Policy composition language

US 10,025,810 B2
Filed: 08/17/2015
Issued: 07/17/2018
Est. Priority Date: 07/31/2015
Status: Active Grant

First Claim

Patent Images

1. For a policy framework, a method for managing policies for a set of resources in a computing environment, the method comprising:

storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;

generating a first composite policy associated with a resource of the virtual machine computing environment, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; and

transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the resource, the transmitting including transmitting the first primitive policy and the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide, for a policy framework, a method for managing policies for a set of resources in a computing environment. The method stores several imported policy rules as primitive policies, each of which includes a policy data structure that includes a set of fields. One of the fields of each primitive policy stores the imported policy rule for the primitive policy. The method defines several composite policies based at least in part on the primitive policies. The method stores the defined composite policies as policy data structures. Each policy data structure for a composite policy includes a set of fields and references at least one additional policy data structure.

55 Citations

View as Search Results

25 Claims

1. For a policy framework, a method for managing policies for a set of resources in a computing environment, the method comprising:
- storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;
  
  generating a first composite policy associated with a resource of the virtual machine computing environment, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; and
  
  transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the resource, the transmitting including transmitting the first primitive policy and the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the set of fields for the policy data structure includes a name field, a namespace field, and a version field.
  - 3. The method of claim 2, wherein the first reference to the first primitive policy in a first composite policy data structure uses the name, namespace, and version fields of the.
  - 4. The method of claim 3, wherein a reference to a policy data structure without using a version field references a most recent version of the policy data structure having the referenced name and namespace fields.
  - 5. The method of claim 1, further comprising applying a binding rule to bind the first composite policy to the resource by binding the first primitive policy and the second primitive policy or primitive policies of the second composite policy to the resource.
  - 6. The method of claim 1, wherein the second composite policy references multiple policy data structures, the method further including, when the first composite policy is bound to the resource by a binding rule, binding each primitive policy of policy data structures referenced by the second composite policy to the resource.
  - 7. The method of claim 1, wherein the policy data structure for the first primitive policy exposes at least one parameter to be provided during a compilation process for binding the first primitive policy to the resource.
  - 8. The method of claim 7, wherein the first composite policy references the policy data structure and provides a first value for the parameter.
  - 9. The method of claim 8, wherein a third composite policy references the policy data structure and provides a second, different value for the parameter.
  - 10. The method of claim 7, wherein the first primitive policy has a first parameter value when bound to the resource and a second parameter value when bound to another resource.
  - 11. The method of claim 7, wherein the first composite policy references the policy data structure and calls a function to calculate a value to provide for the parameter.
  - 12. The method of claim 11, wherein the function calculates the value based on a parameter provided by a third composite policy that references the data structure.
  - 13. The method of claim 7, wherein the first composite policy (i) references the policy data structure and provides a first value for the parameter if a conditional statement is met and (ii) references the policy data structure and provides a second value for the parameter if the conditional statement is not met.
  - 14. The method of claim 1, wherein the first composite policy references a first policy data structure if a conditional statement is met and a second policy data structure if a conditional statement is not met.

15. A computer readable medium storing a program which when executed manages policies for a set of resources in a computing environment, the program comprising sets of instructions for:
- storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;
  
  generating a first composite policy associated with a resource of the virtual machine computing environment, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; and
  
  transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the resource, the transmitting including transmitting the first primitive policy and the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The computer readable medium of claim 15, wherein the set of fields for the policy data structure includes a name field, a namespace field, and a version field, wherein the first reference to the first primitive policy in a first composite policy data structure uses the name, namespace, and version fields of the first primitive policy, wherein a reference to a policy data structure without using a version field references a most recent version of the policy data structure having the referenced name and namespace fields.
  - 17. The computer readable medium of claim 15, further comprising applying a binding rule to bind the first composite policy to the resource by binding the first primitive policy and the second primitive policy or primitive policies of the second composite policy to the resource.
  - 18. The computer readable medium of claim 15, wherein the second composite policy references multiple policy data structures, wherein the program includes a set of instructions for binding each primitive policy of policy data structures referenced by the second composite policy to a particular computing resource when the first composite policy is bound to the resource by a binding rule.
  - 19. The computer readable medium of claim 15, wherein the policy data structure for the first primitive policy exposes at least one parameter to be provided during a compilation process for binding the first primitive policy to the resource.
  - 20. The computer readable medium of claim 19, wherein the first composite policy references the policy data structure and provides a first value for the parameter, wherein a third composite policy references the policy data structure and provides a second, different value for the parameter.
  - 21. The computer readable medium of claim 19, wherein the first primitive policy has a first parameter value when bound to a first computing resource and a second parameter value when bound to a second computing resource.
  - 22. The computer readable medium of claim 19, wherein the first composite policy references the policy data structure and calls a function to calculate a value to provide for the parameter.
  - 23. The computer readable medium of claim 22, wherein the function calculates the value based on a parameter provided by a third composite policy that references the first composite policy.
  - 24. The computer readable medium of claim 19, wherein the first composite policy (i) references the policy data structure and provides a first value for the parameter if a conditional statement is met and (ii) references the policy data structure and provides a second value for the parameter if the conditional statement is not met.
  - 25. The computer readable medium of claim 15, wherein the first composite policy references a first policy data structure if a conditional statement is met and a second policy data structure if a conditional statement is not met.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Burk, Gregory T., Coote, Lachlan T.
Primary Examiner(s)
Woo, Isaac M

Application Number

US14/828,455
Publication Number

US 20170031956A1
Time in Patent Office

1,065 Days
Field of Search

707600-899
US Class Current
CPC Class Codes

G06F 15/161   Computing infrastructure, e...

G06F 16/2365   Ensuring data consistency a...

G06F 16/285   Clustering or classification

H04L 41/08   Configuration management of...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/20   Network management software...

H04L 47/20   Traffic policing

H04L 47/762   triggered by the network

H04L 47/827   Aggregation of resource all...

Policy composition language

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Policy composition language

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others