The present invention is directed to the deployment and management of devices that control the transmission of data over a network, such as switches, routers, firewalls, load balancers, and the like, and more particularly to a system and method that provides for automated deployment and management of a variety of different types of such network devices.
Related, co-pending application Ser. No. 09/699,329 describes a framework for automatically provisioning devices, particularly servers, which provide resources on communication networks such as the Internet and intranets. These devices might function, for example, as web servers, application servers and/or database servers that supply the information and functionality associated with a website. The framework described in the foregoing application employs agents that are resident on each of the servers, to facilitate the automated provisioning, configuration and monitoring of the servers. The agents communicate with other components of the provisioning framework, and perform tasks such as automatically loading software onto the servers, configuring the servers, and reporting information about the status of the servers.
In addition to the servers which provide the resources and functionality associated with a website, the infrastructure of a website includes other devices whose principle function is to manage and control the transmission of data between the servers and the remaining portions of the communications network. As disclosed in the aforementioned application, for example, these other devices may include firewalls, load balancers, switches and routers. In the context of the present invention, these types of devices which manage the flow of data associated with a website are collectively referred to as xe2x80x9cnetwork devices.xe2x80x9d The provisioning and configuration of these types of devices present some operational issues that are different from servers, and therefore automation of such tasks may require an approach which departs from the framework described in the previously cited application.
For example, a server is designed to be loaded with various items of software that are selected, and configured, by the user, such as the operating system, application programs, and the like. Due to the nature of their design, it is feasible to load an agent on each server which has the capability to control the server at its most fundamental access level, often known as the xe2x80x9crootxe2x80x9d level. When access is available at this level, automated provisioning and configuration can be readily accomplished through the agent, for example as described in the previously referenced application. In contrast to servers, network devices typically have proprietary operating systems which may not be designed to be accessed at the root level by the end user. As a result, it is not feasible to load agents onto such devices for the purpose of controlling them at a level necessary for automatic configuration. Rather, each device must be configured by means of an associated communication interface that is used to send specific commands to it.
As a further complicating factor, the different types of network devices that may be employed with a website, or other network resource, may utilize different types of communication interfaces. For example, some devices may include a serial console that presents a command line interface via which the user logs onto and enters commands for the device. Other devices permit the user to access them over the Internet by means of the Telnet protocol. This protocol enables the user to link to the device from a remote computer, and presents a command line interface via which the user can configure the device. Still other examples of interfaces that are employed in connection with network devices include graphical web interfaces and the Simple Network Management Protocol (SNMP).
Furthermore, even if different types of devices, such as a switch, a firewall and a router, all employ the same form of communication interface, e.g., Telnet, the specific features of the interface itself will differ among the various devices, because they each serve a different purpose. In other words, the commands that are used to configure a switch may not be the same as the commands for a firewall, because they have different types of operations and therefore need to be configured differently.
From the foregoing, therefore, it can be seen that the variety of different types of network devices, coupled with the different forms of interfaces associated with these devices, presents significant complexity when attempts are made to automate the provisioning and configuring of these devices. Furthermore, the proprietary operating systems associated with these devices place further constraints on the automation, due to the limitations associated with accessing the devices. It is an object of the present invention, therefore, to provide a system which enables a variety of different types of network devices to be deployed and managed by means of a single interface that is readily applicable to all of the different devices.
In accordance with the present invention, the foregoing objective is achieved with an automated provisioning and configuration system for network devices that comprises two main features. One of these features consists of a library of commands that are generic to all devices of interest, and device-specific plug-ins for implementing those commands in each of the respective devices. By means of this feature, a user can select any one of the generic commands and have it applied to a particular device of interest in a manner which is capable of being handled by that device.
The second main feature of the system comprises an interface between the library and a source of configuration information, such as a database. By means of this interface, the various tasks associated with the provisioning and management of network devices can be automatically carried out on multiple devices, thereby minimizing, or even eliminating, the need to manually configure each such device.
As a further feature of the invention, various tools are provided to facilitate the ability of support personnel to identify and monitor functions performed by various devices, as well as detect and correct errors in the operation of those devices.
These and other features and advantages of the invention are explained in detail hereinafter with reference to exemplary embodiments illustrated in the accompanying drawings.