Method and system for simplifying distributed server management

US 20030233571A1
Filed: 04/16/2003
Published: 12/18/2003
Est. Priority Date: 06/12/2002
Status: Active Grant

First Claim

Patent Images

1. A method for receiving and executing a system call from a software application program on one of a plurality of servers, the method comprising the steps of:

(a) providing a representation of a plurality of servers as a single virtual server, the representation of the single virtual server implemented by a virtual server client and a plurality of virtual server agents each running on a respective one of the plurality of servers;

(b) receiving, by the virtual server client, an abstract system call from a software application program; and

(c) instantiating in a thread-safe manner the abstract system call by;

identifying, by the virtual server client, a target server to receive the abstract system call, and identifying a corresponding virtual server agent associated with the target server;

transmitting the abstract system call to the identified agent for execution on the target server; and

receiving execution results from the agent.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple servers, supporting different operating systems, through a “virtual server.” A virtual server is an abstract model representing a collection of actual target servers. To represent multiple physical servers as one virtual server, abstract system calls that extend execution of operating-system-specific system calls to multiple servers, regardless of their supported operating systems, are used. A virtual server is implemented by a virtual server client and a collection of virtual server agents associated with a collection of actual servers.

245 Citations

65 Claims

1. A method for receiving and executing a system call from a software application program on one of a plurality of servers, the method comprising the steps of:
- (a) providing a representation of a plurality of servers as a single virtual server, the representation of the single virtual server implemented by a virtual server client and a plurality of virtual server agents each running on a respective one of the plurality of servers;
  
  (b) receiving, by the virtual server client, an abstract system call from a software application program; and
  
  (c) instantiating in a thread-safe manner the abstract system call by;
  
  identifying, by the virtual server client, a target server to receive the abstract system call, and identifying a corresponding virtual server agent associated with the target server;
  
  transmitting the abstract system call to the identified agent for execution on the target server; and
  
  receiving execution results from the agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1, wherein at least two of the plurality of servers have different operating systems.
  - 3. The method of claim 1 further comprising the step of aggregating at least the abstract system call and a second abstract system call into a high-level abstract system call.
  - 4. The method of claim 3 further comprising the steps of (i) receiving, by the virtual server client, the high-level abstract system call;
    - (ii) disintegrating, by the virtual server client, the high-level abstract system call into the at least the abstract system call and the second abstract system call; and
      
      (iii) instantiating in a thread-safe manner each of the at least the abstract system call and the second abstract system call.
  - 5. The method of claim 3 further comprising the steps of:
    - (i) receiving, by the virtual server client, the high-level abstract system call; and
      
      (ii) instantiating in a thread-safe manner the high-level abstract system call.
  - 6. The method of claim 1, wherein the instantiating step (c), the virtual server client is implemented by a network-aware code library.
  - 7. The method of claim 6, wherein the network-aware code library is a libnc.
  - 8. The method of claim 6, wherein the virtual server client is a libnc.
  - 9. The method of claim 1, wherein the identifying step comprises identifying the target virtual server agent to receive the abstract system call in response to a server identifier included in the abstract system call.
  - 10. The method of claim 9, wherein the server identifier comprises a host name specified in a path.
  - 11. The method of claim 9, wherein the server identifier comprises a network address.
  - 12. The method of claim 11, wherein the server identifier is inferred from a group of servers the target server belongs.
  - 13. The method of claim 1, further comprising after the transmitting step, the steps of:
    - (i) translating, by the virtual server agent, the abstract system call into an operating system specific system call to be executed by the target server; and
      
      (ii) executing, by the target server, the operating system specific system call in a thread-safe manner.
  - 14. The method of claim 1 further comprising:
    - before the transmitting step, specifying at least one of priority, CPU utilization, and memory utilization of the abstract system call on the target servers associated with the identified virtual server agents.
  - 15. The method of claim 1 further comprising:
    - (i) authenticating a user of the software application program and a management system operating the software application program;
      
      (ii) after the instantiating step (c), encrypting, by the virtual server client, the abstract system call;
      
      (iii) identifying, by the virtual server agent, the management system and the user;
      
      (iv) decrypting, by the virtual server agent, the encrypted abstract system call;
      
      (v) mapping the identified user to an associated local user of the target server;
      
      (vi) impersonating the identified user as the mapped local user on the target server;
      
      (vii) authorizing the decrypted abstract system call for the mapped local user based on at least one of role-based access control model and access control lists; and
      
      (vi) maintaining an audit log to record the name of the user and the abstract system call executed on the target server.
  - 16. The method of claim 15, wherein the authenticating step (i) is performed substantially in accordance with a public key protocol.
  - 17. The method of claim 15, wherein the authenticating step and the encrypting step are performed substantially in accordance with Kerberos protocol.
  - 18. The method of claim 15, wherein the authenticating step and the encrypting step are performed substantially in accordance with Shared Secret protocol.
  - 19. The method of claim 1 further comprising:
    - modifying an existing non-distributed application to function as a network-aware application by substituting a non network-aware system call with the abstract system call.
  - 20. The method of claim 19, wherein the modifying step comprises modifying a non-distributed Unix shell to function as the network-aware application program.
  - 21. The method of claim 19, wherein the modifying step comprises modifying a non-distributed scripting language to function as the network aware-application program.
  - 22. The method of claim 21, wherein the non-distributed scripting language comprises Perl.
  - 23. The method of claim 21, wherein the non-distributed scripting language comprises Python.
  - 24. The method of claim 1, wherein the software application program comprises a configuration manager.

25. A virtual server, having a virtual server client and a virtual server agent, for representing a plurality of servers as an abstract model, wherein the virtual server comprises, (a) a virtual server client receiver for receiving an abstract system call from a software application program;
- (b) a virtual server client instantiator, in communication with the virtual server client receiver, for instantiating the abstract system call in a thread-safe manner;
  
  (c) a virtual server client transmitter, in communication with the virtual server client instantiator, for transmitting the abstract system call;
  
  (d) a virtual server agent receiver for receiving the abstract system call from the virtual server client transmitter;
  
  (e) a virtual server agent translator for translating the abstract system call to an operating system specific system call; and
  
  (f) a target server executor for executing the operating system specific system call on a target server associated with the virtual server agent in a thread-safe manner.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 26. The virtual server of claim 25, wherein at least two of the plurality of servers have different operating systems.
  - 27. The virtual server of claim 25 further comprising an aggregator for aggregating at least the abstract system call and a second abstract system call into a high-level abstract system call.
  - 28. The virtual server of claim 27 further comprising:
    - (i) a virtual server client receiver for receiving the high-level abstract system call and disintegrating the high-level abstract system call into the at least the abstract system call and the second abstract system call; and
      
      (ii) the virtual server client instantiator for instantiating in a thread-safe manner each of the at least the abstract system call and the second abstract system call.
  - 29. The virtual server of claim 27 further comprising:
    - (i) a virtual server client receiver for receiving the high-level abstract system call; and
      
      (ii) the virtual server client instantiator for instantiating the high-level abstract system call in a thread-safe manner.
  - 30. The virtual server of claim 25, wherein the virtual server client is implemented by a network-aware code library.
  - 31. The virtual server of claim 30, wherein the network-aware code library is a libnc.
  - 32. The virtual server of claim 30, wherein the virtual server client is a libnc.
  - 33. The virtual server of claim 25, wherein the virtual server client instantiator identifies the target virtual server agent to receive the abstract system call in response to a server identifier included in the abstract system call.
  - 34. The virtual server of claim 33, wherein the server identifier comprises a host name specified in a path.
  - 35. The virtual server of claim 33, wherein the server identifier comprises a network address.
  - 36. The virtual server of claim 35, wherein the server identifier is inferred from a group of servers the target server belongs.
  - 37. The virtual server of claim 25, whereas the virtual server client transmitter specifies at least one of priority, CPU utilization, and memory utilization of the abstract system call on the target servers associated with the identified virtual server agents.
  - 38. The virtual server of claim 25 further comprising:
    - (i) an authenticator for authenticating a user of the software application program and a management system operating the software application program;
      
      (ii) a virtual server client encryptor for encrypting the abstract system call;
      
      (iii) a virtual server agent identifier for identifying the management system and the user;
      
      (iv) a virtual server agent decryptor for decrypting the encrypted abstract system call;
      
      (v) a virtual server agent mapper for mapping the identified user to an associated local user of the target server;
      
      (vi) a virtual server agent impersonator for impersonating the identified user as the mapped local user on the target server;
      
      (vii) a virtual server agent authorizer for authorizing the decrypted abstract system call for the mapped local user based on at least one of role-based access control model and access control lists; and
      
      (vi) an audit log for recording the name of the user and the abstract system call executed on the target server.
  - 39. The virtual server of claim 38, wherein the virtual server client encryptor performs substantially in accordance with a public key protocol.
  - 40. The virtual server of claim 38, wherein the authenticator and the virtual server client encryptor perform substantially in accordance with a Kerberos protocol.
  - 41. The virtual server of claim 38, wherein the authenticator and the virtual server client encryptor perform substantially in accordance with a Shared Secret protocol.
  - 42. The virtual server of claim 25 further modifies an existing non-distributed application to function as a network-aware application by substituting a non network-aware system call with the abstract system call.
  - 43. The virtual server of claim 42 further modifies a non-distributed Unix shell to function as the network-aware application program.
  - 44. The virtual server of claim 42 further modifies a non-distributed scripting language to function as the network aware-application program.
  - 45. The virtual server of claim 44, wherein the non-distributed scripting language comprises Perl.
  - 46. The virtual server of claim 44, wherein the non-distributed scripting language comprises Python.
  - 47. The virtual server of claim 25, wherein the software application program comprises a configuration manager.

48. A method for securely executing a system call on a remote computer, the method comprising the steps of:
- (a) receiving, by a virtual server client running on a first computer, an abstract system call from an application called by an authenticated user;
  
  (b) instantiating in a thread-safe manner the abstract system call by;
  
  identifying, by the virtual server client, a virtual server agent running on a remote computer to receive the abstract system call;
  
  (c) encrypting, by the virtual server client, the abstract system call;
  
  (d) communicating the encrypted abstract system call to the virtual server agent;
  
  (e) identifying, by the virtual server agent, the first computer and the authenticated user (f) decrypting, by the virtual server agent, the encrypted abstract system call;
  
  (g) mapping the authenticated user to a local user on the remote computer;
  
  (h) impersonating the authenticated user as the local user on the remote computer;
  
  (i) authorizing the decrypted abstract system call for the local user based on at least one of role-based access control model and access control lists;
  
  (j) translating the abstract system call to an operating system specific system call; and
  
  (k) executing as the local user, by the virtual server agent, the operating system specific system call on the remote computer.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56)
- - 49. The method of claim 48 further comprising:
    - before the receiving step (a), authenticating a user using an operating system user context inheritance model.
  - 50. The method of claim 48 further comprising:
    - before the receiving step (a), authenticating a user substantially in accordance with a public key protocol.
  - 51. The method of claim 48 further comprising:
    - before the receiving step (a), authenticating a user substantially in accordance with a Kerberos protocol.
  - 52. The method of claim 48, wherein the identifying step (g), if the authenticated user is not identified as a local user in the identifying step (g), then designating the authenticated user as a local guest.
  - 53. The method of claim 48, wherein the authorizing step (h) comprises authorizing the decrypted first abstract system call for the local user based on at least one of role-based access control model and access control lists substantially in accordance with Kerberos protocol.
  - 54. The method of claim 48, wherein the authorizing step (h) comprises authorizing the decrypted first abstract system call for the local user based on at least one of role-based access control model and access control lists substantially in accordance with SSL protocol.
  - 55. The method of claim 48 further comprising:
    - after the executing step (i), encrypting results of the executing step (i); and
      
      returning the encrypted results to the virtual server client.
  - 56. The method of claim 48, further comprising:
    - maintaining an audit log, by the virtual server client and the identified virtual server agent, that includes names of the authenticated user and the abstract system call performed.

57. A virtual server for securely executing a system call on a remote computer, the virtual server comprising:
- (a) a virtual server client receiver running on a first computer for receiving an abstract system call from an application called by an authenticated user;
  
  (b) a virtual server client instantiator, in communication with the virtual server client receiver, for instantiating the abstract system call in a thread-safe manner by identifying a virtual server agent running on a remote computer to receive the first abstract system call;
  
  (c) a virtual server client encryptor, in communication with the virtual server client instantiator, for encrypting the abstract system call;
  
  (d) a virtual server client transmitter for communicating the encrypted abstract system call to the virtual server agent;
  
  (e) a virtual server agent identifier, in communication with the virtual server agent decryptor, for identifying the authenticated user and the first computer;
  
  (f) a virtual server agent decryptor, in communication with the virtual server client transmitter, for decrypting the encrypted abstract system call;
  
  (g) a virtual server agent mapper, in communication with the identifier and the decryptor, for mapping the authenticated user to a local user on the remote computer;
  
  (h) a virtual server agent impersonator for impersonating the authenticated user as the local user on the remote computer;
  
  (i) a virtual server agent authorizer, in communication with the virtual server agent impersonator, for authorizing the decrypted abstract system call for the local user based on at least one of role-based access control model and access control lists;
  
  (j) a virtual server agent translator for translating the abstract system call to an operating system specific system call; and
  
  (k) a virtual server agent executor, in communication with the virtual server agent authorizer, for executing the operating system specific system call as the local user on the remote computer.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65)
- - 58. The virtual server of claim 57 further comprising:
    - an authenticator for authenticating a user using an operating system user context inheritance model.
  - 59. The virtual server of claim 58, wherein the authenticator performs substantially in accordance with a public key protocol.
  - 60. The virtual server of claim 58, wherein the authenticator performs substantially in accordance with Kerberos protocol.
  - 61. The virtual server of claim 57, if the authenticated user is not identified as a local user by the virtual server agent identifier, then designate the authenticated user as a local guest.
  - 62. The virtual server of claim 57, wherein the virtual server agent authorizer performs substantially in accordance with Kerberos protocol.
  - 63. The virtual server of claim 57, wherein the virtual server agent authorizer performs substantially in accordance with SSL protocol.
  - 64. The virtual server of claim 57, wherein the virtual server agent executor encrypts results of the executing step (i);
    - and returns the encrypted results to the virtual server client.
  - 65. The virtual server of claim 57, further comprising:
    - an audit log, maintained by the virtual server client and the identified virtual server agents, that includes names of the authenticated users and the abstract system call performed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biadelogic Incorporated
Original Assignee
BladeLogic Incorporated (KKR & Co., Inc.)
Inventors
Muddana, Sekhar, Manwani, Vijay G., Kraus, Thomas Martin

Granted Patent

US 8,447,963 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

G06F 11/1471   involving logging of persis...

G06F 2201/84   Using snapshots, i.e. a log...

G06F 9/466   Transaction processing

H04L 41/022   Multivendor or multi-standa...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/082   the condition being updates...

H04L 41/084   Configuration by using pre-...

H04L 41/0853   by actively collecting conf...

H04L 41/0863   by rolling back to previous...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/1014   based on the content of a r...

H04L 67/1034   Reaction to server failures...

Method and system for simplifying distributed server management

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

245 Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for simplifying distributed server management

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

245 Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links