I. Field of the Invention
This invention relates to computer systems, in particular to network environments.
II. Background Information
Organizations use networks such as local area networks or wide area networks to share information and capabilities among devices and to allow users to communicate and exchange information. Such networks consist of numerous devices connected by links. Each device may perform various functions; for example a PC may at the same time run user applications and act as a network management console. As networks grow and the complexity of networks increase, managing networks becomes more difficult. When used herein, device may refer to any physical node in a network. For example, a device may be a PC, a workstation or a laptop running a user application programs, a router, an application gateway, a server, or any other device attached at some point in time to a network.
Traditional network management methods rely on centralized control using a limited number of management consolesxe2x80x94this has numerous drawbacks. Control and modification of network functionality and of user and network applications, is inflexible and time consuming. A human operator must visit a physical device to add, move, or alter an application, and each device must be dealt with differently.
Network administration requires knowledge of the state of the networkxe2x80x94information on the state and activities of specific devices and links. Currently, the distributed state of the network is determined at a management console indirectly through network device polling. The network state is not always accurately viewed from one central point. Inherent in networks is the unreliability of links; data may be delayed or lost and devices may be isolated due to link failures. Transmitting network state information between management consoles and other devices may range from difficult (e.g., when there is excess traffic), to impossible (e.g., when a device becomes isolated due to a link failure). State information is gathered more efficiently, quickly, and accurately at or near a device, rather than at a centralized command console. Tools for accurately gathering the distributed state of a network and possibly reporting to a central console do not exist; current systems are particularly deficient during network failures.
Furthermore, network management using centralized administration which reacts to state information from a distant command console and directs commands to a device is inefficient and inaccurate. Network administration information, such as commands, must traverse links to reach destinations, and thus suffers from the same transmission faults as network state information. Thus current network management systems, relying on centralized management, may not reliably transmit control information to devices. While a network is experiencing a disruption in its operation, e.g., a link failure, an abnormal amount of traffic, or an attack on the network, the above disadvantages are magnified. Adequate tools for distributed network management, which may alleviate problems inherent in centralized network management, do not exist.
That current networks concentrate so much management responsibility in a small number of locations increases their vulnerability. Management consoles may become isolated or may fail, with the result that the network may be unmanageable. In addition, current network management systems lack the tools to manage devices which are purposefully disconnected from a network for a period of time, such as laptop computers.
Another drawback of current network systems is the inflexibility of the applications using and controlling the network. Networks applications (e.g., a web server application, or router software) or other applications, such as word processors, are typically static packages installed by a person who visits the host device (i.e., the platform supporting the application) and configures the device. To add an application (e.g., to install a router on a device), reconfigure an application (e.g., add functionality) or to move the application among devices, a person must physically visit the affected devices. In current networks, applications cannot move by themselves, and the functionality of network devices must be altered by having an operator physically access the device and install, alter or upgrade an application. Current systems do not enable the addition or alteration of the functionality of a network device through remote methods, or from a central location. That applications cannot be easily added or moved makes inefficient use of network resources. For example, since it may be time consuming to install a router application at a device, currently it is not common practice to temporarily install such an application and then de-install it, freeing up resources, when the need for the application vanishes. No method exists for a version of a module with new functionality or a new application to be deployed to a diversity of devices and platforms. Furthermore, since platforms provide different interfaces to applications, current systems require that a different implementation of an application must be installed on each type of platform.
Mobile agent environments exist which allow an agent, a mobile software application, to execute on various devices on a network, to travel between devices on a network, and to maintain its state during its travels. One example is the Voyager(trademark) system, which allows agents developed in the Java(trademark) language to execute on a Java(trademark) Virtual Machine running on a device. Such systems may not be used for effective network management, however, as such systems do not allow agents to effectively and safely access resources, such as router tables, network traffic, network statistics, etc., necessary for network management. An application or agent participating in network management must have access to system resources. Similarly, since such systems do not allow effective access to resources, agents on such systems may not be used to augment device functionality, and may not be used as network or user applications. Such systems lack permissioning which would allow prior art agents to access resources in a manner which is tailored to each agent. Such systems lack the ability to circumscribe and limit prior art agents"" access to resources. Furthermore, since agents may not access a service across devices in a simple, device independent manner, such systems lack the ability to provide services or capabilities to agents on a wide variety of devices. Current systems do not allow agents to access resources which may exist on devices different from that on which the agent operates in a safe and controlled manner. Therefore, agents may not manipulate or manage remote devices.
Therefore there exists a need for a system and method allowing for network management functions to be decentralized and located closer to managed devices. There is a need for a system and method allowing effective network management tools or applications to move among devices on a network or to be augmented or reconfigured, without an operator physically accessing devices. There is a need for applications to have access to resources on a variety of devices in a device independent manner which ensures network security. There exists a need for a system allowing new functionality or applications to be deployed to network devices from a central location, without regard for the type of platform or device receiving the module.
A method and system are disclosed for providing an environment allowing agents to function on a set of devices having resources, the environment providing services allowing agents access to resources. Each agent has an associated permission list indicating which services the agent may access. Each agent may move from an environment on one device on a network to an environment on another device.