System and method providing automatic policy enforcement in a multi-computer service application
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/177
G06F-015/16
출원번호
US-0845324
(2004-05-12)
발명자
/ 주소
Hunt,Galen C.
Hydrie,Aamer
Levi,Steven P.
Tabbara,Bassam
Van Antwerp,Mark D.
Welland,Robert V.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Lee &
인용정보
피인용 횟수 :
41인용 특허 :
75
초록▼
Systems and methods to enforce policy in a multi-computer service application are described. In one aspect, a scale-independent logical model of an application is generated. The application is for implementation in a distributed computing system. The scale-independent logical model includes multiple
Systems and methods to enforce policy in a multi-computer service application are described. In one aspect, a scale-independent logical model of an application is generated. The application is for implementation in a distributed computing system. The scale-independent logical model includes multiple components representing logical functions of the application and intercommunication protocols. The model components are converted into one or more instances representative of physical resources used to implement the logical functions. The instances specify information such as communication ports on the physical resources and communication paths that link the physical resources.
대표청구항▼
The invention claimed is: 1. A computer-based method comprising: forming, by modeling logic, a scale-independent logical model of multi-computer service application comprising a plurality of software modules that execute on a plurality of computers coupled to one another across a communication netw
The invention claimed is: 1. A computer-based method comprising: forming, by modeling logic, a scale-independent logical model of multi-computer service application comprising a plurality of software modules that execute on a plurality of computers coupled to one another across a communication network, the scale-independent logical model comprising multiple model components representing logical functions of the software modules and hardware components of the multi-computer service application; converting, by deployment logic, respective ones of the model components into one or more resource instances representative of physical resources used to implement the logical function, the instances specifying communication ports on the physical resources and communication paths that link the physical resources; installing, by the deployment logic, the one or more resource instances on the computers as deployed resources to implement the multi-computer service application; and automatically managing, by the deployment logic, the deployed resources as operating parameters of the multi-computer service application change, management of the deployed resources being based on a policy enforced by an instantiated policy component of the multiple model components. 2. The method of claim 1, wherein the scale-independent logical model defines a set of model extensions comprising one or more of a store, an event source, an event sink, and an event path. 3. The method of claim 1, further comprising programmatically constructing a scalable blueprint from the scale-independent logical model, the sealable blueprint identifying which computers in the multi-computer service application run respective ones of the software modules. 4. The method of claim 1, wherein the multi-computer service application is an Internet data center application. 5. The method of claim 1, wherein the resource instances comprise communication ports configurable during run-time to specify different logical data connections specified by the scale-independent logical model. 6. The method of claim 1, wherein the resource instances comprise communication ports configurable to specify different logical data connections during instantiation of logical representations of the communication ports. 7. The method of claim 1, wherein the model components comprise at least a subset of a port, a module, and a wire. 8. The method of claim 1, further comprising: receiving notification(s) from one or more of the deployed resources, the notification(s) being received on first communication ports; and responsive to receiving the notification(s), routing responses to the notification(s), the responses being routed to one or more different resources of the deployed resources, the one or more different resources being on second communication ports. 9. The method of claim 1, wherein automatically managing the deployed resources is a function of policy. 10. The method of claim 1, further comprising: detecting a change in operation of a resource associated with the deployed resources; and responsive to detecting the change, instantiating and deploying a new resource specified by the scale-independent logical model. 11. The method of claim 1, further comprising representing respective ones of the model components in a design tool as user interface elements, the user interface elements being presented such that a user can arrange respective ones of the graphical elements to generate the scale-independent model. 12. The method of claim 11, wherein the user interface elements are based on a schema, the schema specifying valid functional operations with respect to the user interface elements. 13. The method of claim 1, further comprising: detecting, in view of the instantiated policy component a change in operation of a resource associated with the instances; responsive to detecting the change, evaluating the change in view of the policy; and responsive to evaluating the change, dynamically implementing parameter(s) of the multi-computer service application, the parameter(s) indicating removal of a resource of the deployed resources. 14. The method of claim 13, wherein dynamically implementing further comprises communicating a request to one or more resources of the deployed resources, the request being communicated according to one or more logical data connection specified by the scale-independent logical model. 15. A computer-readable storage medium comprising computer-executable instructions for automatic policy enforcement, the computer-executable instructions for: forming a scale-independent logical model of an application for subsequent instantiation and installation across multiple computers in a distributed computer system, the scale-independent logical model having multiple model components representing logical functions of the application and intercommunication protocols; converting the model components into one or more instances representative of physical resources used to implement the logical functions, the instances specifying communication ports on the physical resources and communication paths that link the physical resources; and wherein the one or more instances are for automated deployment by deployment logic to at least a subset of the multiple computers for execution and subsequent automated management by a policy component of the model components according to a policy. 16. The computer-readable storage medium of claim 15, wherein the scale-independent logical model defines a set of model extensions comprising one or more of a store, an event source, an event sink, and an event path. 17. The computer-readable storage medium of claim 15, wherein the application is an Internet data center application. 18. The computer-readable storage medium of claim 15, wherein the physical resources comprise communication ports configurable to specify different logical data connections during runtime or during instantiation of logical representations of the communication ports. 19. The computer-readable storage medium of claim 15, wherein the model components comprise at least a subset of a port, a module, and a wire. 20. The computer-readable storage medium of claim 15, further comprising computer-executable instructions for: receiving notification(s) from one or more resources of the physical resources, the notification(s) being received on first communication ports; and responsive to receiving the notification(s), routing responses to the notification(s), the responses being routed to one or more different resources of the physical resources, the one or more other resources being on second communication ports. 21. The computer-readable storage medium of claim 15, further comprising computer-executable instructions for managing operation of the application during runtime as a function of the policy. 22. The computer-readable storage medium of claim 15, further comprising computer-executable instructions for: detecting a change in operation of a resource associated with the instances; and responsive to detecting the change, instantiating a new resource specified by the scale-independent logical model. 23. The computer-readable storage medium of claim 15, further comprising computer-executable instructions for representing respective ones of the model components in a design tool as user interface elements, the user interface elements being presented such that a user can arrange respective ones of the graphical elements to generate the scale-independent model. 24. The computer-readable storage medium of claim 15, further comprising computer-executable instructions for: detecting, the policy component , a change in operation of a resource associated with the instances; responsive to detecting the change, evaluating the change in view of a policy; and responsive to evaluating the change, dynamically implementing parameter(s) of the application, the parameter(s) indicating deployment, removal, or configuration of a resource of the physical resources. 25. A computing device comprising: processor; and memory coupled to the processor, the memory comprising computer-program instructions executable by the processor for: forming a scale-independent logical model of an application to be implemented by a distributed computer system, the scale-independent logical model having multiple model components representing logical functions of the application and intercommunication protocols, the logical functions comprising automatic policy enforcement independent of human intervention; converting the model components into one or more instances representative of physical resources used to implement the logical functions, the instances specifying communication ports on the physical resources and communication paths that link the physical; and wherein the one or more instances are for automated installment by deployment logic to at least a subset of multiple computers in the distributed computer system for execution and subsequent automatic policy management by a policy component of the multiple model components. 26. The computing device of claim 25, wherein the scale-independent logical model defines a set of model extensions comprising one or more of a store, an event source, an event sink, and an event path. 27. The computing device of claim 25, wherein the application is an Internet data center application. 28. The computing device of claim 25, wherein the computer-program instructions further comprise instructions for configuring communication port(s) associated with one or more of the physical resources to specify different logical data connections during runtime or during instantiation of logical representations of the communication ports. 29. The computing device of claim 25, wherein the model components comprise at least a subset of a port, a module, and a wire. 30. The computing device of claim 25, further comprising computer-program instructions executable by the processor for: receiving notification(s) from one or more resources of the physical resources, the notification(s) being received on first communication ports; and responsive to receiving the notification(s), routing responses to the notification(s), the responses being routed to one or more different resources of the physical resources, the one or more other resources being on second communication ports. 31. The computing device of claim 25, further comprising computer-program instructions executable by the processor for: detecting a change in operation of a resource associated with the instances; and responsive to detecting the change, instantiating a new resource specified by the scale-independent logical model. 32. The computing device of claim 25, further comprising computer-program instructions executable by the processor for representing respective ones of the model components in a design tool as user interface elements, the user interface elements being presented such that a user can arrange respective ones of the graphical elements to generate the scale-independent model. 33. The computing device of claim 25, further comprising computer-program instructions executable by the processor for: detecting, in view of a policy component of the multiple model components, a change in operation of a resource associated with the instances; responsive to detecting the change, evaluating the change in view of policy; and responsive to evaluating the change, dynamically implementing parameter(s) of the application, the parameter(s) indicating deployment, removal, or configuration of a resource of the physical resources. 34. A computing device comprising: forming means to form a scale-independent logical model of an application to be implemented by a distributed computer system, the scale-independent logical model having multiple model components representing logical functions of the application and intercommunication protocols; converting means to covert the model components into one or more instances representative of physical resources used to implement the logical functions, the instances specifying communication ports on the physical resources and communication paths that link the physical resources; and wherein the one or more instances are for automated installment by deployment logic to at least a subset of multiple computers in the distributed computer system for execution and subsequent automatic policy management by a policy component of the multiple model components.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (75)
Keith Franklin Falck ; Chinmei Chen Lee, Arrangement of delivering internet protocol datagrams for multimedia services to the same server.
Salo, Randy; Van Hamersveld, Chris; Shelton, Barry K.; Herbinaux, Larry; Deacon, D. Brian; Fayal, Jr., Kenneth Eugene, CLIENTS REMOTE ACCESS TO ENTERPRISE NETWORKS EMPLOYING ENTERPRISE GATEWAY SERVERS IN A CENTRALIZED DATA CENTER CONVERTING PLURALITY OF DATA REQUESTS FOR MESSAGING AND COLLABORATION INTO A SINGLE REQU.
Srini Krishnamurthy ; Sunil Sharad Mehta ; Cary Bailey O'Brien, DEVICE MANAGEMENT SYSTEM FOR MANAGING STANDARDS-COMPLIANT AND NON-COMPLIANT NETWORK ELEMENTS USING STANDARD MANAGEMENT PROTOCOLS AND A UNIVERSAL SITE SERVER WHICH IS CONFIGURABLE FROM REMOTE LOCATION.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Gai, Silvano; McCloghrie, Keith; Mohaban, Shai, Method and apparatus for identifying network data traffic flows and for applying quality of service treatments to the flows.
Arad Naveh ; Itzhak Parnafes ; Shai Mohaban ; Steven M. Woo, Method and apparatus for policy-based management of quality of service treatments of network data traffic flows by integrating policies with application programs.
Basani, Vijay R.; Mangiapudi, Krishna; Murach, Lynne M.; Karge, Leroy R.; Revsin, Vitaly S.; Bestavros, Azer; Crovella, Mark E.; LaRosa, Domenic J., Method and apparatus for scalable distribution of information in a distributed network.
Novaes, Marcos N.; Laib, Gregory D.; Lucash, Jeffrey S.; Goering, Ronald T.; Sohos, George, Method, system and program products for defining nodes to a cluster.
Rodney A. DeKoning ; Ray M. Jantz ; William V. Courtright, II, Methods and apparatus for committing configuration changes to managed devices prior to completion of the configuration change.
Jantz, Ray M.; DeKoning, Rodney A.; Courtright, II, William V.; Markus, Matthew A., Methods and apparatus for performing mass operations on a plurality of managed devices on a network.
Callis, Gregory M.; Franks, Jon Kevin; Huynh, Lap Thiet; Nguyen, Loan; Shannon, Diane Iupe; Yang, David Yu Pin, Methods systems and computer program products for processing an event based on policy rules using hashing.
Sarit Mukherjee ; Ibrahim Kamel ; Prasant Mohapatra, Multimedia file systems using file managers located on clients for managing network attached storage devices.
Jain Lalit ; Ford Michael T., Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks.
Waldo James H. (Dracut MA) Arnold Kenneth C. (Newton Centre MA) Erdos Marlena E. (Somerville MA) Robinson Douglas B. (Hollis NH) Hoffman D. Jeffrey (Nashua NH) Smith Lamar D. (San Jose CA) Showman Pe, Object oriented distributed computing system processing request to other object model with code mapping by object manage.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Sending instructions from a service manager to forwarding agents on a need to know basis.
Boden Edward B. ; Brzozowski Wesley A. ; Bullock Mark C. ; Parks Scott B. ; Williams Michael D., System and method for IP network address translation and IP filtering with dynamic address resolution.
Boden, Edward B.; Brzozowski, Wesley A.; Gruber, Franklin A.; Palermo, Donald A.; Williams, Michael D., System and method for IP network address translation using selective masquerade.
Michael W. Dennis ; Michele L. Freed ; Daniel Plastina ; Eric R. Flo ; David E. Kays, Jr. ; Robert E. Corrington, System and method for implementing group policy.
Krishna, Gopal S.; Chow, Peter Ka-Fai; Viswanath, Somnath; Tzeng, Shr-Jie; Kanuri, Mrudula, System and method for network management of local area networks having non-blocking network switches configured for switching data packets between subnetworks based on management policies.
Badovinatz Peter Richard ; Brenner Larry Bert ; Chandra Tushar Deepak ; Kirby Orvalle Theodore ; Pershing ; Jr. John Arthur, System for utilizing batch requests to present membership changes to process groups.
Paul Weschler, System, method and computer program product for searching for, and retrieving, profile attributes based on other target profile attributes and associated profiles.
Christopher Ambler ; Andrew Wallace, System, method, and computer program product for workflow processing using internet interoperable electronic messaging with mime multiple content type.
Christopher Sean Johnson, Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses and methods for implementing language capabilities using the same.
Sheard Nicolas C. ; Fischer Larry J. ; Matthews Richard W. ; Gurla Himabindu ; Hu Qilin ; Zheng Wendy J. ; Mow Boyle Y., Visual data integration system and method.
Hunt, Galen C.; Tabbara, Bassam; Grealish, Kevin; Outhred, Geoffrey; Mensching, Rob, Architecture for distributed computing system and automated design, deployment, and management of distributed applications.
Hunt, Galen C.; Tabbara, Bassam; Grealish, Kevin; Outhred, Geoffrey; Mensching, Rob, Architecture for distributed computing system and automated design, deployment, and management of distributed applications.
Devarakonda, Murthy V.; Magoutis, Konstantinos; Vogl, Norbert G., Data locations template based application-data association and its use for policy based management.
Outhred, Geoffrey; Han, Eric K; Grealish, Kevin D. J.; Brown, Mathilde C.; Gustin, Reid B; Mensching, Rob; Nielsen, Steven T, Model and system state synchronization.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Pardyak, Przemek; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based provisioning of test environments.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Gbadegesin, Abolade; House, Sean B.; Hydrie, Aamer; Joy, Joseph M.; Kaniyar, Sanjay N.; Welland, Robert V., Network load balancing with connection manipulation.
Hunt, Galen C.; Hydrie, Aamer; Levi, Steven P.; Stutz, David S.; Tabbara, Bassam; Welland, Robert V., System and method for distributed management of shared computers.
Hunt, Galen C.; Hydrie, Aamer; Levi, Steven P.; Stutz, David S.; Tabbara, Bassam; Welland, Robert V., System and method for distributed management of shared computers.
Sedukhin, Igor; Eshner, Daniel; Kulkarni, Amol S.; Panditharadhya, Prasad S.; Borsa, Mariusz G.; Zunino, Gilles C. J. A, Tuning and optimizing distributed systems with declarative models.
Sedukhin, Igor; Eshner, Daniel; Kulkarni, Amol S.; Panditharadhya, Prasad S.; Borsa, Mariusz G.; Zunino, Gilles C. J. A., Tuning and optimizing distributed systems with declarative models.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.