Multi-level administration of shared network resources

US 8,516,160 B1
Filed: 04/27/2004
Issued: 08/20/2013
Est. Priority Date: 05/09/2003
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition;

associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition;

associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and

routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment of the present invention, there is provided a mechanism for implementing multi-level network administration in operating system partitions. With this mechanism, it is possible to control how network messages are routed and how network resources are used at multiple levels of an operating system environment. In one embodiment, a global administrator can control (or at least affect) routing at the partition level by setting the partition message processing rules. Similarly, a partition administrator can control (or at least affect) routing at the process group level by setting the process group message processing rules. Further, the global administrator can control the amount of a network resource that can be allocated to a non-global partition as a whole, and the partition administrator can control how that amount of the particular network resource can be allocated to the various projects within that non-global partition.

Citations

15 Claims

1. A machine-implemented method, comprising:
- establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition;
  
  associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition;
  
  associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and
  
  routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a global administrator sets the set of one or more partition message processing rules.
  - 3. The method of claim 1, wherein a partition administrator sets the set of one or more process group message processing rules.
  - 4. The method of claim 1, further comprising:
    - establishing a partition filter table comprising partition message processing rules; and
      
      establishing a process group filter table comprising process group message processing rules.
  - 5. The method of claim 4, further comprising:
    - receiving from a global administrator at least one partition message processing rule for storage into the partition filter table; and
      
      receiving from a partition administrator at least one process group message processing rule for storage into the process group filter table.
  - 6. The method of claim 1, wherein routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules further comprises:
    - discarding the network message if the network message fails to satisfy at least one of the set of one or more process group message processing rules and at least one of the set of one or more partition message processing rules.
  - 7. The method of claim 1, wherein routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules further comprises controlling network traffic based upon at least one of:
    - a security configuration, an IP address, a port, a network protocol and a packet filtering scheme.

8. A machine-readable storage medium carrying one or more sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition;
  
  associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition;
  
  associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and
  
  routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The machine-readable storage medium of claim 8, wherein a global administrator sets the set of one or more partition message processing rules.
  - 10. The machine-readable storage medium of claim 8, wherein a partition administrator sets the set of one or more process group message processing rules.
  - 11. The machine-readable storage medium of claim 8, further comprising instructions for carrying out the steps of:
    - establishing a partition filter table comprising partition message processing rules; and
      
      establishing a process group filter table comprising process group message processing rules.
  - 12. The machine-readable storage medium of claim 11, further comprising instructions for carrying out the steps of:
    - receiving from a global administrator at least one partition message processing rule for storage into the partition filter table; and
      
      receiving from a partition administrator at least one process group message processing rule for storage into the process group filter table.
  - 13. The machine-readable storage medium of claim 8, wherein instructions for carrying out the step of routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules further comprises instructions for carrying out the steps of:
    - discarding the network message if the network message fails to satisfy at least one of the set of one or more process group message processing rules and at least one of the set of one or more partition message processing rules.
  - 14. The machine-readable storage medium of claim 8, wherein instructions for carrying out the step of routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules further comprises instructions for carrying out the step of controlling network traffic based upon at least one of:
    - a security configuration, an IP address, a port, a network protocol and a packet filtering scheme.

15. An apparatus, comprising:
- a mechanism for establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition;
  
  a mechanism for associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition;
  
  a mechanism for associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and
  
  a mechanism for routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Gabriel, Andrew D.
Primary Examiner(s)
Fan, Hua

Application Number

US10/833,474
Time in Patent Office

3,402 Days
Field of Search

709/250
US Class Current

709/250
CPC Class Codes

G06F 11/3476   Data logging G06F11/14, G06...

Y10S 707/99931   Database or file accessing

Y10S 707/99943   Generating database or data...

Multi-level administration of shared network resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-level administration of shared network resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links