System configuration and policies using set concepts
First Claim
1. A method for managing a plurality of computer systems attached to a network, said method comprising the computer implement steps of:
- for each type of element in said plurality of computer systems, defining attributes that are of interest in the operation of said computer systems;
for each element in said plurality of computer systems, assigning values to each of said attributes associated with said element;
defining a policy concerning a first set of said elements in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of desired values; and
performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Set theory is used in a policy manager to manage sets of devices, each having multiple attributes, and can be used to evaluate and manage the individual attributes of the devices as groups. Each element of a network to be managed is defined by its attributes and treated as a point in a multi-dimensional space. Policy is expressed as a set of allowable points in the same space and the determination of whether a network complies with a policy is a matter checking to see if the elements exist as members of the set of allowable possibilities. Using this methodology, entire networks can be checked against a policy by determining if the set of points comprising the elements of the network are a subset of the set of allowable points.
22 Citations
19 Claims
-
1. A method for managing a plurality of computer systems attached to a network, said method comprising the computer implement steps of:
-
for each type of element in said plurality of computer systems, defining attributes that are of interest in the operation of said computer systems;
for each element in said plurality of computer systems, assigning values to each of said attributes associated with said element;
defining a policy concerning a first set of said elements in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of desired values; and
performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19)
-
-
7. A computer program product in a computer readable medium for managing enforcement of a set of policies on a plurality of computer systems attached to a network, said computer program product comprising:
-
first instructions for defining, for each type of element in said plurality of computer systems, attributes that are of interest in the operation of said computer systems;
second instructions for assigning, for each element in said plurality of computer systems, values to each of said attributes associated with said element;
third instructions for defining a policy concerning a first set of said elements in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of values; and
fourth instructions for performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.
-
-
13. A computer system comprising:
-
a processor having a connection to a network;
a keyboard connected to input information to said processor;
an output device for providing reporting capabilities;
a set of instructions stored in memory and connected to be executed by said processor, said set of instructions comprising;
first instructions for defining, for each type of element in a plurality of computer systems that are connected to be managed by said computer system, attributes that are of interest in the operation of said computer systems;
second instructions for assigning, for each element in said plurality of computer systems, values to each of said attributes associated with said element;
third instructions for receiving a policy concerning a first set of said elements defined in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of values; and
fourth instructions for performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.
-
Specification