The present invention relates to Service Management Systems for computer networks. In particular, the present invention provides a Service Management Platform that allows an administrator higher up in a hierarchical arrangement to define the scope of policies for the services offered, and users lower in the hierarchical arrangement to customize the policies within the scope of policies thus defined by the administrator.
Managed Service Providers (MSPs) offer managed network services to their customers. They offer services such as firewall, intrusion detection and protection, anti-virus protection, virtual private network etc. to their customers, and manage these for their customers.
The managed services offered by MSPs today differ from MSP to MSP. It may, at minimum, be co-locations of servers and/or network equipment of the customer at the MSP location and accesses to them for the customer. Or, it may be the installation and management of equipment and servers for the customer by the MSP, or even managing policies and/or rules for the customer.
One of the major issues that MSPs face in managing services for the customers is the issue of how much control the MSP has and how much is available to the customer. While it is of utmost importance to the MSP to keep control over the service being offered to the customer, if they want to provide any service guarantees to the customer, this becomes an operational issue for both the service providers as well as customers. This is because if the customer has to approach the MSP for any customization in the service or any change in rules/policies, it would lead to delay and operational costs for both MSP and the customer.
The same reasoning applies for enterprise deployment as well. Since most multi-site (and/or multi-department) enterprises have multiple security devices with consistent security policies, these consistent security policies are maintained through communication means such as email, document sharing, paper guidelines, etc. These means, however, do not allow the global security policy to be enforced consistently without manual communication processes.
To overcome the above issues, MSP and enterprise administrators need a mechanism such that they can define service rules and allow customers/location administrators to redefine the rules within the scope of the service rules.
In the past, solutions have been developed that allow the customers some level of management. However, all these solutions have worked on principle of either partitioning the functionality of management, or allowing customers to only do a subset of the management operations that an MSP could do. Further, in some solutions, the monitoring aspects of management were made available to customers while the configuring or policy definition was retained by the MSP. No solution allowed the MSPs to define the policies/rules in such a way that the customers could customize the rules as per their needs within the scope of the policies defined by the service provider.