Control of communication ports of computing devices using policy-based decisions

US 8,281,360 B2
Filed: 11/21/2006
Issued: 10/02/2012
Est. Priority Date: 11/21/2006
Status: Expired due to Fees

First Claim

Patent Images

1. In a computing system environment having a content flow director and multiple layers of computing devices behind the content flow director, wherein the computing devices in an outermost layer of the multiple layers communicate directly with the content flow director by way of attendant communications ports and the content flow director regularly assesses whether the ports are enabled or disabled, a method of controlling the communication ports of the computing devices established in the multiple layers, comprising:

establishing a policy behind the content flow director;

determining whether the policy is met or exceeded by interrogating at least one of the computing devices established in multiple layers behind the content flow director, wherein the determining includes interrogating another of the computing devices in a layer further away from the content flow director than the one of the computing devices in the outermost layer directly communicating with the content flow director; and

enabling, based on whether the policy is met or exceeded, a port of one of the computing devices in the outermost layer, the content flow director detecting the enabling and allowing future communications between the content flow director and the one of the computing devices by way of the enabled port.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computing system environment, an arrangement of computing devices includes multiple layers behind a content flow director, such as an L4 switch in a web service. In a computing device of an outermost layer directly communicating with the content flow director, a communications port is conditionally enabled upon policy being met or exceeded in the computing system environment behind the content flow director. If unmet, the communications port is disabled, if already enabled, or prevented from becoming enabled, if not otherwise already enabled. In this manner, policy establishes port enablement. In certain aspects, policy determinations include determining a time of response, a quality of service check or a pass/fail condition of the one of the computing devices. Policy is also easily implemented as remote or local computer executable instructions on the computing devices. Representative computing devices include switches, such as L4 switches, routers, servers, repeaters, adapters or the like.

Citations

12 Claims

1. In a computing system environment having a content flow director and multiple layers of computing devices behind the content flow director, wherein the computing devices in an outermost layer of the multiple layers communicate directly with the content flow director by way of attendant communications ports and the content flow director regularly assesses whether the ports are enabled or disabled, a method of controlling the communication ports of the computing devices established in the multiple layers, comprising:
- establishing a policy behind the content flow director;
  
  determining whether the policy is met or exceeded by interrogating at least one of the computing devices established in multiple layers behind the content flow director, wherein the determining includes interrogating another of the computing devices in a layer further away from the content flow director than the one of the computing devices in the outermost layer directly communicating with the content flow director; and
  
  enabling, based on whether the policy is met or exceeded, a port of one of the computing devices in the outermost layer, the content flow director detecting the enabling and allowing future communications between the content flow director and the one of the computing devices by way of the enabled port.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the establishing the policy further includes installing executable code indicating predetermined acceptable criteria on at least one of the computing devices.
  - 3. The method of claim 1, further including one of:
    - (a) disabling an otherwise operable communications port between the one of the computing devices and the content flow director; and
      
      (b) preventing enabling the otherwise operable communications port between the one of the computing devices and the content flow director, if the policy is not met during the determining whether the policy is met or exceeded.
  - 4. The method of claim 1, wherein the content flow director includes searching for the enabled port of the one of the computing devices.
  - 5. The method of claim 1, further including iterating the determining whether the policy is met or exceeded.

6. In a computing system environment having a content flow director and multiple layers of computing devices behind the content flow director, wherein the computing devices in an outermost layer of the multiple layers communicate directly with the content flow director by way of a communication port, a method of controlling communication ports of the computing devices established in multiple layers, comprising:
- establishing a policy behind the content flow director;
  
  testing an operability of at least one of the computing devices established in multiple layers behind the content flow director based on the established policy by interrogating at least one of the computing devices, the testing including interrogating at least one of the computing devices existing in a layer of the multiple layers other than the outermost layer which directly communicates with the content flow director; and
  
  enabling a port of a computing device in the outermost layer of the multiple layers if the operability of the one of the computing devices is determined to be satisfactory, thereby allowing direct communications between the content flow director and the computing device by way of the enabled port.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6, wherein the testing the operability further includes determining a time of response, a quality of service check or a pass/fail condition of the one of the computing devices.
  - 8. The method of claim 6, further including iterating the testing the operability of the one of the computing devices based on the established policy.

9. In a computing system environment having an L4 switch and multiple layers of computing devices behind the L4 switch, wherein a server in an outermost layer of the multiple layers communicates directly with the L4 switch by way of an attendant communications port and the L4 switch regularly assesses whether the attendant communications port is enabled or disabled, a method of controlling the attendant communications port of the server in the outermost layer, comprising:
- establishing a policy in one or more of the computing devices behind the L4 switch;
  
  ascertaining whether the policy is met or exceeded by interrogating at least one of the computing devices of the multiple layers of computing devices behind the L4 switch other than the server in the outermost layer directly communicating with the L4 switch; and
  
  enabling the attendant communications ports of the server in the outermost layer to become enabled if the policy is met or exceeded, the L4 switch detecting the enabling to allow future communications between the L4 switch and the server in the outermost layer by way of the attendant communications port.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein if the policy is unmet, one of disabling the enabled attendant communications port or preventing the attendant communications port from communicating with the L4 switch.
  - 11. The method of claim 9, wherein the ascertaining whether the policy is met or exceeded further includes interrogating another of the computing devices in a layer other than the outermost layer.
  - 12. The method of claim 11, wherein the interrogating another of the computing devices includes interrogating by way of the server in the outermost layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Flewallen, Steven Adams, Johnson, David Nephi, Burch, Lloyd Leon, Fjeldsted, Benjamin Clark, Beus, David Kent, Sriram, Thiruvarangam Viswanathan
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Vaughan, Michael R

Application Number

US11/602,721
Publication Number

US 20080120691A1
Time in Patent Office

2,142 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 47/10   Flow control; Congestion co...

H04L 47/19   at layers above the network...

H04L 47/20   Traffic policing

H04L 63/20   for managing network securi...

Control of communication ports of computing devices using policy-based decisions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Control of communication ports of computing devices using policy-based decisions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links