| 主权项 |
1. A computer-implemented method for implementing coordinated management of network security controls, the method comprising:
determining, by a firewall management server in an Infrastructure as a Service (IaaS) management network, a plurality of managed network devices affected by a set of coordinated security policies, wherein the plurality of managed network devices are on routes to at least one of a web server, an application server, and a database server on a cloud based Infrastructure as a Service (IaaS) network, wherein the managed network devices are determined by calculating impact of the set of coordinated security policies based on a network topology; converting, by the firewall management server, the set of the coordinated security policies to a firewall rule configuration for each of the plurality of the managed network devices; adding, by the firewall management server, the firewall rule configuration to a set of firewall rules for the each of the plurality of the managed network devices; and wherein the firewall management server in the IaaS management network comprises a first program executable to provide an interface for a system administrator to view and manage the network security policies, a second program executable to implement the coordinated management of the network security controls, a plurality of the third programs responsible for respective ones of the plurality of the managed network devices and executable to translate the set of the coordinated security policies into the firewall rule configuration, and a database of the network topology. |
