintialized server *
If (SERVER_UNITIALIZED == TRUE) {
If (DHCP_Server_Exist( ) == TRUE) {
Do_not_load_DHCP Server( );
} else {
Load_DHCP Server( );
/* To Allow DHCP Clients Adapt its IP
settings so that it is compatible with
the default Server setup. */
}
} else {
/* If the server is intialized, then the registry will
determine whether to load the DHCP server. */
if (registry(DHCP_SERVER_ENABLED) {
Load_DHCP Server( );
}
}
Where the server appliance 12 is uninitialized 84, the DHCP server is pre-emptively started 92 under the continuing control of the configuration management application 58. A DHCP discovery process is initiated and responses from other DHCP servers are collected. Based on the collected responses, if any, the configuration management application 56 determines 96 to stop the DHCP server 58 or directly continue to the run state 90.
A configuration control application 100, generally illustrated in
In the preferred embodiment of the present invention, the configuration data exchanged by these broadcast messages in encrypted based on a password established between the configuration management and control applicants applications 56, 100. Where a server appliance 12 is in an uninitialized state, the first transaction between a configuration control application 100 and the configuration management application preferably forces the establishment of a new administration password that is then effectively unique to the particular instance of the server appliance 12. Encryption of the configuration data is then based directly or indirectly on this password.
In accordance with the present invention, the broadcast configuration messages provide a server appliance 12 with sufficient information to determine how to adapt to the network environment of the connected local network. Although the start-up process 70 enables the server appliance 12 to exist on the connected local network, the server appliance 12 is not necessarily configured sufficiently to enable direct communications with any other computer system attached to the local network. At a minimum, the IP address and netmask values assumed by the server appliance 12 may be entirely incompatible with those of the connected local network. Further, the IP address and netmask values assumed by the server appliance 12, those assigned to the client computer system 22 executing the configuration control application 100, or those assigned to some other computer system or device connected to the local network may be in actual conflict with one another. The present invention, nonetheless, enables communications between the configuration control client computer system 22 and the server appliance 12 sufficient to enable the server appliance 12 to determine and adapt to the network environment requirements of the locally connected network.
The communications between the server appliance 12 and the configuration control client 22 are performed through broadcast messages, initially unrestricted and subsequently restricted to a subnet as defined by a common netmask value shared by the server appliance 12 and the configuration control client 22. The unrestricted broadcast, typically an all-zeros IP address directed to a well-known configuration service port, is used in the discovery process 104 to elicit responses from all server appliances 12 regardless of their assumed IP address and netmask values. Each of these responses includes a unique identifier of the responding server appliance. In a preferred embodiment of the present invention, this unique identifier is based on the MAC address of the NIC through which the discovery broadcast was received and the response broadcast transmitted. Once the configuration control client 22 and server appliance are at least able to establish a common netmask valuer value, netmask restricted broadcast messages, still directed to the well-known configuration service port, are used.
An initial configuration transaction, using get_server_info_command (clientNet), provides the configuration management application 56 with the network environment settings of the configuration control client 22. A data structure, such as listed in Table 5, is provided as a basis for a server appliance to evaluate and adapt to the local network environment.
TABLE 5
Data Structure
struct NET_INFO {
STRUCT_IP ipAddress;
// IP Address
STRUCT_NETMASK netmask;
// Netmask
STRUCT_IP IP_Alias;
// IP alias, if any 0 means none.
STRUCT_PHYS_ADDR physicalAddress;
/* Physical Address of the interface, 0 means not found, all ones
means not applied. */
STRUCT_ERR err;
// status of the interface
} clientNet, serverLAN, serverWAN;
From the given client IP address and netmask, the configuration management application 56 is able to determine whether the server appliance 12 and configuration control client 22 are compatibly configured on the same subnet and whether either or both the client and server IP addresses are conflicted on the network.
In the absence of IP address conflicts and where the server appliance 12 and configuration control client 22 are configured for the same subnet, the configuration management application 56 preferably responds with an acknowledgment broadcast message, such as ackNetInfo(serverLAN), confirming to the client control application 100 the IP address and netmask of the server appliance 12 and that no conflicts or network incompatibilities are detected. The configuration control application 100 then preferably establishes a non-broadcast-based TCP/IP connection with the server appliance 12 and proceeds with any remaining configuration of the server appliance 12.
Where there is an IP conflict, though the server appliance 12 and configuration control client 22 are configured for the same subnet, the configuration management application 56 preferably first checks to determine the source of the conflict by executing the check_IP_conflict(serverLAN.ipAddress) routine. If a server IP address conflict is determined to exist, a resolve_server_IP_conflict(serverLAN) routine, generally as listed in Table 6, is executed.
TABLE 6
resolveServerIPConflict
int resolveServerIPConflict(NET_INFO serverLAN) {
if (authenticateClient( ) != AUTHENTICATED) { /* determine whether the
get_server_info_command( ) includes a correct administration
password. */
return ERR_NOT_AUTHENTICATED;
}
for (int i=0; i < MAX_RETRIES; i++) {
err = NO_ERR;
// NO_ERR == no error
serverLAN.ipAlias = findAvailableIP(clientNet);
/* find an available IP in the client network and set the
serverLAN.ipAlias to the available IP */
setIPAlias(serverLAN.ipAlias, clientNet);
/* set the server LAN IP alias so that it is compatible with the
client Network */
broadcast(MSG_IP_RESOLUTION_OFFER, allInfo);
/* broadcast all necessary info to client which includes the
serverLAN and clientNet data structure */
startTimeOut(MAX_TIME_OUT);
// start the timeout timer
waitMsg(revMessage);
/* wait for a message back from
the client */
if ((revMessage( ) != MSG_IP_RESOLUTION_OFFER_ACK) ||
((timeout( ) == TRUE) {
// Error condition
removeIPAlias)serverLAN.ipAlias);
if (timeout( ) == TRUE) err = ERR_TIME_OUT;
else err = NACK;
} else {
break;
// client ACK on the OFFER
}
}
if (err != NO_ERR) {
errHandler( );
return;
}
setStaticARP(clientNet);
/* Overwrite the ARP table with a static entry to associate the client
Physical Address with the client IP address. This way a connection to
the client can always be guaranteed. Note: the ARP static entry for
the client IP will always be removed after the connection is closed.
*/
}
Through this execution of the resolve_server_IP_conflict(serverLAN) routine, the configuration management application 56 determines and sets a non-conflicted IP alias address for the server appliance 12. Preferably, the selection of this IP address is conditional on the acceptance of the IP address by the configuration control application 100 through the presentation of the IP address as a selectable option of the configuration parameters 108.
If an IP address conflict is determined to exist relative to the configuration control client 22, a resolve_client_IP_conflict(clientNet) routine, generally as listed in Table 7, is executed.
TABLE 7
resolveClientIPConflict
int resolveClientIPConflict(NET_INFO clientNet) {
clientNet.ipAlias = findAvailableIP(clientNet);
/* find an available IP in the client network and set the
clientNet.ipAlias to the available IP. This is to inform the client that
there is a conflict, in case the client is not capable of detecting its IP
conflict condition. */
setStaticARP(clientNet);
/* Overwrite the ARP table with a static entry to associate the client
Physical Address with the client IP address. This way a connection to
the client can always be guaranteed. Note: the ARP static entry for
the client IP will always be removed after the connection is closed. */
}
Through the execution of the resolve_client_IP_conflict(clientNet) routine, the configuration management application 56 is able to force the association of an otherwise unused IP address with the configuration control client 22 by the setting of a corresponding static ARP entry. In effect, this establishes a reverse IP alias for the configuration control client 22 for the server appliance 12.
Finally, a broadcast message is sent from the server appliance 12 to the configuration control client to acknowledge the conflict-resolved configuration of the server appliance 12. At this point, the configuration control application 100 again preferably establishes a non-broadcast-based TCP/IP connection with the server appliance 12 and proceeds with any remaining configuration of the server appliance 12.
Where the configuration management application determines that there is a network incompatibility between the server appliance 12 and the configuration control client 22, specifically that the appliance 12 and client 22 are configured for different networks, the configuration management application additionally executes a resolveIPalias(clientNet) routine. This routine performs an IP address scan for an unused IP address within the client compatible network identified from the clientNet data structure. A setIPAlias(clientLAN.ipAlias, clientNet) routine is then executed with the result that an IP alias address is established for the server appliance 12 in and compatible with the client network environment. Thus, the server appliance 12 is both responsible for and capable of self-adaptation into the client network environment. A non-broadcast TCP/IP connection can then be established between the server appliance 12 and the configuration control client 22.
Once the configuration control client 22 has provided the necessary configuration control information 108 to a server appliance 12 to allow server configuration 110, a message may be sent to the configuration management application 56 to finalize the server configuration. Depending on the specifics of the particular operating system utilized by the server appliance 12, this re-initialization message may result 114 in the restarting of some service processes, a reload or reboot of the operating system, or no action at all. Preferably, once the server re-initialization 114 has been signaled, the configuration control application 100 determines 116 whether there are any remaining unconfigured server appliances. The process of providing configuration parameters 108 may automatically continue with any unconfigured server appliance 12. Alternately, the operator of the configuration control application 100 may elect to reconfigure any of the server appliances 12.
Referring now to
The process operation 130 of the configuration management application 56 is further detailed in FIG. 5B. Client broadcast messages containing a particular UMID, and therefore intended for a specific server appliance 12, are detected and routed 132 for decryption and authentication 134. The resulting data is then analyzed 136 to, for example, extract a clientNet data structure. Based on the analysis 136, an IP address scan 140 and tentative setting of an IP address or alias 142 may be performed as needed 138 to handle conflicts and network incompatibilities. The resulting server network environment information (serverNet) is then collected and encrypted 144 before being sent 146 as a broadcast reply to the configuration control application 100.
As part of the network parameter configuration process 108, such as to enable interactive control by a user of the configuration control application 100, the effectively proposed server network environment settings are provided to the configuration control application 100 for prior approval. Alternatively, the tentative setting of network parameters by the configuration management application 56 allows the configuration control application 100 the opportunity to provide a clientNet data structure reflecting a different network environment to the configuration management application. This allows the configuration control application 100 to cause the configuration management application 56 to adapt the network environment of, for example, a server appliance 28 to a network 16 different from that of the configuration control client 22.
After the tentatively set network environment parameters of the server appliance 12, 28 are considered by the configuration control application 100, a broadcast acceptance message is sent to the UMID identified configuration management application 56. This message type is recognized 132 and checked 148 to determine if the proposed configuration is acceptable or not. If not accepted, the IP address scan 140 and set 142 is repeated and the new network environment parameters of the server 12, 28 are again sent 146. Where accepted 148, however, a static ARP entry is set 150 and a server acknowledgment message is prepared 144 and sent 146.
Other, typically subsequent and non-broadcast messages, are also received from the configuration control application 100. These messages are routed 132 and decrypted and authenticated 134 as before. Based on the identified type of these messages, the data content analysis 136 preferably retrieves different data structures from the message content. The resulting data is used to identify and provide a basis basis, if not the actual value value, for establishing 152 other configuration settings of the server appliance 12, 28 including, but not limited to, network environment settings that are not handled by the DHCP protocol. These additional parameters preferably correspond to the hostname, security domain, and access permissions. As these additional parameters are successfully set, corresponding server acknowledgment messages are prepared 144 and sent 146.
The preferred process 160 of initially configuring server appliances 12, 28 for operation is generally shown in FIG. 6. With the base assembly 162 of a server appliance 12, preferably including an image copy of a disk drive containing the operating system and configuration management application, the hardware configuration is recorded in a database 164 organized by system identifiers. Each server appliance 12 is then serialized 166. This serialization includes establishing an initial unique hostname and setting a pseudo-random IP address for the server appliance 12. This hostname is preferably constructed by concatenating a defined prefix string, such as “SA,” with at least a portion of the MAC address from the specific LAN NIC adapter included in the construction of the server appliance 12. Similarly, the IP address is preferably constructed as the concatenation of the first two octets of a Class-A network and the least significant sixteen bits of the MAC address.
In a preferred embodiment of the present invention, the serialized hostname and IP address values are used as permanent identifiers of a particular server appliance 12. These values, and potentially hardware specific values such as the MAC address of any included NIC or NICs and the microprocessor hardware identifier code, may be used as the basis of a digital signature that is then coded into the configuration of the operating system. These values, including the digital signature if used, are also preferably recorded in the database 164 against the server identifier for the particular server appliance 12. The server appliance 12 is then ready for shipment, installation, and operation.
Subsequently, operating system, system configuration management application, and other software updates may become available. In accordance with the present invention, corresponding fixes and updates may be downloaded from, in effect, the manufacturing or maintenance facility for the server appliances 12. Any request for the update may be required to be validated 172 against the data stored in the database 164. Any server appliances 12 built without going through the serialization process 160 will therefore not be eligible for updates. Furthermore, any update obtained through the verification process 172 preferably will be specific to the serialization information stored in the database 164 for the downloading server appliance 12. The update can therefore be made to be unusable by any other server appliance 12. If the update is also digitally signed, there is little chance that the update can be manipulated for use by other than a single server appliance 12.
Thus, an efficient method and system for enabling the initial configuration and subsequent self-adaptive reconfiguration of a network connected computer system, such as a server appliance, to be performed remotely through the network has been described. While the present invention has been described particularly with reference to specialized server appliances, the present invention is broadly applicable to all network connected computer systems, servers, and appliances.
In view of the above description of the preferred embodiments of the present invention, many modifications and variations of the disclosed embodiments will be readily appreciated by those of skill in the art. It is therefore to be understood that, within the scope of the appended claims, the invention may practiced otherwise than as specifically described above.
Pham, Duc, Nguyen, Tien Le, Pham, Nom
| Patent | Priority | Assignee | Title |
| 10200476, | Oct 18 2011 | Itron, Inc | Traffic management and remote configuration in a gateway-based network |
| 8139515, | Dec 27 2007 | Google Technology Holdings LLC | Device and method of managing data communications of a device in a network via a split tunnel mode connection |
| 8819781, | Apr 20 2009 | Pure Storage, Inc | Management of network devices within a dispersed data storage network |
| 9973385, | Jan 31 2012 | Hewlett Packard Enterprise Development LP | Remote server configuration |
| Patent | Priority | Assignee | Title |
| 5812819, | Jun 05 1995 | Dialogic Corporation | Remote access apparatus and method which allow dynamic internet protocol (IP) address management |
| 5854901, | Jul 23 1996 | Cisco Technology, Inc | Method and apparatus for serverless internet protocol address discovery using source address of broadcast or unicast packet |
| 5884038, | May 02 1997 | RPX Corporation | Method for providing an Internet protocol address with a domain name server |
| 6101182, | Apr 18 1996 | Intellectual Ventures II LLC | Universal access multimedia data network |
| 6101499, | Apr 08 1998 | Microsoft Technology Licensing, LLC | Method and computer program product for automatically generating an internet protocol (IP) address |
| 6678732, | Aug 10 1998 | Fujitsu Limited | Dynamic host configuration protocol server for allocating IP addresses to a plurality of clients |
| 6892229, | Sep 30 1998 | Hewlett Packard Enterprise Development LP | System and method for assigning dynamic host configuration protocol parameters in devices using resident network interfaces |
| 7039688, | Nov 12 1998 | RICOH CO , LTD | Method and apparatus for automatic network configuration |
| 7281036, | Apr 19 1999 | Sightpath, Inc | Method and apparatus for automatic network address assignment |
| 20010005858, | |||
| 20020133573, | |||
| 20060155833, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Oct 17 2001 | CYBERIQ SYSTEMS, INC | AVAYA Inc | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 019960 | /0383 | |
| Jan 24 2002 | Avaya, Inc | Avaya Technology Corp | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 019960 | /0390 | |
| Sep 30 2005 | Avaya, Inc. | (assignment on the face of the patent) | / | |||
| Sep 30 2005 | Avaya Technology Corp | Avaya Technology LLC | CONVERSION FROM CORP TO LLC | 022677 | /0550 | |
| Jun 25 2008 | Avaya Technology LLC | AVAYA Inc | REASSIGNMENT | 021156 | /0287 | |
| Jun 25 2008 | AVAYA LICENSING LLC | AVAYA Inc | REASSIGNMENT | 021156 | /0287 | |
| Feb 11 2011 | AVAYA INC , A DELAWARE CORPORATION | BANK OF NEW YORK MELLON TRUST, NA, AS NOTES COLLATERAL AGENT, THE | SECURITY AGREEMENT | 025863 | /0535 | |
| Mar 07 2013 | Avaya, Inc | BANK OF NEW YORK MELLON TRUST COMPANY, N A , THE | SECURITY AGREEMENT | 030083 | /0639 | |
| Jan 24 2017 | Octel Communications Corporation | CITIBANK, N A , AS ADMINISTRATIVE AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 041576 | /0001 | |
| Jan 24 2017 | AVAYA Inc | CITIBANK, N A , AS ADMINISTRATIVE AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 041576 | /0001 | |
| Jan 24 2017 | AVAYA INTEGRATED CABINET SOLUTIONS INC | CITIBANK, N A , AS ADMINISTRATIVE AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 041576 | /0001 | |
| Jan 24 2017 | VPNET TECHNOLOGIES, INC | CITIBANK, N A , AS ADMINISTRATIVE AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 041576 | /0001 | |
| Nov 28 2017 | CITIBANK, N A | OCTEL COMMUNICATIONS LLC FORMERLY KNOWN AS OCTEL COMMUNICATIONS CORPORATION | BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL FRAME 041576 0001 | 044893 | /0531 | |
| Nov 28 2017 | CITIBANK, N A | AVAYA INTEGRATED CABINET SOLUTIONS INC | BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL FRAME 041576 0001 | 044893 | /0531 | |
| Nov 28 2017 | CITIBANK, N A | AVAYA Inc | BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL FRAME 041576 0001 | 044893 | /0531 | |
| Nov 28 2017 | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A | AVAYA Inc | BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL FRAME 030083 0639 | 045012 | /0666 | |
| Nov 28 2017 | THE BANK OF NEW YORK MELLON TRUST, NA | AVAYA Inc | BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL FRAME 025863 0535 | 044892 | /0001 | |
| Nov 28 2017 | CITIBANK, N A | VPNET TECHNOLOGIES, INC | BANKRUPTCY COURT ORDER RELEASING ALL LIENS INCLUDING THE SECURITY INTEREST RECORDED AT REEL FRAME 041576 0001 | 044893 | /0531 | |
| Dec 15 2017 | ZANG, INC | GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045034 | /0001 | |
| Dec 15 2017 | AVAYA Inc | GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045034 | /0001 | |
| Dec 15 2017 | AVAYA INTEGRATED CABINET SOLUTIONS LLC | GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045034 | /0001 | |
| Dec 15 2017 | VPNET TECHNOLOGIES, INC | GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045034 | /0001 | |
| Dec 15 2017 | AVAYA INTEGRATED CABINET SOLUTIONS LLC | CITIBANK, N A , AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045124 | /0026 | |
| Dec 15 2017 | OCTEL COMMUNICATIONS LLC | CITIBANK, N A , AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045124 | /0026 | |
| Dec 15 2017 | VPNET TECHNOLOGIES, INC | CITIBANK, N A , AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045124 | /0026 | |
| Dec 15 2017 | ZANG, INC | CITIBANK, N A , AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045124 | /0026 | |
| Dec 15 2017 | AVAYA Inc | CITIBANK, N A , AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045124 | /0026 | |
| Dec 15 2017 | OCTEL COMMUNICATIONS LLC | GOLDMAN SACHS BANK USA, AS COLLATERAL AGENT | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 045034 | /0001 | |
| Apr 03 2023 | CITIBANK, N A , AS COLLATERAL AGENT | AVAYA MANAGEMENT L P | RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124 FRAME 0026 | 063457 | /0001 | |
| Apr 03 2023 | CITIBANK, N A , AS COLLATERAL AGENT | AVAYA HOLDINGS CORP | RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124 FRAME 0026 | 063457 | /0001 | |
| Apr 03 2023 | CITIBANK, N A , AS COLLATERAL AGENT | AVAYA INTEGRATED CABINET SOLUTIONS LLC | RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124 FRAME 0026 | 063457 | /0001 | |
| Apr 03 2023 | CITIBANK, N A , AS COLLATERAL AGENT | AVAYA Inc | RELEASE OF SECURITY INTEREST IN PATENTS AT REEL 45124 FRAME 0026 | 063457 | /0001 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | AVAYA MANAGEMENT L P | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | CAAS TECHNOLOGIES, LLC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | HYPERQUALITY II, LLC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | HYPERQUALITY, INC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | VPNET TECHNOLOGIES, INC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | OCTEL COMMUNICATIONS LLC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | AVAYA INTEGRATED CABINET SOLUTIONS LLC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | INTELLISIST, INC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | AVAYA Inc | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 | |
| May 01 2023 | GOLDMAN SACHS BANK USA , AS COLLATERAL AGENT | ZANG, INC FORMER NAME OF AVAYA CLOUD INC | RELEASE OF SECURITY INTEREST IN PATENTS REEL FRAME 045034 0001 | 063779 | /0622 |
| Date | Maintenance Fee Events |
| Mar 02 2011 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Mar 18 2015 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| Date | Maintenance Schedule |
| Dec 01 2012 | 4 years fee payment window open |
| Jun 01 2013 | 6 months grace period start (w surcharge) |
| Dec 01 2013 | patent expiry (for year 4) |
| Dec 01 2015 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Dec 01 2016 | 8 years fee payment window open |
| Jun 01 2017 | 6 months grace period start (w surcharge) |
| Dec 01 2017 | patent expiry (for year 8) |
| Dec 01 2019 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Dec 01 2020 | 12 years fee payment window open |
| Jun 01 2021 | 6 months grace period start (w surcharge) |
| Dec 01 2021 | patent expiry (for year 12) |
| Dec 01 2023 | 2 years to revive unintentionally abandoned end. (for year 12) |