A data network can have a large number of computers and other entities connected therein. Devices such as user terminals and machine type terminals are often called as the host. The hosts can run a large number of various functionalities and features, such as security features that need to be controlled and administered. Various management applications have therefore been developed to provide assistance in operating a data network. A management application typically needs to collect substantial amounts of structured information such as data relating to configurations from a large number of computers and directories.
For example, systems for managing keys, for example Secure Shell (SSH) keys, need to collect information about hosts, user accounts on hosts, and keys configured for users on hosts frequently. Information related to authenticators such as SSH keys generally includes information about authentication and mounted file system configuration on a host. Information about local user accounts may also be included. Various configuration information for each user on the host can also be included. This can possibly include users defined in directories such as LDAP (Lightweight Directory Access Protocol) directories or Active Directory. For users, the information typically includes any identity keys and authorized keys configured for each user.
Collection of such information may be needed several times per day. Such systems may be used for managing large environments, even with millions of user accounts, including local accounts, and tens of thousands of computers. Thus the database storing this information can become very complex.
Often there is no change in the collected configuration information compared to earlier information. The amount of configuration information received from each host can also be substantial.
Parsing the configuration information, comparing it to previous information in a database, and updating a complex database to reflect any changes can cause significant load on the database, processor and memory usage. This is exacerbated by the potentially very large number of user accounts, hosts, and keys and/or other authenticators that may be present in large organizations.
Reduction in the amount of processing needed when handling new configuration information for hosts stored in a remote location would thus be desired.
The volume of data transfer for the configuration information updates can also be substantial. This can be especially the case if new information is obtained from hosts frequently. There can thus also be a desire to reduce the amount of data that needs to be transferred when the configuration information has not changed.
It is noted that the above discussed issues are not limited to any particular system and data processing apparatus but may occur in any system where collection and storing of updated structured data may be needed.
Embodiments of the invention aim to address one or several of the above issues.