The invention relates to configuration management of communications networks and, more particularly, to methods and apparatus for providing automated configuration management of one or more virtual private networks.
A virtual private network (VPN) is a communication network that provides customers connectivity over a shared infrastructure and emulates the characteristics of a private network. For example, the shared infrastructure may be the public Internet or even a private shared network. To provide a VPN, a tunneling protocol may be used. Generally, a tunneling protocol enables the creation of a private data stream via a public network by placing one packet inside of another. In the context of a VPN, an IP (Internet Protocol) packet is placed inside another IP packet. Tunneling provides for minimal or no impact on private addressing or internal protocols. VPNs may also provide security features such as, for example, authentication, encryption and certificates, etc. They may also provide service-level assurances relating to, for example, reliability, bandwidth, delay, jitter, etc. Examples of IP VPNs arrangements include: (i) connecting local area networks (LANs) via a Local Exchange Carrier""s (LEC""s) network, an Internet Service Provider""s (ISP) network or via the public Internet; or (ii) using an ISP dial-in service to a local Point of Presence (POP) and then connecting to the intranet.
The overall task of the management of a communication network, such as a VPN, can be thought of as including three functionally distinct management areas: (i) fault management; (ii) performance management; and (iii) configuration management. The names of each management area provide a succinct explanation of the aspect of the network with which they are concerned. Fault management deals with methodologies for handling (e.g., detecting and correcting) failures in the network. Performance management deals with methodologies for monitoring and ensuring particular levels of performance (e.g., Quality of Service or QoS) in the network. Configuration management deals with methodologies for designing, provisioning (e.g., installing the necessary network hardware components), configuring (e.g., providing necessary bandwidth, QoS and security features) and testing of a new network or modifications to an existing network. It is this latter area of network management to which the present invention is directed.
Typically, network service providers such as network backbone owners, ISPs and LECs, involved with providing and/or maintaining communication networks or portions thereof, have relied on manual configuration management techniques to perform these tasks. That is, an actual person such as a network administrator communicates with a customer and then is involved in some way with the tasks of designing, provisioning, configuring and testing a network or portions thereof, in response to customer needs. However, depending on the complexity of the network, the various configuration management tasks can prove to be daunting when manually performed. Also, errors on the part of the network administrator in performing configuration management tasks are known to cause significant problems in terms of faulty network routing or downtime. These problems can create serious customer dissatisfaction to the extent that they would request reimbursements or penalties or change to another network provider.
There have been attempts to remove, or at least minimize, the manual nature of some of the configuration management tasks that are otherwise performed by a network administrator. Examples of such attempts include limited systems available from such companies as VPNet of California, Red Creek of California and New Oak of Massachusetts. However, none of the systems available from these and other similar companies provide network-level configuration management solutions. That is, they do not handle all configuration management tasks associated with a complete network. Also, none of the available systems are vendor-independent. That is, they do not handle configuration management tasks associated with components from different vendors. Typically, they can only handle one vendor""s components. Lastly, while such systems provide some limited degree of automation, none of them provide a fully automated flow-through configuration management system that includes interfaces to order management and/or billing.
Accordingly, there is a need for methods and apparatus for providing configuration management in association with a network, such as a VPN, which provide network-level solutions, are vendor-independent, provide full flow-through automation, and otherwise overcome limitations with the existing art not expressly mentioned above.
The present invention provides methods and apparatus for providing configuration management for a VPN, which provide network-level solutions, are vendor-independent, provide full flow-through automation, and otherwise overcome limitations with the existing art not expressly mentioned above.
In one aspect of the invention, an automated system for managing a virtual private network comprises one or more processing devices operative to: (i) generate a service order based on a request from a user for at least one of a new service, a modification of an existing service and a termination of an existing service associated with the virtual private network; (ii) cause a determination of design requirements associated with implementing the user""s request; (iii) cause provisioning of one or more virtual private network elements, when necessary, to implement the design requirements; (iv) cause the virtual private network to be configured to satisfy one or more conditions associated with the user""s request; and (v) cause at least a portion of the virtual private network to be tested to determine whether the user""s request has been satisfied; and a memory, coupled to the one or more processing devices, which stores at least a portion of data associated with the generating, design, provisioning, configuration and testing operations.
In a client/server embodiment, at least one of the processing devices is a client device and at least one processing device is a server, the client device and the server being coupled via a communications network. Further, the client device is preferably resident at a location associated with the user and the server is resident at a location associated with a provider of the virtual private network.