Host state monitoring

摘要

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a host state machine. In one aspect, the method includes defining a state machine in a memory of a data processing apparatus, the state machine comprising a plurality of states, and wherein network access for a host device is controlled in each state according to one or more network access zones associated with the state, each network access zone defining network access capabilities for the host device; monitoring, by the data processing apparatus, host devices attempting to access the network and host devices that have access to the network; and transitioning, for each host device, a state of the host based on the monitoring and a current state of the host.

主权项

1. A method for controlling access to a network, the method performed by a data processing apparatus, the method comprising:
defining a state machine in a memory of the data processing apparatus, the state machine comprising a plurality of states, and wherein network access for a host device is controlled in each state according to one or more network access zones associated with the state, each network access zone defining network access capabilities for the host device; monitoring, by the data processing apparatus, host devices attempting to access the network and host devices that have access to the network, wherein monitoring of a particular one of the host devices includes determining whether an agent is present on the particular host device; transitioning, for each host device, a state of the host based on the monitoring and a current state of the host,
wherein the plurality of states include at least a user detection preadmission state during which a user identifier associated with the host device is to be mapped to a user role, and a remediate preadmission state during which HTTP traffic from the host device is to be directed to a remediate portal managed by the data processing apparatus and configured to download agents onto host devices determined not to include an installed agent, the agent being configured to provide health data indicating a health level of the host device, andwherein transition from the preadmission state to the remediate preadmission state is based on the user role identified for the user identifier associated with the host device; storing in the memory of the data processing apparatus, for each monitored host device attempting to access the network or that has access to the network:
host attributes of the host device that identify the host; andthe state of the host; and controlling network access of the host device according to the one or more network access zones associated with the state of the host device.