Peer configuration analysis and enforcement

US 9,542,177 B1
Filed: 10/30/2012
Issued: 01/10/2017
Est. Priority Date: 10/30/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for maintaining a class of systems in a preferred configuration comprising:

defining the class of systems using at least one computer processor;

designating at least one of the systems in the class of systems as a configuration standard, either singly or jointly, using the at least one computer processor, wherein the at least one of the class of systems has the preferred configuration;

generating, in response to the designating the at least one of the systems in the class of systems as the configuration standard, a statement of a configuration of the configuration standard using the at least one computer processor, wherein the statement of the configuration of the configuration standard comprises an indicator of a set of data residing on the configuration standard and an indicator of a version of at least one software application operating on the configuration standard;

receiving, from a first one of the class of systems over a network, a statement of a configuration of the first one of the class of systems, wherein the statement of the configuration of the first one of the class of systems comprises an indicator of a set of data residing on the first one of the class of systems and an indicator of a version of at least one software application operating on the first one of the class of systems, and wherein the first one of the class of systems is not the configuration standard;

comparing the statement of the configuration of the configuration standard to the statement of the configuration of the first one of the class of systems using the at least one computer processor;

determining that the statement of the configuration of the configuration standard is not equivalent to the statement of the configuration of the first one of the class of systems; and

transmitting a data package comprising a configuration change to at least one of the configuration standard or the first one of the class of systems.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The states or configurations of peer hosts within a host class may be analyzed and enforced by comparing records of the respective systems'"'"' states or configurations to one another and taking steps to address any inconsistencies between the records. In such a manner, the respective systems within the host class may identify, analyze and/or correct any changes in states or configurations of any of the systems, which may have been caused by a malfunction or security breach. The configurations may include one or more of a set of data, a version of a software application, a level of permission, a particular operational setting or any other element of operation. The hosts may be defined as peers based on a common location or a common function of each of the systems, or on any other basis, and the records may include any relevant data relating to the states or configurations of each of the systems.

53 Citations

View as Search Results

26 Claims

1. A computer-implemented method for maintaining a class of systems in a preferred configuration comprising:
- defining the class of systems using at least one computer processor;
  
  designating at least one of the systems in the class of systems as a configuration standard, either singly or jointly, using the at least one computer processor, wherein the at least one of the class of systems has the preferred configuration;
  
  generating, in response to the designating the at least one of the systems in the class of systems as the configuration standard, a statement of a configuration of the configuration standard using the at least one computer processor, wherein the statement of the configuration of the configuration standard comprises an indicator of a set of data residing on the configuration standard and an indicator of a version of at least one software application operating on the configuration standard;
  
  receiving, from a first one of the class of systems over a network, a statement of a configuration of the first one of the class of systems, wherein the statement of the configuration of the first one of the class of systems comprises an indicator of a set of data residing on the first one of the class of systems and an indicator of a version of at least one software application operating on the first one of the class of systems, and wherein the first one of the class of systems is not the configuration standard;
  
  comparing the statement of the configuration of the configuration standard to the statement of the configuration of the first one of the class of systems using the at least one computer processor;
  
  determining that the statement of the configuration of the configuration standard is not equivalent to the statement of the configuration of the first one of the class of systems; and
  
  transmitting a data package comprising a configuration change to at least one of the configuration standard or the first one of the class of systems.
- View Dependent Claims (2, 3)
- - 2. The computer-implemented method of claim 1, wherein the data package comprises at least one of an upgraded set of source code, an upgrade to the at least one software application, a registry key, a change in a setting or a level of permission.
  - 3. The computer-implemented method of claim 1, further comprising:
    - receiving, from a second one of the class of systems, a statement of a configuration of the second one of the class of systems, wherein the statement of the configuration of the second one of the class of systems comprises an indicator of a set of data on the second one of the class of systems and an indicator of a version of operating software on the second one of the class of systems, and wherein the second one of the class of systems is not the configuration standard;
      
      comparing the statement of the configuration of the configuration standard to the statement of the configuration of the second one of the class of systems; and
      
      determining that the statement of the configuration of the configuration standard is not equivalent to the statement of the configuration of the second one of the class of systems; and
      
      transmitting a data package comprising a configuration change to at least one of the configuration standard and the second one of the class of systems.

4. A computer-implemented method comprising:
- defining a host class using at least one computer processor, wherein the host class comprises a plurality of hosts;
  
  designating a first host in the host class as a configuration standard using the at least one computer processor;
  
  generating, at the first host, a metadata description of a configuration of at least the first host using at the least one computer processor;
  
  transmitting, from the first host to a second host, a request for a metadata description of a configuration of the second host over a network, wherein the second host is a peer of the first host;
  
  receiving, at the first host, the metadata description of the configuration of the second host;
  
  comparing, at the first host, the metadata description of the configuration of at least the first host to the metadata description of the configuration of the second host using the at least one computer processor;
  
  determining that the metadata description of the configuration of at least the first host is inequivalent to the metadata description of the configuration of the second host; and
  
  transmitting a data package comprising a change to at least one of the configuration of at least the first host or the configuration of the second host.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 5. The computer-implemented method of claim 4, wherein designating the first host in the host class as the configuration standard further comprises:
    - selecting the first host at random from the plurality of hosts in the host class using the at least one computer processor, wherein the plurality of hosts includes at least the first host and the second host, and wherein each host of the plurality of hosts is a peer of at least one other host of the plurality of hosts.
  - 6. The computer-implemented method of claim 4, wherein designating the first host in the host class as the configuration standard further comprises:
    - requesting a time associated with a configuration of each of a plurality of hosts in a host class; and
      
      selecting the one of the plurality of hosts in the host class having a most recent time associated with the configuration,wherein the selected one of the plurality of hosts in the host class is the first host.
  - 7. The computer-implemented method of claim 4, wherein designating the first host in the host class as the configuration standard further comprises:
    - requesting a time associated with a configuration of each of the plurality of hosts in the host class; and
      
      selecting the one of the plurality of hosts in the host class having a time associated with the configuration corresponding to a predetermined time,wherein the selected one of the plurality of hosts in the host class is the first host.
  - 8. The computer-implemented method of claim 4, further comprising:
    - determining a configuration of each of a predetermined number of the plurality of hosts in the host class;
      
      identifying a most common configuration among the predetermined number of hosts; and
      
      selecting one of the predetermined number of hosts having the most common configuration,wherein the selected one of the predetermined number of hosts is the first host.
  - 9. The computer-implemented method of claim 4, further comprising:
    - selecting the second host at random from the plurality of hosts in the host class using the at least one computer processor, wherein the plurality of hosts includes at least the first host and the second host, and wherein each host of the plurality of hosts is a peer of at least one other host of the plurality of hosts.
  - 10. The computer-implemented method of claim 4, further comprising:
    - receiving a metadata description of a configuration of each of the plurality of hosts, wherein the configuration of each of the plurality of hosts comprises a predetermined number of aspects with respect to the configuration of the respective one of the plurality of hosts;
      
      identifying a preferred one of each of the predetermined number of aspects based at least in part on the metadata descriptions of the configurations of the plurality of hosts; and
      
      defining an aggregate configuration based at least in part on the preferred aspects,wherein the configuration of at least the first host is the aggregate configuration.
  - 11. The computer-implemented method of claim 4, further comprising:
    - determining a cause of an inequivalence between the configuration of at least the first host and the configuration of the second host using the at least one computer processor, andidentifying the change to the at least one of the configuration of at least the first host or the configuration of the second host based at least in part on the cause of the inequivalence.
  - 12. The computer-implemented method of claim 11, wherein determining the cause of the inequivalence between the configuration of at least the first host and the configuration of the second host comprises:
    - identifying a fault in one of the first host or the second host using a conflict resolution mechanism, andwherein the change to the at least one of the configuration of at least the first host or the configuration of the second host is an upgrade to the configuration of the one of the first host or the configuration of the second host in which the fault is identified.
  - 13. The computer-implemented method of claim 12, wherein the fault is a security breach in one of the first host or the second host.
  - 14. The computer-implemented method of claim 11, wherein identifying the change to the at least one of the configuration of at least the first host or the configuration of the second host comprises at least one of sounding an alarm or transmitting a message to one of the first host or the second host.
  - 15. The computer-implemented method of claim 11, wherein the change to the at least one of the configuration of at least the first host or the configuration of the second host is at least one of an upgraded set of source code, an upgrade to the at least one software application, a registry key, a modification to a setting or a modification to level of permission.
  - 16. The computer-implemented method of claim 4, wherein the host class is defined based at least in part on at least one of:
    - a common location of the first host and the second host, ora common function performed by the first host and the second host.
  - 17. The computer-implemented method of claim 4, wherein defining the host class further comprises:
    - transmitting, from the first host, a message to each of the plurality of hosts in the host class, wherein each of the messages requests a confirmation as a peer of the first host; and
      
      receiving a response to the message from the plurality of hosts, wherein each of the responses includes the confirmation, and wherein the second host is one of the plurality of hosts, andwherein transmitting, from the first host to the second host, the request for the metadata description of the configuration of the second host further comprises;
      
      selecting the second host from the plurality of hosts based at least in part on the response to the message received from the second host using the at least one computer processor.
  - 18. The computer-implemented method of claim 4, further comprising:
    - installing an update to the configuration of the first host using the at least one computer processor,wherein transmitting the data package comprising the change to at least one of the configuration of at least the first host or the configuration of the second host further comprises;
      
      transmitting a message comprising the update from the first host to the second host.
  - 19. The computer-implemented method of claim 4, further comprising:
    - transmitting, from the first host to a third host, a request for a metadata description of a configuration of the third host over the network, wherein the third host is a peer of the first host;
      
      receiving, at the first host, the metadata description of the configuration of the third host;
      
      comparing, at the first host, the metadata description of the configuration of at least the first host to the metadata description of the configuration of the third host using the at least one computer processor;
      
      determining that the metadata description of the configuration of at least the first host is inequivalent to the metadata description of the configuration of the third host; and
      
      recording an inequivalence between the configuration of at least the first host and the configuration of the third host in the at least one data store.
  - 20. The computer-implemented method of claim 4, further comprising:
    - transmitting, from the second host to a third host, a request for a metadata description of a configuration of the third host over the network, wherein the third host is a peer of the second host;
      
      receiving, at the second host, the metadata description of the configuration of the third host;
      
      comparing, at the second host, the metadata description of the configuration of the second host to the metadata description of the configuration of the third host using the at least one computer processor;
      
      determining that the metadata description of the configuration of the second host is inequivalent to the metadata description of the configuration of the third host; and
      
      recording an inequivalence between the configuration of the second host and the configuration of the third host in the at least one data store.
  - 21. The computer-implemented method of claim 4, further comprising:
    - transmitting, from the second host to each of the plurality of hosts in the host class, a request for a metadata description of a configuration of the each of the plurality of hosts in the host class over the network, wherein each of the plurality of hosts in the host class is a peer of the second host;
      
      receiving, at the second host, a metadata description of a configuration of at least some of the plurality of hosts in the host class over the network;
      
      comparing, at the second host, the metadata description of the configuration of the second host to the metadata descriptions of each of the configurations of the at least some of the plurality of hosts using the at least one computer processor;
      
      determining that the metadata description of the configuration of the second host is inequivalent to at least one of the metadata descriptions of at least one of the configurations of the at least some of the plurality of hosts in the host class; and
      
      recording an inequivalence between the configuration of the second host and the at least one of the configurations of the at least some of the plurality of hosts in the at least one data store.

22. A networked computer system comprising a fleet of hosts,wherein each of the hosts in the fleet is a peer to at least one other host in the fleet, andwherein at least one of the hosts is adapted to execute a computer program causing the networked computer system to at least:
- select one of the hosts in the fleet as a standard host using at least one computer processor;
  
  define a first group of the hosts in the fleet, using the at least one computer processor, wherein the first group comprises at least two of the hosts in the fleet, other than the standard host;
  
  define a second group of the hosts in the fleet, using the at least one computer processor, wherein the second group of comprises at least two of the hosts in the fleet, other than the standard host;
  
  generate a record of a configuration of the standard host, using the at least one computer processor;
  
  request a record of a configuration of a first one of the hosts in the first group, wherein the first one of the hosts in the first group is a peer of the standard host;
  
  request a record of a configuration of a first one of the hosts in the second group, wherein the first one of the hosts in the second group is a peer of the standard host;
  
  compare the record of the configuration of the standard host to the record of the configuration of the first one of the hosts in the first group;
  
  if the record of the configuration of the standard host is equivalent to the record of the configuration of the first one of the hosts in the first group,record an equivalency between the configuration of the standard host and the configuration of the first one of the hosts in the first group in a data store;
  
  if the record of the configuration of the standard host is inequivalent to the record of the configuration of the first one of the hosts in the first group,record an inequivalence between the configuration of the standard host and the configuration of the first one of the hosts in the first group in the data store;
  
  compare the record of the configuration of the standard host to the record of the configuration of the first one of the hosts in the second group;
  
  if the record of the configuration of the standard host is equivalent to the record of the configuration of the first one of the hosts in the second group,record an equivalency between the configuration of the standard host and the configuration of the first one of the hosts in the second group in the data store; and
  
  if the record of the configuration of the standard host is inequivalent to the record of the configuration of the first one of the hosts in the second group,record an inequivalence between the configuration of the standard host and the configuration of the first one of the hosts in the second group in the data store.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The networked computer system of claim 22, wherein the computer program further causes the networked computer system to at least:
    - request a record of a configuration of a second one of the hosts in the first group;
      
      request a record of a configuration of a second one of the hosts in the second group;
      
      compare the record of the configuration of the first one of the hosts in the first group to the record of the configuration of the second one of the hosts in the first group;
      
      if the record of the configuration of the first one of the hosts in the first group is equivalent to the record of the configuration of the second one of the hosts in the first group,record an equivalency between the configuration of the first one of the hosts in the first group and the configuration of the second one of the hosts in the first group in a data store;
      
      if the record of the configuration of the first one of the hosts in the first group is inequivalent to the record of the configuration of the second one of the hosts in the first group,record an inequivalence between the configuration of the first one of the hosts in the first group and the configuration of the second one of the hosts in the first group in the data store;
      
      compare the record of the configuration of the first one of the hosts in the second group to the record of the configuration of the second one of the hosts in the second group;
      
      if the record of the configuration of the first one of the hosts in the second group is equivalent to the record of the configuration of the second one of the hosts in the second group,record an equivalency between the configuration of the first one of the hosts in the second group and the configuration of the second one of the hosts in the second group in the data store; and
      
      if the record of the configuration of the first one of the hosts in the second group is inequivalent to the record of the configuration of the second one of the hosts in the second group,record an inequivalence between the configuration of the first one of the hosts in the second group and the configuration of the second one of the hosts in the second group in the data store.
  - 24. The networked computer system of claim 22, wherein the computer program further causes the networked computer system to at least:
    - update the configuration of the standard host, wherein the updated configuration of the standard host comprises at least one of an upgraded set of source code, an upgrade to the at least one software application, a registry key, a change in a setting or a change in a level of permission.
  - 25. The networked computer system of claim 22, wherein the computer program further causes the networked computer system to at least:
    - request a time associated with each of a plurality of the hosts in the fleet; and
      
      select the one of the plurality of hosts in the fleet having the most recent time associated with the configuration,wherein the selected one of the plurality of hosts in the fleet is the standard host.
  - 26. The networked computer system of claim 22, wherein the computer program further causes the networked computer system to at least:
    - determine a configuration of each of a predetermined number of hosts in the fleet; and
      
      determine a most common configuration among the predetermined number of hosts,wherein the configuration of the standard host is the most common configuration, andwherein the one of the hosts in the fleet selected as the standard host has the most common configuration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Gehre, Charles Craig, Johansson, Jesper M.
Primary Examiner(s)
Donabed, Ninos

Application Number

US13/663,899
Time in Patent Office

1,533 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 40/197   Version control for softwar...

G06F 8/71   Version control security ar...

H04L 41/00   Arrangements for maintenanc...

H04L 41/0813   characterised by the condit...

H04L 41/0873   Checking configuration conf...

H04L 63/0272   Virtual private networks

Peer configuration analysis and enforcement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Peer configuration analysis and enforcement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links