Provisioning composite applications using secure parameter access

US 10,169,000 B2
Filed: 05/30/2012
Issued: 01/01/2019
Est. Priority Date: 05/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

implementing a composite Web application, the implementing involving a first virtual machine (VM) to be hosted on a first physical machine and a second virtual machine to be hosted on a second physical machine, wherein the first physical machine and the second physical machine are located in a data center;

provisioning the first virtual machine on the first physical machine;

provisioning the second virtual machine on second physical machine;

instantiating a first component of the composite Web application on the first virtual machine and a second component of the composite Web application on the second virtual machine, wherein the first component has a first role of an application server and the second component has a second role of a database management system;

receiving, by a processing device of a provisioning server, a request for a configuration parameter from the first component of the composite Web application, the configuration parameter being a password that enables periodic reconfiguration to communication between the first component and the second component;

identifying, by the processing device of the provisioning server, the first role of the first component of the composite Web application by looking up an identifier of the first component within a stored VM table;

accessing, within a hierarchical data structure, an access condition that specifies a role condition or relationship condition of the requesting first component that is satisfied to access the configuration parameter and enable the communication with the second component;

verifying that the access condition is satisfied by the first component;

upon verification of the access condition, providing the configuration parameter to the first virtual machine associated with the first component;

reconfiguring the first virtual machine of the first component of the application server to access the second component using the requested configuration parameter; and

allowing the communication between the first component and the second component based on the requested configuration parameter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for provisioning composite application using secure parameter access is disclosed. A method of one embodiment of the disclosure includes receiving a request for a configuration parameter from a first component of a composite Web application residing on a first virtual machine (VM). The requested configuration parameter can be related to a second component of the composite Web application residing on a second VM. The role of the first component of the composite Web application is identified and a determination is made as to whether the first component has access to the requested configuration parameter based on the role of the first component. If the first component has access, then the requested configuration parameter is provided to the first component.

54 Citations

19 Claims

1. A method, comprising:
- implementing a composite Web application, the implementing involving a first virtual machine (VM) to be hosted on a first physical machine and a second virtual machine to be hosted on a second physical machine, wherein the first physical machine and the second physical machine are located in a data center;
  
  provisioning the first virtual machine on the first physical machine;
  
  provisioning the second virtual machine on second physical machine;
  
  instantiating a first component of the composite Web application on the first virtual machine and a second component of the composite Web application on the second virtual machine, wherein the first component has a first role of an application server and the second component has a second role of a database management system;
  
  receiving, by a processing device of a provisioning server, a request for a configuration parameter from the first component of the composite Web application, the configuration parameter being a password that enables periodic reconfiguration to communication between the first component and the second component;
  
  identifying, by the processing device of the provisioning server, the first role of the first component of the composite Web application by looking up an identifier of the first component within a stored VM table;
  
  accessing, within a hierarchical data structure, an access condition that specifies a role condition or relationship condition of the requesting first component that is satisfied to access the configuration parameter and enable the communication with the second component;
  
  verifying that the access condition is satisfied by the first component;
  
  upon verification of the access condition, providing the configuration parameter to the first virtual machine associated with the first component;
  
  reconfiguring the first virtual machine of the first component of the application server to access the second component using the requested configuration parameter; and
  
  allowing the communication between the first component and the second component based on the requested configuration parameter.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising denying the requested configuration parameter in response to a determination that the first component does not have access to the requested configuration parameter.
  - 3. The method of claim 1, wherein the provisioning server communicates with the first VM and the second VM via a network.
  - 4. The method of claim 1, wherein the first VM and the second VM are virtual machines of a cloud-based Web application hosting environment.
  - 5. The method of claim 1, further comprising:
    - determining whether the application server has access to the password, wherein the determining comprises identifying whether the database management system is related to the application server in the composite Web application.
  - 6. The method of claim 1, wherein a match condition of the at least one element of the hierarchical data structure comprises at least one of an application type of the first component being a predetermined application type or the first component having a threshold number of servers.
  - 7. The method of claim 1, further comprising identifying a second role of the second component of the composite Web application, wherein the second role indicates a second functionality provided by the second component, and wherein determining whether the first component has access to the requested configuration parameter is further in view of the second role of the second component.

8. A system comprising:
- a memory, anda processing device operatively coupled to the memory to;
  
  implement a composite Web application, the implementing involving a first virtual machine (VM) to be hosted on a first physical machine and a second virtual machine to be hosted on a second physical machine, wherein the first physical machine and the second physical machine are located in a data center;
  
  provision the first virtual machine on the first physical machine;
  
  provision the second virtual machine on second physical machine;
  
  instantiate a first component of the composite Web application on the first virtual machine and a second component of the composite Web application on the second virtual machine, wherein the first component has a first role of an application server and the second component has a second role of a database management system;
  
  receive a request for a configuration parameter from the first component of the composite Web application, the configuration parameter being a password that enables periodic reconfiguration to communication between the first component and the second component;
  
  identify the first role of the first component of the composite Web application by looking up an identifier of the first component within a stored VM table;
  
  access, within a hierarchical data structure, an access condition that specifies a role condition or relationship condition of the requesting first component that is satisfied to access the configuration parameter and enable the communication with the second component;
  
  verify that the access condition is satisfied by the first component;
  
  upon verification of the access condition, provide the configuration parameter to the first virtual machine associated with the first component;
  
  reconfigure the first virtual machine of the first component of the application server to access the second component using the requested configuration parameter; and
  
  allow the communication between the first component and the second component based on the requested configuration parameter.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the processing device further denies the requested configuration parameter in view of a determination that the first component does not have access to the requested configuration parameter.
  - 10. The system of claim 8, wherein the processing device communicates with the first VM and the second VM via a network.
  - 11. The system of claim 8, wherein the first VM and the second VM are virtual machines of a cloud-based Web application hosting environment.
  - 12. The system of claim 8, wherein the processing device is further to determine whether the application server has access to the password, wherein the determining comprises identifying whether the database management system is related to the application server in the composite Web application.
  - 13. The system of claim 8, wherein a match condition of the at least one element of the hierarchical data structure comprises at least one of an application type of the first component being a predetermined application type or the first component having a threshold number of servers.
  - 14. The system of claim 8, wherein the processing device further identifies a second role of the second component of the composite Web application, wherein the second role indicates a second functionality provided by the second component, and wherein determining whether the first component has access to the requested configuration parameter is further related to the second role of the second component.

15. A non-transitory computer-readable storage medium programmed to include instructions that, when executed by a processing device of a provisioning server, cause the processing device to:
- implement a composite Web application, the implementing involving a first virtual machine (VM) to be hosted on a first physical machine and a second virtual machine to be hosted on a second physical machine, wherein the first physical machine and the second physical machine are located in a data center;
  
  provision the first virtual machine on the first physical machine;
  
  provision the second virtual machine on second physical machine;
  
  instantiate a first component of the composite Web application on the first virtual machine and a second component of the composite Web application on the second virtual machine, wherein the first component has a first role of an application server and the second component has a second role of a database management system;
  
  receive, by the processing device, a request for a configuration parameter from the first component of the composite Web application, the configuration parameter being a password that enables periodic reconfiguration to communication between the first component and the second component;
  
  identify the first role of a first server of the first component of the composite Web application by looking up an identifier of the first component within a stored VM table;
  
  access, within a hierarchical data structure, an access condition that specifies a role condition or relationship condition of the requesting component that is satisfied to access the configuration parameter and enable the communication with the second component;
  
  verify that the access condition is satisfied by the first component;
  
  upon verification of the access condition, provide the configuration parameter to the first virtual machine associated with the first component;
  
  reconfigure the first virtual machine of the first component of the application server to access the second component using the requested configuration parameter; and
  
  allow the communication between the first component and the second component based on the requested configuration parameter.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the processing device is further to deny the requested configuration parameter in view of a determination that the first component does not have access to the requested configuration parameter.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the processing is further to determine whether the application server has access to the password, the processing device is to identify whether the database management system is related to the application server in the composite Web application.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the match condition of the at least one element of the hierarchical data structure comprises at least one of an application type of the first component being a predetermined application type or the first component having a threshold number of servers.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the processing device is further to identify a second role of the second component of the composite Web application, wherein the second role indicates a second functionality provided by the second component, and wherein to determine whether the first component has access to the requested configuration parameter is further in view of the second role of the second component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Original Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Inventors
Levy, Ohad Shaul Anaf, Benari, Amos
Primary Examiner(s)
Bullock, Jr., Lewis A
Assistant Examiner(s)
Kepnang, Gilles R

Application Number

US13/484,194
Publication Number

US 20130326498A1
Time in Patent Office

2,407 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1484   involving virtual machines

G06F 2009/45587   Isolation or security of vi...

G06F 2201/865   Monitoring of software

G06F 8/31   Programming languages or pr...

G06F 8/60   Software deployment

G06F 9/44505   Configuring for program ini...

G06F 9/45516   Runtime code conversion or ...

G06F 9/45537   Provision of facilities of ...

G06F 9/45558   Hypervisor-specific managem...

Provisioning composite applications using secure parameter access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning composite applications using secure parameter access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links