| CPC H04L 63/0263 (2013.01) [H04L 63/0236 (2013.01)] | 20 Claims |
|
1. A method for updating network policies, the method comprising:
for each host in a subset of hosts, determining a plurality of policies relevant to the host, wherein each policy of the plurality of policies permits or prevents a network connection between the host and one or more computer systems, and determining a difference between the plurality of policies relevant to the host and a plurality of policies relevant to the host determined at an earlier time, wherein the determining of the difference comprises, for each host in the subset of hosts, by a corresponding difference service of a plurality of difference services:
generating a difference file, the difference file recording deleted policies; and
storing the generated difference file in a directory storing the plurality of policies relevant to the host;
wherein the difference service for the host consumes files to compare from a message bus, the files to compare output by a corresponding simplify service for the host, the simplify service for the host filtering information from a compressed policy file, the compressed policy file comprising the plurality of policies relevant to the host; and
for each host in the subset of hosts, installing the plurality of policies relevant to the host.
|