Resource categorization for policy framework
First Claim
1. A method for managing a set of computing resources, the method comprising:
- storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy;
generating a first composite policy, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy;
importing descriptions of computing resources from a plurality of heterogeneous sources, wherein the descriptions specify categories for the computing resources, wherein different sources use different types of categories for the resource descriptions;
based on a first category specified for a first one of the computing resources in the set, deriving a second category for the first one of the computing resources;
binding the first composite policy to the first one of the computing resources based on a binding rule identifying the first composite policy and the second category; and
transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the first one of the computing resources, the transmitting including transmitting the first primitive policy and at least one of the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for managing a set of computing resources. The method imports descriptions of computing resources from several heterogeneous sources. The descriptions specify categories for the computing resources. The different sources use different types of categories for the resource descriptions. Based on the categories specified for the computing resources in the set, the method derives additional categories for at least a subset of the computing resources. The method stores each imported computing resource tagged according to its specified and derived categories, wherein the category tags are used for binding policies to the computing resources.
-
Citations
22 Claims
-
1. A method for managing a set of computing resources, the method comprising:
-
storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy; generating a first composite policy, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; importing descriptions of computing resources from a plurality of heterogeneous sources, wherein the descriptions specify categories for the computing resources, wherein different sources use different types of categories for the resource descriptions; based on a first category specified for a first one of the computing resources in the set, deriving a second category for the first one of the computing resources; binding the first composite policy to the first one of the computing resources based on a binding rule identifying the first composite policy and the second category; and transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the first one of the computing resources, the transmitting including transmitting the first primitive policy and at least one of the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory machine readable medium storing a program which when executed by at least one processing unit manages a set of computing resources, the program comprising sets of instructions for:
-
storing an imported policy rule of a virtual machine computing environment as a first primitive policy, the first primitive policy including a policy data structure that includes a set of fields, the imported policy rule written in a first language, wherein a first field of the set of fields stores the imported policy rule in the first language and a second field of the set of fields stores the imported policy rule in a second language for the first primitive policy; generating a first composite policy, wherein the first composite policy includes a first reference identifying the first primitive policy and a second reference identifying a second primitive policy or a second composite policy; importing descriptions of computing resources from a plurality of heterogeneous sources, wherein the descriptions specify categories for the computing resources, wherein different sources use different types of categories for the resource descriptions; based on a first category specified for a first one of the computing resources in the set, deriving a second category for the first one of the computing resources; binding the first composite policy to the first one of the computing resources based on a binding rule identifying the first composite policy and the second category; and transmitting the first composite policy to a policy engine of the virtual machine computing environment responsible for managing the first one of the computing resources, the transmitting including transmitting the first primitive policy and at least one of the second primitive policy or the second composite policy, the policy engine to apply the first primitive policy by reading the primitive policy using the second language. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification