Personas in application lifecycle management

US 9,363,270 B2
Filed: 06/29/2012
Issued: 06/07/2016
Est. Priority Date: 06/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for managing administrative access to a computing platform having a plurality of tiered computing components, including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the method comprising:

determining a group of platform administrators comprised of users authorized to configure a plurality of personas;

determining a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components;

generating, at a server, the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment, and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and

registering, at the server, administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by;

generating, at the server, a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and

based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user management construct, referred to as a persona, is provided to enable a flexible mechanism that grants elevated or administrative privileges to users, such as application developers. Developers may utilize the privileges bestowed by a persona to execute tasks that normally requires access by traditional information (IT) roles, such as IT administrators, to deploy applications in a cloud computing environment. The tasks may include the provisioning of virtual or physical computing resources and/or the configuration of compute, storage, and networking resources.

Citations

13 Claims

1. A method for managing administrative access to a computing platform having a plurality of tiered computing components, including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the method comprising:
- determining a group of platform administrators comprised of users authorized to configure a plurality of personas;
  
  determining a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components;
  
  generating, at a server, the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment, and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and
  
  registering, at the server, administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by;
  
  generating, at the server, a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and
  
  based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - selecting a second one of the personas to be associated with a second user to carry out the set of administrative tasks defined by the second persona without knowledge of the registered administrative credentials.
  - 3. The method of claim 1, wherein the first user is associated with the first persona for a predefined period of time.
  - 4. The method of claim 3, further comprising:
    - configuring the predefined period of time for each of the personas.
  - 5. The method of claim 1, further comprising:
    - terminating execution of the set of administrative tasks upon expiry of the time constraint.

6. A non-transitory computer-readable storage medium storing instructions that, when executed by a processor, performs an operation for managing a computing infrastructure having a plurality of tiered computing components, including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the operation comprising:
- determining a group of platform administrators comprised of users authorized to configure a plurality of personas;
  
  determining a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components;
  
  generating the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and
  
  registering administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by;
  
  generating a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and
  
  based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment.
- View Dependent Claims (7, 8)
- - 7. The non-transitory computer-readable storage medium of claim 6, wherein the instructions further comprise instructions for:
    - terminating execution of the set of administrative tasks upon expiry of the time constraint.
  - 8. The non-transitory computer-readable storage medium of claim 6, wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of tiered computing components.

9. A system for managing administrative access to a computing platform having a plurality of tiered computing components including a plurality of compute devices, a plurality of network devices, and a virtualization environment, the system comprising:
- at least one server computing device to;
  
  determine a group of platform administrators comprised of users authorized to configure a plurality of personas;
  
  determine a group of platform users comprised of users authorized to perform administrative tasks on the tiered computing components without knowledge of any administrative credentials for the tiered computing components;
  
  generate the plurality of personas, wherein each persona defines a set of administrative tasks that a user associated with the persona is permitted to execute on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment, and wherein the persona comprises a federated identity for a group of users having a time-limited administrative privileges on one or more of the plurality of compute devices, the plurality of network devices, and the virtualization environment; and
  
  register administrative credentials used to authorize executing administrative commands on each of the plurality of compute devices, the plurality of network devices, and the virtualization environment by;
  
  generating a mapping between a first user of the users and a first personas of the plurality of personas to authorize the first user to perform the administrative commands, the mapping including a time constraint indicating how long effects of executing the administrative commands are permitted to persist; and
  
  based on the mapping, allow the first user to execute the set of administrative tasks defined by the first persona without knowledge of the registered administrative credentials, wherein the set of administrative tasks are executed on one or more of the plurality of computing devices, the plurality of network devices, and the virtualization environment.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein the at least one server computing device is further configured to select a second one of the personas to be associated with a second user to carry out the set of administrative tasks defined by the second persona without knowledge of the registered credentials.
  - 11. The system of claim 9, wherein the first user is associated with the first persona for a predefined period of time.
  - 12. The system of claim 11, wherein the at least one server computing device is further configured to configure the predefined period of time for each of the personas.
  - 13. The system of claim 9, wherein the at least one server computing device is further configured to:
    - terminate execution of the set of administrative tasks upon expiry of the time constraint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
VCE Company, LLC (Dell Technologies Inc.)
Inventors
Lakshman, T.K., Kirchhofer, Richard, Musteata, Oleg, Mahapatra, Akshaya, Popuri, Radha
Primary Examiner(s)
Donabed, Ninos

Application Number

US13/538,466
Publication Number

US 20140006617A1
Time in Patent Office

1,439 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

G06F 9/4451   User profiles; Roaming

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

Personas in application lifecycle management

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Personas in application lifecycle management

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links