System and method for intelligent workload management

US 8,745,205 B2
Filed: 03/16/2010
Issued: 06/03/2014
Est. Priority Date: 11/25/2009
Status: Active Grant

First Claim

Patent Images

1. A system for intelligent workload management, comprising:

an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity and at least one identity providing complete anonymity for the at least one managed entity;

an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least managed entity associated with the unique identity from the federated information stored in the identity vault;

an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and

a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;

create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources, and wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer;

embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure;

insert a management agent within the service distribution at an injection point in the physical distribution layer, wherein the management agent monitors one or more events associated with the service distribution; and

remove the management agent from the service distribution in response to determining that the management agents have completed the tasks to manage the service distributionaudit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events for compliance with one or more policies or compliance with a workload profile defined for the service distributionwherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications; and

wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources. Further, the authentication tokens may be embedded in the service distributions, whereby the embedded authentication tokens may control access to the resources in the information technology infrastructure.

Citations

12 Claims

1. A system for intelligent workload management, comprising:
- an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity and at least one identity providing complete anonymity for the at least one managed entity;
  
  an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least managed entity associated with the unique identity from the federated information stored in the identity vault;
  
  an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and
  
  a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;
  
  create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources, and wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer;
  
  embed the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure;
  
  insert a management agent within the service distribution at an injection point in the physical distribution layer, wherein the management agent monitors one or more events associated with the service distribution; and
  
  remove the management agent from the service distribution in response to determining that the management agents have completed the tasks to manage the service distributionaudit a lifecycle for the service distribution, wherein auditing the lifecycle for the service distribution includes analyzing the monitored events for compliance with one or more policies or compliance with a workload profile defined for the service distributionwherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications; and
  
  wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution.
- View Dependent Claims (2)
- - 2. The system of claim 1, wherein auditing the lifecycle for the service distribution further includes:
    - tracking an evolution of the lifecycle for the service distribution, wherein the evolution of the lifecycle for the service distribution includes one or more changes applied to the service distribution across a plurality of lifecycle modes associated with the service distribution;
      
      retiring the service distribution, wherein retiring the service distribution includes de-provisioning any existing versions of the service distribution, including the service distribution created for the managed entity; and
      
      re-releasing a modified version of the service distribution to an image repository, wherein the modified version of the service distribution re-released to the image repository includes at least one of the changes applied to the service distribution during the lifecycle evolution for the service distribution.

3. A system for intelligent workload management, comprising:
- an identity vault that stores federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that can provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity providing complete anonymity for the at least one managed entity;
  
  an authentication server that generates an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault;
  
  an information technology infrastructure that includes a network having a plurality of physical resources and one or more storage systems; and
  
  a management infrastructure that manages one or more services for the at least one managed entity, wherein the management infrastructure is configured to;
  
  create a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of the plurality of physical resources in the network;
  
  embed an authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution, wherein the embedded authentication token controls access to the information technology infrastructure;
  
  wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer;
  
  wherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications;
  
  wherein the physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution; and
  
  wherein the physical distribution layer further includes a management agent injection point, and wherein the management infrastructure is further configured to;
  
  insert one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and
  
  remove the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. The system of claim 3, wherein the management infrastructure is further configured to restore a state of the service distribution in response to removing the one or more management agents from the service distribution.
  - 5. The system of claim 4, wherein the management infrastructure removes a runtime state for the management agents from the service distribution and rolls back one or more changes that the management agents applied to the service distribution in order to execute the one or more tasks to restore the state of the service distribution.
  - 6. The system of claim 3, wherein the management infrastructure is further configured to:
    - identify a current lifecycle mode associated with the service distribution, wherein the inserted management agents are associated with the identified mode; and
      
      determine that the management agents have completed the tasks to manage the service distribution in response to one or more policies permitting a change from the current lifecycle mode to another lifecycle mode.
  - 7. The system of claim 6, wherein the current lifecycle mode associated with the service distribution includes one or more of a creation mode, a release mode, a production mode, a maintenance mode, a re-release mode, or a retirement mode.
  - 8. The system of claim 3 wherein the physical distribution layer, further includes a management agent injection point, and wherein the management infrastructure is further configured to:
    - insert one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and
      
      remove the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution.

9. A method for intelligent workload management, comprising:
- storing, in an identity vault, federated information defining a unique identity for at least one managed entity across a plurality of authentication domains, the unique identity in the identity vault including abstractions that can provide access to authoritative attributes, active roles, and valid policies for the at least one managed entity, and wherein the at least one managed entity includes other unique identities in the identity vault, the unique identity and each of the other unique identities include different roles from one another and at least one identity providing complete anonymity for the at least one managed entity;
  
  generating, at an authentication server, an authentication token defining authorizations or permissions assigned to the unique identity across the plurality of authentication domains, wherein the authentication server generates the authentication token for the at least one managed entity associated with the unique identity from the federated information stored in the identity vault;
  
  creating, at a management infrastructure, a service distribution for the at least one managed entity, wherein the service distribution includes one or more virtual machine images hosted on one or more of a plurality of physical resources in an information technology infrastructure that includes a network having the plurality of physical resources and one or more storage systems; and
  
  embedding the authentication token that defines the authorizations or permissions assigned to the unique identity in the service distribution created for the at least one managed entity, wherein the embedded authentication token controls access to the information technology infrastructure;
  
  wherein the service distribution created for the at least one managed entity partitions the one or more hosted virtual machine images into a physical distribution layer and a virtual distribution layer,wherein the virtual distribution layer includes a storage pointer that identifies a storage location allocated to the service distribution in the one or more storage systems, an operating system that runs one or more applications, and a workload profile that defines configurations for one or more of the storage pointer, the operating system, or the one or more applications, andthe physical distribution layer includes a functional kernel, one or more hardware drivers, a hypervisor, and one or more software packages that collectively provide an interface from the virtual distribution layer to the one or more physical resources in the network that host the virtual machine images in the service distribution,wherein the physical distribution layer further includes a management agent injection point, and wherein the method further comprises;
  
  inserting one or more management agents within the service distribution at the injection point, wherein the inserted management agents are configured to execute one or more tasks to manage the service distribution; and
  
  removing the one or more management agents from the service distribution in response to determining that the management agents have completed the tasks to manage the service distribution.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising restoring a state of the service distribution in response to removing the one or more management agents from the service distribution, wherein restoring the state of the service distribution includes:
    - removing a runtime state for the management agents from the service distribution; and
      
      rolling back one or more changes that the management agents applied to the service distribution in order to execute the one or more tasks.
  - 11. The method of claim 9, further comprising:
    - identifying a current lifecycle mode associated with the service distribution, wherein the inserted management agents are associated with the identified lifecycle mode; and
      
      determining that the management agents have completed the tasks to manage the service distribution in response to one or more policies permitting a change from the current lifecycle mode to another lifecycle mode.
  - 12. The method of claim 11, wherein the current lifecycle mode associated with the service distribution includes one or more of a creation mode, a release mode, a production mode, a maintenance mode, a re-release mode, or a retirement mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Anderson, Eric W. B., Wipfel, Robert, Kohari, Moiz
Primary Examiner(s)
Avellino, Joseph E
Assistant Examiner(s)
CONAWAY, JAMES E

Application Number

US12/725,241
Publication Number

US 20110125894A1
Time in Patent Office

1,540 Days
Field of Search

709/224, 718/1
US Class Current

709/224
CPC Class Codes

G06F 21/31   User authentication

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06Q 10/06   Resources, workflows, human...

G06Q 10/06313   Resource planning in a proj...

G06Q 10/10   Office automation; Time man...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/14   for detecting or protecting...

H04L 9/3213   using tickets or tokens, e....

System and method for intelligent workload management

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for intelligent workload management

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links