Networking as a service

摘要

Networking as a Service (NaaS) delivers network services using remote appliances controlled by a hosted, multi-tenant management system. The system may include a heartbeating process for communication between a web-based server and appliances, in which the appliances periodically contact the management system on the server. The heartbeating process allows the appliances to maintain a completely up-to-date configuration. Furthermore, heartbeating allows for comprehensive monitoring of appliances and for software distribution. The system may also include means for authenticating appliances, without the need for pre-installed PSKs or certificates.

主权项

1. A method comprising:
discovering local devices, network services, and an uplink carrier associated with a network; configuring the network using a business wizard and a library of network configurations; forming and maintaining the network as a secure network; monitoring networking devices of the network using a heartbeat process; auto-upgrading software implemented in the network; authenticating a networking device of the networking devices that does not have a pre-shared key to a Web service; receiving a Web request from a user associated with the Web service and the networking device; fielding the Web request at a captive portal, wherein the captive portal sends a splash screen HTML response that has a redirect to an HTTPS link to a Web service login server associated with the Web service with information in a redirect URL of the captive portal about the networking device, wherein the information includes a MAC address of the networking device; receiving a request at the Web service login server; generating a short-lived number used once (NONCE) and storing the short-lived NONCE in association with the MAC address at the Web service login server; sending from the Web service login server a login form, wherein the user is prompted to enter a device password into the form; validating the password at the Web service login server, wherein the Web service login server responds to a correct password with a confirmation page, placing a stub in the confirmation page with the redirect URL and the short-lived NONCE; receiving an HTTP POST of the generated NONCE at the captive portal; handshaking between a heartbeat daemon and a heartbeat server over HTTPS: receiving the NONCE at the heartbeat server in a next scheduled heartbeat cycle, before the NONCE expires, wherein the heartbeat server looks up the MAC address to validate the NONCE and, if valid, sends a cryptographic hash of the password; wherein the heartbeat daemon uses the cryptographic hash as an authentication token for subsequent heartbeats.