IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0414959
(2003-04-16)
|
등록번호 |
US-8447963
(2013-05-21)
|
발명자
/ 주소 |
- Kraus, Thomas Martin
- Manwani, Vijay G.
- Muddana, Sekhar
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
4 인용 특허 :
186 |
초록
▼
A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple
A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple servers, supporting different operating systems, through a “virtual server.” A virtual server is an abstract model representing a collection of actual target servers. To represent multiple physical servers as one virtual server, abstract system calls that extend execution of operating-system-specific system calls to multiple servers, regardless of their supported operating systems, are used. A virtual server is implemented by a virtual server client and a collection of virtual server agents associated with a collection of actual servers.
대표청구항
▼
1. A method for receiving and executing, on one of a plurality of servers, a system call from a software application program, the method comprising the steps of: (a) providing a representation of a plurality of servers as a single virtual server, the representation of the single virtual server imple
1. A method for receiving and executing, on one of a plurality of servers, a system call from a software application program, the method comprising the steps of: (a) providing a representation of a plurality of servers as a single virtual server, the representation of the single virtual server implemented by a virtual server client and a plurality of virtual server agents, at least one virtual server agent running on each one of the plurality of servers;(b) receiving, by the virtual server client from a client-side software application program, an abstract system call that requests a service from an operating system of at least one of the plurality of servers, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one server; and(c) instantiating in a thread-safe manner the abstract system call by: identifying, by the virtual server client, a target server to receive the abstract system call and a corresponding virtual server agent associated with the target server;transmitting the abstract system call to the identified agent for translation of the abstract system call into an operating system-specific system call for execution on the target server;mapping a user identity for a user of the client-side software application program to an associated local user identity for the target server;authorizing the abstract system call for the mapped local user identity based on at least one of role-based access control model and an access control list;executing the operating system-specific system call using the mapped local user identity on the target server; andreceiving execution results from the virtual server agent. 2. The method of claim 1, wherein at least two of the plurality of servers have different operating systems. 3. The method of claim 1 further comprising the step of aggregating the abstract system call and a second abstract system call into a high-level abstract system call. 4. The method of claim 3 further comprising the steps of (i) receiving, by the virtual server client, the high-level abstract system call;(ii) disintegrating, by the virtual server client, the high-level abstract system call into the abstract system call and the second abstract system call; and(iii) instantiating in a thread-safe manner each of the abstract system call and the second abstract system call. 5. The method of claim 3 further comprising the steps of: (i) receiving, by the virtual server client, the high-level abstract system call; and(ii) instantiating in a thread-safe manner the high-level abstract system call. 6. The method of claim 1, wherein the virtual server client is implemented by a network-aware code library. 7. The method of claim 6, wherein the network-aware code comprises a network-aware version of a libc library. 8. The method of claim 6, wherein the virtual server client comprises a network-aware version of a libc library. 9. The method of claim 1 wherein the identifying step comprises identifying the target virtual server agent to receive the abstract system call in response to a server identifier included in the abstract system call. 10. The method of claim 9, wherein the server identifier comprises a host name specified in a path. 11. The method of claim 9, wherein the server identifier comprises a network address. 12. The method of claim 11, wherein the server identifier is inferred from a group of servers the target server belongs to. 13. The method of claim 1 further comprising, after the transmitting step, the steps of: (i) translating, by the virtual server agent, the abstract system call into operating system specific system call to be executed by the target server; and(ii) executing, by the target server, the operating system specific system call in a thread-safe manner. 14. The method of claim 1 further comprising: before the transmitting step, specifying at least one of priority, CPU utilization, and memory utilization of the abstract system call on the target server associated with the identified virtual server agent. 15. The method of claim 1 further comprising: (i) authenticating the user of the client-side software application program and a management system operating the client-side software application program;(ii) encrypting, by the virtual server client, the abstract system call;(iii) identifying, by the virtual server agent, the management system and the user;(iv) decrypting, by the virtual server agent, the encrypted abstract system call; and(v) maintaining an audit log to record the name of the user and the abstract system call executed on the target server. 16. The method of claim 15, wherein the authenticating step (i) is performed in accordance with a public key protocol. 17. The method of claim 15, wherein the authenticating step and the encrypting step are performed in accordance with Kerberos protocol. 18. The method of claim 15, wherein the authenticating step and the encrypting step are performed in accordance with Shared Secret protocol. 19. The method of claim 1 further comprising: modifying an existing non-distributed application to function as a network-aware application by substituting a non network-aware system call with the abstract system call. 20. The method of claim 19, wherein the modifying step comprises modifying a non-distributed Unix shell to function as the network-aware application program. 21. The method of claim 19, wherein the modifying step comprises modifying a non-distributed scripting language to function as the network aware-application program. 22. The method of claim 21, wherein the non-distributive scripting language comprises Perl. 23. The method of claim 21, wherein the non-distributive scripting language comprises Python. 24. The method of claim 1, wherein the client-side software application program comprises a configuration manager. 25. A virtual server, having a virtual server client and a virtual server agent, for representing a plurality of servers as an abstract model, wherein the virtual server comprises: (a) a virtual server client receiver for receiving, from a client-side software application program, an abstract system call that requests a service from an operating system of at least one of the plurality of servers, the abstract system call generated by the client-side software application program in response to command and with indifference to the operating system used by the at least one server;(b) a virtual server client instantiator, in communication with the virtual server client receiver, for instantiating the abstract system call in a thread-safe manner;(c) a virtual server client transmitter, in communication with the virtual server client instantiator, for transmitting the abstract system call;(d) a virtual server agent receiver for receiving the abstract system call from the virtual server client transmitter;(e) a virtual server agent translator for translating the abstract system call to an operating system specific system call;(f) a virtual server agent mapper for mapping a user identity for a user of the client-side software application program to an associated local user identity for a target server;(g) a virtual server agent authorizer for authorizing the abstract system call for the mapped local user identity based on at least one of a role-based access control model and an access control list;(h) a virtual server agent impersonator for impersonating the user of the client-side software application program using the mapped local user identity on the target server; and(i) a target server executor for executing the operating system specific system call on the target server associated with the virtual server agent in a thread-safe manner. 26. The virtual server of claim 25, wherein at least two of the plurality of servers have different operating systems. 27. The virtual server of claim 25 further comprising an aggregator for aggregating the abstract system call and a second abstract system call into a high-level abstract system call. 28. The virtual server of claim 27, wherein the virtual server client receiver receives the high-level abstract system call and disintegrates the high-level abstract system call into the abstract system call and the second abstract system call and the virtual server client instantiator instantiates in a thread-safe manner the abstract system call and the second abstract system call. 29. The virtual server of claim 27, wherein the virtual server client receiver receives the high-level abstract system call, and the virtual server client instantiator instantiates the high-level abstract system call in a thread-safe manner. 30. The virtual server of claim 25, wherein the virtual server client is implemented by a network-aware code library. 31. The virtual server of claim 30, wherein the network-aware code library comprises a network aware version of a libc library. 32. The virtual server of claim 30, wherein the virtual server client comprises a network-aware version of a libc library. 33. The virtual server of claim 25, wherein the virtual server client instantiator identifies the target virtual server agent to receive the abstract system call in response to a server identifier included in the abstract system call. 34. The virtual server of claim 33, wherein the server identifier comprises a host name specified in a path. 35. The virtual server of claim 33, wherein the server identifier comprises a network address. 36. The virtual server of claim 35, wherein the server identifier is inferred from a group of servers the target server belongs to. 37. The virtual server of claim 25, wherein the virtual server client transmitter specifies at least one of priority, CPU utilization, and memory utilization of the abstract system call on the target server-s associated with the virtual server agent-s. 38. The virtual server of claim 25 further comprising: (i) an authenticator for authenticating the user of the client-side software application program and a management system operating the client-side software application program;(ii) a virtual server client encryptor for encrypting the abstract system call;(iii) a virtual server agent identifier for identifying the management system and the user;(iv) a virtual server agent decryptor for decrypting the encrypted abstract system call; and(v) an audit log for recording the name of the user and the abstract system call executed on the target server. 39. The virtual server of claim 38, wherein the virtual server client encryptor performs in accordance with a public key protocol. 40. The virtual server of claim 38, wherein the authenticator and the virtual server client encryptor perform in accordance with a Kerberos protocol. 41. The virtual server of claim 38, wherein the authenticator and the virtual server client encryptor perform in accordance with a Shared Secret protocol. 42. The virtual server of claim 25, wherein the virtual server modifies an existing non-distributed application to function as a network-aware application by substituting a non network-aware system call with the abstract system call. 43. The virtual server of claim 42, wherein the virtual server further modifies a non-distributed Unix shell to function as the network-aware application program. 44. The virtual server of claim 42, wherein the virtual server further modifies a non-distributed scripting language to function as the network aware-application program. 45. The virtual server of claim 44, wherein the non-distributed scripting language comprises Perl. 46. The virtual server of claim 44, wherein the non-distributed scripting language comprises Python. 47. The virtual server of claim 25, wherein the client-side software application program comprises a configuration manager. 48. A method for securely executing a system call on a remote computer, the method comprising the steps of: (a) receiving, by a virtual server client running on a client computer from an software application program running on the client computer and operated by an authenticated user, an abstract system call that requests a service from an operating system of at least one remote computer, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one remote computer;(b) instantiating in a thread-safe manner the abstract system call by: identifying, by the virtual server client, a virtual server agent running on a target remote computer to receive the abstract system call;(c) encrypting, by the virtual server client, the abstract system call;(d) communicating the encrypted abstract system call to the virtual server agent;(e) identifying, by the virtual server agent, the client computer and the authenticated user;(f) decrypting, by the virtual server agent, the encrypted abstract system call;(g) mapping the authenticated user to a local user on the target remote computer;(h) impersonating the authenticated user as the local user on the target remote computer;(i) authorizing the decrypted abstract system call for the local user based on at least one of role-based access control model and access control lists;(j) translating the abstract system call to an operating system specific system call; and(k) executing as the local user, by the virtual server agent, the operating system specific system call on the target remote computer. 49. The method of claim 48 further comprising: before the receiving step (a), authenticating a user in accordance with a public key protocol. 50. The method of claim 48 further comprising: before the receiving step (a), authenticating a user in accordance with a Kerberos protocol. 51. The method of claim 48 further comprising, if the authenticated user is not identified as a local user in the identifying step (e), then designating the authenticated user as a local guest. 52. The method of claim 48, wherein the authorizing step (i) comprises authorizing the decrypted abstract system call for the local user based on at least one of roll-based access control model and access control lists in accordance with Kerberos protocol. 53. The method of claim 48, wherein the authorizing step (i) comprises authorizing the decrypted abstract system call for the local user based on at least one of roll-based access control model and access control lists in accordance with SSL protocol. 54. The method of claim 48 further comprising: after the executing step (k)encrypting results of the executing step (k); andreturning the encrypted results to the virtual server client. 55. The method of claim 48, further comprising: maintaining an audit log, by the virtual server client and the identified virtual server agent, that includes names of the authenticated user and the abstract system call performed. 56. A virtual server for securely executing a system call on a remote computer, the virtual server comprising: (a) a virtual server client receiver running on a client computer for receiving, from a software application program running on the client computer and operated by an authenticated user, an abstract system call that requests a service from an operating system of at least one remote computer, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one remote computer;(b) a virtual client instantiator, in communication with the virtual server client receiver, for instantiating the abstract system call in a thread-safe manner by identifying a virtual server agent running on a target remote computer to receive the abstract system call;(c) a virtual server client encryptor, in communication with the virtual server client instantiator, for encrypting the abstract system call;(d) a virtual server client transmitter for communicating the encrypted abstract system call to the virtual server agent;(e) a virtual server agent decryptor, in communication with the virtual server client transmitter, for decrypting the encrypted abstract system call;(f) a virtual server agent identifier, in communication with a virtual server agent decryptor, for identifying the authenticated user and the client computer;(g) a virtual server agent mapper, in communication with the identifier and the decryptor, for mapping the authenticated user to a local user on the target remote computer;(h) a virtual server agent impersonator for impersonating the authenticated user as the local user on the target remote computer;(i) a virtual server agent authorizer, in communication with the virtual server agent impersonator, for authorizing the decrypted abstract system call for the local user based on at least one of role-based access control model and access control lists;(j) a virtual server agent translator for translating the abstract system call to an operating system specific system call; and(k) a virtual server agent executor, in communication with the virtual server agent authorizer, for executing the operating system specific system call as the local user on the target remote computer. 57. The virtual server of claim 56, wherein, if the authenticated user is not identified as a local user by the virtual server agent identifier, then the virtual server agent identifier designates the authenticated user as a local guest. 58. The virtual server of claim 56, wherein the virtual server agent authorizer performs in accordance with Kerberos protocol. 59. The virtual server of claim 56, wherein the virtual server agent authorizer performs in accordance with SSL protocol. 60. The virtual server of claim 56, wherein the virtual server agent executor encrypts results of executing the operating system specific system call, and returns the encrypted results to the virtual server client. 61. The virtual server of claim 56, further comprising: an audit log, maintained by the virtual server client and the identified virtual server agents, that includes names of the authenticated user and the abstract system call performed.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.