Method to automatically map business function level policies to it management policies
First Claim
1. A computer-implemented method for classifying network traffic comprising:
- finding a list of pairs ((a1, p1), . . . , (an, pn)) as a high-level policy, where ai is an application name and a corresponding pi is a priority of the application ai;
mapping the application ai to an IP address and a port number by finding a list of triples ((IPa1, pa1, in1), . . . , (IPan, pa, inn)) of low-level objects, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, and ini is an indicator associated with the application ai; and
obtaining a low-level policy as (((IPa1, pa1, in1), p1), . . . , ((IPan, pa, inn), pn)) from the mapping and the high-level policy, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, ini is an indicator associated with the application ai, and pi is a priority of the application ai,wherein a computing system including a processor and a memory device connected to the processor performs the finding the list of pairs ((a1, p1), . . . , (an, pn)), the mapping and the obtaining.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, computer program product, and computer program storage device for transforming a high-level policy associated with a high layer to a low-level policy associated with a low layer. Mapping between high-level objects in a high layer and low-level objects in a low layer is derived by an automated discovery tool. The high-level policy is mapped to the low-level policy according to the mapping (e.g., by substituting the high-level objects with the low-level objects and by performing a syntax transformation). In one embodiment, a low-level policy is transformed to a high-level policy according to the mapping. As exemplary embodiments, policy transformations in traffic shaping and data retention are disclosed.
-
Citations
6 Claims
-
1. A computer-implemented method for classifying network traffic comprising:
-
finding a list of pairs ((a1, p1), . . . , (an, pn)) as a high-level policy, where ai is an application name and a corresponding pi is a priority of the application ai; mapping the application ai to an IP address and a port number by finding a list of triples ((IPa1, pa1, in1), . . . , (IPan, pa, inn)) of low-level objects, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, and ini is an indicator associated with the application ai; and obtaining a low-level policy as (((IPa1, pa1, in1), p1), . . . , ((IPan, pa, inn), pn)) from the mapping and the high-level policy, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, ini is an indicator associated with the application ai, and pi is a priority of the application ai, wherein a computing system including a processor and a memory device connected to the processor performs the finding the list of pairs ((a1, p1), . . . , (an, pn)), the mapping and the obtaining. - View Dependent Claims (2)
-
-
3. A computer-implemented system for classifying network traffic comprising:
-
a computing system including at least one processor and at least one memory device connected to the at least one processor, wherein the computing system is configured to; find a list of pairs ((a1, p1), . . . , (an, pn)) as a high-level policy, where ai is an application name and a corresponding pi is a priority of the application ai; map the application ai to an IP address and a port number by finding a list of triples ((IPa1, pa1, in1), . . . , (IPan, pan, inn)) of low-level objects, where IPa1 is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, ini is an indicator associated with the application ai; and obtain a low-level policy as (((IPa1, pa1, in1), p1), . . . , (IPan, pa, inn), pn)) from the mapping and the high-level policy, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, ini is an indicator associated with the application ai, and pi is a priority of the application ai. - View Dependent Claims (4)
-
-
5. A computer program product comprising a non-transitory computer usable medium having computer readable program code means embodied therein for classifying network traffic, the computer program code means in said computer program product comprising computer readable program code means for causing a computer to effect steps of:
-
finding a list of pairs ((a1, p1), . . . , (an, pn)) as a high-level policy, where ai is an application name and a corresponding pi is a priority of the application ai; mapping the application ai to an IP address and a port number by finding a list of triples ((IPa1, pa1,in1), . . . , (IPan, pa, inn)) of low-level objects, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, and ini is an indicator associated with the application ai; and obtaining a low-level policy as (((IPa1, pa1, in1), p1), . . . , ((IPan, pa, inn), pn)) from the mapping and the high-level policy, where IPai is a range of IP address associated with the application ai, pai is a range of port numbers associated with the application ai, ini is an indicator associated with the application ai, and pi is a priority of the application ai. - View Dependent Claims (6)
-
Specification