System and method for intelligent workload management
First Claim
1. A system for intelligent workload management, comprising:
- an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity and at least one identity providing complete anonymity for the at least one managed entity;
an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least managed entity associated with the unique identity from the federated information stored in the identity vault;
an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and
a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;
create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources, and wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer;
embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure;
insert a management agent within the service distribution at an injection point in the physical distribution layer, wherein the management agent monitors one or more events associated with the service distribution; and
remove the management agent from the service distribution in response to determining that the management agents have completed the tasks to manage the service distributionaudit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events for compliance with one or more policies or compliance with a workload profile defined for the service distributionwherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications; and
wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution.
16 Assignments
0 Petitions
Accused Products
Abstract
The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure.
-
Citations
12 Claims
-
1. A system for intelligent workload management, comprising:
-
an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity and at least one identity providing complete anonymity for the at least one managed entity; an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least managed entity associated with the unique identity from the federated information stored in the identity vault; an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to; create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources, and wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer; embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure; insert a management agent within the service distribution at an injection point in the physical distribution layer, wherein the management agent monitors one or more events associated with the service distribution; and remove the management agent from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution audit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events for compliance with one or more policies or compliance with a workload profile defined for the service distribution wherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications; and wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution. - View Dependent Claims (2)
-
-
3. A system for intelligent workload management, comprising:
-
an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that can provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity providing complete anonymity for the at least one managed entity; an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault; an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to; create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources in the network; embed an authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure; wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer; wherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications; wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution; and wherein the physical distribution layer further includes a management agent injection point, and wherein the management infrastructure is further configured to; insert one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and remove the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. A method for intelligent workload management, comprising:
-
storing, in an identity vault, federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that can provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity providing complete anonymity for the at least one managed entity; generating, at an authentication server, an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault; creating, at a management infrastructure, a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of a plurality of physical resources in an information technology infrastructure that includes a network having the plurality of physical resources and one or more storage systems; and embedding the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution created for the at least one managed entity, wherein the embedded authentication token controls access to the information technology infrastructure; wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer, wherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications, and the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution, wherein the physical distribution layer further includes a management agent injection point, and wherein the method further comprises; inserting one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and removing the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution. - View Dependent Claims (10, 11, 12)
-
Specification