Multi-level administration of shared network resources
First Claim
1. A machine-implemented method, comprising:
- establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition;
associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition;
associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and
routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment of the present invention, there is provided a mechanism for implementing multi-level network administration in operating system partitions. With this mechanism, it is possible to control how network messages are routed and how network resources are used at multiple levels of an operating system environment. In one embodiment, a global administrator can control (or at least affect) routing at the partition level by setting the partition message processing rules. Similarly, a partition administrator can control (or at least affect) routing at the process group level by setting the process group message processing rules. Further, the global administrator can control the amount of a network resource that can be allocated to a non-global partition as a whole, and the partition administrator can control how that amount of the particular network resource can be allocated to the various projects within that non-global partition.
-
Citations
15 Claims
-
1. A machine-implemented method, comprising:
-
establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition; associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition; associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-readable storage medium carrying one or more sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition; associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition; associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a mechanism for establishing, by an operating system, a plurality of non-global operating system partitions within a global operating system environment provided by the operating system, wherein each non-global operating system partition serves to isolate processes running within that non-global operating system partition from other non-global operating system partitions within the global operating system environment, wherein enforcement of boundaries between the non-global operating system partitions is carried out by the operating system, wherein the non-global operating system partitions do not each have a separate operating system kernel executing therein, and wherein the plurality of non-global operating system partitions comprises a particular non-global operating system partition; a mechanism for associating a set of one or more partition message processing rules with the particular non-global operating system partition, wherein the set of one or more partition message processing rules indicates what type or types of network messages are allowed to be received by processes executing within the particular non-global operating system partition; a mechanism for associating a set of one or more process group message processing rules with a group of one or more processes executing within the particular non-global operating system partition, wherein the set of one or more process group message processing rules indicates what network messages are allowed to be received by the one or more processes in the group; and a mechanism for routing network traffic in accordance with the set of one or more partition message processing rules and the set of one or more process group message processing rules such that a network message is routed to the one or more processes in the group only if the network message satisfies at least one of the set of one or more partition message processing rules and at least one of the set of one or more process group message processing rules.
-
Specification