The present invention is directed to applying closed loop methodologies for automatically identifying and setting the level of management access privileges given to any one network management system (in a multiple management system environment). Specifically it is directed to the ability to adjust the specific type of management interaction, the amount/volumes of those interactions in any given period of time, and the specific types of information obtained. The ability to set the level of management privileges is driven by two major motivations as set forth below.
Management accesses privileges with respect to networks deal with various parameters of a network. For instance, access privileges may deal with the level of security access to sensitive information, whether the user can make configuration changes to the network, as well as the amount of management interaction with the network which might potentially interfere with critical resources. The present invention is directed to providing automatic identification and setting of the level of management access privileges given to any one network management system forming part of a multiple management system environment.
The primary purpose for this invention is to create an automated control process that manages the distribution of (and access to) service monitoring and analysis data.
The specific elements of the control process are processes that limit a customer""s (user""s) access to specific monitored data and analysis results primarily based on:
The management system""s ability, in real time, to collect and create a unique report for that specific customer""s data which identifies the key parameters being measured.
Service level agreement for that customer.
Management and network state (e.g., if there is any available management bandwidth to process and pass on the information requests).
Added to the above elements are the traditional security and access control feature, including specific authorization level access lists, passwords, and configured filters for specific information types.
Thus, as a customer""s SLA changes, the system automatically distributes the appropriate changes to the management control system identifying the changed xe2x80x9cdataxe2x80x9d to which the customer has access.
Thus, the present invention is directed to applying closed-loop methodology for automatically identifying and setting the level of management access privileges given to any one network management system. In order to accomplish this task, the method monitors multiple components within the network in order to automatically characterize and measure multiple service level agreement parameters. By monitoring these parameters, information with respect to the network service providers, and network customers or users is available for analysis. The resulting information can be placed into a specific customer location, either by the service provider, a third party integrator manager or by the customer himself/herself.
Another key component of the method is to have specific configuration information for accessing each section/component of the network as supplied by the proprietor of that component. The automatic nature of the invention is to control the access privileges to service level agreement business bandwidth as driven by various aspects of the network itself. These aspects include the ability of the network to be able to handle the management activity itself without interfering with the user service level agreements, the initial range of control/access given to the management system/user accessing the network, as well as the current service level agreement business bandwidth characteristics as those characteristics are compared to those monitored by the process.
Thus, access to information and control is based on the type of service level agreement that exists between the network service provider and the user and the characterization parameters agreed to be observed that make up the service level agreement, and the agreement of access reached by the management parties, as well as the current state of the network, including end-to-end performance and/or component to component performance. Thus the method for automatically identifying/setting the level of management and access privileges is specifically directed to the ability to adjust the specific type of management interaction, the amount/volumes of those interactions in any given period of time, as well as the specific types of information obtainable. This ability to set the level of management privileges is in turn driven by motivations of both security and potential disturbance to the network. With respect to the security, it is particularly directed to the ability to access sensitive information, as well as what level of control is to be given a user with respect to configuration changes to the network. With respect to the amount of disturbance of the network, limits can be placed with respect to the amount of management interaction with respect to interfering with critical resources of the network, as well as the amount of control to the network insofar as such control might interfere with critical resources.