Field
Embodiments of the present invention generally relate to the field of network management. In particular, various embodiments relate to methodologies for provisioning and managing a network having a large number of network devices.
Description of the Related Art
A computer network or network is a plurality of network devices connected together. At the risk of stating the obvious, the world today depends upon functionality provided by computer networks. This dependence upon networks is growing.
Network devices are the fundamental component of the network, and come in a variety of types and forms including routers, firewalls and Unified Threat Management (UTM) devices. For a network to function properly, the network devices making up the network must be configured properly, regardless of device type, location, or any number of parameters affecting device or network behavior. Substantial resources inevitably go into management of the network devices.
In deploying a corporate computer network, most companies use same or similar type devices to reduce required management resources. Likewise, many of the devices in such a network typically share at least some common policies or rules. For example, company wide network policies control access to certain websites or types of websites, provide or define specific attack avoidance mechanisms, and define mechanisms for detecting email spam. Within the company wide network, certain subsets of devices may also share common policies. At an even finer level of granularity, the individual device often has specific and sometimes unique policies, such as their own routing policy or gateway.
Current solutions lack suitable mechanisms for implementing network wide policy configurations applicable to selected sets of devices. This forces the company IT worker to set the policy on each device, regardless of any overlap in policy configuration from device to device. Accordingly, there exists a need for improved mechanisms for managing networks hosting many devices that will enable application of policy configuration across groups of devices.