Control of communication ports of computing devices using policy-based decisions

US 20080120691A1
Filed: 11/21/2006
Published: 05/22/2008
Est. Priority Date: 11/21/2006
Status: Active Grant

First Claim

Patent Images

1. In a computing system environment, a method of controlling communication ports of computing devices established in multiple layers behind a content flow director, comprising:

establishing a policy behind the content flow director;

determining whether the policy is met or exceed; and

based on whether the policy is met or exceeded, enabling a port of one of the computing devices thereby allowing future communications between the content flow director and the one of the computing devices by way of the enabled port.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computing system environment, an arrangement of computing devices includes multiple layers behind a content flow director, such as an L4 switch in a web service. In a computing device of an outermost layer directly communicating with the content flow director, a communications port is conditionally enabled upon policy being met or exceeded in the computing system environment behind the content flow director. If unmet, the communications port is disabled, if already enabled, or prevented from becoming enabled, if not otherwise already enabled. In this manner, policy establishes port enablement. In certain aspects, policy determinations include determining a time of response, a quality of service check or a pass/fail condition of the one of the computing devices. Policy is also easily implemented as remote or local computer executable instructions on the computing devices. Representative computing devices include switches, such as L4 switches, routers, servers, repeaters, adapters or the like.

Citations

20 Claims

1. In a computing system environment, a method of controlling communication ports of computing devices established in multiple layers behind a content flow director, comprising:
- establishing a policy behind the content flow director;
  
  determining whether the policy is met or exceed; and
  
  based on whether the policy is met or exceeded, enabling a port of one of the computing devices thereby allowing future communications between the content flow director and the one of the computing devices by way of the enabled port.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the establishing the policy further includes installing executable code indicating predetermined acceptable criteria on at least one of the computing devices.
  - 3. The method of claim 1, wherein the determining whether the policy is met or exceeded further includes interrogating another of the computing devices in a layer further away from the content flow director than the one of the computing devices with the enabled port.
  - 4. The method of claim 1, further including one of:
    - (a) disabling an otherwise operable communications port between the one of the computing devices and the content flow director; and
      
      (b) preventing enabling the otherwise operable communications port between the one of the computing devices and the content flow director, if the policy is not met during the determining whether the policy is met or exceeded.
  - 5. The method of claim 1, wherein the content flow director includes searching for the enabled port of the one of the computing devices.
  - 6. The method of claim 1, further including iterating the determining whether the policy is met or exceed.

7. In a computing system environment, a method of controlling communication ports of computing devices established in multiple layers behind a content flow director, comprising:
- establishing a policy behind the content flow director;
  
  testing an operability of one of the computing devices based on the established policy, the one of the computing devices existing in a layer other than an outermost layer of the multiple layers; and
  
  if the operability of the one of the computing devices is determined to be satisfactory, enabling a port of a computing device in the outermost layer of the multiple layers thereby allowing direct communications between the content flow director and the computing device by way of the enabled port.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the testing the operability further includes determining a time of response, a quality of service check or a pass/fail condition of the one of the computing devices.
  - 9. The method of claim 7, further including iterating the testing the operability of the one of the computing devices based on the established policy.

10. A computing system environment for a web service, comprising:
- a content flow director for directing requests from a user to computing devices arranged in more than one layer behind the content flow director, wherein one of the computing devices in an outermost layer of the more than one layer includes a communications port that is conditionally enabled for direct communications with the content flow director only upon a policy being met or exceeded in at least one of the computing devices in the more than one layer behind the content flow director.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computing system environment of claim 10, further including executable instructions for enabling or disabling the communications port based upon the policy being met or exceeded or based upon the policy being unmet.
  - 12. A computer readable media having the executable instructions for performing the enabling or disabling the communications port of claim 11.
  - 13. The computing system environment of claim 10, wherein the one of the computing devices in the outermost layer is an Apache web server.
  - 14. The computing system environment of claim 10, wherein the content flow director is an L4 switch.
  - 15. The computing system environment of claim 10, wherein the content flow director is one of a router, repeater, adapter, and switch.

16. In a computing system environment having an L4 switch and multiple layers of computing devices behind the L4 switch, wherein a server in an outermost layer of the multiple layers communicates directly with the L4 switch by way of an attendant communications port and the L4 switch knows whether the attendant communications port is enabled or disabled, a method of controlling the attendant communications port of the server in the outermost layer, comprising:
- establishing a policy in one or more of the computing devices behind the L4 switch;
  
  ascertaining whether the policy is met or exceed; and
  
  if met or exceeded, enabling the attendant communications ports of the server in the outermost layer to become enabled thereby having the L4 switch knowing the enabling to allow future communications between the L4 switch and the server in the outermost layer by way of the attendant communications port.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein if the policy is unmet, one of disabling the enabled attendant communications port or preventing the attendant communications port from communicating with the content flow director.
  - 18. The method of claim 16, wherein the ascertaining whether the policy is met or exceeded further includes interrogating another of the computing devices in a layer other than the outermost layer.
  - 19. The method of claim 18, wherein the interrogating another of the computing devices includes interrogating by way of the server in the outermost layer.

20. A computing device for a computing system environment for a web service behind a content flow director, comprising:
- remote or local executable instructions for ascertaining whether a policy is met or exceeded in the computing system environment behind the content flow director; and
  
  a communications port for directly communicating with the content flow director that is conditionally enabled upon the ascertaining whether the policy is met or exceeded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Johnson, David Nephi, Fjeldsted, Benjamin Clark, Sriram, Thiruvaranangam Viswanathan, Flewallen, Steven Adams, Burch, Lloyd Leon, Beus, David Kent

Granted Patent

US 8,281,360 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 47/10   Flow control; Congestion co...

H04L 47/19   at layers above the network...

H04L 47/20   Traffic policing

H04L 63/20   for managing network securi...

Control of communication ports of computing devices using policy-based decisions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Control of communication ports of computing devices using policy-based decisions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links