System and method for modeling interdependencies in a network datacenter

US 9,432,277 B2
Filed: 06/27/2014
Issued: 08/30/2016
Est. Priority Date: 06/07/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A system for modeling interdependencies in a network datacenter, comprising:

a machine-readable storage medium;

one or more physical processors;

a resource inventory containing information describing every resource in an information technology datacenter and every open communication port on the resources described in the resource inventory;

one or more listeners configured to observe any network conversations originating in the datacenter and involving the open communication ports on the resources described in the resource inventory; and

a correlation engine that analyzes at least one network conversation observed with the one or more listeners, wherein the one or more physical processors cause the correlation engine to;

drop the observed network conversation in response to determining that the observed network conversation fails to correlate with any of the open communication ports on the resources described in the resource inventory; and

model a relationship between two of the resources described in the resource inventory in response to determining that the Observed network conversation correlates with open communication ports on the two resources.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and method described herein may include a discovery engine that scans a network datacenter to inventory resources in the datacenter and populate a configuration management database with the resource inventory. One or more destination listeners created from the resource inventory may then selectively sample monitored flows in the datacenter to model interdependencies between the inventoried resources. For example, any monitored flows originating outside the datacenter or failing to correlate with the inventoried resources may be dropped, whereby the interdependencies may be modeled from a deliberately reduced sample of the monitored flows that have information relevant to modeling relationships between resources within the datacenter. Furthermore, directionalities for the monitored flows may be determined, wherein the directionalities provide further information relevant to modeling the relationships between the resources within the datacenter.

Citations

20 Claims

1. A system for modeling interdependencies in a network datacenter, comprising:
- a machine-readable storage medium;
  
  one or more physical processors;
  
  a resource inventory containing information describing every resource in an information technology datacenter and every open communication port on the resources described in the resource inventory;
  
  one or more listeners configured to observe any network conversations originating in the datacenter and involving the open communication ports on the resources described in the resource inventory; and
  
  a correlation engine that analyzes at least one network conversation observed with the one or more listeners, wherein the one or more physical processors cause the correlation engine to;
  
  drop the observed network conversation in response to determining that the observed network conversation fails to correlate with any of the open communication ports on the resources described in the resource inventory; and
  
  model a relationship between two of the resources described in the resource inventory in response to determining that the Observed network conversation correlates with open communication ports on the two resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the observed network conversation includes a first flow directed from an originating resource to a destination resource and a second flow directed from the destination resource to the originating resource.
  - 3. The system of claim 2, wherein the one or more listeners only observe the first flow in the network conversation directed from the originating resource to the destination resource.
  - 4. The system of claim 3, wherein the one or more processors further cause the correlation engine to determine that the modeled relationship has a directionality from the originating resource to the destination resource in response to locating the destination resource in the resource inventory.
  - 5. The system of claim 2, wherein the one or more processors further cause the correlation engine to:
    - determine whether the originating resource has a location that falls within a network address range for the information technology datacenter; and
      
      determine whether the destination resource has a location that falls within the network address range for the information technology datacenter.
  - 6. The system of claim 5, wherein the one or more processors further cause the correlation engine to drop the observed network conversation in response to the determined location for the originating resource or the determined location for destination resource falling outside the network address range for the information technology datacenter.
  - 7. The system of claim 5, wherein the one or more processors further cause the correlation engine to model the relationship between the two resources in response to the determined location for the originating resource and the determined location for the destination falling within the network address range for the information technology datacenter.
  - 8. The system of claim 1, further comprising a configuration management database configured to store the information contained in the resource inventory and a dependency map describing the modeled relationship.
  - 9. The system of claim 1, wherein the one or more processors further cause the correlation engine to validate whether the one or more listeners have previously observed activity that relates to a decision on de-provisioning the one or more listeners, in response to dropping the observed network conversation.
  - 10. The system of claim 9, wherein the one or more processors further cause the correlation engine to de-provision the one or more listeners in response to determining that the one or more listeners have not previously observed the activity.

11. A computer-implemented method of modeling interdependencies in a network datacenter, the method being implemented by one or more physical processors executing one or more computer program instructions which, when executed, perform the method, the method comprising:
- discovering a resource inventory with a discovery engine coupled to an information technology datacenter, wherein the resource inventory contains information describing every resource in the information technology datacenter and every open communication port on the resources described in the resource inventory;
  
  observing any network conversations originating in the datacenter and involving the open communication ports on the resources described in the resource inventory with one or more listeners;
  
  dropping, by the one or more physical processors, the observed network conversation in response to a correlation engine determining that the observed network conversation fails to correlate with any of the open communication ports on the resources described in the resource inventory; and
  
  modeling, by the one or more physical processors, a relationship between two of the resources described in the resource inventory in response to the correlation engine determining that the observed network conversation correlates with open communication ports on the two resources.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the observed network conversation includes a first flow directed from an originating resource to a destination resource and a second flow directed from the destination resource to the originating resource.
  - 13. The method of claim 12, wherein the one or more listeners only observe the first flow in the network conversation directed from the originating resource to the destination resource.
  - 14. The method of claim 13, further comprising determining that the modeled relationship has a directionality from the originating resource to the destination resource in response to the correlation engine locating the destination resource in the resource inventory.
  - 15. The method of claim 12, further comprising:
    - determining whether the originating resource has a location that falls within a network address range for the information technology datacenter; and
      
      determining whether the destination resource has a location that falls within the network address range for the information technology datacenter.
  - 16. The method of claim 15, further comprising dropping the observed network conversation in response to the correlation engine determining that the location for the originating resource or the location for destination resource falls outside the network address range for the information technology datacenter.
  - 17. The method of claim 15, further comprising modeling the relationship between the two resources in response to the correlating engine determining that the location for the originating resource and the location for the destination fall within the network address range for the information technology datacenter.
  - 18. The method of claim 11, further comprising populating a configuration management database with the information contained in the resource inventory and a dependency map describing the modeled relationship.
  - 19. The method of claim 11, further comprising validating whether the one or more listeners have previously observed activity that relates to a decision on de-provisioning the one or more listeners, in response to the correlation engine dropping the observed network conversation.
  - 20. The method of claim 19, further comprising de-provisioning the one or more listeners in response to the correlation engine determining that the one or more listeners have not previously observed the activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Westerfeld, Kurt Andrew, Judson, John Ross
Primary Examiner(s)
Avellino, Joseph E
Assistant Examiner(s)
ZAND, DAVOUD AMAN

Application Number

US14/317,773
Publication Number

US 20140310411A1
Time in Patent Office

795 Days
Field of Search

709/204, 709/208, 709/224
US Class Current

1/1
CPC Class Codes

G06F 8/71 Version control security ar...

H04L 43/10 Active monitoring, e.g. hea...

System and method for modeling interdependencies in a network datacenter

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for modeling interdependencies in a network datacenter

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links