Policy management system for heterogeneous cloud services
First Claim
1. A method to enforce a policy for a network, the method comprising:
- storing, by executing an instruction using a processor, a first set of network state data and a second set of network state data in a single, unified data format, the first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format, the second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format;
detecting, by executing an instruction using the processor, addition of a virtual machine to a cloud environment;
in response to detecting the addition of the virtual machine, determining, by executing an instruction using the processor, whether the virtual machine violates a network policy based on a first owner of the virtual machine and the first and second sets of network state data stored in the single, unified data format; and
when the virtual machine violates the network policy;
creating a new membership group;
adding the first owner to the membership group; and
adding a second owner of the network to the membership group, wherein the first owner and the second owner being part of the same membership group removes the violation.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments provide a method for a system that enforces policy for a network. The method receives (i) a first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format and (ii) a second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format. The method stores the first and second sets of network state data in a single, unified data format. The method monitors the stored sets of network state data to determine whether the network state violates one or more network policies that constrain the network state received from the first and second cloud management applications.
-
Citations
22 Claims
-
1. A method to enforce a policy for a network, the method comprising:
- storing, by executing an instruction using a processor, a first set of network state data and a second set of network state data in a single, unified data format, the first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format, the second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format;
detecting, by executing an instruction using the processor, addition of a virtual machine to a cloud environment;
in response to detecting the addition of the virtual machine, determining, by executing an instruction using the processor, whether the virtual machine violates a network policy based on a first owner of the virtual machine and the first and second sets of network state data stored in the single, unified data format; and
when the virtual machine violates the network policy;
creating a new membership group;
adding the first owner to the membership group; and
adding a second owner of the network to the membership group, wherein the first owner and the second owner being part of the same membership group removes the violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- storing, by executing an instruction using a processor, a first set of network state data and a second set of network state data in a single, unified data format, the first set of network state data from a first cloud management application that manages a first aspect of the network and stores its network state data in a first format, the second set of network state data from a second cloud management application that manages a second aspect of the network and stores its network state data in a second format;
-
15. A system to enforce a policy for a network, the system comprising:
- a machine readable storage to store network state data from at least two cloud management applications in a single, unified data format, the network state data from at least two cloud management applications that each manage different aspects of the network and store their network state data in different formats; and
a processor to;
detect addition of a virtual machine to a cloud environment, in response to detecting the addition of the virtual machine, determine if the virtual machine violates a network policy based on a first owner of the virtual machine and the first and second sets of network state data stored in the single, unified data format, and, when the virtual machine violates the network policy;
create a new membership group;
add the first owner to the membership group; and
add a second owner of the network to the membership group, wherein the first owner and the second owner being part of the same membership group removes the violation. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- a machine readable storage to store network state data from at least two cloud management applications in a single, unified data format, the network state data from at least two cloud management applications that each manage different aspects of the network and store their network state data in different formats; and
Specification