WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
System and method of configuring a remotely managed secure network interface    

Get related patents on CD
United States Patent6012100   
Link to this pagehttp://www.wikipatents.com/6012100.html
Inventor(s)Frailong; Jean-Marc (Palo Alto, CA), McManis; Charles (Sunnyvale, CA), Price; Charles A. (San Jose, CA), Herbert; Mark James (San Jose, CA), Gastinel; Jean Antoine (Mountain View, CA), Tardo; Joseph John (Palo Alto, CA)
AbstractThe present invention discloses a network interface device for connecting a client computer system to an external network. The network interface device is configured for the client system by automated procedures and protocols initiated from a remote server. Software programs within the network interface device provide transparent communication between the client computer system and services available on the external network. Similar software programs and a configuration database within the network interface device provide transparent communication between the client computer system and the remote server.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History Custom Search
Inventor     Frailong; Jean-Marc (Palo Alto, CA) , McManis; Charles (Sunnyvale, CA) , Price; Charles A. (San Jose, CA) , Herbert; Mark James (San Jose, CA) , Gastinel; Jean Antoine (Mountain View, CA) , Tardo; Joseph John (Palo Alto, CA)
Owner/Assignee     Freegate Corporation (Sunnyvale, CA)
Patent assignment
All assignments
Company News
Publication Date     January 4, 2000
Application Number     08/892,522
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     July 14, 1997
US Classification     709/250 709/220 709/223
Int'l Classification    
Examiner     Maung; Zarni
Assistant Examiner    
Attorney/Law Firm     Blakely, Sokoloff, Taylor & Zafman LLP
Address
Parent Case     CROSS REFERENCES TO RELATED APPLICATIONS The present application is related to the following co-pending U.S. Patent applications: U.S. Patent application entitled, "Initializing and Reconfiguring a Secure Network Interface", having application Ser. No. 08/892,301, and filed on Jul. 14, 1999; U.S. Patent application entitled, "Upgrading a Secure Network Interface", having application Ser. No. 08/897,214, and filed on Jul. 14, 1999; which are assigned to the assignee of the present invention.
Priority Data    
USPTO Field of Search     395/200.5 395/200.53 395/200.54 395/200.55 395/200.62 395/200.47 395/200.33 395/200.8 709/250 709/223 709/220 709/224 709/225 709/232 709/203
Patent Tags     configuring remotely managed secure network interface
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5870552
Dozier

Feb,1999
[0 after 0 votes]		5857190
Brown

Jan,1999
[0 after 0 votes]
5835724
Smith
709/227
Nov,1998
[0 after 0 votes]		5832487
Olds

Nov,1998
[0 after 0 votes]
5758074
Marlin

May,1998
[0 after 0 votes]		5742762
Scholl
709/200
Apr,1998
[0 after 0 votes]
5623601
Vu
726/12
Apr,1997
[0 after 0 votes]		5475819
Miller

Dec,1995
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B

[0 market size comments]
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 market share comments]
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%

[0 reasonable royalty comments]
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A

[0 Guesstimation of Royalty Value Comments]
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 license availability comments]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
[0 owner/assignee comments]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]

[0 competitive advantage comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]

[0 commercial alternatives comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


What is claimed is:

1. A method of securely providing a service to a client computer coupled to a first network, said method comprising the steps of:

providing said service in a network interface device coupled between said first network and a second network;

providing a service request from said client computer to said network interface device, said service request capable of altering said service in said network interface device;

transmitting said service request to a configuration manager, said configuration manager configured to provide an application program interface between a user interface on said client computer and said service; and

transmitting said service request from said configuration manager to a service manager, said service manager being configured to provide an application program interface between said configuration manager and said service.

2. The method of claim 1 further comprising the steps of:

receiving one or more diagnostic messages from said service in a diagnostic log process;

transmitting said one or more diagnostic messages to one or more diagnostic agents, each diagnostic agent being configured to automatically receive a predetermined type of message from said diagnostic log process;

transmitting one or more reporting messages from said one or more diagnostic log agents to a reporting process, said reporting process being configured to receive reporting messages from said one or more diagnostic agents; and

transmitting commands from said reporting process to a user interface on said client computer based on said reporting messages.

3. The method of claim 1 wherein said service request is input to said user interface on said client computer.

4. The method of claim 1 wherein said service request is generated by a process on a remote management server, said remote management server coupled to said network interface device through said second network.

5. The method of claim 1 wherein said service request is generated by a process on a remote management server, said remote management server coupled to said network interface device through an alternate communication network.

6. The method of claim 1 wherein said service manager is further configured to perform a syntax check on said service request, said syntax check comprising a first level test and a second level test, wherein

said first level test comprises a test of a parameter included in said service request and a failure of said first level test results in a rejection of said parameter; and

said second level test comprises a test of the entire service request and a failure of said second level test results in a rejection of said service request.

7. The method of claim 4 further comprising the step of establishing a trust relationship between said first network and said second network, said trust relationship implemented through cryptographic encoding of communications between said first network and said second network through said network interface device.

8. In a network interface device, a method of providing one or more services to a client computer on a first network, the method comprising the steps of:

providing a configuration manager server process, said configuration manager providing an application program interface between said client computer and said one or more services allowing for alteration of said one or more services;

providing a database for storing configuration and status information related to said one or more services accessed by said client computer; and

providing one or more service manager dynamic library processes, each service manager corresponding to one of said one or more services, each service manager providing an application program interface to a corresponding service and adapting commands and data transfers between said corresponding service and said configuration manager.

9. The method of claim 8 further comprising the steps of:

providing a diagnostic log process which is configured to receive diagnostic and error messages from said one or more services;

providing one or more diagnostic agents, each of which are configured to automatically receive a predetermined type of diagnostic message from said diagnostic log process; and

providing a reporting process which is configured to receive reporting messages from said one or more diagnostic agents and send commands to a user interface on said client computer based on said reporting messages.

10. The method of claim 8 wherein said configuration manager is configured to accept a service request from either said user interface on said client computer or a remote process on a remote management server coupled to said network interface device through a second network.

11. The method of claim 8 wherein said service request includes one or more program instructions which initially configure said network interface device for operation on said first network in accordance with system software of a first revision level.

12. The method of claim 8 wherein said service request includes one or more program instructions which upgrade said network interface device for operation on said first network in accordance with system software of a second revision level.

13. The method of claim 8 wherein said service request comprises a reconfiguration notification, said reconfiguration notification including one or more data words to be stored in said database.

14. The method of claim 8 wherein said service managers are implemented in architecture independent program modules, said service managers capable of being loaded on demand by said configuration manager, and wherein said configuration manager is also implemented in an architecture independent program module.

15. A system for interfacing a first network to a second network, wherein said system provides one or more network services, said system comprising:

means for receiving a network service request directed to one of said one or more network services;

means for managing configuration information and adapting said request to a format recognized by said system allowing for alteration of said one or more network services;

means for storing data related to configuration of said system; and

means for adapting said request to a format recognized by said network service to which said network request is directed.

16. The system of claim 15 further comprising

means for receiving diagnostic information generated by said network service;

means for responding to said diagnostic information based on the type of diagnostic message contained within said diagnostic information and content of said diagnostic message; and

means for transmitting a command to a user interface on said computer coupled to said first network in response to a pre-determined type of diagnostic message.

17. The system of claim 15 wherein said service request is input to a user interface on said computer coupled to said first network.

18. The system of claim 15 wherein said input request is generated by a remote process executed on a remote management server coupled to said system through said second network.

19. The system of claim 15 further comprising push-button means for resetting said system, said push-button means accessing a first reset state and a second reset state, and wherein

said first reset state causes the execution of a diagnostic program by said system, said first reset state being accessed by depressing said push-button means for a first duration; and

said second reset state causes a restart of said system, said second reset state being accessed by depressing said push-button means for a second duration.

20. An article of manufacture embodying a program of instructions executable by a machine for securely providing a service to a client computer coupled to a first network, the program of instructions including instructions for:

providing said service in a network interface device coupled between said first network and a second network;

providing a service request from said client computer to said network interface device, said service request capable of altering said service in said network interface device;

transmitting said service request to a configuration manager, said configuration manager configured to provide an application program interface between a user interface on said client computer and said service; and

transmitting said service request from said configuration manager to a service manager, said service manager being configured to provide an application program interface between said configuration manager and said service.

21. An article of manufacture according to claim 20, wherein said program of instructions further includes instructions for:

receiving one or more diagnostic messages from said network service in a diagnostic log process;

transmitting said one or more diagnostic messages to one or more diagnostic agents, each diagnostic agent being configured to automatically receive diagnostic messages from said diagnostic log process, and each diagnostic agent being configured to receive a predetermined type of message from said diagnostic log process;

transmitting one or more reporting messages from said one or more diagnostic log agents to a reporting process, said reporting process being configured to receive reporting messages from said one or more diagnostic agents; and

transmitting commands from said reporting process to a user interface on said client computer based on said reporting messages.
 Description Submit all comments and votes
 


FIELD OF THE INVENTION

The present invention relates generally to the field of computer networks, and more particularly to a method of configuring and upgrading a network interface device.

BACKGROUND OF THE INVENTION

The Internet is rapidly becoming an important source of information and electronic communication for users of computers in homes and businesses. A major problem associated with the Internet, however, is the difficulty faced by typical computer users in connecting their computers or local area networks to the Internet. A computer user desiring to connect to the Internet must make many critical decisions, such as which communication medium to use, which Internet Service Provider to subscribe to, how to secure their network interface, and which network services to utilize. Business managers in charge of local or wide area networks must also address questions related to the type and configuration of computer networks which are to be connected to the Internet, and other such external networks (referred to as `internets`). Unlike installing a new telephone system, installing an external network connection requires an understanding of many different, and often confusing, communication protocols, network services, connection media, and computer network practices.

Connecting a computer network to an internet requires a service account and a data communication line to access the various networks that make up the internet. A dedicated Wide Area Network (WAN) connection to an internet is typically provided by a commercial Internet Service Provider (ISP). The ISP acts as the intermediary between the user and the network backbone servers which provide access to the various networks within the internet. Several different data communication lines are available to connect a computer or LAN to the internet. Common data communication lines include analog modems (14.4 Kbaud-56 Kbaud), ISDN (Integrated Services Digital Network), T1 lines, Fractional T1 lines, and several others.

Obtaining an internet connection typically requires the user to order an internet account and address block from an ISP, install the appropriate phone lines for the data communication medium (e.g., ISDN line, analog phone line), install the appropriate network interface device between the data communication port and the computer which will serve as the network gateway computer, and configure the network interface device for operation with the user's LAN and in accordance with the network services provided by the ISP. Thus, the initial configuration of the network interface device must be performed by the computer user or LAN manager himself, and often requires extensive knowledge of network protocols, internet services, and LAN requirements. Initial configuration also often involves the entry of complex configuration parameters and options in a database or storage device by the LAN manager. Similarly, an upgrade or reconfiguration of the network interface device requires the user or LAN manager to obtain the upgrade information and perform the upgrade or reconfiguration operation himself. Because no internet services or data communication systems currently provides a comprehensive and reliable means of automatically configuring or updating a network interface connection to an internet, internet access remains a significant challenge to those who lack the requisite expertise or resources to undertake the task.

It is therefore desirable to provide a system for connecting a computer or client network to the internet with minimal user interaction. It is further desirable to provide a system for automatically upgrading or reconfiguring a network interface connection between a computer or client network and an internet.

SUMMARY OF THE INVENTION

The present invention discloses a method and apparatus for initializing, configuring, and upgrading a network interface between a client computer network and an external network.

According to one aspect of the present invention, a network interface device is provided to connect a client computer network to an external network. The network interface device is provided to the client user in an initially unconfigured state. The network interface device is configured for the client system by automated procedures and protocols initiated from a remote server. The remote server provides and maintains the client information in a secure database. The use of a secure database and automated procedures minimizes the amount of input required from the user. The network interface device contains application program interfaces which facilitate communication between the client computer system and services available on the external network. The network interface device also contains a configuration database which stores data and parameters related to the configuration of the network interface device. Through the use of the configuration database and the resident application program interfaces, the remote server is able to automatically upgrade or reconfigure the network interface device without user intervention.

Other features of the present invention will be apparent from the accompanying drawings and from the detailed description which follows.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals indicate similar elements and in which:

FIG. 1 illustrates a prior art interface between a client network and an internet.

FIG. 2 illustrates the interface between a client network and an internet according to one embodiment of the present invention.

FIG. 3 is a block diagram illustration of hardware components of the Gateway Interface Device according to one aspect of the present invention.

FIG. 4 illustrates the basic components of the Gateway Interface system software.

FIG. 5 is a functional block diagram of the runtime component of the system software.

FIG. 6 is a flowchart illustrating the process of controlling a service using the runtime component illustrated in FIG. 5.

FIG. 7 is a functional block diagram illustrating the software components of the Gateway Interface system.

FIG. 8 illustrates a registration key to encode user registration information according to one embodiment of the present invention.

FIGS. 9A and 9B are a flow diagram illustrating the procedure of initializing a Gateway Interface Device according to one aspect of the present invention.

FIGS. 10 is a flow diagram illustrating the procedure of upgrading a Gateway Interface Device according to one aspect of the present invention.

FIG. 11 is a flow diagram illustrating the procedure of upgrading a Gateway Interface Device that is part of a virtual private network according to one aspect of the present invention.

FIG. 12 is a flow diagram illustrating the procedure of reconfiguring a Gateway Interface Device according to one aspect of the present invention.

FIG. 13 is a flow diagram illustrating the determination of network addresses by a client computer according to one aspect of the present invention.

FIG. 14 is a block diagram illustrating an example of a hierarchy of key certificates for the security framework according to one embodiment of the present invention.

DETAILED DESCRIPTION

A system for initializing, configuring, and upgrading a network interface device coupling a client Local Area Network (LAN) to a Wide Area Network (WAN) is described. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention.

In one embodiment, the steps of the present invention are embodied in machine-executable instructions. The instructions can be used to cause a general-purpose or special-purpose processor which is programmed with the instructions to perform the steps of the present invention. Alternatively, the steps of the present invention might be performed by specific hardware components that contain hardwired logic for performing the steps, or by any combination of programmed computer components and custom hardware components.

Present methods of interfacing a client LAN to an external network involve installing special data communication lines and network interface devices, and configuring these devices at the client site. FIG. 1 illustrates a typical prior art connection between a client network and an external network. Client network 120 includes a local area network (LAN) 110 containing several network client computers 114. LAN 110 also contains a gateway computer 112 which connects LAN 110 to an external network, such as an internet. LAN 110 may be a network consisting of a number of computers connected in an Ethernet network, a token ring network, an FDDI network, or any similar type of network arrangement. LAN 110 could also consist simply of one computer, such as computer 112, for which external network access is required. LAN 110 interfaces to outside networks through a network interface device 108 connected to gateway computer 112. In other network environments, LAN 110 may interface directly with network interface 108 without passing through a gateway computer 112. In typical home or office situations, network interface 108 can be a modem, an ISDN (Integrated Services Digital Network) interface box, or the like, and can be an interface card within gateway computer 112, or a standalone device which is kept separate from LAN 110 and gateway computer 112, such as in a separate phone closet or other isolated environment.

Network interface 108 provides the connection to an internet over communication line 116. Current internet service for client networks is typically provided by a commercial Internet Service Provider, such as ISP 104. ISP 104 provides the necessary routers and gateway devices for connection to the internet from a client network, and provides various protocol and packet switching functions. Thus, LAN 110 in client network 120, connects to an internet via communication line 116 through an ISP.

In prior art network connection environments such as that illustrated in FIG. 1, ISP 104 simply provides the addresses and logical interface between client network 120 and the internet. The client user is required to install, configure, and maintain the network interface 108 and the interface to the telephone company 106. This requires that the LAN manager for the client network 120 have knowledge of the client LAN environment, as well as required protocol and interface information and various configuration parameters. As the types of network connectivity and the number of services available through the Internet increase, the task of installing, configuring, and maintaining a network interface to the Internet, and other such external networks, becomes more complicated. This increase in network interface complexity results in an increased possibility of improper network access which may cause unreliable service or insecure network connections. Thus, a distinct disadvantage associated with prior art network access scenarios is that the LAN manager for a client network must personally configure and maintain increasingly complex parameters related to both the LAN network protocols and the various network services.

In one embodiment of the present invention, the various physical network interface devices, security functions, and service interfaces are replaced by a single integrated network interface device, hereinafter referred to as a `gateway interface device`. This integrated gateway interface device provides a single point of connectivity for various different types of data communication lines, such as Ethernet and ISDN, and contains a configuration database for the storage of parameters associated with the operation of the network interface. The gateway interface device also contains application program interfaces (API's) for transparent communication between the client LAN and various internet services. The gateway interface device further provides connectivity to a remote server process which provides remote initialization, configuration, and upgrades of the gateway interface device without necessitating extensive user interaction.

FIG. 2 illustrates an improved internet network access of the present invention utilizing the gateway interface device. Like the client network 120 of FIG. 1, client network 220 typically consists of a LAN environment 210 in which several personal or mini-computers are connected through network lines or hubs in a network arrangement. In the present invention, the simple network interface 108, of FIG. 1, which is typically a passive device configurable only from client network 120 through gateway computer 112, is replaced by a gateway interface device 208. Gateway interface device 208 provides the physical and logical connection between LAN 210 and an external network, such as an internet. Data communication ports provided by gateway interface device 208 may include interfaces for analog modems, Ethernet, ISDN, T1 connections, and the like. Gateway interface device 208, also provides an interface to the remote servers and services provided in the present invention. This second means of access allows a secondary service provider to remotely configure, upgrade, and maintain diagnostics related to the network interface. It also facilitates the downloading of configuration parameters, a task which was traditionally left to the client LAN manager. Gateway interface device 208 also provides an efficient means to implement network security such as firewall functions, as well as other router and server functions.

The remote server 206 represents central facility for providing convenient and efficient configuration and maintenance of the gateway interface device. In one embodiment of the present invention, the remote server 206 (hereinafter referred to as the "remote management server") is connected to ISP 204 and maintains a dynamic dialog with ISP 204 to configure and maintain gateway interface device 208 in client network 220. Remote management server 206 interacts with gateway interface device 208 to provide configuration information and upgrade parameters required by the gateway interface device 208. In this manner, remote management server 206 basically serves as a repository for information required by the gateway interface device 208. Such information may include configuration information related to LAN 210, internet address blocks, internet domain names, and data related to the physical and logical interfaces between the client network 220 and ISP 204.

Gateway interface device 208 contains a configuration manager which stores the configuration information transmitted from the remote management server 206. Gateway interface device 208 also contains service adapters which communicate with network services resident in the gateway interface device 208. The service managers are application programming interfaces that provide the required command and data translation for the various services available.

Remote management server 206 and gateway interface device 208 contain security information such as passwords and encryption keys that are used to establish a trust relation sufficient to ensure secure remote configuration and upgrade of gateway interface device 208. By providing a configuration management function within remote management server 206 which is registered with an ISP 204, it is possible to download configuration and upgrade information and parameters to gateway interface device 208 at the time the gateway interface is first installed between the client network 220 and the telephone client 204. This eliminates the requirement that the network administrator program the network interface device with such configuration and initialization information. This system thus greatly reduces the amount of work required to connect client network 220 to an internet.

Gateway Interface Device Hardware

FIG. 3 is a block diagram illustrating representative hardware components within gateway interface device 208 of FIG. 2. Gateway interface device 208 includes central processing unit 316 coupled through a bus 302 to random access memory (RAM) 306, read-only memory (ROM) 308 and mass storage device 310. In one embodiment of the present invention, two mass storage devices 310 and 312 are used to provide redundant storage. Mass storage devices 310 and 312 can be any type of memory device which provides persistent storage of large amounts of data such as hard disk drives, tape drives, or memory cards. In one embodiment of the present invention, mass storage devices 310 and 312 are removable devices which can be moved from gateway interface device 208 to another similar gateway interface device, or removed for replacement by other like mass storage devices with either updated or different data or programs. Mass storage devices 310 and 312 may be installed and configured in a mirrored arrangement, such that identical data is written simultaneously to both drives. This allows a redundant backup functionality such that if one mass storage device fails, the other mass storage device can be automatically and quickly substituted since it contains the same data contained in the first mass storage device. Gateway interface device 208 also contains non-volatile memory in the form of flash memory 304. Flash memory 304 stores critical system parameters and may be upgraded remotely from a remote server such as remote management server 206.

Also coupled to bus 302 is an expansion interface 320. Expansion interface 320 provides physical and logical lines which allow for the installation of industry standard expansion cards to expand the functionality of the gateway interface device 208. Such expansion functions could include additional memory capacity or an alternate network interface means. Gateway interface device 208 interfaces to external networks through a network interface port 314. In one embodiment of the present invention, network interface 314 includes four separate network interface connections and standards. Network interface 314 provides access to modem port 326, WAN interface 324, and Ethernet port 322. In one embodiment of the present invention, two Ethernet ports are provided by network interface 314.

Panel interface 318 provides the main physical interface between the user and gateway interface device 208. In one embodiment of the present invention, panel interface 318 is coupled to a front panel display and control system 330. Display and control system 330 contains two LEDs (light emitting diodes) 334 and 336, as well as push button switch 332. Push button switch 332 serves as an on/off switch as well as a high-level reset switch. If the gateway interface device is powered up and switch 332 is pressed for less than five seconds on, it executes a diagnostic process. If the gateway device is powered up and switch 332 is pressed for more than five seconds, it restarts the gateway interface device. Thus switch 332 allows a user to activate certain diagnostic routines and it provides a reset function in case of a hardware failure of the gateway interface device 208. LEDs 334 and 336 provide an indication of particular operational functions of the gateway interface device 208. Functions that are monitored by LEDs 334 and 336 may include the condition of the client LAN 210, the condition of the physical or logical connections between the client LAN 210 and the telephone company switch box, as well as the internal operation of the gateway interface device 208. The uncomplicated front panel display and control system 330 promotes the ease of use pursued by the present invention. The single push-button switch 332 provides a straightforward means of interaction with the gateway interface device, and dual LEDs provide a simple notification to the user in the event of a failure related to the primary virtual user interface.

System power to the gateway interface device 208 is supplied through power supply 340. Power supply 340 provides the varying voltage levels such (e.g., 12 VDC, 5 VDC, and 3.3 VDC) that may be required by the different devices within the gateway interface device 208. Connected to power supply 340 is an uninterruptable power supply (UPS) battery 344. In one embodiment of the present invention, UPS battery 344 is a small compact unit which provides a charge sufficient only to keep gateway interface device 208 powered up for a smooth shutdown in the event of a hardware or network problem. A smooth shutdown procedure allows time to write critical data to the disks, and power down each of the devices within gateway interface device 208 in a non-destructive manner. Power supply 340 may be configured such that in the event of a hardware or network failure, software controlling operation of the gateway interface device 208 is executed to turn the machine off. In a similar manner, an on/off or reset switch, such as switch 332, may be similarly configured to request software to turn power down the gateway interface device. In one embodiment of the present invention, the user interface to the gateway interface device 208 is limited to front panel interface 318 and the front panel control and indication block 330. Gateway interface device 208 may be packaged in any number of standard package formats. In one embodiment of the present invention, the gateway interface device is packaged in a 19-inch form factor box. This facilitates the installation of the gateway interface device in a standard rack mount such as those commonly used in telephone switching closets, thus allowing the gateway interface device to be mounted in such a closet or other hidden location for unattended operation.

System Software

FIG. 4 is a block diagram illustrating the components within the system software contained in and executed by gateway interface device 208. The gateway interface device system software 400 consists of three main portions. These are the BIOS (basic input/output system) section 402, kernel 404, and run-time section 406. The three components comprising the system software 400 may be stored and executed from read-only memory 308, RAM 306 or any combination of RAM, ROM, and disk within the gateway interface device 208.

BIOS section 402 contains the program code necessary to interface with the hardware within gateway interface device 208, these are typically low-level device drivers. BIOS 402 also contains diagnostic and monitor code as well as a BIOS extension for factoring in new code. Kernel 404 comprises the second layer of system software and contains high-level drivers for the hardware devices within gateway interface device 208, as well as drivers for system services that are required to operate the gateway interface device 208. Kernel 404 also contains task schedulers and an interrupt controller.

The third layer of system software 400 is the run-time section 406. Runtime section 406 contains the management daemons and services required for system control. In one embodiment of the present invention, run-time section 406 is implemented as a console-less version of a standard operating system. The implementation of a console-less operating system runtime allows the system software to operate without user intervention, thus facilitating the remote access capabilities of the present invention. This system also provides an interface to existing network services which are wrapped in a management layer to allow them to be plugged in or interfaced to the system without requiring user intervention or configuration. Such services that may interface with the system software include web service, electronic mail service, and other similar computer programs and application programs.

Runtime Layer

FIG. 5 illustrates the functional relationships among the various components of the software associated with the runtime layer 406 of system software 400. The runtime layer 406 contains management programs for controlling the gateway interface device and provides the program interface between a user interface 502 operating on a computer coupled to client LAN 210, and network services available on an external network. FIG. 5 illustrates the runtime layer 406 as a functional program layer between the user interface 502 and network services 512. One example of a network service which could be represented by network service 512 is the popular Internet Web service, HTTP (hypertext transport protocol). The HTTP service contains a daemon process, HTTPD, which contains text configuration files which control access to, and operation of the web service. The HTTP service allows certain user actions such as editing of text files or changing a process. It should be understood that a number of different services or types of services may be controlled by runtime layer 406, and that service 512 illustrates only one such service.

Runtime layer 406 contains a configuration manager 506 which is an API operating through a remote procedure call (RPC) protocol to communicate commands between the user interface 502 and network services 512. Configuration manager 506 is connected to data store 508 which serves as a database for configuration and system data. Configuration manager 506 communicates to services 512 through services managers 510. One service manager is provided within runtime 406 for each service available to user interface 502. The service managers provide a consistent interface to the various network services. The service managers essentially `wrap` a software management layer around network services to adapt the service for the gateway interface device. Each service manager allows a user, through a user interface, to perform certain service functions, such as bring down the service, reconfigure the service, and bring the service back up.

In one embodiment of the present invention, the configuration manager is a server process that dynamically loads within its own address space service managers which are implemented as dynamic libraries. The service managers 510 implement a particular API so that there is a consistent interface with service managers from the user interface 502. The configuration manager 506 provides an external API which facilitates communication with other programs on the gateway interface device 208, such as user interface 502. All of the network services provided by the gateway interface device 208 are represented by data structures in data store 508 which interface to the services 512 through the configuration manager 506. Through the implementation of the configuration manager and service managers as API's, a consistent communication interface to network services is provided. Thus, turning on a particular service simply requires accessing configuration manager 506 and setting a value in a particular data location. For example, to enable web publishing, the user could select an enabling option button in the user interface 502. User interface 502 then sets the appropriate parameter in the data store 508 to "on". This, in turn, enables the gateway interface device policy for web publishing. As parameters in the data store are changed in this manner, the service managers are notified of these changes in order to maintain currency with available services. Each of the services maintains service configuration files 516 which store configuration information related to the services.

FIG. 6 is a flow chart which illustrates a typical process associated with using or manipulating a service through user interface 502. In step 604 the user requests the start of a transaction involving a network service. A typical transaction may involve one or more service requests. The user then makes a service request through user interface 502 in step 606. The request could be any one of a number of service operations, such as a request to bring the service up or down, reconfigure the service, or any other such operation. The request is input from the user interface 502 to configuration manager 506. In step 608, the configuration manager 506 propagates the request to each service manager which is available within the runtime layer 406. If necessary, the service manager 510 performs any translation or adaptation of the request to a corresponding command recognized by the service. The service manager 510 also checks the request and evaluates the proposed change in the data store 508. Service managers are thus given the opportunity to veto requests or changes to the data store 508 that may potentially crash the system.

The service managers are provided a two level check. One level is a simple syntax check in which a service manager checks the syntax of the request or parameter. If the request contains an improper parameter, the service manager may reject the parameter but accept the request. In step 610, the service manager performs a syntax check. If, in step 612, it is determined that the syntax of the request is not acceptable, the configuration manager notifies the user and ignores the parameter which did not correspond to the correct syntax, step 614. The process then proceeds again from step 606 in which the user is given another opportunity to enter a syntactically correct service request. If it is determined, in step 612, that the syntax of the service request is proper, the configuration