System and method providing automatic policy enforcement in a multi-computer service application

US 7,080,143 B2
Filed: 05/11/2004
Issued: 07/18/2006
Est. Priority Date: 10/24/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method of enforcing policy in a multi-computer service application, the method comprising:

monitoring, by a policy module, operation of an application during runtime, the application comprising multiple software modules configured to execute on respective ones of multiple computers, the software modules being defined by logical input and output ports and logical data connections between respective ones of the software modules;

receiving, by the policy module, a notification from one of the software modules indicating a change in operation of the application;

responsive to receiving the notification, enforcing, by the policy module, a policy associated with the application by;

(a) evaluating content of the notification against the policy to generate a response for one or more destination modules of the application, the evaluating comprising determining, by the policy module, the one or more destination modules by identifying a number of instances of each software or hardware module used to implement multi-computer service application at any given time based on the policy; and

(b) forwarding, by an output port of the policy module, the response to input ports of the one or more destination modules in accordance with the logical data connections associated with the one or more destination modules; and

wherein the policy is abstracted from physical deployment of the multi-computer service application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods to enforce policy in a multi-computer service application are described. The application includes multiple software modules that execute on multiple computers. The multi-computer service application has access to a communications medium that allows data communications between different ones of the computers. The software modules have logical input and output ports and logical data connections between modules. Each logical port is defined by port software. In one aspect, a particular module sends a notification to a policy module. Responsive to the notification, the policy module (a) determines a request for one or more destination modules, and (b) provides the request to an output port of the policy module. The output port forwards the request to input ports of a plurality of the modules in accordance with the logical data connections.

138 Citations

View as Search Results

21 Claims

1. A computer-implemented method of enforcing policy in a multi-computer service application, the method comprising:
- monitoring, by a policy module, operation of an application during runtime, the application comprising multiple software modules configured to execute on respective ones of multiple computers, the software modules being defined by logical input and output ports and logical data connections between respective ones of the software modules;
  
  receiving, by the policy module, a notification from one of the software modules indicating a change in operation of the application;
  
  responsive to receiving the notification, enforcing, by the policy module, a policy associated with the application by;
  
  (a) evaluating content of the notification against the policy to generate a response for one or more destination modules of the application, the evaluating comprising determining, by the policy module, the one or more destination modules by identifying a number of instances of each software or hardware module used to implement multi-computer service application at any given time based on the policy; and
  
  (b) forwarding, by an output port of the policy module, the response to input ports of the one or more destination modules in accordance with the logical data connections associated with the one or more destination modules; and
  
  wherein the policy is abstracted from physical deployment of the multi-computer service application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising configuring an input port of the respective one of the software modules as a function of an associated one of the logical input ports.
  - 3. The method of claim 1, further comprising configuring a particular output port of the output ports during run-time to specify different logical data connections, the particular output port being configured as a function of a logical model of the multi-computer service application.
  - 4. The method of claim 1, further comprising configuring an output port of the output ports during instantiation of the respective one of the software modules to specify different logical data connections.
  - 5. The method of claim 1, further comprising:
    - implementing port software based on respective ones of the logical input and output ports; and
      
      configuring a communication route between a first portion of the port software and a second portion of the port software, the first portion being associated with a physical input port resource, the second portion being associated with a physical output port resource.
  - 6. The method of claim 5, further comprising configuring the physical input port resource to communicate with the physical output port resource via the communication route.
  - 7. The method of claim 1, and further comprising generating a logical model of the application, the logical module comprising model components, each model component representing an abstract operation of the multi-computer service application, the model components representing respective hardware and software modules.
  - 8. The method of claim 7, wherein a blueprint specifies the hardware and software modules represented by the model components.
  - 9. The method of claim 1,wherein the response specifies one or more actions for deploying a new resource represented by a model component in the logical model, manipulating a module in multi-service computer application by sending events to the module, or removing a module from the multi-service computer application.
  - 10. The method of claim 9, wherein deploying the new resource comprises:
    - creating a physical instance of a model component representing the new resource; and
      
      configuring logical input and output port(s) for the newly deployed resource in accordance with logical connections specified in the logical model.

11. A computer-readable storage medium comprising computer-executable instructions for enforcing policy in a multi-computer service application, the computer-executable instructions comprising instructions for:
- detecting, by a particular module of a multi-computer service application, a change in operating conditions;
  
  responsive to the detecting;
  
  sending, by the particular module, a notification corresponding to the change to a policy module, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software, the notification for evaluation, by the policy module, against a policy that is abstracted from physical deployment of the multi-computer service application, the policy defining a definite course of action selected from among alternatives in light of monitored conditions to perform one or more of;
  
  (a) installing, configuring, or removing components of the multi-computer service application; and
  
  (b) implementing measures to maintain proper operation of the components and the multi-computer service application as a whole; and
  
  receiving, by the particular module, a response from the policy module, the response directing the particular module to implement at least one aspect of the policy.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-readable storage medium of claim 11, further comprising computer-executable instructions responsive to receiving the response, for configuring, by the particular module, an input port according to the policy.
  - 13. The computer-readable storage medium of claim 11, further comprising computer-executable instructions responsive to receiving the response, for configuring, by the particular module, an output port to specify different logical data connections according to the policy.
  - 14. The computer-readable storage medium of claim 11, further comprising computer-executable instructions for:
    - in accordance with the response, the particular module;
      
      implementing port software based on respective ones of logical input and output ports specified by the policy; and
      
      configuring a communication route between the port software and a physical output or input port resource of a different component of the multi-computer service application.
  - 15. The computer-readable storage medium of claim 11, wherein the multi-computer service application was automatically deployed based on a logical model comprising model components, each model component representing an abstract operation of the multi-computer service application, the model components representing respective hardware and software modules.

16. A computing device comprising:
- a processor; and
  
  a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor, the computer-program instructions comprising instructions for;
  
  detecting, by a particular module of a multi-computer service application, a change in operating conditions;
  
  sending, by the particular module, a notification corresponding to the change to a policy module of the multi-computer service application, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software;
  
  responsive to receiving the notification, the policy module;
  
  evaluating the change against a policy for the multi-computer service application, the policy being abstracted from the physical deployment of the multi-computer service application, the policy defining a definite course of action selected from among alternatives in light of monitored conditions to perform one or more of;
  
  (a) installing, configuring, or removing components of the multi-computer service application; and
  
  (b) implementing measures to maintain proper operation of the components and the multi-computer service application as a whole; and
  
  communicating, by the policy module, a response directing the particular module to implement at least one aspect of the policy.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable medium of claim 16, wherein the response directs the particular module to configure an input port or an output port.
  - 18. The computer-readable medium of claim 16, wherein the policy directed automated deployment of at least a portion of the multi-computer service application using a logical model comprising model components, each model component representing an abstract operation of the multi-computer service application, the model components representing respective hardware and software modules.
  - 19. The computer-readable medium of claim 16, wherein the response causes:
    - port software to be implemented according to logical input and output ports specified in the logical model; and
      
      a communication route to be configured between a first portion of the port software and a second portion of the port software, the first portion being associated with a physical input or output port resource, the second portion being associated with a respective physical output or input port resource.
  - 20. The computer-readable medium of claim 16, wherein the instructions for evaluating the change further comprise computer-program instructions for determining a number of instances of each software or hardware module used to implement the multi-computer service application at any given time based on the policy.

21. A computing device comprising:
- sending means for sending a notification from a particular module to a policy module, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the multiple software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software;
  
  determining means, responsive to the notification, for the policy module to determine a request for one or more destination modules, the request being based on a policy that is abstracted from the physical deployment of the multiple software modules;
  
  providing means for the policy module to provide the request to an output port of the policy module; and
  
  forwarding means for the policy module to forward the request from the output port to respective input ports of the one or more destination modules in accordance with the logical data connections.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Tabbara, Bassam, Hunt, Galen C., Van Antwerp, Mark D., Welland, Robert V., Hydrie, Aamer, Levi, Steven P.
Primary Examiner(s)
Najjah, Saleh
Assistant Examiner(s)
NGUYEN, THU HA T

Application Number

US10/843,715
Publication Number

US 20050021696A1
Time in Patent Office

798 Days
Field of Search

709/202, 709/220, 709/223, 709/224, 709/225, 709/227, 709/238, 709/226, 370/254, 370/236, 370/389, 370/469, 713/162, 707/3, 707/10, 714/39, 714/47, 718/318
US Class Current

709/224
CPC Class Codes

G06F 9/5066 Algorithms for mapping a pl...

System and method providing automatic policy enforcement in a multi-computer service application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

138 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method providing automatic policy enforcement in a multi-computer service application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links