This invention relates generally to analyzing and managing the configuration of resources of enterprise networks, data centers and cloud environments to determine their compliance with operational, security and other policies, to detect configuration and operational changes, and to assure their uptime.
The management of large multi-vendor, multi-class and multi-layer enterprise network infrastructures such as wide area and local area networks, data centers and cloud-based infrastructures is a complex task. Such network infrastructures may comprise a large number of different types of physical, logical and virtual resources. Because the infrastructures are subject to ongoing changes and reconfigurations, discovering, monitoring and managing infrastructure resources, configurations and operational parameters, particularly identifying resources that are added, replaced or changed is challenging. It is important to collect and maintain current, up-to-date configuration and operational information about network resources so that in the event of a failure the network can be properly restored to its previous operating condition. Moreover, it is also essential to maintain historical configuration and operational information about past changes to network infrastructures and their resources. When the operation or the performance of a network changes, questions arise as to what caused the change, when the change occurred, and who was responsible for the change. Particularly for troubleshooting performance changes that occur subtly or over a period of time, records of previous resource and configuration changes are essential to enable correlations between such changes and network performance to be made.
There are other reasons for collecting and maintaining information on network configurations and resources. Network configurations are continuously evolving and changing as new users, functions and resources are added, and improvements to resources are made. Particularly during initial configuration and startup, the system configuration and resource parameters may change repeatedly until a stable operational system state having the desired performance is achieved. Thus, it is important to save the final running network and device configurations in memory so that in the event of a failure the system can be restored easily to its previous operating state.
Still another reason for collecting and maintaining network configuration information is to enable the system configuration to be monitored for compliance with predetermined policies and standards. For instance, government or company policies and industry standards may mandate certain levels of encryption for certain types of data, such as credit card information. Other policies may preclude access to certain kinds of information, e.g., health-related information. A company may have a security policy that once their network is set up and running, access to physical HTTP or MAC network addresses is not permitted. Providing a mechanism that enables the network to be monitored to ensure compliance with such standards and policies without interfering with the normal ongoing network operations is important.
It is desirable to provide systems and methods that address the foregoing and other problems of network infrastructure management by enabling configuration information and operational parameters of network resources to be automatically detected, analyzed and stored, and to afford continuous network infrastructure monitoring and management without disrupting ongoing network operations. It is to these ends that the present invention is directed.