Subclass 317	Subclass 318	Subclass 319
EVENT HANDLING OR EVENT NOTIFICATION

Object oriented communications system over the internet

7007094

Abstract

A system for communication over the internet and through a firewall utilizing a single communications protocol. A simple object access communications protocol (SOAP) is utilized. This protocol is an XML/HTTP based protocol for sending messages from one object to another across the internet in a platform independent manner. This type of protocol can be utilized to control network elements provided at various locations.

Claims

What is claimed is:

1. A method for communicating between a web browser located on a first side of a firewall and a network element located on a second side of the firewall, comprising the steps of:

providing the web browser with an applet to drive a user request, said applet provided by a web server included on the first side of the firewall;

sending said user request to a read/write server provided on the second side of the firewall;

creating a hypertext transfer protocol-simple object access protocol (HTTP-SOAP) of said user request;

transmitting said HTTP-SOAP to network management application (NMA) server production on the second side of the firewall;

building an appropriate nodal model of said user request in said NMA;

sending SOAP encoded requests from said NMA to a network element agent (NEA) provided on the second side of the firewall;

parsing said SOAP encoded requests received by said NMA in said NEA which encompasses data needed to complete a single nodal transaction;

encoding in said NEA SOAP packets;

transmitting said SOAP packets to a translater box associated with the network element, said translator box located on the second side of the firewall;

translating said SOAP packet into the appropriate native console command for the network element; and

transmitting aid native console command to the network element located on the second side of the firewall.

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a software and hardware infrastructure allowing for the management of any network device regardless of its location utilizing only a single communications protocol.

2. Description of the Prior Art

Although a browser can be used to directly request images, video, sound etc. from a server, more usually, an HTML document converts the presentation of information served to the browser by a server. However, generally the contents of an HTML file are static in that the browser can only present a passive snapshot of the contents at the time the document is served. In order to present dynamic information, such as information generated by an application or device or to obtain from the user data which has been inserted into an HTML-generated form, conventional world wide web service employ a "raw" interface such as a common gateway interface (CGI). The HTML file provides no mechanism for presenting dynamic information generated by an application or device, except through the CGI.

With respect to obtaining data from a user for use by the application or device, although standard HTML provides a set of tags which implements a convenient mechanism for serving interactive forms to the browser, complete with text fields, check boxes and pull down menus, the CGI must be used to process submitted forms. Form processing is important to remote control, management, configuration, monitoring and diagnosing applications because forms processing is a convenient way to configure an application according to a user input utilizing the world wide web communications model. Unfortunately, form processing employing a CGI is extremely complex, requiring an application designer to learn and implement an unfamiliar interface. Therefore, a CGI is not a suitable interface for rapid development and prototyping of graphical user interfaces (GUI).

Furthermore, a developer must then master a native application source code language (such as C and C++), HTML and the CGI, in order to develop a complete application along with its user interface. Additionally, the CGI mechanism assumes access to the application on the customer's site, but not to the object. The person or process that invokes the CGI program must have full knowledge of that program. A firewall is not in control of the CGI. Therefore, the use of the CGI would make it impossible to fully secure communications between users. Finally, the CGI mechanism works only in the client server environment communicating to one server. This method cannot be applied to the distributed multi-process environment, if only a single communications protocol for the entire system is to be utilized.

Other systems could be used instead of the CGI. For example, an object model such as Microsoft's DCOM or the object management groups internet inter-ORB protocol (IIOP) or the common object request broker architecture (CORBA) could be employed. However, these technologies have some limitations when it comes to creating web services. For example, DCOM and IIOP/CORBA are rich environments, which means that implementations and applications that use them tend to be complex and symmetrical. In other words, to build a distributed application using them, one typically must require the same distributed object model running at both ends of the connection. However, the internet does not guarantee the specific kind of client or server software which would be running at the second end of the connection. All that is required is that the connection understands the hypertext transfer protocol (HTTP). Additionally, it is often technically impossible to insure that all applications would run either IIOP or DCOM.

Any server connected to the internet can potentially be accessed by an internet user, which raises some obvious security problems. To address these concerns, most organizations insert a firewall between their publically accessible web servers and the masses that can access the servers. Generally, a firewall can block incoming traffic based on various criteria and thereby increase an organization's confidence in the security of its system. While they are essential to the secure use of the internet, firewalls make the efficient use of distributed object protocols very challenging. Understanding why firewalls cause problems for distributed object protocols requires understanding of how a firewall is able to distinguish one protocol from another. For example, in the TCP/IP architecture, each widely used protocol is assigned its own port number and each request made using this protocol carries that number. HTTP, for example, is generally assigned port 80, while, for example, the file transfer protocol (FTP) relies on port 21. Most firewalls allow blocking a specific protocol by rejecting all traffic sent on the port used by that protocol. In general, firewalls are configured to allow traffic on port 80. If this was not the case, HTTP requests from browsers could not be received. However, many firewalls block most other ports. This would result in other protocols not being received by the user's local server.

Unlike HTTP, FTP and other widely used protocols, distributed object protocols do not generally have a single well known port number assigned to them. Instead, these protocols typically use dynamically assigned ports, with port numbers chosen arbitrarily as needed. If no firewall intervenes in the communication between the client and the server, this approach works fairly well. If a firewall is asserted, communication stops because the firewall blocks all traffic using this protocol since it is not configured to pass requests on arbitrary port numbers.

One response to this challenge is to use existing internet standards such as an HTTP and XML. More than any other application protocol, the HTTP connects most users to one another. Millions of web sites and browsers utilize protocol.

The problem with HTTP alone is that it is mainly a mechanism for passing files from a server to a client. To create more ambitious web servers, the HTTP must be expanded.

One manner of extending the HTTP would be to use an object protocol such as the simple object access protocol (SOAP) copyrighted by IBM, Lotus Development Corporation, Microsoft and User Land Software. This protocol adds a set over the HTTP headers and rich XML payload to enable complex application-to-application communication over the internet. In other words, the SOAP messaging protocol uses HTTP to carry messages that are formatted with XML.

SUMMARY OF THE INVENTION

The deficiencies of the prior art are addressed by the present invention which is directed to a system utilizing an object access protocol as the single communications protocol between the user, any intermediate software system, and a network element (hardware). The invention utilizes the same object protocol, not only as the foundation of the internet communication, but also for the lower level inter-object communication. The system not only serves as a remote control for a network server across a firewall, but can also be used to control the switches running the network from the other side of the firewall. Because the server can utilize the simple network management protocol (SNMP) to configure the switches, the present invention would be able to control a network's back-end remotely, and will even be capable of changing bandwidth assignments. Because of its object access nature, the present invention is adaptable to control any network device be it a server, a switch, or any number of other devices such as network printers and fax machines. A host of emerging "smart" products including computer controlled appliances such as refrigerators and other kitchen appliances, climate control systems and medical devices can also be controlled.

The present invention is cross platform compatible since it is capable of running regardless of the platform because it is built in industry and standard protocols and is therefore not restricted to any given platform, thereby making a completely unique product.

The present invention will consist of a client and a number of servers. The client end would include a web browser interface enabling the utilization of HTTP compatibility with the SOAP which is designed specifically enable the transmission of XML payloads with special HTTP headers.

Every server of the present invention will run a parser filtering out the XML messages and will translate these messages into necessary commands to be executed behind the firewall. The XML vocabulary will be translated into the necessary SNMP commands to be issued to the switches behind the firewall. The present invention will be scalable, thereby allowing for the addition of management capabilities by the integration of additional command protocols for communicating with other devices. The present invention will initially control devices that use the SNMP or Command Line Interface (CLI) protocol and can be scaled to add support for future protocols and devices as these become industry standards.

The architecture of the present invention allows a user to wrap existing or new communications equipment in a SOAP/XML wrapper, which would then allow for internet readiness or manageability via the internet anywhere in the world. The software wrapper is the computer program that understands object access protocol, i.e. contains a Protocol Virtual Machine (PVM), and runs on a single board computer, or on the hardware of the network element. A T-Box has a direct (not via the Internet) connection to the controlled network elements. The T-Box can communicate to the network elements via the Simple Network Management Protocol (SNMP) or Comment Line Interface (CLS). Additionally, a network management system would be utilized with the SOAP/XML protocol as the foundation for inter-object communication.

The SOAP protocol extends the XML into the remote procedure call (RPC) paradigm in a standardized manner. The present invention extends the simple RPC paradigm to a more complex useful transaction-based approach whereby a "call" by user could be chained through a series of servers each providing a telecommunications management network (TMN) hierarchy management level over the internet. This web chaining of the SOAP requests is a unique enhancement.

The SOAP infrastructure is important to the technology of the present invention. Available SOAP parsers had to be broken up and modified into client and server side parsing engines. Along with the new parsers, the purposes of asynchronous identifications, a connection pooling mechanism was developed upon which the SOAP messages rode. The utilization of this system would allow network elements to be remotely controlled beyond a firewall.

Other and further advantages, objects and features of the invention will become apparent to those skilled in the art from a reading of the following detailed description of a preferred embodiment of the invention when taken in light of the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing the hardware of the present invention as well as an upward ordered message flow;

FIG. 2 is a block diagram of the present invention as well as showing a downward ordered message flow;

FIG. 3 is a diagram showing an alarm path flow; and

FIG. 4 is a diagram showing alarm object communication and distribution.

DETAILED DESCRIPTION OF THE PRESENT INVENTION

The system design 10 of the present invention is shown in FIGS. 1 and 2. As shown therein, separate CPUs 12 and 14 would include portions of the system hardware of the present invention. Note that the application can have as many CPUs as servers. We have shown two CPUs only for clarity reasons. The CPU 12 would include a web browser 16 associated with a GUI which is an applet loaded by the web browser from the localized web server 20. This would prompt the user for data to perform a particular command. Once the required data is entered, the command is encoded into an HTTP-SOAP message. Although the drawings illustrate the utilization of two CPUs, the present invention can employ as many CPUs as there are servers. The use of only two CPUs in the p-resent invention was for clarity purposes only.

In this invention, the implementation of the SOAP message is similar to SNMP format. It recognizes the Managed Information Base (MIB) tree as the representation of hardware component structure. The difference is that in existing implementations of SNMP messages are usually numeric. For example,

>Name-of-SNMP-program 10.3 set 23.21 11.11.2.12 2
The legend is: Name-of-SNMP-program node_address command (get\set) class.item object_id value.
Since SOAP is an XML based textual protocol, instead of numerals, it contains meaningful strings representing class, item, and object id in the component hierarchy. Within the SOAP envelope, the SNMP-like set of commands can be expanded if required.

Additionally, unlike most SNMP implementations, the present invention always guarantees the delivery of the message, referred to as "nailing connections". The receiving server in our system always notifies the sender.

The second CPU 14 would include a web server (Apache) which is the entry point of the network management system of the present invention. The web server 20 would determine if the message is a SOAP message. If this is the case, it would strip off the HTTP header and forward the remaining SOAP/XML message to the SOAP server 22. This server is a servlet container which, upon receiving a SOAP message, a determination would be made to which server the message is destined. In this instance, the message will always be routed from or to a read/write server (RWS) 24. Upon receipt of the message from the SOAP server 22, the RWS 24 will store the data in a generic model in a relational database 30 in an object to relational table mapping. The RWS 24 will then forward or receive the message from a network management agent (NMA) 26.

The NMA 26 will then determine the course of action required for the particular type of request or command and build the appropriate model for it using G.855, G.85X recommendations as its basis. The NMA 26 will then forward commands to or receive comments from various network element agents (NEA) 28. Although a single NEA 28 is shown in FIGS. 1 and 2, it is noted that a number of NEAs can be employed. The NEA 28, upon receiving a nodal command from the NMA 26 will the build a M.3100 management model to support the nodal action. The NEA 28 will then forward a smaller command to a translation device (T-box) 32 for processing or translation. The T-box 32 then translates the SOAP command into the native language of the intended device such as network element 34, or SNMP.

The web browser 16 will generally be a third party provided browser. Most personal computers come with a pre-installed browser or can easily be downloaded. Both Netscape and Internet Explorer will be supported as both are Java enabled. However, it is also possible to use either front end applications written in any other computer language, as long as they are talk SOAP/XML. The web browser 16 will upload applets from the web server 18 for procedural contacts and communicate the network data transactions back to the web server 20 to be forwarded to the RWS 24. When a user is selecting a network element or set of network elements to perform an action, a network element record must already have been installed into the database 30 for that network element. The user will only be allowed to select from the list of network elements currently being managed. The web browser will also receive asynchronous events from the web server and display them.

The RWS 24 will receive or send user requests and store them in the database 30 as they are received. After a successful storage, a SOAP envelope will be sent to the NMA 26 to begin execution of the user request. The RWS 24 will also forward alarms to the web server 20 for display when it receives them from lower layer processors such as an NEA 28.

The NMA 26, when triggered by the RWS 24 will initiate processing of the user request. The NMA 26 will read and parse the SOAP request and then build a model required to satisfy that request. The NMA 26 will send a series of SOAP encoded singular node access requests to the NEA each with the data sufficient to satisfy the secondary request. Thus, a typical NMA network request is broken down into a set of simpler nodal requests. The NMA will implement a standard space model in order to satisfy the network management layer requirement. The NMA will process the request to either a successful or error termination condition. The NMA will log the cumulative status of the user request and also send a response SOAP packet back to the RWS 24 to be forwarded to the user. The NMA 26 will store the data required for each nodal requested to the database 30. Each NMA request and secondary NEA request all will have unique transaction Ids and database tables.

A Network Element Discovery server (NED) 25 can be provided between the NMA 26, the RWS 24 and the NEA 28 included in FIGS. 1 and 2. The NED will discover and store in the database 30 each network element's configuration. The configuration data may contain port, card, slot and shelf information. It may also discover the current set of provisional connections and their states.

The NED 25 will use the NEA 28 for access to the network elements in order to perform its discovery task. The NED will be used to populate the database tables initially. It will also perform an Audit/Learn function.

It is noted that a firewall 36 separates the web browser 16, the web server 20 and the SOAP server 22 from the remaining elements of the system.

The NEA 28 will be triggered from a SOAP envelope received from the NMA 26. The NEA will parse the XML document which encompasses the data necessary to complete a single nodal transaction. An M.3100 derivative model will be used to satisfy the elemental management layer requirement. The NEA 28 will proceed to encode the appropriate SOAP packets to be delivered to one or more of the T-boxes 32 which are managing the network elements to where the request is destined. Although FIGS. 1 and 2 show the T-box 32 connected to a single network element 34, it can be appreciated that a single T-box can manage several network elements. To explain, one T-box can manage several network elements. When a success or failure message is received, the status is then stored in the database for logging purposes and then the status is sent back to the NMA 26.

The purpose of the database 30 is of course to store information. Once a user hits the appropriate button on the browser 16, an NMA request will be received by the RWS 24 and immediately stored in the database. Additionally, each NEA request is stored in the database before being processed by the NEA 28. Furthermore, the configuration of each network element is also stored in the database 30.

The T-box 32 contains embedded software. The T-box will be able to receive "M-GET", "M-SET" and "M-ACTION" requests via the SOAP interface, as well as command line interfaces (CLI).

The T-box will translate the SOAP command into the appropriate native console command (MML), (CLI) or SNMP, and send it via an ethernet interface to the actual network element in order to satisfy the given NEA request.

The HTTP-SOAP protocol provides the present invention a method of information exchange between functional components.

Similar to any messaging protocol, it provides for data encapsulation with messages. The HTTP-SOAP protocol includes an envelope defining a framework for describing what is in a message and how to process it. It also includes a set of encoding rules for expressing instances of application defined data types as well as a convention for representing remote procedure calls and responses.

It is important to note that the T-box can control the network element from the applet directly to the T-box without control from additional servers. The applet is a JAVA program that runs within the web browser. However, any application written in any language can talk to the network element through the T-box using SOAP as one protocol.

An upward flow of data from a network element 34 to the web browser 16 in the first CPU 12 will now be described. The network element 34 sends a message to the T-box 32 over, perhaps, the ethernet as shown by Step 1. The T-box 32 includes a parser therein and utilizes the parser to translate the response received from the network element 34 into a SOAP response and sends this response to the NEA 28 at Step 2. It is noted that a plurality of NEAs would be utilized and the message relayed from the T-box 32 would be sent to the NEA 28 which is managing that particular network element. At Step 3, the NEA 28 forwards the nodal response created therein to the NMA 26. The NMA then forwards the entire transaction response to the RWS 24 at Step 4. The RWS 24 will then forward this response to the SOAP server 22 at Step 6, as well as to the database 30 at Step 5. The SOAP server 22 would then forward the response to the web server 20 which in turn would send the response back to the web browser 16 in the first CPU 12.

FIG. 2 illustrates a downward message flow from the CPU 12 ultimately to a network element 34. Initially, the web browser 16 will connect to the web server 20 at Step 2. In this case, the web server will automatically upload the applet that will prompt the user for a command and a set of attributes used to control the network element 34. If authorized by the user, the web browser 16 would then be connected to the web server 20 in the second CPU 14 as shown by Step 2. At this point, the web browser will then build and send an HTTP-SOAP envelope to the web server 20. Upon receipt of the SOAP envelope, the web server 20 will immediately route it to the SOAP server 22 as shown by Step 3. Once the SOAP server 22 determines that a proper request has been made, it will be forwarded across the firewall 36 to the RWS server 24 as shown by Step 4. At Step 5, the RWS 24 will modify the request if required and then store it in the database 30. The RWS server will also forward the request to the NMA 26 as shown by Step 6. The NMA 26 will process this message and forward the necessary subcomponents to the proper NEA 28 for nodal processing. Step 8 indicates that the NEA 28 will forward the appropriate single-space command to the T-box 32. The T-box 32 will formulate and send the proper translation for the command to the network element 34 across the ethernet as shown by Step 9.

FIGS. 3 and 4 illustrate the alarm path network of the system of the present invention also indicating that the architecture is very scalable and allows for several NMAs as well as several NEAs and one or more GUIs and T-boxes. As alarms are received by the NEAs, they are immediately forwarded to the NMA for further processing and forwarding. Alarms can be received by the NEA at any time and are discriminated via the header field. Thus an in-progress provision cannot get confused with alarms being interpreted as responses. The directions of the alarm message will be from the Network Element to the T-Box and then to the NEA. The alarm will then proceed to the NMA, the RWS and the GUI (web browser). The alarms, by nature, go from the hardware equipment to the web browser.

A user that connects to the RWS from a GUI will register with the alarm distributor class for alarms. As alarms are received by the NEA, they are immediately forwarded to the NMAs for further processing and forwarding. Alarms can be received by the NEA at any time and are discriminated via the header field. The header attribute "alarm" indicates to the SOAP senders that this is an alarm data object. The body attributes contained in the rest of the alarm information. These attributes are such as NE name and message text.

The present invention employs a TCP/IP network with a connection to the internet. The network has a firewall between itself and the internet. It is possible for a network administrator to access and configure all equipment on the network through the use of telnet, SNMP, and other network management tools. These tools can only be used from behind the firewall. The firewall will, however, prevent these connections from being made from behind the firewall. With the present invention, it is now possible to HTTP connections which are still left open by the firewall to send in SNMP commands to the equipment beyond the firewall. This would allow the present invention to control the bandwidth being assigned to any part of network. This would also enable ISPs and other providers of bandwidth to sell bandwidth in a more dynamic manner because the bandwidth could be adjusted to meet demands more quickly and easily than currently possible.

The present invention also has the ability to allow a single network administrator to administer networks in different geographic locations. For example, if a service provider is located in Canada, network elements can be connected to a T-box in Canada utilizing a serial cable, an ethernet cable to a hub. The provider would then send email to a customer located, for example, in the United Kingdom confirming this connection. The customer would then email to an engineering technical support team located, for example, in China so that it can assign the correct IP addresses to the switches through a web interface. After these addresses are quickly assigned, the switches are registered for technical support if debugging will be required. The debugging of the switch can be done in various locations through the web interface. Once the registration is completed, the user will start provisioning of the network element using the web interface. Using one or more of the screens of the GUI, the provider in Canada will make selections relating to various equipment that must be connected. When the T-box in Canada receives a generic command, it will make a decision to translate this to CLI or SNMP for the network element. Most of the debugging commands usually include CLI access.

In a second scenario, several computers and peripheral devices are connected to one switch. It is noted that this switch can be used to enable or disable different ports that are used to connect the different devices together via the switch. Furthermore, the speed of the data that travels through these ports can also be altered.

In this manner, traffic can be regulated through the system. Alternatively, different virtual local area networks can be created and connected to that one switch. This is done for the purposes of isolating data that users can share on the computers or to isolate peripheral devices.

The present invention can be utilized to control "smart" devices such as computerized appliances and the like. In a home computerized environment, equipment can help the homeowner with climate control. The present invention can interface with electrical, wired or wireless devices or equipment. In such a scenario, the present invention can be used to program these devices and help in the automation process. The present invention is also capable of interfacing with wireless data systems and devices as well as interfacing with medical devices, distant learning equipment and various other telecommunications equipment.

The present invention offers a highly distributed network management application by using an XML based communication protocol. The translator for the XML based protocol to SNMP or TL1 can be embedded in a small hardware device serving as a web server controlling a number of network elements.

Whereas the preferred form of the present invention has been shown and described herein, it should be realized that there can be many modifications, substitutions and alterations thereto.

Inventors
Linderman, Michael;
Assignee
Lab 7 Networks, Inc. (Ottawa, CA)
Published
Feb-28-2006
Current US Classes:
709/230
719/318
Application #
867469
International Classes
G06F 15/16 (20060101)
Field of Search
709/230 709/318 709/330 719/330 719/318
Examiner
Follansbee; John
Agent
Hoffman, Wasson & Gitler, P.C.
US Patent References:
6457066
6772216

Same subclass

Computer user aiding system, computer user aiding method and storage medium storing program therefor	6466897
Method and system for managing subscriptions using a publisher tree	6772418
Method and apparatus for using multiple paths for processing out of band commands	6983330
Method and apparatus for implementing alerts on a browser running on a portable handheld device	6920637
Method, apparatus, and program for a state machine framework	7010778
System and method for managing the distribution of events in a data processing system	6823524
System for interconnecting software components in an object oriented programming environment using a separate editor object for each run-time object instantiated for each selected component	5652888
Document processing system with a multi-platform application programming interface	6546396
Method and apparatus in a data processing system for generating alternative views of client applications	6675228
Dynamically adapting between pessimistic and optimistic notifications to replicated objects	6952829
System and method for providing configurable security monitoring utilizing an integrated information portal	6542075
Method and apparatus for monitoring a communication link based on TCP/IP protocol by emulating behavior of the TCP protocol	6178450

Same class

Universal communication mechanism for applications running in a multitasking environment	6535929
Device driver and adapter binding technique	4649479
Method and apparatus for medical image display for surgical tool planning and navigation in clinical environments	6614453
Network image scanning system which transmits image information from a scanner over a network to a client computer	6256662
Method for expanding in friendly manner the functionality of a portable electronic device and corresponding portable electronic device	7036130
Method and system enabling both legacy and new applications to access an InfiniBand fabric via a socket API	6895590
Interaction arrangement for a sequence of interactions providing a service to a user	6941337
Tools and techniques for instrumenting interfaces of units of a software program	7039919
System and method for performing context checks	6453311
Distributed component system management using machine-independent activation requests	6970903
Object-oriented transaction computing system	6424989
Method of inter-process communication in a distributed data processing system	4694396

Consider this

Method for implementing computer applications in an object oriented manner using a traditional non-object oriented programming language	5446902
Object oriented file system in an object oriented operating system	5758153
System, method and article of manufacture for providing dynamic user editing of object oriented components used in an object oriented applet or application	5842020
Systems, methods and computer program products for generating an object oriented application for an object oriented environment	6023578
Object-oriented communications framework system with support for multiple remote machine types	6430740
Method and system for transforming a textual form of object-oriented database entries into an intermediate form configurable to populate an object-oriented database for sending to java program	6598052
Manipulation of an object-oriented user interface process to provide rollback of object-oriented scripts from a procedural business logic debugger	6671875
System for iteratively designing an object heterarchy in an object-oriented computing environment	6678880
Object-oriented communications framework system with support for multiple remote machine types	6691299
Object oriented apparatus and method for providing context-based class replacement in an object oriented system	6957228