This invention relates to the fields of computer systems. More particularly, apparatus and methods are provided for virtualized and centralized management of network devices and/or services.
The level of knowledge needed to effectively configure and operate computer system networks can be quite high. Large organizations typically maintain relatively large IT (Information Technology) staffs to configure and maintain equipment, assist users with operation of their equipment, apply security policies, monitor network security, etc. However, some organizations, particularly those that are smaller, cannot afford sufficient experienced full-time IT staff for performing all of these functions, and whoever may be tasked with IT responsibilities within such an organization may be unprepared for the myriad problems and challenges that may arise.
For example, securing an organization's network resources from unauthorized access is a critical task that can easily be performed in an incomplete or ineffective manner. Due to the complexity of the problem, the lack of effectiveness may not be apparent to the organization until the network has been breached. The amount of data stored electronically is prodigious and grows daily, and makes network security all the more important.
One reason it can be difficult to adequately secure network resources is the tension between the need to permit legitimate use of the resources without unreasonable difficulty, and the desire to prevent all illegitimate use. This tension increases as the number and type of resources deployed within an organization increases.
Each new type of resource may be configured in a different way to access permitted resources, apply a desired level of security, etc. Securing an organization's network resources is just one of many tasks and, without adequate IT staffing, this task may receive short shrift in the face of users' demands for real-time assistance. Thus, configuring and monitor network security must compete with tasks such as helping users configure their equipment for use within the organization.
Configuration of resources may be particularly difficult for an organization that employs multiple different types of equipment. In particular, a small organization that is cost-conscious may purchase the least expensive equipment for a particular operation, which may lead to a hodgepodge of components from different vendors and manufacturers. Thus, the organization may deploy multiple access points, switches or other communication components produced by different manufacturers.
Each different type or model of equipment typically has different configurable parameters or parameters that are configured in different manners. Although some parameters and methods of configuration may be identical across different devices, others will differ. Without sufficient familiarity or expertise in network components, an individual may easily configure a component incorrectly or waste time determining the correct configuration.
Some organizations choose to use automated provisioning to prepare new devices for use within their network. However, if an organization's security policies do not encompass the equipment for performing automated provisioning, or are not applied correctly during provisioning of the device, security vulnerabilities may be introduced into an organization along with the new device. Or, if the provisioning is performed in a haphazard or hurried manner, security policies may not be applied correctly or completely.
In addition, even after a given network component is initially configured, some parameters may need to be changed or updated as an organization's network evolves. Regular attention to the myriad network resources that may be deployed within an organization may be unrealistic, for an organization having a limited IT staff.
Existing solutions for managing an organization's networked devices and services tend to do so only for a single device or a single service. With no third party solutions to a small organization's need to manage multiple types of devices and/or multiple network services, the organization is left to do so as best it can.
Thus, configuration of components to securely and effectively operate within an organization's network can be difficult and time-consuming. And, even after the components are successfully integrated into the network and the organization's security policies, they need to be managed on an on-going basis to allow the network to function well.