Tracing with a workload distributor
First Claim
1. A method performed by a computer processor, the method comprising:
- receiving, in a secure environment that includes a plurality of execution environments, a stream of input for an application, the input stream comprising discrete units of work, each discrete unit of work being either an application input item or a request made to the application, wherein a first discrete unit of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete unit of work is structured to enable concurrent analysis thereof by multiple execution environments;
in the secure environment, receiving a status from each execution environment included in the plurality of execution environments, each status comprising a determined availability to perform work;
in the secure environment, receiving a configuration definition defining conditions for executing the discrete units of work among the plurality of execution environments, the configuration definition comprising a load balancing objective and a data gathering objective;
in the secure environment, (1) parsing the input stream to identify the discrete units of work, (2) determining a first data gathering objective for a first work unit, and (3) causing the first work unit to be executed on a first execution environment according to the first data gathering objective;
in the secure environment, tagging a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result;
in the secure environment, determining that the result obtained from executing the first work unit according to the first data gathering objective includes at least some sensitive data; and
in the secure environment, obfuscating the at least some sensitive data and then transmitting the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment.
2 Assignments
0 Petitions
Accused Products
Abstract
A load balanced system may incorporate instrumented systems within a group of managed devices and distribute workload among the devices to meet both load balancing and data collection. A workload distributor may communicate with and configure several managed devices, some of which may have instrumentation that may collect trace data for workload run on those devices. Authentication may be performed between the managed devices and the workload distributor to verify that the managed devices are able to receive the workloads and to verify the workloads prior to execution. The workload distributor may increase or decrease the amount of instrumentation in relation to the workload experienced at any given time.
567 Citations
22 Claims
-
1. A method performed by a computer processor, the method comprising:
-
receiving, in a secure environment that includes a plurality of execution environments, a stream of input for an application, the input stream comprising discrete units of work, each discrete unit of work being either an application input item or a request made to the application, wherein a first discrete unit of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete unit of work is structured to enable concurrent analysis thereof by multiple execution environments; in the secure environment, receiving a status from each execution environment included in the plurality of execution environments, each status comprising a determined availability to perform work; in the secure environment, receiving a configuration definition defining conditions for executing the discrete units of work among the plurality of execution environments, the configuration definition comprising a load balancing objective and a data gathering objective; in the secure environment, (1) parsing the input stream to identify the discrete units of work, (2) determining a first data gathering objective for a first work unit, and (3) causing the first work unit to be executed on a first execution environment according to the first data gathering objective; in the secure environment, tagging a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result; in the secure environment, determining that the result obtained from executing the first work unit according to the first data gathering objective includes at least some sensitive data; and in the secure environment, obfuscating the at least some sensitive data and then transmitting the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a processor; a load receiver that receives a stream of input for an application that is executing in a secure environment, wherein the secure environment includes a plurality of execution environments, and wherein the input stream includes discrete units of work, each discrete unit of work being either an application input item or a request made to the application, wherein a first discrete unit of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete unit of work is structured to enable concurrent analysis thereof by multiple execution environments; a worker status collector that receives status information from each execution environment included in the plurality of execution environments; and a distributor that is being executed by the processor and that is configured to perform the following in the secure environment; receive a configuration definition defining conditions for executing the discrete units of work among the plurality of execution environments, the configuration definition comprising a load balancing objective and a data gathering objective; parse the input stream to identify the discrete units of work; determine a first data gathering objective for a first work unit; cause the first work unit to be executed on a first execution environment according to the first data gathering objective; tagging a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result; determine that the result obtained from executing the first work unit according to the first data gathering objective includes at least some sensitive data; and obfuscate the at least some sensitive data and then transmit the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment. - View Dependent Claims (18, 19, 20)
-
-
21. A computer system comprising:
-
one or more processors; and one or more computer-readable hardware storage devices having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to; receive, in a secure environment that includes a plurality of execution environments, a stream of input for an application that is being executed in the plurality of execution environments, wherein the input stream includes discrete items of work, each discrete item of work being either an application input item or a request made to the application, wherein a first discrete item of work is a call to a function of the application, which call includes input parameters for the application'"'"'s function, and wherein each discrete item of work is structured to enable concurrent analysis thereof by multiple execution environments; in the secure environment, parse the input stream to identify a first work item; in the secure environment and after identifying the first work item, receive a configuration definition that includes (1) one or more operational conditions that are to be followed when executing the first work item and (2) a data gathering objective for the first work item; in the secure environment, cause the first work item to be executed in a first execution environment in accordance with both the one or more operational conditions and the data gathering objective; in the secure environment, tag a result obtained from executing the first unit of work to include a set of one or more source code annotations which include a name of a function that was used when the first unit of work was executed such that the function name is tagged to the result; in the secure environment, determine that the result obtained from executing the first work item includes at least some sensitive data; and in the secure environment, obfuscate the at least some sensitive data and then transmit the obfuscated at least some sensitive data to a different environment for analysis, the different environment having a security level that is different than a security level of the secure environment. - View Dependent Claims (22)
-
Specification