The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for enabling web-based security proxies for computing system environment scanning.
In computing system environments, it is often necessary to collect configuration data for various components and resources, both hardware and software, of the computing system environments. One useful tool in collecting such configuration data is Simple Network Management Protocol (SNMP). Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on Internet Protocol (IP) networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. SNMP is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF) and consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.
SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.
In typical SNMP uses, one or more administrative computers, called managers, have the task of monitoring or managing a group of hosts or devices on a computer network. Each managed system executes, at all times, a software component, called an SNMP agent, which reports information via SNMP to the manager. Essentially, SNMP agents expose management data on the managed systems as variables. The protocol also permits active management tasks, such as modifying and applying a new configuration through remote modification of these variables. The variables, accessible via SNMP, are organized in hierarchies. These hierarchies, and other metadata (such as type and description of the variable), are described by Management Information Bases (MIBs).
Normal security precautions used in SNMP are to require a user identifier (ID) and password to access secured computing system components and resources and to use a white-list of IP addresses from which queries are accepted. In some instances, the user ID and password are replaced by a single community string that fills the same role as the user ID and password.
Occasionally, such as in preparation for a data center relocation, one needs to make a complete inventory of all components and resources of the computing system environment, e.g., the data center. Moreover, in some situations, while the computing system environment may be owned by one entity, the management of the computing system environment may be handled by a separate organization. As a result, access to the computing system environment's components and resources may not be readily available or easy to arrange. Moreover, the bureaucratic overhead associated with obtaining the access information, e.g., community string, user ID and password, and authorization of the source (IP whitelist), for all of the components and resources of the computing system environment is very high. This can be troublesome when quick action or determinations need to be made with regard to the configurations of such computing system environments.