Methods and system of managing concurrent access to multiple resources
First Claim
1. A method for managing concurrent access by an application instance to two or more resource sets each of which comprises one or more resources, the method comprising:
- assigning the application instance to a first resource set;
receiving a request from the application instance to access a resource in a second resource set; and
determining whether the application instance has permission to;
access the requested resource in the second resource set, access the second resource set, and concurrently access the first and second resource sets.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a method and system for managing concurrent access to multiple resources. Resources are assigned to sets in such a way that it is safe to concurrently access any combination of resources in a resource set. For each resource set, a virtual machine is defined and associated with the resource set. An application is assigned to a virtual machine. When an application requests access to a resource not in the application'"'"'s virtual machine, access control lists are consulted to determine whether the access should be allowed, given the other resources already accessed by the application.
207 Citations
51 Claims
-
1. A method for managing concurrent access by an application instance to two or more resource sets each of which comprises one or more resources, the method comprising:
-
assigning the application instance to a first resource set;
receiving a request from the application instance to access a resource in a second resource set; and
determining whether the application instance has permission to;
access the requested resource in the second resource set, access the second resource set, and concurrently access the first and second resource sets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for managing creation of a resource in a resource set by an application instance, the method comprising:
-
assigning the application instance to a first resource set;
receiving a request from the application instance to create a new resource in a target resource set;
determining whether the application instance has permission to create the new resource in the target resource set. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for creating a security environment usable by an application instance owned by a principal and operating in a computing device having multiple resources, the system comprising:
-
a plurality of resource sets each of which comprises one or more resources grouped according to the safety of concurrent access to the resources;
a plurality of virtual machines, each virtual machine being associated with a resource set and being adapted to allow the application instance to access the resource set associated with a virtual machine; and
a set of rules associated with each resource set, the rules determining whether the principal has permission to access a target resource in the resource set. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer management facility supporting a plurality of applications running on virtual machines connected to a multiplicity of resource sets, the management facility comprising:
-
a persistent storage module for storing a record, the record comprising, for each principal, an indication of whether the principal has permission to access each of the resource sets, and an indication of whether the principal has permission to concurrently access a combination of two or more resource sets;
a device driver connected to the applications and the persistent storage module, the device driver adapted for, upon receiving a request from an application instance to access a resource in a set connected to a virtual machine different from a virtual machine to which the application instance is assigned, checking the persistent storage module to see if the principal owning the application instance has permission to access the resource; and
a virtual machine launching module connected to the device driver and the persistent storage module for launching a new virtual machine and updating the record of the persistent storage module. - View Dependent Claims (25, 26, 27)
-
-
28. A method operable in a computer system having access to a plurality of networks, for managing an application instance'"'"'s concurrent access to the networks, the method comprising:
-
associating a first instance of the application with a first network;
upon receiving a request from the first instance of the application to access a second network, checking whether the application has permission to access the second network, the checking based, at least in part, on the safety of concurrent access to the first network and the second network; and
informing the application of the result of the permission checking. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for a process to communicate with a management facility in order to request that action be taken with respect to a virtual machine, the method comprising:
-
issuing, by the process, a call having at least one call parameter;
receiving, by the management facility, the call and parsing the call to retrieve the at least one call parameter; and
issuing, by the management facility, an acknowledgement having at least one acknowledgement parameter. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
-
-
47. A method for a process to communicate with a management facility in order to request that the process be registered to receive change notifications, the method comprising:
-
issuing, by the process, a call having a plurality of call parameters comprising a module identification, a principal, a function to be called when a virtual machine is created, a function to be called when information about a virtual machine is updated, and a function to be called when a virtual machine is destroyed;
receiving, by the management facility, the call and parsing the call to retrieve the call parameters; and
issuing, by the management facility, an acknowledgement having an acknowledgement parameter comprising a status of the request.
-
-
48. A method for a management facility to notify a process of an action taken with respect to a virtual machine, the method comprising:
-
issuing, by the management facility, a call having at least one call parameter; and
receiving, by the process, the call and parsing the call to retrieve the at least one call parameter. - View Dependent Claims (49, 50, 51)
-
Specification