System and method providing automatic policy enforcement in a multi-computer service application

US 6,915,338 B1
Filed: 10/24/2000
Issued: 07/05/2005
Est. Priority Date: 10/24/2000
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the method comprising:

configuring logical output ports and logical input ports on different modules in accordance with a logical model of the multi-computer service application, wherein each logical input and output port is defined by port software;

configuring logical data connections between the logical output and input ports in accordance with the logical model;

configuring each port to communicate through different numbers of logical data connections without modifying the port software;

sending a notification from a particular module to a policy module;

the policy module responding to the notification by;

determining a request for one or more destination modules;

providing the request to an output port of the policy module;

the output port forwarding the request to input ports of a plurality of the modules in accordance with the configured logical data connections.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and procedure to automatically enforce policy in distributed multi-computer service applications. Such service applications include multiple software modules that execute on multiple computers. The computers have access to communications media that allow data communications between the computers. Logical ports are configured on different modules according to a logical model of the multi-computer service application. Each logical port is defined by port software. Logical data connections between the logical ports are configured in accordance with the logical model. Each port is configured to communicate through different numbers of logical data connections without modifying the port software.

In response to the occurrence of a condition, a module sends an event notification to a policy module. The policy module responds to the notification by formulating a request for one or more destination modules. The policy module provides the request to an output port of the policy module. The output port forwards the request to input ports of multiple modules according to the configured logical data connections.

129 Citations

View as Search Results

16 Claims

1. A method of enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the method comprising:
- configuring logical output ports and logical input ports on different modules in accordance with a logical model of the multi-computer service application, wherein each logical input and output port is defined by port software;
  
  configuring logical data connections between the logical output and input ports in accordance with the logical model;
  
  configuring each port to communicate through different numbers of logical data connections without modifying the port software;
  
  sending a notification from a particular module to a policy module;
  
  the policy module responding to the notification by;
  
  determining a request for one or more destination modules;
  
  providing the request to an output port of the policy module;
  
  the output port forwarding the request to input ports of a plurality of the modules in accordance with the configured logical data connections.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, wherein a particular output port is configurable during run-time to specify different logical data connections.
  - 3. A method as recited in claim 1, wherein a particular output port is configurable during instantiation to specify different logical data connections.
  - 4. A method as recited in claim 1, wherein the logical model of the multi-computer service application comprises model components, wherein each model component represents an abstract functional operation of the multi-computer service, the model components comprising hardware and software modules.
  - 5. A method as recited in claim 4, wherein the model components have an associated blueprint that specifies the hardware and software modules represented by the model components.
  - 6. A method as recited in claim 1, wherein the method further comprises:
    - monitoring, by the policy module, operation of the multi-service computer application during runtime; and
      
      evaluating, by the policy module, the monitored operations against a policy.
  - 7. A method as recited in claim 6:
    - wherein evaluating further comprises determining, by the policy module, a number of instances of each module used to implement the multi-computer service at any given time based on the policy; and
      
      the method further comprising responding from the policy module to changes in operating conditions by automatically specifying an action selected from a group of actions consisting of deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending requests to the module, and removing a module from the multi-service computer application.
  - 8. A method as recited in claim 7, wherein the deploying comprises creating a physical instance of the model component, the logical input and output ports on the newly deployed resource being configured in accordance with logical connections specified in the logical model.
  - 9. A computer-readable medium storing computer-executable instructions that, when executed on a computer, performs the method of claim 1.

10. A system to enforce a policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the system comprising:
- a logical model of the multi-computer service application, the logical model having model components representing logical functions of the application;
  
  a core runtime converter to create one or more module instances of the model components to implement logical functions represented by the model components, one of the module instances being a policy module, logical output ports and logical input ports on different modules being configured in accordance with the logical model, wherein each logical input and output port is defined by port software, logical data connections being configured between the logical output and input ports in accordance with the logical model, each port being configured to communicate through different numbers of logical data connections without modifying the port software; and
  
  wherein, the policy module is configured to receive event notifications from a module instance, and in response to receiving an event notification, the policy module being further configured to;
  
  (a) determine a request for one or more destination modules; and
  
  (b) provide the request to an output port of the policy module, the output port being configured to forward the request to input ports of a plurality of the modules in accordance with the configured logical data connections.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A system as recited in claim 10, wherein a particular output port is configurable during run-time to specify different logical data connections, wherein the output port forwards the request to modules and input ports in accordance with the logical connections specified for said particular output port.
  - 12. A system as recited in claim 10, wherein a particular output port is configurable during instantiation to specify different logical data connections, wherein the output port forwards the request to a plurality of modules and input ports in accordance with the logical connections specified for said particular output port.
  - 13. A system as recited in claim 10, wherein the model components have an associated schema that specifies hardware and software modules represented by the model components.
  - 14. A system as recited in claim 10, wherein the policy module is further configured to perform actions comprising:
    - monitoring operation of the multi-service computer application during runtime; and
      
      evaluating the monitored operations against a policy.
  - 15. A system as recited in claim 10, wherein to evaluate the monitored operations, the policy module determines a number of instances of each module used to implement the multi-computer service at any given time based on the policy;
    - andthe policy module is further configured to;
      
      respond to changes in operation conditions by automatically specifying an action selected from a group of actions consisting of deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending events to the module, and removing a module from the multi-service computer application.
  - 16. A system as recited in claim 15 wherein the policy module deploys the new resource by creating a physical instance of the model component, the logical input and output ports on the newly deployed resource being configured in accordance with logical connections specified in the logical model.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Tabbara, Bassam, Hunt, Galen C., Van Antwerp, Mark D., Welland, Robert V., Hydrie, Aamer, Levi, Steven P.
Primary Examiner(s)
Alam, Hosain
Assistant Examiner(s)
NGUYEN, THU HA T

Application Number

US09/696,752
Time in Patent Office

1,715 Days
Field of Search

709/223, 709/224, 709/217, 709/220, 709/226, 709/228, 709/229, 709/318, 370/352, 370/358, 370/389, 713/201, 717/11, 717/120
US Class Current

709/220
CPC Class Codes

G06F 9/5066 Algorithms for mapping a pl...

System and method providing automatic policy enforcement in a multi-computer service application

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

129 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method providing automatic policy enforcement in a multi-computer service application

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

129 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links