Policy store
First Claim
Patent Images
1. A method for managing policies for a set of computing resources, the method comprising:
- importing a plurality of sets of resource management policy rules from a plurality of heterogeneous sources of a virtual machine computing environment;
storing an imported policy rule as a primitive policy;
extracting policy information from the primitive policy;
storing a wrapper with the primitive policy, the wrapper identifying a policy rule identified in the policy information, the wrapper utilizing a first language different than a second language utilized by the primitive policy;
associating the primitive policy with a resource in the set of computing resources;
generating a first composite policy for the resource, wherein the composite policy includes a first reference identifying the primitive policy;
generating a second composite policy for the resource, wherein the second composite policy includes a second reference to the first composite policy; and
transmitting a plurality of policies referenced within the second composite policy, including the primitive policy and the wrapper, to a policy engine of the virtual machine computing environment, the policy engine to apply the primitive policy by reading the wrapper using the first language without reading the primitive policy using the second language.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for managing policies for a set of computing resources. The method imports several sets of resource management policy rules from several heterogeneous sources. The method stores each set of imported policy rules as a primitive policy. The primitive policies are (i) applicable to resources in the set of computing resources and (ii) combinable into composite policies that are applicable to resources in the set of computing resources. Composite policies are combinable into additional composite policies with primitive policies and other composite policies.
-
Citations
18 Claims
-
1. A method for managing policies for a set of computing resources, the method comprising:
-
importing a plurality of sets of resource management policy rules from a plurality of heterogeneous sources of a virtual machine computing environment; storing an imported policy rule as a primitive policy; extracting policy information from the primitive policy; storing a wrapper with the primitive policy, the wrapper identifying a policy rule identified in the policy information, the wrapper utilizing a first language different than a second language utilized by the primitive policy; associating the primitive policy with a resource in the set of computing resources; generating a first composite policy for the resource, wherein the composite policy includes a first reference identifying the primitive policy; generating a second composite policy for the resource, wherein the second composite policy includes a second reference to the first composite policy; and transmitting a plurality of policies referenced within the second composite policy, including the primitive policy and the wrapper, to a policy engine of the virtual machine computing environment, the policy engine to apply the primitive policy by reading the wrapper using the first language without reading the primitive policy using the second language. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory machine readable medium storing a program which when executed by at least one processing unit manages policies for a set of computing resources, the program comprising sets of instructions for at least:
-
importing a plurality of sets of resource management policy rules from a plurality of heterogeneous sources of a virtual machine computing environment; storing an imported policy rule as a primitive policy; extracting policy information from the primitive policy; storing a wrapper with the primitive policy, the wrapper identifying a policy rule identified in the policy information, the wrapper utilizing a first language different than a second language utilized by the primitive policy; associating the primitive policy with a resource, in the set of computing resources; generating a first composite policy for the resource, wherein the composite policy includes a first reference identifying the primitive policy; generating a second composite policy for the resource, wherein the second composite policy includes a second reference to the first composite policy; and transmitting a plurality of policies referenced within the second composite policy, including the primitive policy and the wrapper, to a policy engine of the virtual machine computing environment, the policy engine to apply the primitive policy by reading the wrapper using the first language without reading the primitive policy using the second language. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification