System configuration and policies using set concepts

US 20060031443A1
Filed: 05/20/2004
Published: 02/09/2006
Est. Priority Date: 05/20/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing a plurality of computer systems attached to a network, said method comprising the computer implement steps of:

for each type of element in said plurality of computer systems, defining attributes that are of interest in the operation of said computer systems;

for each element in said plurality of computer systems, assigning values to each of said attributes associated with said element;

defining a policy concerning a first set of said elements in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of desired values; and

performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Set theory is used in a policy manager to manage sets of devices, each having multiple attributes, and can be used to evaluate and manage the individual attributes of the devices as groups. Each element of a network to be managed is defined by its attributes and treated as a point in a multi-dimensional space. Policy is expressed as a set of allowable points in the same space and the determination of whether a network complies with a policy is a matter checking to see if the elements exist as members of the set of allowable possibilities. Using this methodology, entire networks can be checked against a policy by determining if the set of points comprising the elements of the network are a subset of the set of allowable points.

22 Citations

View as Search Results

19 Claims

1. A method for managing a plurality of computer systems attached to a network, said method comprising the computer implement steps of:
- for each type of element in said plurality of computer systems, defining attributes that are of interest in the operation of said computer systems;
  
  for each element in said plurality of computer systems, assigning values to each of said attributes associated with said element;
  
  defining a policy concerning a first set of said elements in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of desired values; and
  
  performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising providing a report on compliance to said policy by said first set of elements.
  - 3. The method of claim 1, wherein said performing step performs an operation chosen from the group of set operations consisting of:
    - filter, projection, section, diagonal, union, intersection, subset, setminus, and cardinal.
  - 4. The method of claim 1, wherein said reporting step comprises reporting elements that did not comply with said policy.
  - 5. The method of claim 1, wherein said defining step uses the relationships of “
    - belongs to” and
      
      “
      
      does not belong to”
      
      .
  - 6. The method of claim 1, wherein said defining step uses multiple relationships joined by the operations “
    - and”
      
      , “
      
      or”
      
      , and “
      
      not”
      
      .
  - 8. The method of claim 1, further comprising fifth instructions for providing a report on compliance to said policy by said first set of elements.
  - 9. The method of claim 6, wherein said fourth instruction performs an operation chosen from the group of set operations consisting of:
    - filter, project, section, diagonal, union, intersection, subset, setminus, and cardinal.
  - 10. The method of claim 6, wherein said fifth instruction comprises reporting elements that did not comply with said policy.
  - 11. The method of claim 6, wherein said third instruction uses the relationships of “
    - belongs to” and
      
      “
      
      does not belong to”
      
      .
  - 12. The method of claim 6, wherein said third instruction uses multiple relationships joined by the operations “
    - and”
      
      , “
      
      or”
      
      , and “
      
      not”
      
      .
  - 14. The computer system of claim 6, further comprising fifth instructions for providing a report on compliance to said policy by said first set of elements.
  - 15. The computer system of claim 11, wherein said fourth instruction performs an operation chosen from the group of set operations consisting of:
    - filter, project, section, diagonal, union, intersection, subset, setminus, and cardinal.
  - 16. The computer system of claim 11, wherein said fifth instruction comprises reporting elements that did not comply with said policy.
  - 17. The computer system of claim 11, wherein said third instructions receive policies using the relationships of “
    - belongs to” and
      
      “
      
      does not belong to”
      
      .
  - 18. The computer system of claim 11, wherein said third instructions receive multiple relationships joined by the operations “
    - and”
      
      , “
      
      or”
      
      , and “
      
      not”
      
      .
  - 19. The computer system of claim 11, wherein said report is provided on said output device.

7. A computer program product in a computer readable medium for managing enforcement of a set of policies on a plurality of computer systems attached to a network, said computer program product comprising:
- first instructions for defining, for each type of element in said plurality of computer systems, attributes that are of interest in the operation of said computer systems;
  
  second instructions for assigning, for each element in said plurality of computer systems, values to each of said attributes associated with said element;
  
  third instructions for defining a policy concerning a first set of said elements in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of values; and
  
  fourth instructions for performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.

13. A computer system comprising:
- a processor having a connection to a network;
  
  a keyboard connected to input information to said processor;
  
  an output device for providing reporting capabilities;
  
  a set of instructions stored in memory and connected to be executed by said processor, said set of instructions comprising;
  
  first instructions for defining, for each type of element in a plurality of computer systems that are connected to be managed by said computer system, attributes that are of interest in the operation of said computer systems;
  
  second instructions for assigning, for each element in said plurality of computer systems, values to each of said attributes associated with said element;
  
  third instructions for receiving a policy concerning a first set of said elements defined in terms of relationships between a corresponding first set of values of said attributes associated with said first set of elements and a second set of values; and
  
  fourth instructions for performing at least one operation, chosen from a group of set operations, on said first set of values to determine if said first set of values meets said policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Filali-Adib, Khalid, Yardley, Brent William, Carpenter, Kelly Scott

Application Number

US10/849,608
Publication Number

US 20060031443A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

System configuration and policies using set concepts

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System configuration and policies using set concepts

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links