| 摘要 |
There are provided a computer-implemented connectivity manager and a method of managing connectivity between resources in a computer network using the connectivity manager. The method comprises: generating a connectivity specification of a given application, said specification comprising one or more connections generated in accordance with received by the connectivity manager user's definition of network resources and connections therebetween required to the given application, each connection characterized by one or more source resources, one or more destination resources and services therebetween; recognizing, by the connectivity manager, all access-control devices among the plurality of access-control devices, which are involved in controlling all connections comprised in said connectivity specification; identifying, by the connectivity manager, in each of the recognized access-control devices, access-control rules engaged in control of connections comprised in said connectivity specification; and mapping, by the connectivity manager, said connections comprised in said connectivity specification to the identified engaged access-control rules. |
| 主权项 |
1. A method of managing connectivity between resources in a computer network comprising a plurality of access-control devices controlling a connectivity between the network resources in accordance with a plurality of access-control rules, the method comprising:
a. generating, by a connectivity manager, a connectivity specification of a given application, said specification comprising all connections corresponding to received by the connectivity manager definition of a connectivity specified by a user with respect to the given application, each connection characterized by one or more source resources, one or more destination resources and services therebetween; b. recognizing, by the connectivity manager, all access-control devices among the plurality of access-control devices which are involved in controlling all connections comprised in said generated connectivity specification, wherein at least one access-control device is involved in controlling at least one connection which is not comprised in said generated connectivity specification; c. identifying, by the connectivity manager, in each of the recognized access-control devices, all access-control rules which are engaged in control of connections comprised in said connectivity specification, wherein the plurality of access-control rules comprises at least one rule which is not engaged in control of connections comprised in said connectivity specification; d. mapping, by the connectivity manager, said connections comprised in said connectivity specification to the identified engaged access-control rules, wherein the results of said mapping are indicative of changes to be made in the engaged access-control rules in order to provide the connections comprised in the connectivity specification and/or in a client's connectivity request addressed to the given application; and providing, in response to said mapping, at least one of the following: automatically amending the engaged access-control rules in accordance with said results of said mapping; issuing, by the connectivity manager, one or more tickets related to the access-control devices and specifying said changes; evaluating, by the connectivity manager, a connectivity status of at least one connection in the given application in accordance with said results of said mapping; evaluating, by the connectivity manager, a connectivity status of the given application in accordance with said results of said mapping. |
