Enterprise computing environments generally include both localized intranetworks of interconnected computer systems and resources internal to an organization and geographically distributed internetworks, including the Internet. Intranetworks make legacy databases and information resources available for controlled access and data exchange. Internetworks enable internal users to access remote data repositories and computational resources and allow outside users to access select internal resources for completing limited transactions or data transfer.
Increasingly, network appliances, or simply “appliances,” are being deployed within intranetworks to compliment and extend the types of services offered. As a class, network appliances have closed architectures and often lack a standard user interface. These devices provide specialized services, such as electronic mail (email) anti-virus scanning, content filtering, file, Web and print service, and packet routing functions.
Ideally, network appliances should be minimal maintenance devices, which are purchased, plugged into a network, and put into use with no further modification or change. Analogous to a cellular telephone, a network appliance should ideally provide the service promised without requiring active management by individual users or administrators.
Nevertheless, regular maintenance of networks appliance is necessary to ensure continued optimal performance. Operating system and application programs must be installed upon appliance installation and following any type of crash or abnormal service termination. As well, each appliance must be configured, preferably automatically, to comply with applicable security and administration policies. Moreover, as bug fixes and enhancements become available, installed programs must be updated with patches, which must first be obtained from the appropriate sources and then installed on each individual device.
One common problem in maintaining network appliances is the increased workload imposed on individual servers to support appliance maintenance. The health and status of each appliance must be regularly monitored by a server to ensure proper performance and function. Accordingly, individual server loads increase with the addition of each new appliance. The tracking and management of configurations of individual appliances can become resource intensive, particularly in a large scale network environment containing numerous network appliances.
In the prior art, “push” solutions have been used to manage individual network appliances, whereby changes in configurations and programs are sent to individual appliances from a centralized server as necessary. The server stores each appliance configuration and lists names and versions of programs installed. Periodically, the server polls the pool of appliances to ascertain status and health and pushes new updates out to individual appliances as necessary. However, push solutions are resource intensive and can exact a high performance load on each server. Moreover, servers can fail to detect misconfigurations of appliances erroneously tracked with incorrect configurations.
Therefore, there is a need for an approach to providing autonomous network appliance configuration and management without requiring an active centralized server. Preferably, such an approach would utilize “pull” downloads of needed updates and would further lodge configuration and management responsibilities on individual appliances.
There is a further need for an approach to maintaining the health and status of individual appliances through periodic client-centric reporting. Preferably, such an approach would use a secure “heartbeat” automatically generated by individual appliances to report configuration and status information. As well, each responsible server would preferably generate an alert whenever a heartbeat report was not timely received.
There is a further need for an approach to providing distributed staging of program updates for network appliances. Preferably, such an approach would provide centralized component download management with the capability to instruct requesting appliances to redirect and download software updates from proxy component servers.