METHODS AND SYSTEMS FOR MANAGING A VIRTUAL DATA CENTER WITH EMBEDDED ROLES BASED ACCESS CONTROL

US 20120072910A1
Filed: 09/01/2011
Published: 03/22/2012
Est. Priority Date: 09/03/2010
Status: Active Grant

First Claim

Patent Images

1. A virtual data center control system comprising:

a web server configured to generate a user interface (UI) which enables a user to remotely control elements of said virtual data center by instructing said virtual data center control system to perform an activity associated with any of said elements, said elements including virtual machines and at least one firewall; and

an application server configured to receive a request to perform the activity from the web server and configured to execute one or more tasks which implement said activity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments provide techniques for customers to easily, quickly and remotely manage their virtual data centers. Using, for example, a “single pane of glass” GUI view which shows all of the components (including e.g., machines (cpu and RAM), network services (load balancers, firewalls, network address translation, IP management) and storage) of their virtual data centers, provides a complete overview and a starting point for system or component management. According to embodiments, a Roles Based Access Control (RBAC) system is provided which simulates the organizational structure and workflow of a typical IT department to enable workflow management via the GUI for any component or function of a customer'"'"'s virtual data center.

180 Citations

42 Claims

1. A virtual data center control system comprising:
- a web server configured to generate a user interface (UI) which enables a user to remotely control elements of said virtual data center by instructing said virtual data center control system to perform an activity associated with any of said elements, said elements including virtual machines and at least one firewall; and
  
  an application server configured to receive a request to perform the activity from the web server and configured to execute one or more tasks which implement said activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The virtual data center control system of claim 1, wherein said one or more tasks can be synchronous tasks or asynchronous tasks,wherein said application server is further configured to generate a completed asynchronous task indication upon completion of one or more asynchronous tasks if asynchronous tasks are associated with the requested activity and further comprising:
    - an interface configured to receive synchronous task commands from said web server and said asynchronous task commands from said application server and configured to transform said synchronous task commands and said asynchronous task commands into at least one of a hypervisor layer command, and to transmit said transformed commands toward a hypervisor layer,wherein said user interface includes user interface control elements for enabling receipt of commands to perform at least one of the virtual data center functions of;
      
      create a virtual machine,configure a virtual machine,configure a network of virtual machines,establish role-based access to said virtual data center, andmonitor resource usage of said virtual data center.
  - 3. The virtual data center control system of claim 1, wherein said application server further comprises:
    - a job engine module configured to receive an asynchronous task from the user interface and to schedule execution of said asynchronous task as a plurality of component tasks; and
      
      a task watcher module configured to monitor execution of said component asynchronous task commands and to generate an indication when all of the component asynchronous task commands associated with the asynchronous task.
  - 4. The virtual data center control system of claim 1, wherein said activity is one of create a virtual machine, configure a virtual machine, configure a network of virtual machines, establish role-based access to said virtual data center, and monitor resource usage of said virtual data center.
  - 5. The virtual data center control system of claim 1, wherein said activity is any one of a plurality of activities including create a virtual machine, configure a virtual machine, configure a network of virtual machines, establish role-based access to said virtual data center, and monitor resource usage of said virtual data center, such that said user interface includes at least one control element associated with each of said plurality of activities.
  - 6. The virtual data center control system of claim 1, wherein the web server is further configured to generate a first UI screen which depicts UI elements associated with all of the virtual machines associated with the virtual data center, and to generate a second UI screen which depicts UI elements associated with exposure of a network element associated with the virtual data center to a public network.
  - 7. The virtual data center control system of claim 6, wherein the web server is further configured to generate said first UI screen which depicts said UI elements associated with all of the virtual machines by displaying each of said virtual machines as belonging to one or more of three hierarchical containers, wherein said virtual machines are collected into groups and subgroups.
  - 8. The virtual data center control system of claim 6, wherein the web server is further configured to generate the second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network by displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to set a firewall rule type associated with at least one source IP address and at least one destination IP address.
  - 9. The virtual data center control system of claim 1, wherein the web server is further configured to generate a UI screen which depicts UI elements associated with roles-based access control (RBAC) of the virtual data center by displaying a matrix having, on one side, a plurality of virtual data center commands and having, on another side, a plurality of roles each associated with a different level of access to said virtual data center, and enabling a user to select, using said matrix, which of said plurality of roles have permission to actuate which of said plurality of virtual data center commands.
  - 10. The virtual data center control system of claim 1, wherein the web server is further configured to generate a UI screen which depicts UI elements which associated with resource control of a server environment including a first UI control element for controlling a maximum resource limit for the server environment, a second UI control element for controlling priority allocation of the resource for each machine disposed in the server environment and a third UI control element associated with an oversubscription ratio for the server environment.
  - 11. The virtual data center control system of claim 1, wherein said elements further comprise at least one load balancer.
  - 12. The virtual data center control system of claim 1, wherein the web server is further configured to generate a UI screen which depicts UI elements which associated with resource control of a server environment including a first UI control element for controlling a maximum resource limit for the server environment.

13. A method for remotely controlling a virtual data center, the method comprising:
- generating, by a server, a user interface enabling control of said virtual data center, wherein said user interface includes control elements which enable a user to control functions associated with virtual machines and at least one firewall;
  
  receiving, at said server via said user interface, a command to initiate a virtual data center control activity associated with one of the virtual machines and at least one firewall; and
  
  executing, by said server, one or more tasks to implement said virtual data center control activity.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 14. The method of claim 13, further comprising:
    - determining whether said virtual data center control activity involves one or more asynchronous tasks;
      
      scheduling, by a job engine, said one or more asynchronous tasks associated with said virtual data center control activity; and
      
      updating said user interface in response to a status of said virtual data center control command.
  - 15. The method of claim 13, wherein said step of generating a user interface further comprises:
    - generating a first UI screen which depicts UI elements associated with all of the virtual machines associated with the virtual data center; and
      
      generating a second UI screen which depicts UI elements associated with exposure of a network element associated with the virtual data center to a public network
  - 16. The method of claim 15, wherein each of said first and second UI screens are accessible via associated tabs in said UI.
  - 17. The method of claim 15, wherein said step of generating a first UI screen which depicts said UI elements associated with all of the virtual machines further comprises:
    - displaying each of said virtual machines as belonging to one or more of three hierarchical containers, wherein said virtual machines are collected into groups and subgroups.
  - 18. The method of claim 14, further comprising:
    - receiving, as said command, a command to add a new virtual machine to said virtual data center;
      
      determining that said virtual data center control activity starts with a synchronous activity associated with obtaining information associated with said new virtual machine to be added; and
      
      displaying a fourth UI screen which enables a user to input said information including at least one of;
      
      a name for said new virtual machine, an operating system for said new virtual machine, a template from which to build said new virtual machine, a number of processors for said new virtual machine, an amount of memory for said new virtual machine, a VLAN to which said new virtual machine is to be connected and an IP address for said new virtual machine.
  - 19. The method of claim 18, further comprising:
    - receiving said information;
      
      determining that said virtual data control activity continues with an asynchronous activity associated with setting up said new virtual machine; and
      
      setting up said new virtual machine using said information.
  - 20. The method of claim 19, further comprising:
    - displaying, proximate a UI element associated with said new virtual machine, a status bar indicating a status associated with the creation of said new virtual machine.
  - 21. The method of claim 15, further comprising:
    - displaying, as an overlay to said first GUI screen, a plurality of options for controlling one of said virtual machines in response to a user input received while a cursor is disposed over a UI element associated with said one of said virtual machines.
  - 22. The method of claim 21, wherein said plurality of options include:
    - requesting details of said one of said virtual machines, powering on or off said one of said virtual machines, suspending said one of said virtual machines, restarting said one of said virtual machines, cloning said one of said virtual machines and moving said one of said plurality of virtual machines.
  - 23. The method of claim 15, wherein said step of generating a second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to establish a correspondence between a public IP address, public port, a VLAN, a private port and a private IP address as a network address translation (NAT) rule.
  - 24. The method of claim 15, wherein said step of generating a second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to set a firewall rule type associated with at least one source IP address and at least one destination IP address.
  - 25. The method of claim 15, wherein said step of generating a second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to assign one or more virtual machines to a load balancer.
  - 26. The method of claim 15, further comprising:
    - generating a third UI screen which depicts UI elements associated with roles-based access control (RBAC) of the virtual data center bydisplaying a list of users who are authorized to issue commands to said virtual data center.
  - 27. The method of claim 15, further comprising:
    - generating a third UI screen which depicts UI elements associated with roles-based access control (RBAC) of the virtual data center bydisplaying a matrix having, on one side, a plurality of virtual data center commands and having, on another side, a plurality of roles each associated with a different level of access to said virtual data center, andenabling a user to select, using said matrix, which of said plurality of roles have permission to actuate which of said plurality of virtual data center commands.
  - 28. The method of claim 13, wherein the step of generating, by a server, a user interface enabling control of said virtual data center further comprises:
    - generating a UI screen which depicts UI elements which associated with resource control of a server environment including a first UI control element for controlling a maximum resource limit for the server environment, a second UI control element for controlling priority allocation of the resource for each machine disposed in the server environment and a third UI control element associated with an oversubscription ratio for the server environment.

29. A non-transitory, computer-readable medium containing a plurality of program instructions stored thereon which, when executed by a processor or computer, perform the functions comprising:
- generating a user interface enabling control of a virtual data center;
  
  receiving, via said user interface, a command to initiate a virtual data center control activity;
  
  determining whether said virtual data center control activity involves one or more asynchronous tasks;
  
  scheduling, by a job engine, said one or more asynchronous tasks associated with said virtual data center control activity; and
  
  updating said user interface in response to a status of said virtual data center control command.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 30. The non-transitory, computer-readable medium of claim 29, wherein said step of generating a user interface further comprises:
    - generating a first UI screen which depicts UI elements associated with all of the virtual machines associated with the virtual data center;
      
      generating a second UI screen which depicts UI elements associated with exposure of a network element associated with the virtual data center to a public network; and
      
      generating a third UI screen which depicts UI elements associated with RBAC of the virtual data center.
  - 31. The non-transitory, computer-readable medium of claim 30, wherein each of said first, second and third UI screens are accessible via associated tabs in said UI.
  - 32. The non-transitory, computer-readable medium of claim 30, wherein said step of generating a first UI screen which depicts said UI elements associated with all of the servers further comprises:
    - displaying each of said servers as belonging to one or more of three hierarchical containers, wherein said servers are collected into groups and subgroups.
  - 33. The non-transitory, computer-readable medium of claim 29, further comprising:
    - receiving, as said command, a command to add a new virtual machine to said virtual data center;
      
      determining that said virtual data center control activity starts with a synchronous activity associated with obtaining information associated with said new virtual machine to be added;
      
      displaying a fourth UI screen which enables a user to input said information including at least one of;
      
      a name for said new virtual machine, an operating system for said new virtual machine, a template from which to build said new virtual machine, a number of processors for said new virtual machine, an amount of memory for said new virtual machine, a VLAN to which said new virtual machine is to be connected and an IP address for said new virtual machine.
  - 34. The non-transitory, computer-readable medium of claim 33, further comprising:
    - receiving said information;
      
      determining that said virtual data control activity continues with an asynchronous activity associated with setting up said new virtual machine; and
      
      setting up said new virtual machine using said information.
  - 35. The non-transitory, computer-readable medium of claim 34, further comprising:
    - displaying, proximate a UI element associated with said new virtual machine, a status bar indicating a status associated with the creation of said new virtual machine.
  - 36. The non-transitory, computer-readable medium of claim 30, further comprising:
    - displaying, as an overlay to said first GUI screen, a plurality of options for controlling one of said virtual machines in response to a user input received while a cursor is disposed over a UI element associated with said one of said virtual machines.
  - 37. The non-transitory, computer-readable medium of claim 34, wherein said plurality of options include:
    - requesting details of said one of said virtual machines, powering on or off said one of said virtual machines, suspending said one of said virtual machines, restarting said one of said virtual machines, cloning said one of said virtual machines and moving said one of said plurality of virtual machines.
  - 38. The non-transitory, computer-readable medium of claim 30, wherein said step of generating a second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to establish a correspondence between a public port, a VLAN, a private port and a private IP address as a network address translation (NAT) rule.
  - 39. The non-transitory, computer-readable medium of claim 30, wherein said step of generating a second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to set a firewall rule type associated with at least one source IP address and at least one destination IP address.
  - 40. The non-transitory, computer-readable medium of claim 30, wherein said step of generating a second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to assign one or more virtual machines to a load balancer.
  - 41. The non-transitory, computer-readable medium of claim 30, wherein said step of generating a third UI screen which depicts UI elements associated with RBAC of the virtual data center further comprises:
    - displaying a list of users who are authorized to issue commands to said virtual data center.
  - 42. The non-transitory, computer-readable medium of claim 30, wherein said step of generating a third UI screen which depicts UI elements associated with RBAC of the virtual data center further comprises:
    - displaying a matrix having, on one side, a plurality of virtual data center commands and having, on another side, a plurality of roles each associated with a different level of access to said virtual data center, andenabling a user to select, using said matrix, which of said plurality of roles have permission to actuate which of said plurality of virtual data center commands.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Inc. (Charter Communications Incorporated)
Inventors
MARTIN, Denis, GRIMES, David, WARNOCK, Thomas, DWYER, John

Granted Patent

US 8,806,486 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2209/549   Remote execution

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/4843   by program, e.g. task dispa...

G06F 9/5077   Logical partitioning of res...

METHODS AND SYSTEMS FOR MANAGING A VIRTUAL DATA CENTER WITH EMBEDDED ROLES BASED ACCESS CONTROL

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

180 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR MANAGING A VIRTUAL DATA CENTER WITH EMBEDDED ROLES BASED ACCESS CONTROL

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

180 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links