System and method for self policing of authorized configuration by end points
First Claim
1. A computer-implemented method comprising:
- receiving one or more change approval packages at a first computer system from a second computer system including a configuration management database, each of the change approval packages including authorized change identification data that identifies one or more authorized changes of at least one configuration item in the first computer system, and wherein each change approval package is a result of an approved request for change that is stored in an authorized configurations area of the configuration management database prior to being received at the first computer system;
storing the received authorized change identification data in an authorization configuration storage area associated with the first computer system;
in response to the storing, receiving a change package at the first computer system, the change package including a change to at least one configuration item in the first computer system and metadata that identifies the change;
comparing, by the first computer system, the received metadata with the stored authorized change identification data;
installing the change on the first computer system in response to the comparison revealing that the received metadata matches one of the stored authorized change identification data; and
rejecting the change in response to the comparison revealing that the received metadata does not match any of the stored authorized change identification data, wherein the rejecting prevents unauthorized application of the change package to the first computer system before the change package is applied.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and program product is provided that distributes authorized changes to the organization'"'"'s entities and has the individual computer systems police configuration changes. A system receives change approval packages, each of the change approval packages including authorized change identification data that identifies authorized changes to the system. The authorized change identification data are stored in a storage area of the system. Subsequently, a change package is received by the computer system. The change package includes a change to the computer system and metadata that identifies the change. The metadata is compared with the authorized change identification data. If the metadata matches one of the authorized change identification data, then the change is installed, otherwise the change is rejected.
-
Citations
17 Claims
-
1. A computer-implemented method comprising:
-
receiving one or more change approval packages at a first computer system from a second computer system including a configuration management database, each of the change approval packages including authorized change identification data that identifies one or more authorized changes of at least one configuration item in the first computer system, and wherein each change approval package is a result of an approved request for change that is stored in an authorized configurations area of the configuration management database prior to being received at the first computer system; storing the received authorized change identification data in an authorization configuration storage area associated with the first computer system; in response to the storing, receiving a change package at the first computer system, the change package including a change to at least one configuration item in the first computer system and metadata that identifies the change; comparing, by the first computer system, the received metadata with the stored authorized change identification data; installing the change on the first computer system in response to the comparison revealing that the received metadata matches one of the stored authorized change identification data; and rejecting the change in response to the comparison revealing that the received metadata does not match any of the stored authorized change identification data, wherein the rejecting prevents unauthorized application of the change package to the first computer system before the change package is applied. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A information handling system comprising:
-
one or more processors; a memory accessible by at least one of the processors; a nonvolatile storage area accessible by at least one of the processors; a network interface that connects the information handling system to a computer network; a set of instructions stored in the memory and executed by at least one of the processors in order to perform actions of; receiving, via the network interface from a second information handling system connected to the computer network, the second information handling system including a configuration management database, one or more change approval packages, each of the change approval packages including authorized change identification data that identifies one or more authorized changes of at least one configuration item in the information handling system, and wherein each change approval package is a result of an approved request for change that is stored in an authorized configurations area of the configuration management database prior to being received at the information handling system; storing the received authorized change identification data in an authorization configuration storage area included in the nonvolatile storage area; in response to the storing, receiving, via the network interface from a third information handling system connected to the computer network, a change package at the information handling system, the change package including a change to the information handling system and metadata that identifies the change; comparing the received metadata with the stored authorized change identification data; installing the change on the information handling system in response to the comparison revealing that the received metadata matches one of the stored authorized change identification data; and rejecting the change in response to the comparison revealing that the received metadata does not match any of the stored authorized change identification data, wherein the rejecting prevents unauthorized application of the change package to the information handling system before the change package is applied. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer program product stored in a computer readable storage medium, comprising functional descriptive material that, when executed by an information handling system, causes the information handling system to perform actions that include:
-
receiving one or more change approval packages at a first computer system from a second computer system including a configuration management database, each of the change approval packages including authorized change identification data that identifies one or more authorized changes of at least one configuration item in the first computer system, and wherein each change approval package is a result of an approved request for change that is stored in an authorized configurations area of the configuration management database prior to being received at the first computer system; storing the received authorized change identification data in an authorization configuration storage area associated with the first computer system; in response to the storing, receiving a change package at the first computer system, the change package including a change to the first computer system and metadata that identifies the change; comparing, by the first computer system, the received metadata with the stored authorized change identification data; installing the change on the first computer system in response to the comparison revealing that the received metadata matches one of the stored authorized change identification data; and rejecting the change in response to the comparison revealing that the received metadata does not match any of the stored authorized change identification data, wherein the rejecting prevents unauthorized application of the change package to the first computer system before the change package is applied. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification