System and method providing automatic policy enforcement in a multi-computer service application
First Claim
1. A method of enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the method comprising:
- configuring logical output ports and logical input ports on different modules in accordance with a logical model of the multi-computer service application, wherein each logical input and output port is defined by port software;
configuring logical data connections between the logical output and input ports in accordance with the logical model;
configuring each port to communicate through different numbers of logical data connections without modifying the port software;
sending a notification from a particular module to a policy module;
the policy module responding to the notification by;
determining a request for one or more destination modules;
providing the request to an output port of the policy module;
the output port forwarding the request to input ports of a plurality of the modules in accordance with the configured logical data connections.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and procedure to automatically enforce policy in distributed multi-computer service applications. Such service applications include multiple software modules that execute on multiple computers. The computers have access to communications media that allow data communications between the computers. Logical ports are configured on different modules according to a logical model of the multi-computer service application. Each logical port is defined by port software. Logical data connections between the logical ports are configured in accordance with the logical model. Each port is configured to communicate through different numbers of logical data connections without modifying the port software.
In response to the occurrence of a condition, a module sends an event notification to a policy module. The policy module responds to the notification by formulating a request for one or more destination modules. The policy module provides the request to an output port of the policy module. The output port forwards the request to input ports of multiple modules according to the configured logical data connections.
129 Citations
16 Claims
-
1. A method of enforcing policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the method comprising:
-
configuring logical output ports and logical input ports on different modules in accordance with a logical model of the multi-computer service application, wherein each logical input and output port is defined by port software;
configuring logical data connections between the logical output and input ports in accordance with the logical model;
configuring each port to communicate through different numbers of logical data connections without modifying the port software;
sending a notification from a particular module to a policy module;
the policy module responding to the notification by;
determining a request for one or more destination modules;
providing the request to an output port of the policy module;
the output port forwarding the request to input ports of a plurality of the modules in accordance with the configured logical data connections. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system to enforce a policy in a multi-computer service application having a plurality of software modules that execute on a plurality of computers, the multi-computer service application further having access to a communications medium that allows data communications between different ones of the computers, the system comprising:
-
a logical model of the multi-computer service application, the logical model having model components representing logical functions of the application;
a core runtime converter to create one or more module instances of the model components to implement logical functions represented by the model components, one of the module instances being a policy module, logical output ports and logical input ports on different modules being configured in accordance with the logical model, wherein each logical input and output port is defined by port software, logical data connections being configured between the logical output and input ports in accordance with the logical model, each port being configured to communicate through different numbers of logical data connections without modifying the port software; and
wherein, the policy module is configured to receive event notifications from a module instance, and in response to receiving an event notification, the policy module being further configured to;
(a) determine a request for one or more destination modules; and
(b) provide the request to an output port of the policy module, the output port being configured to forward the request to input ports of a plurality of the modules in accordance with the configured logical data connections. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification