Simple network management protocol (SNMP) is a common method by which network management appliances can query a management agent using a supported management information base (MIB). SNMP exchanges messages via the user datagram protocol (UDP). Early versions of SNMP did not provide secure transmissions. Although later versions of SNMP provided some security, these SNMP versions required that each potential user's security information must be programmed into the appliance. The secure SNMP protocols do not allow for centralized authentication using certificates such as X509 certificates.
The present invention includes a secure management protocol (SMP) for exchanging messages across a network. More specifically, the present invention includes a protocol for securely reporting network device information across a network.
In one embodiment of the present invention, the devices connected are managed appliances. These managed appliances include devices that serve as keyboard/video/mouse (KVM) switches, such as those sold by Avocent Corporation of Huntsville, Ala. Another type of managed appliance is a serial switching device that allows a workstation user to switch among different serially-managed devices. An example of such a device is the CPS1610 product also sold by Avocent Corporation.
KVM switch managed appliances permit a user at a client workstation connected to the network to be able to control a server through the KVM switch. Control of the server originates at the workstation. The control signals pass through the network to the KVM switch. The KVM switch routes the control signals to the particular server that the user is attempting to control. The server can also send data and signals, e.g., video signals, back to the user at the client workstation. The information is transmitted from the server to the KVM switch. The KVM switch then formats the information into a network-compatible format and transmits the information across the network to the client workstation. The client workstation decodes or reformats the received information and responds to it appropriately. In the case of video data received from the KVM switch, the client workstation formats the video data into an appropriate format for display on the video monitor connected to the workstation. Other information that can be transmitted from the server to the workstation includes keyboard information, cursor-control device information, or any other information that can be received and utilized by the workstation.
A KVM switch managed appliance can allow a user at a client workstation to communicate with hundreds, even thousands, of servers through a single managed appliance. In large computer network environments, there may be several KVM switch managed appliances connected to a single network. Moreover, because the client workstation and the managed appliance are frequently connected across an Ethernet-type network, the workstation user and the managed appliance can be located several thousand feet apart. A KVM switch managed appliance can also be connected to the internet, directly or through an Ethernet-type network, permitting a workstation user to be connected to the managed appliance from anywhere in the world. In such a situation, one person may be connecting the managed appliance to the internet and the bank of servers, while another person located hundreds of miles away may be the administrator responsible for actually configuring the managed appliance. In that situation, it is very difficult and time consuming for the network administrator to travel to the location of the managed appliance in order to configure that device for communication through the internet or even through a local area network (LAN).
The present secure management protocol generally consists of a set of requests and replies. A client workstation issues a request to the managed appliance, and the managed appliance returns a reply to the client. In one embodiment of the present invention, the secure management protocol also contains a broadcast message in which a managed appliance sends an unsolicited message to the client.
In order for a client to manage a managed appliance, the client first establishes a management session with the appliance. When a client initiates a management session with an appliance, the client establishes a secure sockets layer (SSL) connection with the appliance over a predefined TCP port number. All management requests between the client and the managed appliance are made over this SSL connection. SSL implements industry standards for encryption using Transport Layer Security version 1 (TLSv1). All data over this SSL connection preferably uses either the 128-byte RC4 encryption algorithm and the anonymous Diffie-Hellman key exchange, or the 128-byte RC4 encryption algorithm with X509 certificates or a PKCS#12 file. The 128-byte RC4 encryption algorithm with X509 certificates or a PKCS#12 file allows for authentication without username and passwords.
The managed appliance listens on the predefined TCP port number for the SSL connection request that will be initiated by the client. Once the managed appliance has accepted an incoming connection request, it passes the session on for further processing, and listens again on the predefined TCP port number in order to accept another connection request.
Once a successful SSL connection has been established, the client workstation will initiate a login request to the managed appliance. This login request will contain the user credentials (i.e., the user name and the password) to be used during this management session. The managed appliance will verify that the user name and password are valid by verifying the user credentials against its database.
Preferably, managed appliances allow multiple management sessions at the same time. The number of multiple sessions that an appliance can support at one time can vary from appliance to appliance. Once an appliance has reached the maximum number of management sessions open at a given time, no other client will be able to manage the appliance using the SMP protocol. In this situation, a client will be able to establish an SSL connection to the managed appliance. However, when a client issues a subsequent login request, the appliance will return an error indicating that the maximum number of sessions has already been established and the connection will be terminated. Also, in a preferred embodiment, if the managed appliance does not receive a login request within 30 seconds of the SSL connection establishment, the appliance will terminate the connection. Also preferably, if the managed appliance returns an INVALID REQUEST error message in response to a login request from the client, the appliance will terminate the connection.
Once the login has been successfully completed, any other SMP request may be issued. The login only insures that a valid user has obtained the SSL connection. The user credentials sent in the login request preferably are stored by the appliance and used by the appliance to authenticate any subsequent messages sent by the client.
A managed appliance should not service any other SMP requests until they have been authenticated or they have been authenticated using a certificate. No reply should be returned by the appliance if any other SMP command is received before the login request.
In a preferred embodiment, a client will send a logout request to end the current user's management session with the managed appliance. The managed appliance will issue a logout reply to the client in response to the logout request and then drop the connection. If the SSL connection is broken, the managed appliance should consider the client logged out.
Also in a preferred embodiment, the secure management protocol is used to manage appliances that support SNMP. This is accomplished by tunneling SNMP protocol requests through the SMP protocol. In other words, the transmission of SNMP commands occurs over the SSL connection using the SSL communication method. Generally, each managed appliance must implement an SNMP agent and an enterprise management information base (MIB). Generally speaking, an MIB is a set of managed objects that defines the data that can be obtained from an appliance. In one aspect of the invention, the SMP protocol provides SNMP commands that allow a client to configure MIB objects in an appliance. In another aspect of the invention, the client, using the SMP protocol, has access to all the MIB objects defined in the enterprise MIB as well as all of the MIB-II objects.