A managed network (e.g., an enterprise network) often includes a large number of machines and devices configured to perform a wide variety of functions. System, security, and resource management on a network, such as collecting real-time information regarding systems and resources in the network and dynamically modifying and reallocating resources and data in the network, requires a substantial amount of computation and communication resources. An important aspect of system, security, and resource management on a network involves monitoring entry of unmanaged machines into the network, and taking prompt and appropriate actions to control and mitigate the security and economic risks associated with such entry. Managed machines are devices on the network that are subject to complete monitoring and control from a central management server, for instance by having the correct management software installed, which would enable them to communicate with and respond to actions propagated from a central management server.
Effective control of unmanaged machines present in the network involve actions on multiple levels, including fast detection of unmanaged machines in the network, obtaining information about the unmanaged machines, remedying any security vulnerabilities introduced by these unmanaged machines, and establishing subsequent management of the unmanaged machines, for example. As an unmanaged machine can enter and exit a network within a very short amount of time, and potentially cause significant damage (e.g., infecting other machines with malware, and causing data loss and/or security breach, etc.) to the network within such a short amount of time, fast detection and remediation of unmanaged assets in the network is critical to the security and integrity of the network's operations.
In a conventional centrally-managed network, a central management server is responsible for issuing requests (e.g., requests for status updates, detection of unmanaged machines, system management operations, security management operations, and network management operations, etc.) to targeted destination nodes in the network. These requests often take a long time (e.g., hours to days) to propagate through the network to the appropriate destination nodes. These latencies make real-time detection of unmanaged machines and subsequent control of these machines difficult, since it frequently takes more time to collect information about the statuses of machines coupled to the network than it takes for those statuses to change and/or for damage to occur as a result of a security breach through the unmanaged machines.
Some conventional networks attempt to ameliorate the problems of a centralized management scheme by performing some degree of aggregation or processing of data at intermediate control levels (e.g., one or more intermediate servers), resulting in a hierarchical management structure between the network administrator and the end nodes. These centralized management schemes do not scale well. For example, for a network with 100,000 nodes, it may take several hours or more to report the statuses of individual nodes, or even of an aggregate thereof. In that timeframe, the status reports may have become obsolete before arriving at the central management server, compromising the effectiveness of the management actions taken according to the status reports. In addition, these hierarchical management structures themselves are difficult and complex to create and maintain, and are prone to problems and failures.