SYSTEMS AND METHODS FOR DETECTING AND MANAGING CLOUD CONFIGURATIONS

US 20160352572A1
Filed: 08/12/2016
Published: 12/01/2016
Est. Priority Date: 09/16/2014
Status: Active Grant

First Claim

Patent Images

1-19. -19. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud configuration management method implemented in a cloud configuration management system communicatively coupled to one or more cloud nodes in a cloud system includes creating a plurality of golden configurations for each of a plurality of roles, wherein each of the one or more cloud nodes has one of the plurality of roles for operation in the cloud system; defining metadata rules for each of the plurality of golden configurations; performing a configuration analysis to audit the one or more cloud nodes using the metadata rules; and providing results of the configuration analysis to determine misconfiguration of any of the one or more cloud nodes.

19 Citations

View as Search Results

39 Claims

1-19. -19. (canceled)

20. A method for managing a cloud system comprising a plurality of cloud components comprising one or more servers, the method comprising:
- defining a plurality of golden configurations for the plurality of cloud components, wherein each of the plurality of golden configurations comprises settings for a combination of parameters and features that are associated with a specific cloud component operating a specific role or service;
  
  responsive to an audit, obtaining a current configuration of associated cloud components for the audit, and analyzing the configuration using a set of metadata rules for an associated golden configuration; and
  
  determining misconfigurations of any of the associated cloud components based on the analyzing.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 39)
- - 21. The method of claim 20, further comprising:
    - periodically adjusting one or more of the plurality of golden configurations or adding new golden configurations based on updates or changes to the specific role or service.
  - 22. The method of claim 20, further comprising:
    - approving one or more known exceptions in the misconfigurations and storing the one or more known exceptions for the set of metadata rules.
  - 23. The method of claim 20, wherein the plurality of golden configurations comprise defined component roles, configuration files, feature sets, and configuration deviations.
  - 24. The method of claim 20, wherein the metadata rules are parameters of configuration files and feature sets which are categorized into a plurality of buckets, and wherein the misconfigurations are determined based on comparisons of the plurality of buckets with the current configuration.
  - 25. The method of claim 24, wherein the plurality of buckets include a mandatory bucket where a parameter must be present, a conditional mandatory bucket where a parameter must be present subject to a condition, and an ignored mandatory bucket where a parameter must only be present regardless of its value.
  - 26. The method of claim 20, wherein the audit is performed one or more of periodically and on demand.
  - 27. The method of claim 20, further comprising:
    - performing a remedial action based on the misconfigurations
  - 28. The method of claim 20, wherein the obtaining and the analyzing is performed by a separate device from the associated cloud components which continue to operate.
  - 39. The non-transitory computer-readable medium of claim 28, wherein the computer-executable instructions that, when executed, further cause the processor to perform steps of:
    - periodically adjusting one or more of the plurality of golden configurations or adding new golden configurations based on updates or changes to the specific role or service.

29. A system configured to manage a cloud system comprising a plurality of cloud components comprising one or more servers, the system comprising:
- a processor and network interface communicatively coupled to one another; and
  
  memory storing instructions that, when executed, cause the processor to;
  
  define a plurality of golden configurations for the plurality of cloud components, wherein each of the plurality of golden configurations comprises settings for a combination of parameters and features that are associated with a specific cloud component operating a specific role or service;
  
  responsive to an audit, obtain, via the network interface, a current configuration of associated cloud components for the audit, and analyze the configuration using a set of metadata rules for an associated golden configuration; and
  
  determine misconfigurations of any of the associated cloud components based on the analyzing.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
- - 30. The system of claim 29, wherein the memory storing instructions that, when executed, further cause the processor to:
    - periodically adjust one or more of the plurality of golden configurations or adding new golden configurations based on updates or changes to the specific role or service.
  - 31. The system of claim 29, wherein the memory storing instructions that, when executed, further cause the processor to:
    - approve one or more known exceptions in the misconfigurations and store the one or more known exceptions for the set of metadata rules.
  - 32. The system of claim 29, wherein the plurality of golden configurations comprise defined component roles, configuration files, feature sets, and configuration deviations.
  - 33. The system of claim 29, wherein the metadata rules are parameters of configuration files and feature sets which are categorized into a plurality of buckets, and wherein the misconfigurations are determined based on comparisons of the plurality of buckets with the current configuration.
  - 34. The system of claim 33, wherein the plurality of buckets include a mandatory bucket where a parameter must be present, a conditional mandatory bucket where a parameter must be present subject to a condition, and an ignored mandatory bucket where a parameter must only be present regardless of its value.
  - 35. The system of claim 29, wherein the audit is performed one or more of periodically and on demand.
  - 36. The system of claim 29, wherein the memory storing instructions that, when executed, further cause the processor to:
    - performing a remedial action based on the misconfigurations
  - 37. The system of claim 29, wherein the associated cloud components continue to operate during analysis.

38. A non-transitory computer-readable medium storing computer-executable instructions that, when executed, cause a processor to perform steps of:
- defining a plurality of golden configurations for the plurality of cloud components, wherein each of the plurality of golden configurations comprises settings for a combination of parameters and features that are associated with a specific cloud component operating a specific role or service;
  
  responsive to an audit, obtaining a current configuration of associated cloud components for the audit, and analyzing the configuration using a set of metadata rules for an associated golden configuration; and
  
  determining misconfigurations of any of the associated cloud components based on the analyzing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
PANDEY, Anupam, KUMAR, Sachin, BEHL, Anshul, KARUPPASAMY, Kaleeswaran, MISHRA, Rajnish, SINGH, Jaspreet

Granted Patent

US 9,712,388 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 41/0813   characterised by the condit...

H04L 41/084   Configuration by using pre-...

H04L 41/0853   by actively collecting conf...

H04L 41/0866   Checking the configuration

H04L 41/22   comprising specially adapte...

SYSTEMS AND METHODS FOR DETECTING AND MANAGING CLOUD CONFIGURATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DETECTING AND MANAGING CLOUD CONFIGURATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links