As is well known at the present time, a computer network usually includes a number of interconnected network devices on which software applications reside. The network enables information exchange between the applications residing on different network devices.
The design and implementation of computer network environments, particularly auto provisioning systems is extremely complex, and correspondingly difficult to implement effectively without error. Unfortunately, due to the vagaries of human nature, firewalls have become critical to computer networks to safeguard data and applications against accidental, unauthorized or malicious acts of external people or organizations, such as through the internet, or internally, within an organization. This has caused increased complexity to the design of computer network environments, making it more difficult for the design of effective and appropriate firewalls and the selection of rules for the firewalls. This can be particularly true in auto provisioning systems.
Current known network infrastructure auto provisioning systems do not validate the effectiveness or accuracy of computer network architectures that it receives requests to provision. This essentially forces users of the system to have a clear understanding of what they are submitting to the system. In an auto provisioning system it is useful to have a user interface, such as a Graphical User Interface (GUI) for the submission of requests to the system. The request preparation GUI should provide a very clear end-to-end picture of the requested network environment in order to minimize human error. The user interface should display the system environment, including: (1) servers; (2) applications installed on servers and (3) storage mounted on servers; (4) network structure; and, (5) firewall rules for effecting firewalls in the environment. One limitation is that most GUI's attend to only one or two of these at a time, but not all at once.
It would be convenient if a network firewall application could be configured automatically to protect a network; however, because of the varying, and possibly conflicting, needs of different network systems, firewall applications tend to be complex and require configuration to allow for the needs of the organizations implementing these systems.
For instance, in a shared hosting environment, in performing configuration on that environment, one has to be extremely sensitive to the possibility that a single change could adversely affect numerous network users if requested incorrectly by network support personnel.
Request visualization is not unknown. For instance, Terraspring's Graphical User Interface provides a request visualization graphical user interface—but it does not present a visualization of the firewall rules that will be configured during the fulfillment of the provisioning request (Firewall rule summary and customization may be provided textually within submenus). This approach does not provide a good visual summary of the entire auto provisioning request (as the existence or content of the submenus may not be apparent to users), which opens opportunity to submitting inadequate or incorrect requests to the auto provisioning system.
European Patent Application EP 1024627, published Aug. 2, 2000, directed to a method or apparatus for managing a firewall, discloses a framework for representing firewall-independent security policy, and network topology, but does not explain why rules are present. It does not provide a visualization of the firewall rules that should be configured to enable the user's auto provisioning request in the manner of the present invention.
European Patent Application EP 0910197, published Apr. 4, 1999 appears to be directed to providing network firewalls with dynamic rule processing, but does not provide a visualization of the firewall rules that should be configured to enable the user's auto provisioning request in the manner of the present invention.