Resource categorization for policy framework

US 10,116,510 B2
Filed: 08/17/2015
Issued: 10/30/2018
Est. Priority Date: 07/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method for managing a set of computing resources, the method comprising:

storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;

generating a first composite policy, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy;

importing descriptions of computing resources from a plurality of heterogeneous sources, wherein the descriptions specify categories for the computing resources, wherein different sources use different types of categories for the resource descriptions;

based on a first category specified for a first one of the computing resources in the set, deriving a second category for the first one of the computing resources;

binding the first composite policy to the first one of the computing resources based on a binding rule identifying the first composite policy and the second category; and

transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the first one of the computing resources, the transmitting including transmitting the first primitive policy and at least one of the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for managing a set of computing resources. The method imports descriptions of computing resources from several heterogeneous sources. The descriptions specify categories for the computing resources. The different sources use different types of categories for the resource descriptions. Based on the categories specified for the computing resources in the set, the method derives additional categories for at least a subset of the computing resources. The method stores each imported computing resource tagged according to its specified and derived categories, wherein the category tags are used for binding policies to the computing resources.

Citations

22 Claims

1. A method for managing a set of computing resources, the method comprising:
- storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;
  
  generating a first composite policy, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy;
  
  importing descriptions of computing resources from a plurality of heterogeneous sources, wherein the descriptions specify categories for the computing resources, wherein different sources use different types of categories for the resource descriptions;
  
  based on a first category specified for a first one of the computing resources in the set, deriving a second category for the first one of the computing resources;
  
  binding the first composite policy to the first one of the computing resources based on a binding rule identifying the first composite policy and the second category; and
  
  transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the first one of the computing resources, the transmitting including transmitting the first primitive policy and at least one of the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the plurality of heterogeneous sources includes at least one of a network manager, a storage manager, and a compute manager for a datacenter.
  - 3. The method of claim 1, wherein the set of computing resources includes at least one of physical servers, virtual servers, physical forwarding elements, software forwarding elements, logical forwarding elements of a logical network, hardware resources of a physical server, applications, and datacenters.
  - 4. The method of claim 1, wherein a description of the first one of the computing resources is imported from both first and second sources, wherein the description of the first one of the computing resources from the first source specifies a first category for the one of the computing resources and the description of the one of the computing resources from the second source specifies a second, different category for the one of the computing resources.
  - 5. The method of claim 4, wherein the first category is not specified by the description of the first one of the computing resources from the second source and the second category is not specified by the description of the one of the computing resources from the first source.
  - 6. The method of claim 4, wherein the first category is not specified by the description of the one of the computing resources from the second source, while the second category is specified by the description of the one of the computing resources from the first source.
  - 7. The method of claim 1, further including:
    - determining that a description of a second one of the computing resources specifies a third category for the second one of the computing resources; and
      
      assigning both the first one of the computing resources and second one of the computing resources to second category.
  - 8. The method of claim 7, wherein the first and third categories have a same meaning expressed in different identifiers, wherein the third category provides a normalization for this meaning.
  - 9. The method of claim 1, wherein deriving the second category for the first one of the computing resources includes:
    - determining that the description of the first one of the computing resources specifies that the first one of the computing resources belongs to both a first category and a third category; and
      
      based on the determination, assigning the first one of the computing resources to the second category.
  - 10. The method of claim 9, wherein the first category is specified for the first one of the computing resources in a first description of the first one of the computing resources received from a first source and the third category is specified for the first one of the computing resources in a second description of the first one of the computing resources received from a second source.
  - 11. The method of claim 1 further including identifying that a description of the first one of the computing resources received from a first source and a description of a second one of the computing resources received from a second source are descriptions of the first one of the computing resources, wherein only a single description is stored for the first one of the computing resources tagged with categories from the descriptions from both the first and second sources.

12. A non-transitory machine readable medium storing a program which when executed by at least one processing unit manages a set of computing resources, the program comprising sets of instructions for:
- storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;
  
  generating a first composite policy, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy;
  
  importing descriptions of computing resources from a plurality of heterogeneous sources, wherein the descriptions specify categories for the computing resources, wherein different sources use different types of categories for the resource descriptions;
  
  based on a first category specified for a first one of the computing resources in the set, deriving a second category for the first one of the computing resources;
  
  binding the first composite policy to the first one of the computing resources based on a binding rule identifying the first composite policy and the second category; and
  
  transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the first one of the computing resources, the transmitting including transmitting the first primitive policy and at least one of the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The machine readable medium of claim 12, wherein the plurality of heterogeneous sources includes at least one of a network manager, a storage manager, and a compute manager for a datacenter.
  - 14. The machine readable medium of claim 12, wherein the set of computing resources includes at least one of physical servers, virtual servers, physical forwarding elements, software forwarding elements, logical forwarding elements of a logical network, hardware resources of a physical server, applications, and datacenters.
  - 15. The machine readable medium of claim 12, wherein a description of the first one of the computing resources is imported from both first and second sources, wherein the description of the first one of the computing resources from the first source specifies a first category for the first one of the computing resources and the description of the one of the computing resources from the second source specifies a second, different category for the one of the computing resources.
  - 16. The machine readable medium of claim 15, wherein the first category is not specified by the description of the one of the computing resources from the second source and the second category is not specified by the description of the first one of the computing resources from the first source.
  - 17. The machine readable medium of claim 15, wherein the first category is not specified by the description of the one of the computing resources from the second source, while the second category is specified by the description of the one of the computing resources from the first source.
  - 18. The machine readable medium of claim 12, further including:
    - determining that a description of a second one of the computing resources specifies a third category for the second one of the computing resources; and
      
      assigning both the first one of the computing resources and second one of the computing resources to second category.
  - 19. The machine readable medium of claim 18, wherein the first and third categories have a same meaning expressed in different identifiers, wherein the third category provides a normalization for this meaning.
  - 20. The machine readable medium of claim 12, wherein the set of instructions for deriving the second category for the first one of the computing resources includes sets of instructions for:
    - determining that the description of the first one of the computing resources specifies that the first one of the computing resources belongs to both a first category and a third category; and
      
      based on the determination, assigning the first one of the computing resources to the second category.
  - 21. The machine readable medium of claim 20, wherein the first category is specified for the first one of the computing resources in a first description of the first one of the computing resources received from a first source and the third category is specified for the first one of the computing resources in a second description of the first one of the computing resources received from a second source.
  - 22. The machine readable medium of claim 12, wherein the program further includes a set of instructions for identifying that a description of the first one of the computing resources received from a first source and a description of a second one of the computing resources received from a second source are descriptions of a same particular the first one of the computing resources, wherein only a single description is stored for the first one of the computing resources tagged with categories from the descriptions from both the first and second sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Burk, Gregory T., Coote, Lachlan T.
Primary Examiner(s)
Bibbee, Jared M

Application Number

US14/828,446
Publication Number

US 20170032020A1
Time in Patent Office

1,170 Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/161   Computing infrastructure, e...

G06F 16/2365   Ensuring data consistency a...

G06F 16/285   Clustering or classification

H04L 41/08   Configuration management of...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/20   Network management software...

H04L 47/20   Traffic policing

H04L 47/762   triggered by the network

H04L 47/827   Aggregation of resource all...

Resource categorization for policy framework

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Resource categorization for policy framework

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links