POLICY AND IDENTITY BASED WORKLOAD PROVISIONING
First Claim
Patent Images
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- interrogating a resource infrastructure to acquire resource identities for resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure;
managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads; and
dynamically provisioning the resources for handling the workloads based on;
requests from the requestors, the stage of readiness for each of the resources, enforcement of the policy specifications, and the resource identities within the resource infrastructure.
8 Assignments
0 Petitions
Accused Products
Abstract
Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool.
105 Citations
20 Claims
-
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
-
interrogating a resource infrastructure to acquire resource identities for resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure; managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads; and dynamically provisioning the resources for handling the workloads based on;
requests from the requestors, the stage of readiness for each of the resources, enforcement of the policy specifications, and the resource identities within the resource infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19)
-
-
10. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
-
receiving a request to provision a resource from a requestor; identifying a workload associated with the request; obtaining a policy specification having policies to resolve the request in response to;
a requestor identity for the requestor and a workload identity for the workload;evaluating the policies in view of a resource pool of available resources within a resource infrastructure, each resource annotated within the resource pool with a stage of readiness attribute; and provisioning a particular resource to handle the workload based on evaluation of the policies. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A multi-processor implemented system, comprising:
-
a workload deployment service configured to execute on one or more processors; a resource prospector service configured to execute on one or more of the processors; and a plurality of resource scouting services configured to execute on one or more of the processors; the workload deployment service configured to dynamically provision resources within a resource infrastructure to handle workloads based on policies and identities associated with requestors, the workloads, and the resources, and the resource prospector service is configured to interrogate the resource infrastructure to identify the resources and a stage of readiness associated with each of the resources, each stage of readiness for a particular resource including a particular scouting service that is configured to communicate with that particular resource in that resource'"'"'s particular stage of readiness, the scouting services communicate with the resource prospector service and the resource prospector service communicates with the workload deployment service to dynamically provision the resources and to annotate particular stages or readiness within a resource pool for each resource of the resource infrastructure. - View Dependent Claims (18, 20)
-
Specification