Policy implementation in a networked computing environment

US 9,088,570 B2
Filed: 03/26/2012
Issued: 07/21/2015
Est. Priority Date: 03/26/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for implementing policies in a networked cloud computing environment, comprising:

providing a set of layers of a cloud computing network stack in the networked computing environment, the set of cloud layers comprising;

a business processes as a service cloud layer providing business application services and industry solutions,a platform as a service cloud layer comprising;

an applications services sub-layer providing collaboration, analytics, and/or process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and/or spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-grained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, and an infrastructure as a service cloud layer comprising;

an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management,an optimization sub-layer providing heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing security management, tenant isolation, identity management, intrusion detection, and data protection;

evaluating an applicability of a policy to the set of layers of the cloud computing network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device;

determining an effectiveness of the policy as applied to the set of cloud layers; and

determining, based on a best-fit with regard to the effectiveness, a protocol for how and where to implement the policy for at least one cloud layer of the set of cloud layers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention relate to an approach for resolving and/or implementing policies based on layers of a network stack (e.g., cloud computing stack). Specifically, for a given policy that is being resolved, the system first evaluates the applicability of the policy to each layer in the network stack. For a given policy, the system then evaluates the relative effectiveness of applying the policy to achieve the overall goal of the policy. Based on the best fit evaluation of the relative comparison, the system then decides how and where the policy is enacted (e.g., determines a protocol for implementing the policy).

Citations

22 Claims

1. A computer-implemented method for implementing policies in a networked cloud computing environment, comprising:
- providing a set of layers of a cloud computing network stack in the networked computing environment, the set of cloud layers comprising;
  
  a business processes as a service cloud layer providing business application services and industry solutions,a platform as a service cloud layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and/or process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and/or spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-grained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, and an infrastructure as a service cloud layer comprising;
  
  an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management,an optimization sub-layer providing heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  evaluating an applicability of a policy to the set of layers of the cloud computing network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device;
  
  determining an effectiveness of the policy as applied to the set of cloud layers; and
  
  determining, based on a best-fit with regard to the effectiveness, a protocol for how and where to implement the policy for at least one cloud layer of the set of cloud layers.
- View Dependent Claims (2, 3, 4, 5, 6, 19)
- - 2. The computer-implemented method of claim 1, the evaluating comprising comparing a function of each of the set of cloud layers to an underlying purpose of the policy.
  - 3. The computer-implemented method of claim 1, the determining comprising determining, for each of the set of cloud layers, whether a set of standards set forth in the policy will be met if the policy is applied.
  - 4. The computer-implemented method of claim 1, further comprising, consolidating the policy with at least one other policy of the set of policies that is also applicable to the at least one cloud layer.
  - 5. The computer-implemented method of claim 4, the consolidating comprising:
    - generating a rules list from the policy and the at least one other policy;
      
      resolving any conflicts in the rules list; and
      
      generating, responsive to the resolving, a consolidated policy from the rules list.
  - 6. The computer-implemented method of claim 1, the determining of the protocol comprising prioritizing parent policies of the set of policies over child policies of the set of policies.
  - 19. The method of claim 1, further comprising inheriting the policy based on a cloud level inherited from a parent policy.

7. A system for implementing policies in a networked computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  provide a set of layers of a cloud computing network stack in the networked computing environment, the set of cloud layers comprising;
  
  a business processes as a service cloud layer providing business application services and industry solutions,a platform as a service cloud layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and/or process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and/or spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-grained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, and an infrastructure as a service cloud layer comprising;
  
  an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management,an optimization sub-layer providing heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  evaluate an applicability of a policy to the set of layers of the cloud computing network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device;
  
  determine an effectiveness of the policy as applied to the set of cloud layers; and
  
  determine, based on a best-fit with regard to the effectiveness, a protocol for how and where to implement the policy for at least one cloud layer of the set of cloud layers.
- View Dependent Claims (8, 9, 10, 11, 12, 20)
- - 8. The system of claim 7, the memory medium further comprising instructions for causing the system to compare a function of each of the set of cloud layers to an underlying purpose of the policy.
  - 9. The system of claim 7, the memory medium further comprising instructions for causing the system to determine, for each of the set of layers, whether a set of standards set forth in the policy will be met if the policy is applied.
  - 10. The system of claim 7, the memory medium further comprising instructions for causing the system to consolidate the policy with at least one other policy of the set of policies that is also applicable to the at least one cloud layer.
  - 11. The system of claim 10, the memory medium further comprising instructions for causing the system to:
    - generate a rules list from the policy and the at least one other policy;
      
      resolve any conflicts in the rules list; and
      
      generate, responsive to the resolving, a consolidated policy from the rules list.
  - 12. The system of claim 7, the memory medium further comprising instructions for causing the system to prioritize parent policies of the set of policies over child policies of the set of policies.
  - 20. The system of claim 7, further comprising inherit the policy based on a user role.

13. A computer program product for implementing policies in a networked computing environment, the computer program product comprising a computer readable storage device, and program instructions stored on the computer readable storage device, to:
- provide a set of layers of a cloud computing network stack in the networked computing environment, the set of cloud layers comprising;
  
  a business processes as a service cloud layer providing business application services and industry solutions,a platform as a service cloud layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and/or process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and/or spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-grained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, andan infrastructure as a service cloud layer comprising;
  
  an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management,an optimization sub-layer providing heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  evaluate an applicability of a policy to the set of layers of the cloud computing network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device;
  
  determine an effectiveness of the policy as applied to the set of cloud layers; and
  
  determine, based on a best-fit with regard to the effectiveness, a protocol for how and where to implement the policy for at least one cloud layer of the set of cloud layers.
- View Dependent Claims (14, 15, 16, 17, 21)
- - 14. The computer program product of claim 13, the computer readable storage device further comprising instructions to:
    - compare a function of each of the set of cloud layers to an underlying purpose of the policy, anddetermine, for the each of the set of cloud layers, whether a set of standards set forth in the policy will be met if the policy is applied.
  - 15. The computer program product of claim 13, the computer readable storage device further comprising instructions to consolidate the policy with at least one other policy of the set of policies that is also applicable to the at least one cloud layer.
  - 16. The computer program product of claim 15, the computer readable storage device further comprising instructions to:
    - generate a rules list from the policy and the at least one other policy;
      
      resolve any conflicts in the rules list; and
      
      generate, responsive to the resolving, a consolidated policy from the rules list.
  - 17. The computer program product of claim 13, the computer readable storage device further comprising instructions to prioritize parent policies of the set of policies over child policies of the set of policies.
  - 21. The computer program product of claim 13, further comprising instructions to inherit the policy based on a deployed cloud group comprising one of production versus non-production.

18. A method for deploying a system for implementing policies in a networked computing environment, comprising:
- providing computer infrastructure being operable to;
  
  providing a set of layers of a cloud computing network stack in the networked computing environment, the set of cloud layers comprising;
  
  a business processes as a service cloud layer providing business application services and industry solutions,a platform as a service cloud layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and/or process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and/or spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-grained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, andan infrastructure as a service cloud layer comprising;
  
  an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management,an optimization sub-layer providing heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  evaluating an applicability of a policy to the set of layers of the cloud computing network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device;
  
  determining an effectiveness of the policy as applied to the set of cloud layers; and
  
  determining, based on a best-fit with regard to the effectiveness, a protocol for how and where to implement the policy for at least one cloud layer of the set of cloud layers.
- View Dependent Claims (22)
- - 22. The method of claim 18, further comprising inheriting the policy based on a user'"'"'s business unit comprising at least one of financial services or healthcare services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Anderson, Jason L., Boss, Gregory J., Coveyduc, Jeffrey L., Murakami, Shaun T., Reif, John, Singh, Animesh
Primary Examiner(s)
Nguyen, Dustin
Assistant Examiner(s)
NGUYEN, HAO HONG

Application Number

US13/429,774
Publication Number

US 20130254360A1
Time in Patent Office

1,212 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Policy implementation in a networked computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Policy implementation in a networked computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links