Policy and identity based workload provisioning

US 8,788,669 B2
Filed: 01/03/2011
Issued: 07/22/2014
Est. Priority Date: 01/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:

interrogating a resource infrastructure to acquire resource identities for resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure, hardware of the resource infrastructure for each resource is interrogated without interacting with an operating system or hypervisor of the resource infrastructure, the resource identities are specific to the resource infrastructure;

managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions, which that identity has in relation to the resource identities; and

dynamically provisioning the resources for handling the workloads based on;

requests from the requestors, the stage of readiness for each of the resources, enforcement of the policy specifications, and the resource identities within the resource infrastructure and ensuring that policy and identity-based constraints are enforced when dynamically provisioning.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool.

24 Citations

View as Search Results

19 Claims

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- interrogating a resource infrastructure to acquire resource identities for resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure, hardware of the resource infrastructure for each resource is interrogated without interacting with an operating system or hypervisor of the resource infrastructure, the resource identities are specific to the resource infrastructure;
  
  managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions, which that identity has in relation to the resource identities; and
  
  dynamically provisioning the resources for handling the workloads based on;
  
  requests from the requestors, the stage of readiness for each of the resources, enforcement of the policy specifications, and the resource identities within the resource infrastructure and ensuring that policy and identity-based constraints are enforced when dynamically provisioning.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising, visually presenting a state of the resource infrastructure via a display.
  - 3. The method of claim 1 further comprising, tracking usage of each resource within the resource infrastructure via the requestor identities, workload identities, and the resource identities.
  - 4. The method of claim 1, wherein interrogating further includes performing a hardware search within the resource infrastructure.
  - 5. The method of claim 1, wherein interrogating further includes dynamically interrogating specific resources at a known stage of readiness within the resource infrastructure or dynamically discovering specific resources for a given stage of readiness within the resource infrastructure and annotating those discovered resources within a resource pool.
  - 6. The method of claim 1, wherein interrogating further includes dynamically detecting an event indicating that a new resource is present within and interfaced to the resource infrastructure.
  - 7. The method of claim 1, wherein managing further includes permitting some of the policy specifications to be interactively created by a principal subject to access rights, privileges, and/or roles associated with:
    - the workload identities, the requestor identities, and an identity associated with the principal.
  - 8. The method of claim 1, wherein dynamically provisioning further includes one or more of:
    - annotating metadata associated with select resources to reserve those resources for specific types of the workloads;
      
      modifying a resource pool defining the resource infrastructure to ensure that some resources are restricted to the specific types; and
      
      preparing some resources at a particular stage of readiness for another stage of readiness.
  - 9. The method of claim 1, wherein dynamically provisioning further includes dynamically dereferencing a policy hierarchy associated with the resource infrastructure and enforcing the policy hierarchy when provisioning the resources for handling the workloads.

10. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- receiving a request to provision a resource from a requestor;
  
  identifying a workload associated with the request, the request does not directly identify the workload and the workload comprising tasks that are to be performed via resources designated for handing the tasks and the request indirectly assists in identifying the workload via a type associated with one of the tasks, workload is identified by deriving the workload based on a particular type of task associated with the tasks;
  
  obtaining a policy specification having policies to resolve the request based on a requestor identity for the requestor and a workload identity for the workload, and each identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions, which that identity has in relation to the resources;
  
  evaluating the policies in view of a resource pool of available resources within a resource infrastructure, each resource annotated within the resource pool with a stage of readiness attribute; and
  
  provisioning a particular resource to handle the workload based on evaluation of the policies.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, wherein receiving further includes assigning access rights, privileges, and/or roles to the requestor with respect to the request.
  - 12. The method of claim 10, wherein obtaining further includes interacting with an administrator to define the policy specification.
  - 13. The method of claim 10, wherein evaluating further includes organizing the available resources within the resource pool based on the stages of readiness attributes for the available resources.
  - 14. The method of claim 10, wherein provisioning further includes configuring and initiating the particular resource for use within the resource infrastructure.
  - 15. The method of claim 10, wherein provisioning further includes reserving the particular resource for handling the workload within the resource infrastructure.

16. A multi-processor implemented system, comprising:
- one or more processors having a workload deployment service residing as executable instructions in a non-transitory medium that is configured to execute on the one or more processors;
  
  one or more of the processors having a resource prospector service residing as executable instructions in a non-transitory medium that is configured to execute on one or more of the processors; and
  
  one or more of the processors having a plurality of resource scouting services residing as executable instructions in a non-transitory medium that is configured to execute on one or more of the processors;
  
  the workload deployment service configured to dynamically provision resources within a resource infrastructure to handle workloads based on policies and identities associated with requestors, each requestor identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions, which that identity has in relation to the resources, the workloads, and the resources, and the resource prospector service is configured to interrogate the resource infrastructure to identify the resources and acquire resource identities for the resources, and a stage of readiness associated with each of the resources, hardware of the resource infrastructure for each resource is interrogated without interacting with an operating system or hypervisor of the resource infrastructure, and the identifies of the resources are specific to the resource infrastructure, each stage of readiness for a particular resource including a particular scouting service that is configured to communicate with that particular resource in that resource'"'"'s particular stage of readiness, the scouting services communicate with the resource prospector service and the resource prospector service communicates with the workload deployment service to dynamically provision the resources and to annotate particular stages or readiness within a resource pool for each resource of the resource infrastructure and ensuring that policy and identity-based constraints are enforced when dynamically provisioning.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the workload deployment service is configured to schedule a particular resource for handling a particular workload based on a particular policy.
  - 18. The system of claim 16, wherein the workload deployment service is configured to:
    - reserve particular resources for particular types of workloads, prepare the particular resources in advance of handling particular workloads, and authorize the particular resources to handle the particular workloads.
  - 19. The system of claim 16, further comprising, a resource monitor configured to execute on one or more of the processors, the resource monitor configured to monitor the resource infrastructure and report status of the resources individually, in groups, and/or as a whole for the entire resource infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Haskins, Gregory Matthew, Bahi, David H., Westervelt, Daniel Edward, Bultmeyer, Jonathan Paul, Carter, Stephen R
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
BUCKNOR, OLANREWAJU J

Application Number

US12/983,382
Publication Number

US 20120173728A1
Time in Patent Office

1,296 Days
Field of Search

709/226
US Class Current

709/226
CPC Class Codes

G06F 2209/5011   Pool

G06F 2209/503   Resource availability

G06F 9/5011   the resources being hardwar...

G06F 9/505   considering the load

H04L 67/1008   based on parameters of serv...

Policy and identity based workload provisioning

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Policy and identity based workload provisioning

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links