Distributed monitoring of desired configurations using rules

US 7,506,143 B2
Filed: 11/15/2005
Issued: 03/17/2009
Est. Priority Date: 11/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring configuration information of computing devices that are servers, the method comprising:

providing at a monitoring server a desired configuration monitor document that specifies configuration settings for applications that execute on the computing devices and associated rules for determining whether a configuration settings of the applications are in compliance, the rules being organized based on applications that use the configuration settings, at least one rule being an active rule that references a passive rule that specifies how to create a value that is used by the active rule, at least one rule specifying how to place a configuration setting that is not in compliance into compliance;

distributing from the monitoring server a copy of the desired configuration monitor document to each of the computing devices; and

under control of each of the computing devices and for each application of the desired configuration monitor document,for each configuration setting for that application specified in the desired configuration monitor document,determining whether the rule associated with the configuration setting indicates whether the configuration setting is in compliance by when the rule specifies a passive rule, creating a value as specified by the passive rule and using the created value to determine whether the configuration setting is in compliance; and

when it is determined that the configuration setting is not in compliance, logging that the configuration setting is not in compliance and when the rule specifies how to place a configuration setting that is not in compliance into compliance, automatically placing the configuration setting into compliance in accordance with the rule; and

reporting to the monitoring server that the logged configuration settings are not in compliance and whether the configuration setting that was not in compliance has been corrected.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for monitoring configuration information of computing devices is provided. The monitoring system generates a desired configuration monitor (“DCM”) document for each computing device that is to have its configuration monitored. The DCM document specifies configuration settings to be monitored along with rules that specify how to determine whether a configuration setting is correct. Each computing device may include a comparison engine that inputs the DCM document and applies the rules of the DCM document to determine which configuration settings of the computing device are not in compliance.

23 Citations

View as Search Results

17 Claims

1. A method for monitoring configuration information of computing devices that are servers, the method comprising:
- providing at a monitoring server a desired configuration monitor document that specifies configuration settings for applications that execute on the computing devices and associated rules for determining whether a configuration settings of the applications are in compliance, the rules being organized based on applications that use the configuration settings, at least one rule being an active rule that references a passive rule that specifies how to create a value that is used by the active rule, at least one rule specifying how to place a configuration setting that is not in compliance into compliance;
  
  distributing from the monitoring server a copy of the desired configuration monitor document to each of the computing devices; and
  
  under control of each of the computing devices and for each application of the desired configuration monitor document,for each configuration setting for that application specified in the desired configuration monitor document,determining whether the rule associated with the configuration setting indicates whether the configuration setting is in compliance by when the rule specifies a passive rule, creating a value as specified by the passive rule and using the created value to determine whether the configuration setting is in compliance; and
  
  when it is determined that the configuration setting is not in compliance, logging that the configuration setting is not in compliance and when the rule specifies how to place a configuration setting that is not in compliance into compliance, automatically placing the configuration setting into compliance in accordance with the rule; and
  
  reporting to the monitoring server that the logged configuration settings are not in compliance and whether the configuration setting that was not in compliance has been corrected.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the configuration settings are selected from a group consisting of registry, active directory, file, Windows management instrumentation configuration settings, and IIS metabase.
  - 3. The method of claim 1 wherein a configuration setting of the desired monitor document has an associated action that is to be taken when the rule associated with the configuration setting is satisfied.
  - 4. The method of claim 3 wherein the action is specified as executable code.
  - 5. The method of claim 3 wherein the action is to shut down an application executing on the computing device.

6. A computer system at a monitoring server for monitoring the configuration settings of computing devices that are servers, the method comprising:
- preparing at the monitoring server a desired configuration monitor document that specifies configuration settings and associated rules for determining whether a configuration setting is in compliance, the rules being organized based on applications that use the configuration settings, at least one rule specifying how to place a configuration setting that is not in compliance into compliance;
  
  sending from the monitoring server to each of the computing devices a copy of the desired configuration monitor document so that a computing device that receives the desired configuration monitor document periodically applies the rules of the desired configuration monitor document to configuration settings of the application and places a configuration setting that is not in compliance into compliance as indicated by a rule;
  
  receiving at the monitoring server from the computing devices reports indicating configuration settings of the computing device that are not in compliance as specified by the rules of the desired configuration monitor document and whether a rule that was not in compliance has been placed in compliance; and
  
  providing at the monitoring server reports for analyzing the configuration settings that are not in compliance.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The computer system of claim 6 wherein the sending includes sending to the computing devices a comparison engine for determining whether the rules of the desired configuration monitor document are satisfied.
  - 8. The computer system of claim 6 wherein the sending including sending to the computing devices a collection engine for providing to the computer system the configuration settings that are not in compliance.
  - 9. The computer system of claim 6 wherein the preparing includes providing a user interface through which a user can specify the configuration settings and rules.
  - 10. The computer system of claim 6 wherein a rule of the desired configuration monitor is derived from configuration settings collected from computing devices.
  - 11. The computer system of claim 6 wherein the desired configuration monitor document specifies groups of configuration settings.
  - 12. The computer system of claim 11 wherein the configuration settings of a group are organized by data source.

13. A computer-readable storage medium containing instructions for controlling a computing device that is a server to monitor configuration information, comprising:
- configuration settings and associated rules for determining whether a configuration setting is in compliance, the rules being organized into data sources of the configuration settings, at least one rule being an active rule that references a passive rule that specifies how to create a value that is used by the active rule;
  
  a component that determines whether the rule associated with a configuration setting indicates whether the configuration setting is in compliance by when a rule specifies of passive rule, creating a value as specified by the passive rule and using the created value to determine whether the configuration setting is in compliance and that when the configuration setting is not in compliance, logs that the configuration setting is not in compliance; and
  
  a component that provides to a monitoring server the logged configuration settings that are not in compliancesuch that the monitoring server distributes configuration settings and rules to a plurality of computing devices that are servers and receives from the plurality of computing devices logged configuration settings that are not in compliance.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer-readable storage medium of claim 13 including a component to install on the computing device the component that determines and logs and the component that reports.
  - 15. The computer-readable storage medium of claim 13 wherein a configuration setting has an associated action that is to be taken when the rule associated with the configuration setting is satisfied.
  - 16. The computer-readable storage medium of claim 15 including a component that performs the associated action.
  - 17. The computer-readable storage medium of claim 15 wherein the action is to put the non-compliant configuration setting into compliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gicewicz, Gregory P., McAlpine, Roberta, Zakrajsek, Frank J., Sarwono, Edhi
Primary Examiner(s)
Lee; Thomas
Assistant Examiner(s)
TRAN, VINCENT HUY

Application Number

US11/274,049
Publication Number

US 20070168493A1
Time in Patent Office

1,218 Days
Field of Search

713/1, 713/2, 713/100
US Class Current

713/1
CPC Class Codes

G06F 11/006   Identification G06F11/2289 ...

G06F 11/0709   in a distributed system con...

G06F 11/0748   in a remote unit communicat...

G06F 11/0751   Error or fault detection no...

G06F 11/3006   where the computing system ...

G06F 11/3051   Monitoring arrangements for...

G06F 11/3495   for systems

Distributed monitoring of desired configurations using rules

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed monitoring of desired configurations using rules

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links