Policy exchange and management for Policy Compliance and Change Detection System in managed service in data networks

Greater frequencies of change to network devices configuration is a potentially disruptive factor in an already complex and challenging networked universe. Changes may lead to potential configuration errors, policy violations, inefficiencies, vulnerable states, and security threats that are “allowed in” through faulty or non-compliant configurations. The current Network Management landscape is in dire need for an automated process to prioritize and manage risks, audit configurations against internal policies or external best practices, and provide centralized reporting for monitoring and regulatory purposes in real time. Our proposed Policy Compliance and Change Detection System is implemented using two modules: The Runtime Compliance Manager (RCM), and the Common Policy Language (CPL). The CPL is used to express device and organizational policies, and was detailed. This paper describes the design requirements for policy exchange and management between the Policy Decision Control Server and the Policy Clients, and describes the methods for keeping the policy between the Policy Client and the Policy Decision Control Server in sync despite network interruptions.