Peer configuration analysis and enforcement

摘要

The states or configurations of peer hosts within a host class may be analyzed and enforced by comparing records of the respective systems' states or configurations to one another and taking steps to address any inconsistencies between the records. In such a manner, the respective systems within the host class may identify, analyze and/or correct any changes in states or configurations of any of the systems, which may have been caused by a malfunction or security breach. The configurations may include one or more of a set of data, a version of a software application, a level of permission, a particular operational setting or any other element of operation. The hosts may be defined as peers based on a common location or a common function of each of the systems, or on any other basis, and the records may include any relevant data relating to the states or configurations of each of the systems.

主权项

1. A computer-implemented method for maintaining a class of systems in a preferred configuration comprising:
defining the class of systems using at least one computer processor; designating at least one of the systems in the class of systems as a configuration standard, either singly or jointly, using the at least one computer processor, wherein the at least one of the class of systems has the preferred configuration; generating, in response to the designating the at least one of the systems in the class of systems as the configuration standard, a statement of a configuration of the configuration standard using the at least one computer processor, wherein the statement of the configuration of the configuration standard comprises an indicator of a set of data residing on the configuration standard and an indicator of a version of at least one software application operating on the configuration standard; receiving, from a first one of the class of systems over a network, a statement of a configuration of the first one of the class of systems, wherein the statement of the configuration of the first one of the class of systems comprises an indicator of a set of data residing on the first one of the class of systems and an indicator of a version of at least one software application operating on the first one of the class of systems, and wherein the first one of the class of systems is not the configuration standard; comparing the statement of the configuration of the configuration standard to the statement of the configuration of the first one of the class of systems using the at least one computer processor; determining that the statement of the configuration of the configuration standard is not equivalent to the statement of the configuration of the first one of the class of systems; and transmitting a data package comprising a configuration change to at least one of the configuration standard or the first one of the class of systems.