System and method providing automatic policy enforcement in a multi-computer service application
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/173
G06F-015/16
출원번호
US-0843715
(2004-05-11)
발명자
/ 주소
Hunt,Galen C.
Hydrie,Aamer
Levi,Steven P.
Tabbara,Bassam
Van Antwerp,Mark D.
Welland,Robert V.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Lee &
인용정보
피인용 횟수 :
35인용 특허 :
75
초록▼
Systems and methods to enforce policy in a multi-computer service application are described. The application includes multiple software modules that execute on multiple computers. The multi-computer service application has access to a communications medium that allows data communications between dif
Systems and methods to enforce policy in a multi-computer service application are described. The application includes multiple software modules that execute on multiple computers. The multi-computer service application has access to a communications medium that allows data communications between different ones of the computers. The software modules have logical input and output ports and logical data connections between modules. Each logical port is defined by port software. In one aspect, a particular module sends a notification to a policy module. Responsive to the notification, the policy module (a) determines a request for one or more destination modules, and (b) provides the request to an output port of the policy module. The output port forwards the request to input ports of a plurality of the modules in accordance with the logical data connections.
대표청구항▼
The invention claimed is: 1. A computer-implemented method of enforcing policy in a multi-computer service application, the method comprising: monitoring, by a policy module, operation of an application during runtime, the application comprising multiple software modules configured to execute on re
The invention claimed is: 1. A computer-implemented method of enforcing policy in a multi-computer service application, the method comprising: monitoring, by a policy module, operation of an application during runtime, the application comprising multiple software modules configured to execute on respective ones of multiple computers, the software modules being defined by logical input and output ports and logical data connections between respective ones of the software modules; receiving, by the policy module, a notification from one of the software modules indicating a change in operation of the application; responsive to receiving the notification, enforcing, by the policy module, a policy associated with the application by: (a) evaluating content of the notification against the policy to generate a response for one or more destination modules of the application, the evaluating comprising determining, by the policy module, the one or more destination modules by identifying a number of instances of each software or hardware module used to implement multi-computer service application at any given time based on the policy; and (b) forwarding, by an output port of the policy module, the response to input ports of the one or more destination modules in accordance with the logical data connections associated with the one or more destination modules; and wherein the policy is abstracted from physical deployment of the multi-computer service application. 2. The method of claim 1, further comprising configuring an input port of the respective one of the software modules as a function of an associated one of the logical input ports. 3. The method of claim 1, further comprising configuring a particular output port of the output ports during run-time to specify different logical data connections, the particular output port being configured as a function of a logical model of the multi-computer service application. 4. The method of claim 1, further comprising configuring an output port of the output ports during instantiation of the respective one of the software modules to specify different logical data connections. 5. The method of claim 1, further comprising: implementing port software based on respective ones of the logical input and output ports; and configuring a communication route between a first portion of the port software and a second portion of the port software, the first portion being associated with a physical input port resource, the second portion being associated with a physical output port resource. 6. The method of claim 5, further comprising configuring the physical input port resource to communicate with the physical output port resource via the communication route. 7. The method of claim 1, and further comprising generating a logical model of the application, the logical module comprising model components, each model component representing an abstract operation of the multi-computer service application, the model components representing respective hardware and software modules. 8. The method of claim 7, wherein a blueprint specifies the hardware and software modules represented by the model components. 9. The method of claim 1, wherein the response specifies one or more actions for deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending events to the module, or removing a module from the multi-service computer application. 10. The method of claim 9, wherein deploying the new resource comprises: creating a physical instance of a model component representing the new resource; and configuring logical input and output port(s) for the newly deployed resource in accordance with logical connections specified in the logical model. 11. A computer-readable storage medium comprising computer-executable instructions for enforcing policy in a multi-computer service application, the computer-executable instructions comprising instructions for: detecting, by a particular module of a multi-computer service application, a change in operating conditions; responsive to the detecting: sending, by the particular module, a notification corresponding to the change to a policy module, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software, the notification for evaluation, by the policy module, against a policy that is abstracted from physical deployment of the multi-computer service application, the policy defining a definite course of action selected from among alternatives in light of monitored conditions to perform one or more of: (a) installing, configuring, or removing components of the multi-computer service application; and (b) implementing measures to maintain proper operation of the components and the multi-computer service application as a whole; and receiving, by the particular module, a response from the policy module, the response directing the particular module to implement at least one aspect of the policy. 12. The computer-readable storage medium of claim 11, further comprising computer-executable instructions responsive to receiving the response, for configuring, by the particular module, an input port according to the policy. 13. The computer-readable storage medium of claim 11, further comprising computer-executable instructions responsive to receiving the response, for configuring, by the particular module, an output port to specify different logical data connections according to the policy. 14. The computer-readable storage medium of claim 11, further comprising computer-executable instructions for: in accordance with the response, the particular module: implementing port software based on respective ones of logical input and output ports specified by the policy; and configuring a communication route between the port software and a physical output or input port resource of a different component of the multi-computer service application. 15. The computer-readable storage medium of claim 11, wherein the multi-computer service application was automatically deployed based on a logical model comprising model components, each model component representing an abstract operation of the multi-computer service application, the model components representing respective hardware and software modules. 16. A computing device comprising: a processor; and a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor, the computer-program instructions comprising instructions for: detecting, by a particular module of a multi-computer service application, a change in operating conditions; sending, by the particular module, a notification corresponding to the change to a policy module of the multi-computer service application, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software; responsive to receiving the notification, the policy module: evaluating the change against a policy for the multi-computer service application, the policy being abstracted from the physical deployment of the multi-computer service application, the policy defining a definite course of action selected from among alternatives in light of monitored conditions to perform one or more of: (a) installing, configuring, or removing components of the multi-computer service application; and (b) implementing measures to maintain proper operation of the components and the multi-computer service application as a whole; and communicating, by the policy module, a response directing the particular module to implement at least one aspect of the policy. 17. The computer-readable medium of claim 16, wherein the response directs the particular module to configure an input port or an output port. 18. The computer-readable medium of claim 16, wherein the policy directed automated deployment of at least a portion of the multi-computer service application using a logical model comprising model components, each model component representing an abstract operation of the multi-computer service application, the model components representing respective hardware and software modules. 19. The computer-readable medium of claim 16, wherein the response causes: port software to be implemented according to logical input and output ports specified in the logical model; and a communication route to be configured between a first portion of the port software and a second portion of the port software, the first portion being associated with a physical input or output port resource, the second portion being associated with a respective physical output or input port resource. 20. The computer-readable medium of claim 16, wherein the instructions for evaluating the change further comprise computer-program instructions for determining a number of instances of each software or hardware module used to implement the multi-computer service application at any given time based on the policy. 21. A computing device comprising: sending means for sending a notification from a particular module to a policy module, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the multiple software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software; determining means, responsive to the notification, for the policy module to determine a request for one or more destination modules, the request being based on a policy that is abstracted from the physical deployment of the multiple software modules; providing means for the policy module to provide the request to an output port of the policy module; and forwarding means for the policy module to forward the request from the output port to respective input ports of the one or more destination modules in accordance with the logical data connections.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (75)
Keith Franklin Falck ; Chinmei Chen Lee, Arrangement of delivering internet protocol datagrams for multimedia services to the same server.
Salo, Randy; Van Hamersveld, Chris; Shelton, Barry K.; Herbinaux, Larry; Deacon, D. Brian; Fayal, Jr., Kenneth Eugene, CLIENTS REMOTE ACCESS TO ENTERPRISE NETWORKS EMPLOYING ENTERPRISE GATEWAY SERVERS IN A CENTRALIZED DATA CENTER CONVERTING PLURALITY OF DATA REQUESTS FOR MESSAGING AND COLLABORATION INTO A SINGLE REQU.
Srini Krishnamurthy ; Sunil Sharad Mehta ; Cary Bailey O'Brien, DEVICE MANAGEMENT SYSTEM FOR MANAGING STANDARDS-COMPLIANT AND NON-COMPLIANT NETWORK ELEMENTS USING STANDARD MANAGEMENT PROTOCOLS AND A UNIVERSAL SITE SERVER WHICH IS CONFIGURABLE FROM REMOTE LOCATION.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Gai, Silvano; McCloghrie, Keith; Mohaban, Shai, Method and apparatus for identifying network data traffic flows and for applying quality of service treatments to the flows.
Arad Naveh ; Itzhak Parnafes ; Shai Mohaban ; Steven M. Woo, Method and apparatus for policy-based management of quality of service treatments of network data traffic flows by integrating policies with application programs.
Basani, Vijay R.; Mangiapudi, Krishna; Murach, Lynne M.; Karge, Leroy R.; Revsin, Vitaly S.; Bestavros, Azer; Crovella, Mark E.; LaRosa, Domenic J., Method and apparatus for scalable distribution of information in a distributed network.
Novaes, Marcos N.; Laib, Gregory D.; Lucash, Jeffrey S.; Goering, Ronald T.; Sohos, George, Method, system and program products for defining nodes to a cluster.
Rodney A. DeKoning ; Ray M. Jantz ; William V. Courtright, II, Methods and apparatus for committing configuration changes to managed devices prior to completion of the configuration change.
Jantz, Ray M.; DeKoning, Rodney A.; Courtright, II, William V.; Markus, Matthew A., Methods and apparatus for performing mass operations on a plurality of managed devices on a network.
Callis, Gregory M.; Franks, Jon Kevin; Huynh, Lap Thiet; Nguyen, Loan; Shannon, Diane Iupe; Yang, David Yu Pin, Methods systems and computer program products for processing an event based on policy rules using hashing.
Sarit Mukherjee ; Ibrahim Kamel ; Prasant Mohapatra, Multimedia file systems using file managers located on clients for managing network attached storage devices.
Jain Lalit ; Ford Michael T., Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks.
Waldo James H. (Dracut MA) Arnold Kenneth C. (Newton Centre MA) Erdos Marlena E. (Somerville MA) Robinson Douglas B. (Hollis NH) Hoffman D. Jeffrey (Nashua NH) Smith Lamar D. (San Jose CA) Showman Pe, Object oriented distributed computing system processing request to other object model with code mapping by object manage.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Sending instructions from a service manager to forwarding agents on a need to know basis.
Boden Edward B. ; Brzozowski Wesley A. ; Bullock Mark C. ; Parks Scott B. ; Williams Michael D., System and method for IP network address translation and IP filtering with dynamic address resolution.
Boden, Edward B.; Brzozowski, Wesley A.; Gruber, Franklin A.; Palermo, Donald A.; Williams, Michael D., System and method for IP network address translation using selective masquerade.
Michael W. Dennis ; Michele L. Freed ; Daniel Plastina ; Eric R. Flo ; David E. Kays, Jr. ; Robert E. Corrington, System and method for implementing group policy.
Krishna, Gopal S.; Chow, Peter Ka-Fai; Viswanath, Somnath; Tzeng, Shr-Jie; Kanuri, Mrudula, System and method for network management of local area networks having non-blocking network switches configured for switching data packets between subnetworks based on management policies.
Badovinatz Peter Richard ; Brenner Larry Bert ; Chandra Tushar Deepak ; Kirby Orvalle Theodore ; Pershing ; Jr. John Arthur, System for utilizing batch requests to present membership changes to process groups.
Paul Weschler, System, method and computer program product for searching for, and retrieving, profile attributes based on other target profile attributes and associated profiles.
Christopher Ambler ; Andrew Wallace, System, method, and computer program product for workflow processing using internet interoperable electronic messaging with mime multiple content type.
Christopher Sean Johnson, Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses and methods for implementing language capabilities using the same.
Sheard Nicolas C. ; Fischer Larry J. ; Matthews Richard W. ; Gurla Himabindu ; Hu Qilin ; Zheng Wendy J. ; Mow Boyle Y., Visual data integration system and method.
Hunt, Galen C.; Tabbara, Bassam; Grealish, Kevin; Outhred, Geoffrey; Mensching, Rob, Architecture for distributed computing system and automated design, deployment, and management of distributed applications.
Hunt, Galen C.; Tabbara, Bassam; Grealish, Kevin; Outhred, Geoffrey; Mensching, Rob, Architecture for distributed computing system and automated design, deployment, and management of distributed applications.
Boykin, James R.; Giammaria, Alberto; Griffin, Patricia D.; Lindquist, David B.; Orr, Robert L., Managing computer resources in a distributed computing system.
Boykin, James R.; Giammaria, Alberto; Griffin, Patricia D.; Lindquist, David B.; Orr, Robert L., Managing computer resources in a distributed computing system.
Outhred, Geoffrey; Han, Eric K; Grealish, Kevin D. J.; Brown, Mathilde C.; Gustin, Reid B; Mensching, Rob; Nielsen, Steven T, Model and system state synchronization.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Pardyak, Przemek; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based provisioning of test environments.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Gbadegesin, Abolade; House, Sean B.; Hydrie, Aamer; Joy, Joseph M.; Kaniyar, Sanjay N.; Welland, Robert V., Network load balancing with connection manipulation.
Morimura, Tomohiro; Nagai, Takayuki; Sugauchi, Kiminori; Kuroda, Takaki; Arato, Yoshihiro, Root cause analysis method, apparatus, and program for IT apparatuses from which event information is not obtained.
Morimura, Tomohiro; Nagai, Takayuki; Sugauchi, Kiminori; Kuroda, Takaki; Arato, Yoshihiro, Root cause analysis method, apparatus, and program for IT apparatuses from which event information is not obtained.
Hunt, Galen C.; Hydrie, Aamer; Levi, Steven P.; Stutz, David S.; Tabbara, Bassam; Welland, Robert V., System and method for distributed management of shared computers.
Hunt, Galen C.; Hydrie, Aamer; Levi, Steven P.; Stutz, David S.; Tabbara, Bassam; Welland, Robert V., System and method for distributed management of shared computers.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.