SYSTEMS AND METHODS FOR DETECTING AND MANAGING CLOUD CONFIGURATIONS

US 20160080204A1
Filed: 09/16/2014
Published: 03/17/2016
Est. Priority Date: 09/16/2014
Status: Active Grant

First Claim

Patent Images

1. A cloud configuration management method implemented in a cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system, the cloud configuration management method comprising:

creating a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system;

defining metadata rules for each of the plurality of golden configurations;

performing a configuration analysis to audit the one or more cloud nodes using the metadata rules; and

providing results of the configuration analysis to determine misconfigurations of any of the one or more cloud nodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud configuration management method implemented in a cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system includes creating a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system; defining metadata rules for each of the plurality of golden configurations; performing a configuration analysis to audit the one or more cloud nodes using the metadata rules; and providing results of the configuration analysis to determine misconfiguration of any of the one or more cloud nodes.

34 Citations

View as Search Results

19 Claims

1. A cloud configuration management method implemented in a cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system, the cloud configuration management method comprising:
- creating a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system;
  
  defining metadata rules for each of the plurality of golden configurations;
  
  performing a configuration analysis to audit the one or more cloud nodes using the metadata rules; and
  
  providing results of the configuration analysis to determine misconfigurations of any of the one or more cloud nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The cloud configuration management method of claim 1, further comprising:
    - adjusting the plurality of golden configurations for customer specific configurations.
  - 3. The cloud configuration management method of claim 1, wherein the configuration analysis comprises obtaining configuration files, associated with applications and hardware, from a cloud node and analyzing the configuration files using the metadata rules.
  - 4. The cloud configuration management method of claim 3, wherein the configuration analysis is performed offline, by copying the configuration files by the cloud configuration management system, while the cloud node operates.
  - 5. The cloud configuration management method of claim 1, further comprising:
    - performing a remedial action based on the determined misconfigurations.
  - 6. The cloud configuration management method of claim 1, wherein the results are provided with an expected value and an actual value for each of determined misconfigurations.
  - 7. The cloud configuration management method of claim 1, further comprising:
    - defining known exceptions; and
      
      ignoring any of the determined misconfigurations based on the known exceptions.
  - 8. The cloud configuration management method of claim 1, further comprising:
    - correcting or accepting the determined misconfigurations.
  - 9. The cloud configuration management method of claim 1, wherein the cloud system is a cloud based distributed security system with the plurality of roles being any of a processing node, an authority node, and a logging node.

10. A cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system, the cloud configuration management system comprising:
- a network interface communicatively coupled to the one or more cloud nodes;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing computer-executable instructions that, when executed, cause the processor to;
  
  create a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system;
  
  define metadata rules for each of the plurality of golden configurations;
  
  perform a configuration analysis to audit the one or more cloud nodes using the metadata rules; and
  
  provide results of the configuration analysis to determine misconfiguration of any of the one or more cloud nodes.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The cloud configuration management system of claim 10, wherein the plurality of golden configurations are adjusted for customer specific configurations.
  - 12. The cloud configuration management system of claim 10, wherein the configuration analysis comprises obtaining configuration files, associated with applications and hardware, from a cloud node and analyzing the configuration files using the metadata rules.
  - 13. The cloud configuration management system of claim 12, wherein the configuration analysis is performed offline, by copying the configuration files by the cloud configuration management system, while the cloud node operates.
  - 14. The cloud configuration management system of claim 10, wherein a remedial action is performed based on the determined misconfigurations.
  - 15. The cloud configuration management system of claim 10, wherein the results are provided with an expected value and an actual value for each of determined misconfigurations.
  - 16. The cloud configuration management system of claim 10, wherein the memory storing computer-executable instructions that, when executed, further cause the processor to:
    - define known exceptions; and
      
      ignore any of the determined misconfigurations based on the known exceptions.
  - 17. The cloud configuration management system of claim 10, wherein the memory storing computer-executable instructions that, when executed, further cause the processor to:
    - correct or accept the determined misconfigurations.
  - 18. The cloud configuration management system of claim 10, wherein the cloud system is a cloud based distributed security system with the plurality of roles being any of a processing node, an authority node, and a logging node.

19. A cloud system with cloud configuration management implemented therein, the cloud system comprising:
- a plurality of cloud nodes; and
  
  a cloud configuration management system communicatively coupled to the plurality of cloud nodes, wherein the cloud configuration management system comprises;
  
  a network interface communicatively coupled to the one or more cloud nodes;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing computer-executable instructions that, when executed, cause the processor to;
  
  create a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system;
  
  define metadata rules for each of the plurality of golden configurations;
  
  perform a configuration analysis to audit the one or more cloud nodes using the metadata rules; and
  
  provide results of the configuration analysis to determine misconfiguration of any of the one or more cloud nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
KARUPPASAMY, Kaleeswaran, MISHRA, Rajnish, Pandey, Anupam, Kumar, Sachin, Singh, Jaspreet, BEHL, Anshul

Granted Patent

US 9,444,685 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 41/0813   characterised by the condit...

H04L 41/084   Configuration by using pre-...

H04L 41/0853   by actively collecting conf...

H04L 41/0866   Checking the configuration

H04L 41/22   comprising specially adapte...

SYSTEMS AND METHODS FOR DETECTING AND MANAGING CLOUD CONFIGURATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DETECTING AND MANAGING CLOUD CONFIGURATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links