Distributed networks, including local area networks (LANs), wide area networks (WANs), metropolitan area networks (MANs), and the Internet, for example, are comprised of “nodes” interconnected by various transmission media. The term nodes refers broadly to a wide range of network devices such as: (a) computers and workstations; (b) switching devices, including bridges, multi-layer switches, and routers; and (c) special purpose devices including file servers and directory serves, for example. Many of these devices require numerous pieces of information in order to complete some form of set up procedure and make the device operational. This information, collectively referred to herein as device-specific setup (DSS) information or DSS data herein, required to make the device operational varies depending on the function of the device and its complexity.
The DSS information used by a switch generally includes information in traps, VLAN assignments, spanning tree information, routing tables, ATM circuit setup, and network management commands, for example. Being device-specific, the DSS generally differs from one device to the next. In a switch, for example, the DSS includes a listing of adjacent devices operatively coupled to the switch—including the make and model and port information—which is unique for each switch in the network. In modern switches, substantially all DSS data necessary to make a switch operational is retained at the switch in an information base in local memory. This DSS information is provided as input when the switch is installed and brought online.
In addition to the DSS information, a switch may also require various shared resources, including policy information and authentication information, for example. Policy information may include quality-of-service assignments, and authorization information generally includes account names, passwords, and access rights that restrict access to a network device such as a switch. The policy and authentication information is sometimes stored in one or more central databases referred to herein as shared resource servers. In particular, policy information is stored in a policy server while authorization information is stored at an authorization server. The shared resource servers generally maintain policy and authentication information for a multiplicity of devices.
There are four main problems with approaches presently known in the art. First, all the DSS information must be fed to each network device upon initialization of the device. This typically requires that the network administrator manually enter the information at the switch and or download the DSS information to the switch. This procedure must be repeated for each configurable device in the network, which is both labor intensive and susceptible to human error. Consider, for example a network including 100 switches which all use a common authentication server. After the authentication files are set up, each one of the 100 switches must be issued a set of commands instructing it to direct authentication information queries to the authentication server. While such commands are supported by various management protocols including the Simple Network Management Protocol (SNMP), the command that may differ from one switch to the next. As such, the network administrator may need to be familiar with the multiplicity of commands necessary to properly manage the devices.
The second problem is that modification of the network device configuration is extremely burdensome. To designate a new authentication server, for example, a set of commands informing each switch of the new authentication must be issued to each of the 100 switches. To compound the difficulty, one or more of those switches may be down or unreachable, making it necessary for the administrator to return to and update any previously-unavailable switch once it becomes reachable. Changing the policy server presents a similar level of difficulty.
Third, generating a backing up copy of DSS information for a large network is also overly burdensome. A back up copy of the DSS information must generally be acquired for every switch individually. There are presently no known procedures for simultaneously backing up substantially all the DSS information for a plurality of switches.
Fourth, designing and coding a network management system (NMS) to control or otherwise interface with a plurality of switches having different configuration requirements, different software installations, and different interfaces is unnecessarily difficult. To be useful, for example, a conventional NMS must be designed to support a large number of devices, whether or not those devices are in the client's subnet or are presently under the management of the NMS.
There is therefore a need for a system for conveniently storing, downloading, accessing, modifying, and backing up large quantities of DSS information for at least one managed network device.