Tracing with a workload distributor

US 10,178,031 B2
Filed: 02/09/2015
Issued: 01/08/2019
Est. Priority Date: 01/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer processor, the method comprising:

receiving, in a secure environment that includes a plurality of execution environments, a stream of input for an application, the input stream comprising discrete units of work, each discrete unit of work being either an application input item or a request made to the application, wherein a first discrete unit of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete unit of work is structured to enable concurrent analysis thereof by multiple execution environments;

in the secure environment, receiving a status from each execution environment included in the plurality of execution environments, each status comprising a determined availability to perform work;

in the secure environment, receiving a configuration definition defining conditions for executing the discrete units of work among the plurality of execution environments, the configuration definition comprising a load balancing objective and a data gathering objective;

in the secure environment, (1) parsing the input stream to identify the discrete units of work, (2) determining a first data gathering objective for a first work unit, and (3) causing the first work unit to be executed on a first execution environment according to the first data gathering objective;

in the secure environment, tagging a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result;

in the secure environment, determining that the result obtained from executing the first work unit according to the first data gathering objective includes at least some sensitive data; and

in the secure environment, obfuscating the at least some sensitive data and then transmitting the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A load balanced system may incorporate instrumented systems within a group of managed devices and distribute workload among the devices to meet both load balancing and data collection. A workload distributor may communicate with and configure several managed devices, some of which may have instrumentation that may collect trace data for workload run on those devices. Authentication may be performed between the managed devices and the workload distributor to verify that the managed devices are able to receive the workloads and to verify the workloads prior to execution. The workload distributor may increase or decrease the amount of instrumentation in relation to the workload experienced at any given time.

567 Citations

22 Claims

1. A method performed by a computer processor, the method comprising:
- receiving, in a secure environment that includes a plurality of execution environments, a stream of input for an application, the input stream comprising discrete units of work, each discrete unit of work being either an application input item or a request made to the application, wherein a first discrete unit of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete unit of work is structured to enable concurrent analysis thereof by multiple execution environments;
  
  in the secure environment, receiving a status from each execution environment included in the plurality of execution environments, each status comprising a determined availability to perform work;
  
  in the secure environment, receiving a configuration definition defining conditions for executing the discrete units of work among the plurality of execution environments, the configuration definition comprising a load balancing objective and a data gathering objective;
  
  in the secure environment, (1) parsing the input stream to identify the discrete units of work, (2) determining a first data gathering objective for a first work unit, and (3) causing the first work unit to be executed on a first execution environment according to the first data gathering objective;
  
  in the secure environment, tagging a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result;
  
  in the secure environment, determining that the result obtained from executing the first work unit according to the first data gathering objective includes at least some sensitive data; and
  
  in the secure environment, obfuscating the at least some sensitive data and then transmitting the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 further comprising:
    - transmitting said first data gathering objective to said first execution environment.
  - 3. The method of claim 2 further comprising:
    - determining a second data gathering objective for a second work unit;
      
      determining that the plurality of execution environments are near capacity;
      
      changing the second data gathering objective to a limited second data gathering objective; and
      
      causing the second work unit to be executed according to the limited second data gathering objective.
  - 4. The method of claim 3, said second work unit being executed by said first execution environment.
  - 5. The method of claim 4, said first data gathering objective being different from said limited second data gathering objective.
  - 6. The method of claim 5 further comprising:
    - transmitting a first authentication mechanism to said first execution environment.
  - 7. The method of claim 6 further comprising:
    - receiving a second authentication mechanism from said first execution environment.
  - 8. The method of claim 7 further comprising:
    - said second authentication mechanism being received as part of said status.
  - 9. The method of claim 2 further comprising:
    - determining a second data gathering objective for a second work unit;
      
      determining that the plurality of execution environments have excess capacity;
      
      changing the second data gathering objective to an extensive second data gathering objective; and
      
      causing the second work unit to be executed with the extensive second data gathering objective.
  - 10. The method of claim 9, said second work unit being executed by said first execution environment.
  - 11. The method of claim 2 further comprising:
    - causing said first work unit to be executed on a second execution environment with a second data gathering objective.
  - 12. The method of claim 11, said second data gathering objective being different from said first data gathering objective.
  - 13. The method of claim 1 further comprising:
    - determining that said first execution environment has preconfigured data gathering capabilities that are within said first data gathering objective.
  - 14. The method of claim 13 further comprising:
    - determining that a second execution environment does not have said preconfigured data gathering capabilities and determining that said second execution environment will not execute said first work item.
  - 15. The method of claim 14, wherein a corresponding status for the first execution environment comprises an indicator for the preconfigured data gathering capabilities.
  - 16. The method of claim 1, said configuration definition comprising a target quality of service.

17. A system comprising:
- a processor;
  
  a load receiver that receives a stream of input for an application that is executing in a secure environment, wherein the secure environment includes a plurality of execution environments, and wherein the input stream includes discrete units of work, each discrete unit of work being either an application input item or a request made to the application, wherein a first discrete unit of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete unit of work is structured to enable concurrent analysis thereof by multiple execution environments;
  
  a worker status collector that receives status information from each execution environment included in the plurality of execution environments; and
  
  a distributor that is being executed by the processor and that is configured to perform the following in the secure environment;
  
  receive a configuration definition defining conditions for executing the discrete units of work among the plurality of execution environments, the configuration definition comprising a load balancing objective and a data gathering objective;
  
  parse the input stream to identify the discrete units of work;
  
  determine a first data gathering objective for a first work unit;
  
  cause the first work unit to be executed on a first execution environment according to the first data gathering objective;
  
  tagging a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result;
  
  determine that the result obtained from executing the first work unit according to the first data gathering objective includes at least some sensitive data; and
  
  obfuscate the at least some sensitive data and then transmit the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, said distributor that further:
    - transmits said first data gathering objective to said first execution environment.
  - 19. The system of claim 18, wherein the distributor is further configured to:
    - determine a second data gathering objective for a second work unit;
      
      determine that the plurality of execution environments is near capacity;
      
      change the second data gathering objective to a limited second data gathering objective; and
      
      cause the second work unit to be executed according to the limited second data gathering objective.
  - 20. The system of claim 19, said second work unit being executed by said first execution environment.

21. A computer system comprising:
- one or more processors; and
  
  one or more computer-readable hardware storage devices having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to;
  
  receive, in a secure environment that includes a plurality of execution environments, a stream of input for an application that is being executed in the plurality of execution environments, wherein the input stream includes discrete items of work, each discrete item of work being either an application input item or a request made to the application, wherein a first discrete item of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete item of work is structured to enable concurrent analysis thereof by multiple execution environments;
  
  in the secure environment, parse the input stream to identify a first work item;
  
  in the secure environment and after identifying the first work item, receive a configuration definition that includes (1) one or more operational conditions that are to be followed when executing the first work item and (2) a data gathering objective for the first work item;
  
  in the secure environment, cause the first work item to be executed in a first execution environment in accordance with both the one or more operational conditions and the data gathering objective;
  
  in the secure environment, tag a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result;
  
  in the secure environment, determine that the result obtained from executing the first work item includes at least some sensitive data; and
  
  in the secure environment, obfuscate the at least some sensitive data and then transmit the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment.
- View Dependent Claims (22)
- - 22. The system of claim 21, wherein different types of obfuscation are applied to different portions of the at least some sensitive data, and wherein determining which type of obfuscation to apply is based on a determined type for each of the different portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Krajec, Russell S.
Primary Examiner(s)
Bengzon, Greg C

Application Number

US14/617,509
Publication Number

US 20150222548A1
Time in Patent Office

1,429 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3409   for performance assessment

G06F 11/3466   Performance evaluation by t...

G06F 11/3636   by tracing the execution of...

G06F 21/6245   Protecting personal data, e...

G06F 2201/865   Monitoring of software

G06F 9/505   considering the load

G06F 9/5083   Techniques for rebalancing ...

H04L 47/125   by balancing the load, e.g....

H04L 67/1001   for accessing one among a p...

Tracing with a workload distributor

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

567 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Tracing with a workload distributor

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

567 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links