Providing automatic policy enforcement in a multi-computer service application
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/177
G06F-015/16
출원번호
US-0142151
(2005-06-01)
등록번호
US-7395320
(2008-07-01)
발명자
/ 주소
Hunt,Galen C.
Hydrie,Aamer
Levi,Steven P.
Tabbara,Bassam
Van Antwerp,Mark D.
Welland,Robert V.
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Lee & Hayes, PLLC
인용정보
피인용 횟수 :
25인용 특허 :
99
초록▼
Enforcing policy in a multi-computer service application is described. In one aspect, a scale-independent logical model of an application is generated. The application is for implementation in a distributed computing system. The scale-independent logical model includes multiple components representi
Enforcing policy in a multi-computer service application is described. In one aspect, a scale-independent logical model of an application is generated. The application is for implementation in a distributed computing system. The scale-independent logical model includes multiple components representing logical functions of the application and intercommunication protocols. The model components are converted into one or more instances representative of physical resources used to implement the logical functions. The instances specify information such as communication ports on the physical resources and communication paths that link the physical resources.
대표청구항▼
The invention claimed is: 1. A computer-readable medium comprising computer-program instructions executable by a processor for enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service applica
The invention claimed is: 1. A computer-readable medium comprising computer-program instructions executable by a processor for enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the computer-program instructions comprising instructions for: configuring logical output ports and logical input ports on different modules in accordance with a logical model of the multi-computer service application, wherein each logical input and output port is defined by port software; configuring logical data connections between the logical output and input ports in accordance with the logical model; configuring each port to communicate through different numbers of logical data connections without modifying the port software; sending a notification from a module a policy module, the particular module and the policy module being respective ones of the software modules; and responding, by the policy module, to the notification by: determining a request for one or more destination modules of the software modules; providing the request to an output port of the policy module; and forwarding, by the output port, the request to input ports of the one or more destination modules in accordance with the configured logical data connections. 2. A computer-readable medium as recited in claim 1, wherein a particular output port is configurable during run-time to specify different logical data connections. 3. A computer-readable medium as recited in claim 1, wherein a particular output port is configurable during instantiation to specify different logical data connections. 4. A computer-readable medium as recited in claim 1, wherein the logical model of the multi-computer service application comprises model components, wherein each model component represents an abstract functional operation of the multi-computer service, the model components comprising hardware and software modules. 5. A computer-readable medium as recited in claim 4, wherein the model components have an associated blueprint that specifies the hardware and software modules represented by the model components. 6. A computer-readable medium as recited in claim 1, wherein the computer-program instructions further comprise instructions for: monitoring, by the policy module, operation of the multi-service computer application during runtime; and evaluating, by the policy module, the monitored operations against a policy. 7. A computer-readable medium of claim 6, wherein the computer-program instructions for evaluating further comprise instructions for determining, by the policy module, a number of instances of each module used to implement the multi-computer service at any given time based on the policy; and wherein the computer-program instructions further comprise instructions for: responding, by the policy module, to changes in operating conditions by automatically specifying an action selected from a group of actions consisting of deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending requests to the module, and removing a module from the multi-service computer application. 8. A computer-readable medium as recited in claim 7, wherein the computer-program instructions for deploying further comprise instructions for creating a physical instance of the model component, the logical input and output ports on the newly deployed resource being configured in accordance with logical connections specified in the logical model. 9. A computing device comprising: a processor; and a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor for enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the computer-program instructions comprising instructions for: configuring logical output ports and logical input ports on different modules in accordance with a logical model of the multi-computer service application, wherein each logical input and output port is defined by port software; configuring logical data connections between the logical output and input ports in accordance with the logical model; configuring each port to communicate through different numbers of logical data connections without modifying the port software; sending a notification from a particular module to a policy module, the particular module and the policy module being respective ones of the software modules; and responding, by the policy module, to the notification by: determining a request for one or more destination modules of the software modules; providing the request to an output port of the policy module; and forwarding, by the output port, the request to input ports of the one or more destination modules in accordance with the configured logical data connections. 10. A computing device as recited in claim 9, wherein a particular output port is configurable during one or more of run-time and instantiation to specify different logical data connections. 11. A computing device as recited in claim 9, wherein the logical model of the multi-computer service application comprises model components, wherein each model component represents an abstract functional operation of the multi-computer service, the model components comprising hardware and software modules. 12. A computing device as recited in claim 9, wherein the computer-program instructions further comprise instructions for: monitoring, by the policy module, operation of the multi-service computer application during runtime; and evaluating, by the policy module, the monitored operations against a policy. 13. A computing device as recited in claim 12, wherein the computer-program instructions for evaluating further comprise instructions for determining, by the policy module, a number of instances of each module used to implement the multi-computer service at any given time based on the policy; and wherein the computer-program instructions further comprise instructions for: responding, by the policy module, to changes in operating conditions by automatically specifying an action selected from a group of actions consisting of deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending requests to the module, and removing a module from the multi-service computer application. 14. A computing device as recited in claim 13, wherein the computer-program instructions for deploying further comprise instructions for creating a physical instance of the model component, the logical input and output ports on the newly deployed resource being configured in accordance with logical connections specified in the logical model. 15. A method to enforce a policy in a multi-computer service application, the multi-computer service application including multiple software modules configured for execution on respective ones of multiple computers, the multi-computer service application having access to a communications medium that allows data communications between different ones of the computers, the method comprising: representing logical functions of the multi-computer service application with a logical model comprising model components; creating, by a core runtime converter, one or more module instances of the model components to implement logical functions represented by the model components, one of the module instances being a policy module representing a respective one of the software modules, logical output ports and logical input ports on different modules being configured in accordance with the logical model, each logical input and output port being defined by port software, logical data connections being configured between the logical output and input ports in accordance with the logical model, each port being configured to communicate through different numbers of logical data connections without modifying the port software; and wherein, the policy module is configured to receive event notifications from a module instance representing a respective one of the software modules, and in response to receiving an event notification, the policy module is configured to: (a) determine a request for one or more destination modules representing respective ones of the software modules; and (b) provide the request to an output port of the policy module, the output port being configured to forward the request to input ports of the one or more destination modules in accordance with the configured logical data connections. 16. A method as recited in claim 15, wherein a particular output port is configurable during one or more of run-time and instantiation to specify different logical data connections, wherein the output port forwards the request to modules and input ports in accordance with the logical connections specified for said particular output port. 17. A method of 15, further comprising representing the model components with a schema that specifies hardware and software modules represented by the model components. 18. A method of claim 15, further comprising: monitoring, by the policy module, operation of the multi-service computer application during runtime; and evaluating, by the policy module, the monitored operations against a policy. 19. A method of claim 15: wherein evaluating further comprises determining a number of instances of each module used to implement the multi-computer service at any given time based on the policy; and wherein the method further comprises: responding, by the policy module, to changes in operation conditions by automatically specifying an action selected from a group of actions consisting of deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending events to the module, and removing a module from the multi-service computer application. 20. A method of claim 19, and further comprising deploying, by the policy module, the new resource by creating a physical instance of the model component, the logical input and output ports on the newly deployed resource being configured in accordance with logical connections specified in the logical model.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (99)
Harple Daniel L. ; Pizzarro Richard H., Apparatus for collaborative computing.
Salo, Randy; Van Hamersveld, Chris; Shelton, Barry K.; Herbinaux, Larry; Deacon, D. Brian; Fayal, Jr., Kenneth Eugene, CLIENTS REMOTE ACCESS TO ENTERPRISE NETWORKS EMPLOYING ENTERPRISE GATEWAY SERVERS IN A CENTRALIZED DATA CENTER CONVERTING PLURALITY OF DATA REQUESTS FOR MESSAGING AND COLLABORATION INTO A SINGLE REQU.
Srini Krishnamurthy ; Sunil Sharad Mehta ; Cary Bailey O'Brien, DEVICE MANAGEMENT SYSTEM FOR MANAGING STANDARDS-COMPLIANT AND NON-COMPLIANT NETWORK ELEMENTS USING STANDARD MANAGEMENT PROTOCOLS AND A UNIVERSAL SITE SERVER WHICH IS CONFIGURABLE FROM REMOTE LOCATION.
See Michael E. ; Bailey John W. ; Panza Charles L. ; Pikover Yuri ; Stone Geoffrey C., Deterministic user authentication service for communication network.
Goldszmidt,German; Lorrain,Jean A.; Maruyama,Kiyoshi; Verma,Dinesh Chandra, METHOD AND APPARATUS FOR DYNAMICALLY ADJUSTING RESOURCES ASSIGNED TO PLURALITY OF CUSTOMERS, FOR MEETING SERVICE LEVEL AGREEMENTS (SLAS) WITH MINIMAL RESOURCES, AND ALLOWING COMMON POOLS OF RESOURCES.
Gai, Silvano; McCloghrie, Keith; Mohaban, Shai, Method and apparatus for identifying network data traffic flows and for applying quality of service treatments to the flows.
Arad Naveh ; Itzhak Parnafes ; Shai Mohaban ; Steven M. Woo, Method and apparatus for policy-based management of quality of service treatments of network data traffic flows by integrating policies with application programs.
Basani, Vijay R.; Mangiapudi, Krishna; Murach, Lynne M.; Karge, Leroy R.; Revsin, Vitaly S.; Bestavros, Azer; Crovella, Mark E.; LaRosa, Domenic J., Method and apparatus for scalable distribution of information in a distributed network.
Novaes, Marcos N.; Laib, Gregory D.; Lucash, Jeffrey S.; Goering, Ronald T.; Sohos, George, Method, system and program products for defining nodes to a cluster.
Rodney A. DeKoning ; Ray M. Jantz ; William V. Courtright, II, Methods and apparatus for committing configuration changes to managed devices prior to completion of the configuration change.
Jantz, Ray M.; DeKoning, Rodney A.; Courtright, II, William V.; Markus, Matthew A., Methods and apparatus for performing mass operations on a plurality of managed devices on a network.
Thomsen, Brant D., Methods of determining whether a network interface card entry within the system registry pertains to physical hardware or to a virtual device.
Callis, Gregory M.; Franks, Jon Kevin; Huynh, Lap Thiet; Nguyen, Loan; Shannon, Diane Iupe; Yang, David Yu Pin, Methods systems and computer program products for processing an event based on policy rules using hashing.
Sarit Mukherjee ; Ibrahim Kamel ; Prasant Mohapatra, Multimedia file systems using file managers located on clients for managing network attached storage devices.
Jain Lalit ; Ford Michael T., Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks.
Waldo James H. (Dracut MA) Arnold Kenneth C. (Newton Centre MA) Erdos Marlena E. (Somerville MA) Robinson Douglas B. (Hollis NH) Hoffman D. Jeffrey (Nashua NH) Smith Lamar D. (San Jose CA) Showman Pe, Object oriented distributed computing system processing request to other object model with code mapping by object manage.
Zheng, Qin; Willis, Steven R.; Kastenholz, Frank; Crawley, Eric, Quality of service facility in a device for performing IP forwarding and ATM switching.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Sending instructions from a service manager to forwarding agents on a need to know basis.
Boden Edward B. ; Brzozowski Wesley A. ; Bullock Mark C. ; Parks Scott B. ; Williams Michael D., System and method for IP network address translation and IP filtering with dynamic address resolution.
Boden, Edward B.; Brzozowski, Wesley A.; Gruber, Franklin A.; Palermo, Donald A.; Williams, Michael D., System and method for IP network address translation using selective masquerade.
Hunt, Galen C.; Hydrie, Aamer; Welland, Robert V.; Tabbara, Bassam; Levi, Steven P.; Rehof, Jakob, System and method for designing a logical model of a distributed computer system and deploying physical resources according to the logical model.
Michael W. Dennis ; Michele L. Freed ; Daniel Plastina ; Eric R. Flo ; David E. Kays, Jr. ; Robert E. Corrington, System and method for implementing group policy.
Krishna, Gopal S.; Chow, Peter Ka-Fai; Viswanath, Somnath; Tzeng, Shr-Jie; Kanuri, Mrudula, System and method for network management of local area networks having non-blocking network switches configured for switching data packets between subnetworks based on management policies.
Miyamoto,Carleton; Lin,Chang; Blume,William; Bandhole,Jagadish, System for dynamic provisioning of secure, scalable, and extensible networked computer environments.
Badovinatz Peter Richard ; Brenner Larry Bert ; Chandra Tushar Deepak ; Kirby Orvalle Theodore ; Pershing ; Jr. John Arthur, System for utilizing batch requests to present membership changes to process groups.
Guheen, Michael F.; Mitchell, James D.; Barrese, James J., System method and article of manufacture for building, managing, and supporting various components of a system.
Paul Weschler, System, method and computer program product for searching for, and retrieving, profile attributes based on other target profile attributes and associated profiles.
Christopher Ambler ; Andrew Wallace, System, method, and computer program product for workflow processing using internet interoperable electronic messaging with mime multiple content type.
Christopher Sean Johnson, Systems and methods for multiple mode voice and data communications using intelligently bridged TDM and packet buses and methods for implementing language capabilities using the same.
Sheard Nicolas C. ; Fischer Larry J. ; Matthews Richard W. ; Gurla Himabindu ; Hu Qilin ; Zheng Wendy J. ; Mow Boyle Y., Visual data integration system and method.
Hunt, Galen C.; Tabbara, Bassam; Grealish, Kevin; Outhred, Geoffrey; Mensching, Rob, Architecture for distributed computing system and automated design, deployment, and management of distributed applications.
Hunt, Galen C.; Tabbara, Bassam; Grealish, Kevin; Outhred, Geoffrey; Mensching, Rob, Architecture for distributed computing system and automated design, deployment, and management of distributed applications.
Ayachitula, Naga A.; Jas, Vijaya; Christiance, Kenneth David; Jensen, Peter M.; Justin, Josephine E.; Larsen, Robert; Moyer, Ann M.; Nayak, Lisa; Puri, Rajeev; Vasudevan, Cheranellore; Warade, Chetna Dnyandeo, Dynamic control of autonomic management of a data center.
Outhred, Geoffrey; Han, Eric K; Grealish, Kevin D. J.; Brown, Mathilde C.; Gustin, Reid B; Mensching, Rob; Nielsen, Steven T, Model and system state synchronization.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Pardyak, Przemek; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based provisioning of test environments.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Lassettre, Edwin R.; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Vinberg, Anders B.; Fries, Robert M.; Grealish, Kevin; Hunt, Galen C.; Hydrie, Aamer; Mensching, Rob; Outhred, Geoffrey; Parchem, John M.; Tabbara, Bassam; Vega, Rene Antonio; Welland, Robert V.; Winner, Eric J.; Woolsey, Jeffrey A., Model-based virtual system provisioning.
Gbadegesin, Abolade; House, Sean B.; Hydrie, Aamer; Joy, Joseph M.; Kaniyar, Sanjay N.; Welland, Robert V., Network load balancing with connection manipulation.
Hunt, Galen C.; Hydrie, Aamer; Levi, Steven P.; Stutz, David S.; Tabbara, Bassam; Welland, Robert V., System and method for distributed management of shared computers.
Hunt, Galen C.; Hydrie, Aamer; Levi, Steven P.; Stutz, David S.; Tabbara, Bassam; Welland, Robert V., System and method for distributed management of shared computers.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.