Method and system for simplifying distributed server management
First Claim
1. A method for receiving and executing, on one of a plurality of servers, a system call from a software application program, the method comprising the steps of:
- (a) providing a representation of a plurality of servers as a single virtual server, the representation of the single virtual server implemented by a virtual server client and a plurality of virtual server agents, at least one virtual server agent running on each one of the plurality of servers;
(b) receiving, by the virtual server client from a client-side software application program, an abstract system call that requests a service from an operating system of at least one of the plurality of servers, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one server; and
(c) instantiating in a thread-safe manner the abstract system call by;
identifying, by the virtual server client, a target server to receive the abstract system call and a corresponding virtual server agent associated with the target server;
transmitting the abstract system call to the identified agent for translation of the abstract system call into an operating system-specific system call for execution on the target server;
mapping a user identity for a user of the client-side software application program to an associated local user identity for the target server;
authorizing the abstract system call for the mapped local user identity based on at least one of role-based access control model and an access control list;
executing the operating system-specific system call using the mapped local user identity on the target server; and
receiving execution results from the virtual server agent.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple servers, supporting different operating systems, through a “virtual server.” A virtual server is an abstract model representing a collection of actual target servers. To represent multiple physical servers as one virtual server, abstract system calls that extend execution of operating-system-specific system calls to multiple servers, regardless of their supported operating systems, are used. A virtual server is implemented by a virtual server client and a collection of virtual server agents associated with a collection of actual servers.
-
Citations
61 Claims
-
1. A method for receiving and executing, on one of a plurality of servers, a system call from a software application program, the method comprising the steps of:
-
(a) providing a representation of a plurality of servers as a single virtual server, the representation of the single virtual server implemented by a virtual server client and a plurality of virtual server agents, at least one virtual server agent running on each one of the plurality of servers; (b) receiving, by the virtual server client from a client-side software application program, an abstract system call that requests a service from an operating system of at least one of the plurality of servers, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one server; and (c) instantiating in a thread-safe manner the abstract system call by; identifying, by the virtual server client, a target server to receive the abstract system call and a corresponding virtual server agent associated with the target server; transmitting the abstract system call to the identified agent for translation of the abstract system call into an operating system-specific system call for execution on the target server; mapping a user identity for a user of the client-side software application program to an associated local user identity for the target server; authorizing the abstract system call for the mapped local user identity based on at least one of role-based access control model and an access control list; executing the operating system-specific system call using the mapped local user identity on the target server; and receiving execution results from the virtual server agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A virtual server, having a virtual server client and a virtual server agent, for representing a plurality of servers as an abstract model, wherein the virtual server comprises:
-
(a) a virtual server client receiver for receiving, from a client-side software application program, an abstract system call that requests a service from an operating system of at least one of the plurality of servers, the abstract system call generated by the client-side software application program in response to command and with indifference to the operating system used by the at least one server; (b) a virtual server client instantiator, in communication with the virtual server client receiver, for instantiating the abstract system call in a thread-safe manner; (c) a virtual server client transmitter, in communication with the virtual server client instantiator, for transmitting the abstract system call; (d) a virtual server agent receiver for receiving the abstract system call from the virtual server client transmitter; (e) a virtual server agent translator for translating the abstract system call to an operating system specific system call; (f) a virtual server agent mapper for mapping a user identity for a user of the client-side software application program to an associated local user identity for a target server; (g) a virtual server agent authorizer for authorizing the abstract system call for the mapped local user identity based on at least one of a role-based access control model and an access control list; (h) a virtual server agent impersonator for impersonating the user of the client-side software application program using the mapped local user identity on the target server; and (i) a target server executor for executing the operating system specific system call on the target server associated with the virtual server agent in a thread-safe manner. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A method for securely executing a system call on a remote computer, the method comprising the steps of:
-
(a) receiving, by a virtual server client running on a client computer from an software application program running on the client computer and operated by an authenticated user, an abstract system call that requests a service from an operating system of at least one remote computer, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one remote computer; (b) instantiating in a thread-safe manner the abstract system call by; identifying, by the virtual server client, a virtual server agent running on a target remote computer to receive the abstract system call; (c) encrypting, by the virtual server client, the abstract system call; (d) communicating the encrypted abstract system call to the virtual server agent; (e) identifying, by the virtual server agent, the client computer and the authenticated user; (f) decrypting, by the virtual server agent, the encrypted abstract system call; (g) mapping the authenticated user to a local user on the target remote computer; (h) impersonating the authenticated user as the local user on the target remote computer; (i) authorizing the decrypted abstract system call for the local user based on at least one of role-based access control model and access control lists; (j) translating the abstract system call to an operating system specific system call; and (k) executing as the local user, by the virtual server agent, the operating system specific system call on the target remote computer. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55)
-
-
56. A virtual server for securely executing a system call on a remote computer, the virtual server comprising:
-
(a) a virtual server client receiver running on a client computer for receiving, from a software application program running on the client computer and operated by an authenticated user, an abstract system call that requests a service from an operating system of at least one remote computer, the abstract system call generated by the client-side software application program in response to a command and with indifference to the operating system used by the at least one remote computer; (b) a virtual client instantiator, in communication with the virtual server client receiver, for instantiating the abstract system call in a thread-safe manner by identifying a virtual server agent running on a target remote computer to receive the abstract system call; (c) a virtual server client encryptor, in communication with the virtual server client instantiator, for encrypting the abstract system call; (d) a virtual server client transmitter for communicating the encrypted abstract system call to the virtual server agent; (e) a virtual server agent decryptor, in communication with the virtual server client transmitter, for decrypting the encrypted abstract system call; (f) a virtual server agent identifier, in communication with a virtual server agent decryptor, for identifying the authenticated user and the client computer; (g) a virtual server agent mapper, in communication with the identifier and the decryptor, for mapping the authenticated user to a local user on the target remote computer; (h) a virtual server agent impersonator for impersonating the authenticated user as the local user on the target remote computer; (i) a virtual server agent authorizer, in communication with the virtual server agent impersonator, for authorizing the decrypted abstract system call for the local user based on at least one of role-based access control model and access control lists; (j) a virtual server agent translator for translating the abstract system call to an operating system specific system call; and (k) a virtual server agent executor, in communication with the virtual server agent authorizer, for executing the operating system specific system call as the local user on the target remote computer. - View Dependent Claims (57, 58, 59, 60, 61)
-
Specification