1. Field of the Invention
The present invention is in the field of network management and support. More specifically, the invention provides a system for remotely and securely monitoring and managing a plurality of disparate networks and systems, which, among other capabilities, can monitor events in real time, selectively or globally, throughout all managed networks, and access and manage individual network elements to any internal depth within each managed network, without requiring special access to the network, and without regard to the architectures, business purposes or addressing schemas of or within the managed networks.
2. Description of the Related Art
Modern data and communications networks are highly complex and require substantial management in order to keep those networks and the services they provide up and running smoothly. Among the activities within the scope of “network management” is monitoring a network and the health of its systems and components in order to spot problems as soon as possible, preferably before users or business processes are affected. Other activities within the scope of such management include operation, administration, maintenance, and provisioning.
Numerous systems exist for providing the types of management and support referenced above, on a network-by-network basis.
Many organizations require complex networks, but lack the resources to manage them, lack the budget to acquire a fully-outfitted management system for their individual network, or believe that they could better economize if it were possible to outsource this activity. An organization tasked with managing networks for a plurality of disparate customers will face multiplied expenses, however, if it must provide a separate management infrastructure for each customer. A need therefore exists for systems capable of remotely but centrally and securely managing a plurality of disparate networks, meaning networks under different ownership or management, or otherwise characterized by having different architectures, different management policies, different business purposes, and/or different overall design.
A large number of access methods exist to support network and network device management within, or directed to, any given network. Access methods include Simple Network Management Protocol (SNMP), Command Line Interfaces (CLIs), custom XML, CMIP, Windows Management Instrumentation (WMI), Transaction Language 1, CORBA, netconf, the Java Management Extensions (JMX), the Java Messaging Service (JMS), SOAP, and XML-RPC. These are primarily low-level protocols that help get management jobs done, but do not address the issues involved in managing a plurality of disparate networks.
As mentioned above, systems currently exist for managing entire enterprise-level networks. Popular systems include OpenView® from Hewlett-Packard Corporation, Unicenter® from Computer Associates, and IBM Tivoli® Framework. However, these systems were developed primarily to manage individual enterprise-level networks. They have only limited capabilities for managing completely disparate networks. Another example of such a system is the Solarwinds® Orion® Network Performance Monitor. However, the Solarwinds system uses stateless communications methods and is directed to monitoring rather than remote management of individual devices within the monitored networks. A somewhat different approach is that of Jumpnode Systems LLC, as reflected by U.S. Pat. Pub. No. 2006/0218267 A1, which provides a hardware appliance that can be installed in a local network to monitor local network events and communicates the collected information to a remote management center. However, the Jumpnode® appliances track network events locally and are therefore vulnerable to loss of connectivity and consequent data loss and security risks. Moreover, each of the hardware appliances must have its own “Internet drop” (or other access point (such as a modem port) directly accessible from outside the local network) to make the requisite connections to the remote management facility, and the appliances rely on stateless communications and polling, which does not provide for real-time data acquisition.
Tools also exist for internetwork communications, such as proxy servers, remote control software systems such as GoToMyPC® (now owned by Citrix Systems), and Alarmnet™ (by Honeywell Security Systems). However, these tools do not provide a way to communicate beyond the first level of a managed network without special arrangements, such as special credentials, VPN access, a special opening in a firewall, etc., or manual construction of sockets and tunnels, allowing deeper access. They also do not provide a mechanism for reducing the enormous volume of data that might result from indiscriminately monitoring all events across a plurality of managed networks and systems, other than opting to view only one data source at a time. In addition, centralized polling is often performed from a management network separate from end-user community networks, resulting in a lack of fidelity of that end-user's local perspective of the availability of polled resources. Furthermore, measuring from a distance can introduce artificial statistics in the actual measurements taken, such as latency.
Similarly, tools such as Network Address Translation (NAT) exist to isolate the inner workings and resources of networks from outside view and access, and NAT systems can be configured to forward messages to specified internal network destinations and resources. Examples of this approach are reflected in U.S. Pat. No. 6,581,108 (assigned to Lucent Technologies, Inc.) and U.S. Pat. Pub. Nos. 2005/0271047 A1 and 2006/0029083 A1. However, such facilities are of limited utility for remote management. NAT connections initiated from inside the NAT domain are session based. Special provision can be made to forward connections initiated from the outside. However, externally managing networks through a NAT firewall is impractical, because one would have to configure the NAT to make each network element within the NAT accessible from outside.
Systems that have attempted to manage multiple networks have not satisfactorily dealt with a number of issues, including:                Overlapping private address spaces among the managed networks. Disparate networks may well utilize the same private address allocation, resulting in conflicts. Existing workarounds have involved assigning different network schemas, which can be prohibitively inconvenient and expensive, particularly in light of the need to change the entire schema at once; attaching to one network at a time, through VPN or static routing, thus creating time gaps in monitoring or providing multiple management infrastructures at great duplication and expense. Another approach, as reflected in U.S. Pat. No. 7,302,469, assigned to Ricoh Company, Ltd., is to use instead a schema presumed to be globally unique, such as one based on MAC addresses. However, such a system, while providing a monitoring capability, does not provide any means for a remote facility, external to the devices' local network, to address the devices individually in order to manage them.        Need for special arrangements to access and manage processes and resources within each network. No general method has existed for remotely managing network processes and resources without providing some “special” means of access, such as a VPN, a hole in a firewall or the like. All of the prior approaches involve expense, inconvenience or security compromises that are unacceptable to many potential customers for network management services.        Overwhelming amount of network event information. Each network is capable of generating a very high volume of event information for purposes of monitoring. The volume of this information multiplies when a plurality of networks are aggregated for management. Existing systems have not adequately dealt with the issue of how to limit the event information to what is relevant, without compromising the continuous ability to monitor relevant information.        
Accordingly, there is a need for a practical and effective methodology for managing and servicing a plurality of disparate networks from a single, common infrastructure, in a manner supported by prevailing customer firewall and security practices without extensive or inconsistent provisions for special access, and for a converged network management application that takes advantage of those techniques and delivers a management platform as a service that can view and/or manage all managed networks in the aggregate, or any one of them individually.