| Secure network identity allocation -> Monitor Keywords |
|
|
 
Secure network identity allocationRelated Patent Categories: Multiplex Communications, Pathfinding Or Routing, Combined Circuit Switching And Packet SwitchingSecure network identity allocation description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20080025292, Secure network identity allocation. Brief Patent Description - Full Patent Description - Patent Application Claims
BACKGROUND OF THE INVENTION [0001] The present invention relates to the connection of system units to a network. [0002] In a computer network, the system units connected to the network are provided with respective identities (e.g., respective network addresses). It is important that conflicts between network identities are avoided as conflicts can lead to fault conditions occurring on the network. [0003] The responsibility for allocating network identities can be achieved in many different ways, depending on the configuration of the network. In some systems, the network identities can be allocated centrally. In other examples, the network identities can be set in each of the system units connected to the network. [0004] A secure method of allocating network identities is needed, that can accommodate failures of a unit that is responsible for allocating network identities. [0005] The present invention seeks to address this. SUMMARY OF THE INVENTION [0006] According to one aspect, the invention provides a computer system connectable to a network. The computer system includes a plurality of processing units, each of the processing units are provided with a respective network identity for communication with the network. At least one service processor is operable to allocate network identities to the processing units. A switch is provided for interconnecting the processing units to the network. The switch is operable to maintain a record of the network identities allocated to the processing units by the service processor and filters network access by each processing unit such that network access is blocked where a processing unit identity does not correspond to that held by the switch. [0007] In order to allocate network identities to processing units in a multi-processor system, a service processor can be used. However, in order to maintain high availability, the servers should be able to reboot when the service processor is unavailable. In view of this there is a need to provide protection against duplicate nodes being introduced into the network in the event that the service processor fails. By maintaining a record in the switch of the network identities allocated to the processing units by the service processor, and filtering network access by each processing unit, network access can be blocked by the switch where a processing unit identity does not correspond to that held by the switch. Accordingly, access by a processing unit that has been changed or where its network identity has otherwise changed, can be prevented, maintaining the integrity of the network. [0008] The switch can comprise an array of ports, each port being associated with at least one register for holding a network identity for a processing unit associated with said port. The switch can further comprise a controller operable to receive a network identity for a processing unit from the service processor and to store the network identity in the register for the port associated with the processing unit. Each port is associated with an array of registers for holding rules for controlling network access. The switch is operable to filter network access, following establishment of the record of network identities in the switch, irrespective as to whether the service processor remains operational. [0009] The service processor comprises non-volatile memory, the network identities for the processing units being held in the non-volatile memory. Alternatively, or in addition, the service processor comprises a reader for a removable storage medium, the network identities for the processing units being supplied to the service processor in a removable storage medium. [0010] An embodiment of the invention forms a high density server system and the processing units are computer servers, for example blade servers. The computer system can include at least one rack mountable shelf, each shelf including at least one service processor and a plurality of computer servers. [0011] A particular embodiment has redundant switch and service processor modules, each server processor being configured to allocate the same network identities to the respective computer servers and each switch being connected to each of the computer servers and maintaining a record of the network identities allocated to the respective computer servers by the service processors. [0012] A further aspect of the invention provides a method of connecting processing units of a computer system to a network wherein each of a plurality of processing units requires a respective network identity for communication with the network. The method includes at least one service processor allocating network identities to the processing units. A switch, that is operable to interconnect the processing units and the service processor to the network, maintains a record of the network identities allocated to the processing units by the service processor. The switch filters network access by each processing unit such that network access is blocked where a processing unit identity does not correspond to that held by the switch. [0013] Another aspect of the invention provides a computer server system connectable to a network. The computer server system comprises a carrier supporting a plurality of server blades, each server blade being provided with a respective network identity for communication with the network. It also comprises at least one carrier service processor operable to allocate network identities to the server blades. A carrier switch can be operable to interconnect the server blades and the carrier service processor to the network. The switch can maintain a record of the network identities allocated to the server blades by the carrier service processor and filtering network access by each server blade such that network access is blocked where a server blade identity does not correspond to that held by the switch. [0014] Further aspects and advantages of the invention will become apparent from the following description of particular embodiments. BRIEF DESCRIPTION OF THE DRAWINGS [0015] Embodiments of the present invention will be described hereinafter, by way of example only, with reference to the accompanying drawings in which like reference signs relate to like elements and in which: [0016] FIG. 1 is a schematic representation of an architecture of a multiprocessor system for supporting a web site; [0017] FIG. 2 is a schematic representation of a racking system incorporating an example of a carrier in the form of a rack-mountable shelf according to a first example; [0018] FIG. 3 is a front view of an example of a carrier in the form of a shelf of FIG. 2; [0019] FIG. 4 is a rear view of an example of the shelf of FIG. 2; [0020] FIGS. 5A, 5B and 5C are schematic perspective views and a schematic exploded view respectively of an example of an information processing cartridge for mounting in the shelf of FIG. 2; [0021] FIG. 5D is a schematic perspective view of an example of an information processing cartridge for mounting in the shelf of FIG. 2; Continue reading about Secure network identity allocation... Full patent description for Secure network identity allocation Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Secure network identity allocation patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Secure network identity allocation or other areas of interest. ### Previous Patent Application: Portable voip service access module Next Patent Application: Method and apparatus for providing secure blast calls Industry Class: Multiplex communications ### FreshPatents.com Support Thank you for viewing the Secure network identity allocation patent info. IP-related news and info Results in 0.16066 seconds Other interesting Feshpatents.com categories: Tyco , Unilever , Warner-lambert , 3m 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
