Abstract: A computer-implemented method for remotely configuring applications may include (1) identifying a centrally administered application that includes a configuration specification that defines at least one setting available for the centrally administered application and that is prepared to provide the configuration specification, (2) identifying, by extracting the configuration specification for the centrally administered application, a settings field of the configuration specification, (3) creating a settings configuration policy that specifies a value for the settings field, (4) detecting an instance of the centrally administered application that includes the configuration specification, and (5) pushing the value for the settings field to the instance of the centrally administered application in accordance with the settings configuration policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Processes are disclosed in which an index value is generated for locating a security association in a security association database, such as an inbound SAD associated with the IPsec set of protocols. The index value is specified for insertion into a Security Parameter Index (SPI) field of a packet header, such as an IPsec header. For packets that are to be secured according to the policies and protocols identified in the header and the security association and that are transmitted to a particular network device or host, the index value is inserted into the SPI field of the packets by a packet sender. The packet is then parsed by a packet receiver, the index value determined from the SPI and used to identify the security association in the SAD, based solely on the index value determined from the SPI. Hence, a simple and efficient mechanism is provided for fast inbound security association lookups.

Abstract: Mechanisms for storing and searching a hierarchy of policies and associations thereof are disclosed which may be particularly useful for implementing security protocols, such as, but not limited to Internet Protocol security (IPsec). For example, a hierarchy of policies is stored in a search priority order in an associative memory, with each association of a particular policy stored higher in the search priority than its associated policy and after any other policy. Therefore, a lookup operation on the associative memory will identify a matching association, if one, else its matching policy. A match of a policy instead of an association may result in a corresponding association being added in the appropriate location. For IPsec implementations, the lookup word is typically derived from the packet, with this packet being typically processed based on the identified policy or association.

Abstract: Mechanisms for storing and searching a hierarchy of items are disclosed which may be particularly useful for implementing security policies and security associations, such as, but not limited to Internet Protocol security (IPsec). A hierarchy of items is stored in a search priority order. Multiple element definitions and groups of elements are identified. Representations of the element definitions and elements are stored in a prioritized searchable data structure in decreasing search priority such that representations of each particular element definition is stored after representations of a set of particular elements associated with the particular element definition and before representations of lower priority element definitions and their associated elements. The element definitions may include Internet Protocol security policies and the elements may include Internet Protocol security associations. The searchable data structure may include an associative memory or a plurality of associative memory entries.