System and method providing automatic policy enforcement in a multi-computer service application
First Claim
1. A computer-implemented method of enforcing policy in a multi-computer service application, the method comprising:
- monitoring, by a policy module, operation of an application during runtime, the application comprising multiple software modules configured to execute on respective ones of multiple computers, the software modules being defined by logical input and output ports and logical data connections between respective ones of the software modules;
receiving, by the policy module, a notification from one of the software modules indicating a change in operation of the application;
responsive to receiving the notification, enforcing, by the policy module, a policy associated with the application by;
(a) evaluating content of the notification against the policy to generate a response for one or more destination modules of the application, the evaluating comprising determining, by the policy module, the one or more destination modules by identifying a number of instances of each software or hardware module used to implement multi-computer service application at any given time based on the policy; and
(b) forwarding, by an output port of the policy module, the response to input ports of the one or more destination modules in accordance with the logical data connections associated with the one or more destination modules; and
wherein the policy is abstracted from physical deployment of the multi-computer service application.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods to enforce policy in a multi-computer service application are described. The application includes multiple software modules that execute on multiple computers. The multi-computer service application has access to a communications medium that allows data communications between different ones of the computers. The software modules have logical input and output ports and logical data connections between modules. Each logical port is defined by port software. In one aspect, a particular module sends a notification to a policy module. Responsive to the notification, the policy module (a) determines a request for one or more destination modules, and (b) provides the request to an output port of the policy module. The output port forwards the request to input ports of a plurality of the modules in accordance with the logical data connections.
138 Citations
21 Claims
-
1. A computer-implemented method of enforcing policy in a multi-computer service application, the method comprising:
-
monitoring, by a policy module, operation of an application during runtime, the application comprising multiple software modules configured to execute on respective ones of multiple computers, the software modules being defined by logical input and output ports and logical data connections between respective ones of the software modules; receiving, by the policy module, a notification from one of the software modules indicating a change in operation of the application; responsive to receiving the notification, enforcing, by the policy module, a policy associated with the application by; (a) evaluating content of the notification against the policy to generate a response for one or more destination modules of the application, the evaluating comprising determining, by the policy module, the one or more destination modules by identifying a number of instances of each software or hardware module used to implement multi-computer service application at any given time based on the policy; and (b) forwarding, by an output port of the policy module, the response to input ports of the one or more destination modules in accordance with the logical data connections associated with the one or more destination modules; and wherein the policy is abstracted from physical deployment of the multi-computer service application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium comprising computer-executable instructions for enforcing policy in a multi-computer service application, the computer-executable instructions comprising instructions for:
-
detecting, by a particular module of a multi-computer service application, a change in operating conditions; responsive to the detecting; sending, by the particular module, a notification corresponding to the change to a policy module, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software, the notification for evaluation, by the policy module, against a policy that is abstracted from physical deployment of the multi-computer service application, the policy defining a definite course of action selected from among alternatives in light of monitored conditions to perform one or more of; (a) installing, configuring, or removing components of the multi-computer service application; and (b) implementing measures to maintain proper operation of the components and the multi-computer service application as a whole; and receiving, by the particular module, a response from the policy module, the response directing the particular module to implement at least one aspect of the policy. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computing device comprising:
-
a processor; and a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor, the computer-program instructions comprising instructions for; detecting, by a particular module of a multi-computer service application, a change in operating conditions; sending, by the particular module, a notification corresponding to the change to a policy module of the multi-computer service application, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software; responsive to receiving the notification, the policy module; evaluating the change against a policy for the multi-computer service application, the policy being abstracted from the physical deployment of the multi-computer service application, the policy defining a definite course of action selected from among alternatives in light of monitored conditions to perform one or more of; (a) installing, configuring, or removing components of the multi-computer service application; and (b) implementing measures to maintain proper operation of the components and the multi-computer service application as a whole; and communicating, by the policy module, a response directing the particular module to implement at least one aspect of the policy. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computing device comprising:
-
sending means for sending a notification from a particular module to a policy module, the particular module and the policy module being respective ones of multiple software modules configured to execute on respective ones of multiple computers, the multiple software modules including logical input and output ports and logical data connections between respective ones of the software modules, each logical port being defined by port software; determining means, responsive to the notification, for the policy module to determine a request for one or more destination modules, the request being based on a policy that is abstracted from the physical deployment of the multiple software modules;
providing means for the policy module to provide the request to an output port of the policy module; andforwarding means for the policy module to forward the request from the output port to respective input ports of the one or more destination modules in accordance with the logical data connections.
-
Specification