1. Field
Embodiments of the present invention generally relate to computer networks. In particular, embodiments of the present invention relate to establishing management tunnels between network devices.
2. Description of the Related Art
When a network-enabled device (management device) remotely manages another networking device (managed device), a communication channel (also referred to herein as “tunnel”) is established between the two in order to prevent possible malicious interference. The communication channel provides a means by which data can be transferred from one device to another without risk of interception or tampering. To this end, in many cases, it is desirable for the communication channel to be encrypted in order to prevent malicious interference. The goal of the provisioning process is to set up a communication channel between a managed device and its associated management device.
In order to establish a communication channel, the two devices must each be aware of the other's credentials. In other words, an authentication and authorization mechanisms must be employed in order to ensure the integrity of the tunnel. This is typically accomplished by using one of many well-known public key exchange protocols employed in conjunction with certificates assigned to respective devices by a trusted certificate authority (CA). Examples of such protocols include, without limitation, Secure Sockets Layer (SSL), Internet Protocol Security (IPsec) and the like. Other available authorization options may include, for example, the use of access control lists (ACLs), which may be based on an IP address or other unique identifier (ID). The content of the communications between the devices may be encrypted and/or authenticated using the public key of the respective device using one of the existing cipher algorithms in order to ensure that the transferred content remains private.
Unfortunately, existing network management systems require extensive manual configuration associated with assigning various certificates and keys to the participating network devices in order to enable the communication channel functionality and with the use of IP addresses and usernames of the participants. Therefore, what is needed is a system with an ability to facilitate efficient deployment of management channels between networking devices.