Policy engine for cloud platform
First Claim
1. A method comprising:
- intercepting, by a policy engine process running on one or more computers associated with an organization, a communications packet that includes a cloud controller command and a command payload for managing a web application belonging to the organization in a cloud computing environment;
determining, by the policy engine process, that a particular set of rules corresponds to the cloud controller command of the intercepted packet and that the intercepted packet does not comply with the particular set of rules, wherein the particular set of rules is one of a plurality of sets of rules, and each set of rules represents a respective policy of the organization and corresponds to a respective cloud controller command;
in response, editing, by the policy engine process, the command payload of the intercepted packet to generate a modified packet that complies with the particular set of rules; and
forwarding, by the policy engine process, the modified packet rather than the intercepted packet to the cloud computing environment.
2 Assignments
0 Petitions
Accused Products
Abstract
A policy engine is situated within the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization'"'"'s policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization'"'"'s policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies.
-
Citations
24 Claims
-
1. A method comprising:
-
intercepting, by a policy engine process running on one or more computers associated with an organization, a communications packet that includes a cloud controller command and a command payload for managing a web application belonging to the organization in a cloud computing environment; determining, by the policy engine process, that a particular set of rules corresponds to the cloud controller command of the intercepted packet and that the intercepted packet does not comply with the particular set of rules, wherein the particular set of rules is one of a plurality of sets of rules, and each set of rules represents a respective policy of the organization and corresponds to a respective cloud controller command; in response, editing, by the policy engine process, the command payload of the intercepted packet to generate a modified packet that complies with the particular set of rules; and forwarding, by the policy engine process, the modified packet rather than the intercepted packet to the cloud computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; intercepting, by a policy engine process running on one or more computers associated with an organization, a communications packet that includes a cloud controller command and a command payload for managing a web application belonging to the organization in a cloud computing environment; determining, by the policy engine process, that a particular set of rules corresponds to the cloud controller command of the intercepted packet and that the intercepted packet does not comply with the particular set of rules, wherein the particular set of rules is one of a plurality of sets of rules, and each set of rules represents a respective policy of the organization and corresponds to a respective cloud controller command; in response, editing, by the policy engine process, the command payload of the intercepted packet to generate a modified packet that complies with the particular set of rules; and forwarding, by the policy engine process, the modified packet rather than the intercepted packet to the cloud computing environment. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product, encoded on one or more non-transitory computer storage media, comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
intercepting, by a policy engine process installed on one or more computers associated with an organization, a communications packet that includes a cloud controller command and a command payload for managing a web application belonging to the organization in a cloud computing environment; determining, by the policy engine process, that a particular set of rules corresponds to the cloud controller command of the intercepted packet and that the intercepted packet does not comply with the particular set of rules, wherein the particular set of rules is one of a plurality of sets of rules, and each set of rules represents a respective policy of the organization and corresponds to a respective cloud controller command; in response, editing, by the policy engine process, the command payload of the intercepted packet to generate a modified packet that complies with the particular set of rules; and forwarding, by the policy engine process, the modified packet rather than the intercepted packet to the cloud computing environment. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification