SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT

US 20110125894A1
Filed: 03/16/2010
Published: 05/26/2011
Est. Priority Date: 11/25/2009
Status: Active Grant

First Claim

Patent Images

1. A system for intelligent workload management, comprising:

an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains;

an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault;

an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and

a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;

create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources, and wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer;

embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure;

insert a management agent within the service distribution at an injection point in the physical distribution layer, wherein the management agent monitors one or more events associated with the service distribution; and

audit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events for compliance with one or more policies or compliance with a workload profile defined for the service distribution.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure.

Citations

20 Claims

1. A system for intelligent workload management, comprising:
- an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains;
  
  an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault;
  
  an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and
  
  a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;
  
  create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources, and wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer;
  
  embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure;
  
  insert a management agent within the service distribution at an injection point in the physical distribution layer, wherein the management agent monitors one or more events associated with the service distribution; and
  
  audit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events for compliance with one or more policies or compliance with a workload profile defined for the service distribution.
- View Dependent Claims (2)
- - 2. The system of claim 1, wherein auditing the lifecycle for the service distribution further includes:
    - tracking an evolution of the lifecycle for the service distribution, wherein the evolution of the lifecycle for the service distribution includes one or more changes applied to the service distribution across a plurality of lifecycle modes associated with the service distribution;
      
      retiring the service distribution, wherein retiring the service distribution includes de-provisioning any existing versions of the service distribution, including the service distribution created for the managed entity; and
      
      re-releasing a modified version of the service distribution to an image repository, wherein the modified version of the service distribution re-released to the image repository includes at least one of the changes applied to the service distribution during the lifecycle evolution for the service distribution.

3. A system for intelligent workload management, comprising:
- an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains;
  
  an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault;
  
  an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and
  
  a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;
  
  create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources in the network; and
  
  embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 4. The system of claim 3, wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer.
  - 5. The system of claim 4, wherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications.
  - 6. The system of claim 5, wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution.
  - 7. The system of claim 6, wherein the physical distribution layer further includes a management agent injection point, and wherein the management infrastructure is further configured to:
    - insert one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and
      
      remove the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution.
  - 8. The system of claim 7, wherein the management infrastructure is further configured to restore a state of the service distribution in response to removing the one or more management agents from the service distribution.
  - 9. The system of claim 8, wherein the management infrastructure removes a runtime state for the management agents from the service distribution and rolls back one or more changes that the management agents applied to the service distribution in order to execute the one or more tasks to restore the state of the service distribution.
  - 10. The system of claim 7, wherein the management infrastructure is further configured to:
    - identify a current lifecycle mode associated with the service distribution, wherein the inserted management agents are associated with the identified lifecycle mode; and
      
      determine that the management agents have completed the tasks to manage the service distribution in response to one or more policies permitting a change from the current lifecycle mode to another lifecycle mode.
  - 11. The system of claim 10, wherein the current lifecycle mode associated with the service distribution includes one or more of a creation mode, a release mode, a production mode, a maintenance mode, a re-release mode, or a retirement mode.
  - 12. The system of claim 6, wherein the physical distribution layer further includes a management agent injection point, and wherein the management infrastructure is further configured to:
    - insert one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to monitor one or more events associated with the service distribution; and
      
      audit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events associated with the service distribution for compliance with one or more policies or compliance with the workload profile.

13. A method for intelligent workload management, comprising:
- storing, in an identity vault, federated information defining a unique identity for at least one managed entity across a plurality of authentication domains;
  
  generating, at an authentication server, an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault;
  
  creating, at a management infrastructure, a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of a plurality of physical resources in an information technology infrastructure that includes a network having the plurality of physical resources and one or more storage systems; and
  
  embedding the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution created for the at least one managed entity, wherein the embedded authentication token controls access to the information technology infrastructure.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer.
  - 15. The method of claim 14, wherein:
    - the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications, andthe physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution.
  - 16. The method of claim 15, wherein the physical distribution layer further includes a management agent injection point, and wherein the method further comprises:
    - inserting one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and
      
      removing the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution.
  - 17. The method of claim 16, further comprising restoring a state of the service distribution in response to removing the one or more management agents from the service distribution, wherein restoring the state of the service distribution includes:
    - removing a runtime state for the management agents from the service distribution; and
      
      rolling back one or more changes that the management agents applied to the service distribution in order to execute the one or more tasks.
  - 18. The method of claim 16, further comprising:
    - identifying a current lifecycle mode associated with the service distribution, wherein the inserted management agents are associated with the identified lifecycle mode; and
      
      determining that the management agents have completed the tasks to manage the service distribution in response to one or more policies permitting a change from the current lifecycle mode to another lifecycle mode.
  - 19. The method of claim 18, wherein the current lifecycle mode associated with the service distribution includes one or more of a creation mode, a release mode, a production mode, a maintenance mode, a re-release mode, or a retirement mode.
  - 20. The method of claim 15, wherein the physical distribution layer further includes a management agent injection point, and wherein the method further comprises:
    - inserting one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to monitor one or more events associated with the service distribution; and
      
      auditing a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events associated with the service distribution for compliance with one or more policies or compliance with the workload profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Kohari, Moiz, Wipfel, Robert, Anderson, Eric W.B.

Granted Patent

US 8,745,205 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/31   User authentication

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06Q 10/06   Resources, workflows, human...

G06Q 10/06313   Resource planning in a proj...

G06Q 10/10   Office automation; Time man...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/14   for detecting or protecting...

H04L 9/3213   using tickets or tokens, e....

SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR INTELLIGENT WORKLOAD MANAGEMENT

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links