DYNAMIC LOAD REDISTRIBUTION AMONG DISTRIBUTED SERVERS

US 20120030749A1
Filed: 07/30/2010
Published: 02/02/2012
Est. Priority Date: 07/30/2010
Status: Active Grant

First Claim

Patent Images

1. At a computer system including a processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for redistributing authentication requests among a plurality of authentication servers, the method comprising:

an act of instantiating a secure channel management service configured to manage one or more secure channel connections, wherein the secure channel management service is configured to receive state inputs from one or more currently deployed authentication proxy servers;

an act of receiving at least one state input from at least one of the currently deployed authentication proxy servers, the authentication proxy servers being configured to queue authentication requests for transmission to one or more authentication servers;

an act of determining that, based on the received state input, one or more of the secure channels are to be remapped to a different authentication proxy server; and

an act of remapping the determined one or more secure channels to distribute future authentication requests among the plurality of authentication proxy servers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to redistributing authentication requests among a plurality of authentication servers and to centrally managing authentication affinities among distributed servers using a secure channels affinity service. A computer system instantiates a secure channel management service configured to manage secure channel connections. The secure channel management service receives state inputs from currently deployed authentication servers. The authentication servers may be configured to queue authentication requests for transmission to authentication servers. The computer system determines that, based on the received state input, at least one of the secure channels is to be remapped to a different authentication server. The computer system also remaps the determined secure channels to distribute future authentication requests among the authentication servers. In some cases, the current state of an authentication proxy server is embedded in communications transmitted by the authentication server, such that the secure channel connections are managed using the embedded state information.

Citations

20 Claims

1. At a computer system including a processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for redistributing authentication requests among a plurality of authentication servers, the method comprising:
- an act of instantiating a secure channel management service configured to manage one or more secure channel connections, wherein the secure channel management service is configured to receive state inputs from one or more currently deployed authentication proxy servers;
  
  an act of receiving at least one state input from at least one of the currently deployed authentication proxy servers, the authentication proxy servers being configured to queue authentication requests for transmission to one or more authentication servers;
  
  an act of determining that, based on the received state input, one or more of the secure channels are to be remapped to a different authentication proxy server; and
  
  an act of remapping the determined one or more secure channels to distribute future authentication requests among the plurality of authentication proxy servers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the authentication requests are generated by consumer servers requesting authentication on a authentication server.
  - 3. The method of claim 1, wherein the proxy servers are configured to queue the received authentication requests for transmission to a supplier server over a secure channel established between the proxy and the supplier server.
  - 4. The method of claim 2, wherein the proxy servers and the consumer servers are within a domain.
  - 5. The method of claim 4, wherein the secure channel management service is configured to run outside the domain.
  - 6. The method of claim 3, wherein the secure channels are remapped based on the current state of the supplier server.
  - 7. The method of claim 4, wherein the state inputs comprise at least one of the total number of consumers and the number of consumers currently authenticating through the authentication proxy servers in the domain.
  - 8. The method of claim 1, wherein the state inputs comprise at least one of the total number of proxy servers and the proxy servers'"'"' current processing capacity.
  - 9. The method of claim 2, wherein the state inputs comprise an affinity mapping between the consumer servers and the authentication proxy servers.
  - 10. The method of claim 1, wherein the act of determining that, based on the received state input, one or more of the secure channels are to be remapped to a different authentication proxy server is performed dynamically on a continual basis.
  - 11. The method of claim 1, wherein the act of determining that, based on the received state input, one or more of the secure channels are to be remapped to a different authentication proxy server is performed at predefined intervals.
  - 12. The method of claim 1, wherein the act of determining that, based on the received state input, one or more of the secure channels are to be remapped to a different authentication proxy server is performed after receiving an alert.
  - 13. The method of claim 12, wherein the received alert comprises an indication that at least one of the authentication proxy servers has reached a processing capacity threshold.
  - 14. The method of claim 1, wherein the act of remapping the determined one or more secure channels to distribute future authentication requests among the plurality of authentication proxy servers is optimized to minimize disruption to authentication proxy users.
  - 15. The method of claim 1, further comprising an act of embedding the current state of the authentication proxy server in communications transmitted by the authentication proxy server.

16. A computer program product for implementing a method for centrally managing authentication affinities among distributed servers using a secure channels affinity service, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
- an act of receiving at a secure channels affinity service an indication of authentication demand at a plurality of different authentication servers;
  
  an act of the secure channel affinity service determining that one or more authentication affinities of the authentication servers are to be altered according to the received indication of authentication demand; and
  
  an act of the secure channels affinity service dynamically changing the authentication affinities of at least one of the authentication servers based on the received indication of authentication demand.
- View Dependent Claims (17, 18, 19)
- - 17. The computer program product of claim 16, wherein a plurality of secure channel affinity services are running simultaneously to manage different geographic regions.
  - 18. The computer program product of claim 16, wherein a plurality of secure channel affinity services are running simultaneously to manage different sets of servers.
  - 19. The computer program product of claim 16, wherein the authentication affinities are changed according to a predetermined remapping method without knowing the current processing capacity of any authentication servers.

20. A computer system comprising the following:
- one or more processors;
  
  system memory;
  
  one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for redistributing authentication requests among a plurality of authentication servers, the method comprising the following;
  
  an act of receiving at least one state input embedded in a communication from at least one of the currently deployed authentication proxy servers, the authentication proxy servers being configured to queue authentication requests for transmission to one or more authentication servers, the state input including at least one of the following;
  
  a total number of consumers, a number of consumers currently authenticating through the authentication proxy servers in the domain, a total number of proxy servers, the proxy servers'"'"' current processing capacity and an affinity mapping between the consumer servers and the authentication proxy servers;
  
  an act of determining that, based on the received embedded state input, one or more of the secure channels are to be remapped to a different authentication server; and
  
  an act of remapping the determined one or more secure channels according to one of a plurality of different remapping algorithm to distribute future authentication requests among the plurality of authentication proxy servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Anderson, Odin J., Patrick, Stephen M., Oskov, Nasko, Ryvkin, Konstantin E., Rao, Guruprakash Bangalore, Swaminathan, Balasubramanian

Granted Patent

US 8,402,530 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 67/1008   based on parameters of serv...

H04L 67/1029   using data related to the s...

H04L 67/1031   Controlling of the operatio...

H04L 67/1036   Load balancing of requests ...

DYNAMIC LOAD REDISTRIBUTION AMONG DISTRIBUTED SERVERS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DYNAMIC LOAD REDISTRIBUTION AMONG DISTRIBUTED SERVERS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links