Policy store

US 10,075,343 B2
Filed: 08/17/2015
Issued: 09/11/2018
Est. Priority Date: 07/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method for managing policies for a set of computing resources, the method comprising:

importing a plurality of sets of resource management policy rules from a plurality of heterogeneous sources of a virtual machine computing environment;

storing an imported policy rule as a primitive policy;

extracting policy information from the primitive policy;

storing a wrapper with the primitive policy, the wrapper identifying a policy rule identified in the policy information, the wrapper utilizing a first language different than a second language utilized by the primitive policy;

associating the primitive policy with a resource in the set of computing resources;

generating a first composite policy for the resource, wherein the composite policy includes a first reference identifying the primitive policy;

generating a second composite policy for the resource, wherein the second composite policy includes a second reference to the first composite policy; and

transmitting a plurality of policies referenced within the second composite policy, including the primitive policy and the wrapper, to a policy engine of the virtual machine computing environment, the policy engine to apply the primitive policy by reading the wrapper using the first language without reading the primitive policy using the second language.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for managing policies for a set of computing resources. The method imports several sets of resource management policy rules from several heterogeneous sources. The method stores each set of imported policy rules as a primitive policy. The primitive policies are (i) applicable to resources in the set of computing resources and (ii) combinable into composite policies that are applicable to resources in the set of computing resources. Composite policies are combinable into additional composite policies with primitive policies and other composite policies.

Citations

18 Claims

1. A method for managing policies for a set of computing resources, the method comprising:
- importing a plurality of sets of resource management policy rules from a plurality of heterogeneous sources of a virtual machine computing environment;
  
  storing an imported policy rule as a primitive policy;
  
  extracting policy information from the primitive policy;
  
  storing a wrapper with the primitive policy, the wrapper identifying a policy rule identified in the policy information, the wrapper utilizing a first language different than a second language utilized by the primitive policy;
  
  associating the primitive policy with a resource in the set of computing resources;
  
  generating a first composite policy for the resource, wherein the composite policy includes a first reference identifying the primitive policy;
  
  generating a second composite policy for the resource, wherein the second composite policy includes a second reference to the first composite policy; and
  
  transmitting a plurality of policies referenced within the second composite policy, including the primitive policy and the wrapper, to a policy engine of the virtual machine computing environment, the policy engine to apply the primitive policy by reading the wrapper using the first language without reading the primitive policy using the second language.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein different sets of policy rules are defined in a plurality of different languages.
  - 3. The method of claim 2, wherein a first primitive policy is defined in an XML schema.
  - 4. The method of claim 1, wherein the first composite policy includes a first primitive policy defined in the second language and a second primitive policy defined in a third, different language.
  - 5. The method of claim 1, wherein the first composite policy includes a first primitive policy imported from a first source and a second primitive policy imported from a second source.
  - 6. The method of claim 1, wherein the second composite policy includes the first composite policy and a another primitive policy imported from a third source.
  - 7. The method of claim 1, wherein the first composite policy comprises includes an inline definition of a second primitive policy.
  - 8. The method of claim 1, wherein the first composite policy includes a reference to another primitive policy.
  - 9. The method of claim 1 further including applying the imported policies to the set of resources according to a set of binding rules, wherein the applied policies are used by a plurality of policy engines to manage the set of computing resources.
  - 10. The method of claim 9, wherein at least a particular one of the heterogeneous sources of the policy rules is also one of the policy engines that uses the applied policies.
  - 11. The method of claim 10, wherein the particular heterogeneous source is also a source of information about at least one computing resource in the set of computing resources.

12. A non-transitory machine readable medium storing a program which when executed by at least one processing unit manages policies for a set of computing resources, the program comprising sets of instructions for at least:
- importing a plurality of sets of resource management policy rules from a plurality of heterogeneous sources of a virtual machine computing environment;
  
  storing an imported policy rule as a primitive policy;
  
  extracting policy information from the primitive policy;
  
  storing a wrapper with the primitive policy, the wrapper identifying a policy rule identified in the policy information, the wrapper utilizing a first language different than a second language utilized by the primitive policy;
  
  associating the primitive policy with a resource, in the set of computing resources;
  
  generating a first composite policy for the resource, wherein the composite policy includes a first reference identifying the primitive policy;
  
  generating a second composite policy for the resource, wherein the second composite policy includes a second reference to the first composite policy; and
  
  transmitting a plurality of policies referenced within the second composite policy, including the primitive policy and the wrapper, to a policy engine of the virtual machine computing environment, the policy engine to apply the primitive policy by reading the wrapper using the first language without reading the primitive policy using the second language.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The machine readable medium of claim 12, wherein different sets of policy rules are defined in a plurality of different languages.
  - 14. The machine readable medium of claim 12, wherein the first composite policy includes a first primitive policy defined in the second language and a second primitive policy defined in a third, different language.
  - 15. The machine readable medium of claim 12, wherein the first composite policy includes a first primitive policy imported from a first source and a second primitive policy imported from a second source.
  - 16. The machine readable medium of claim 12, wherein the first composite policy includes an inline definition of a second primitive policy.
  - 17. The machine readable medium of claim 12, wherein the program further includes a set of instructions for applying the imported policies to the set of resources according to a set of binding rules, wherein the applied policies are used by a plurality of policy engines to manage the set of computing resources.
  - 18. The machine readable medium of claim 17, wherein at least a particular one of the heterogeneous sources of the policy rules is also one of the policy engines that uses the applied policies, wherein the particular heterogeneous source is also a source of information about at least one computing resource in the set of computing resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Burk, Gregory T., Coote, Lachlan T.
Primary Examiner(s)
Eskandarnia, Arvin
Assistant Examiner(s)
Lobos, Boris Grijalva

Application Number

US14/828,443
Publication Number

US 20170033996A1
Time in Patent Office

1,121 Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/161   Computing infrastructure, e...

G06F 16/2365   Ensuring data consistency a...

G06F 16/285   Clustering or classification

H04L 41/08   Configuration management of...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/20   Network management software...

H04L 47/20   Traffic policing

H04L 47/762   triggered by the network

H04L 47/827   Aggregation of resource all...

Policy store

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Policy store

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links