Policy implementation in a networked computing environment

US 9,641,392 B2
Filed: 05/06/2015
Issued: 05/02/2017
Est. Priority Date: 03/26/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing policies in a networked computing environment, comprising:

evaluating an applicability of a policy to a set of layers of a network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device, the set of layers comprising;

a business processes as a service layer providing at least one of;

business application services or industry solutions,a platform as a service layer comprising;

an applications services sub-layer providing collaboration, analytics, and process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-drained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, and an infrastructure as a service layer comprising;

an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management;

an optimization sub-layer providing;

heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing;

security management, tenant isolation, identity management, intrusion detection, and data protection;

determining an effectiveness of the policy as applied to the set of layers; and

determining, based on the effectiveness, a protocol for implementing the policy for at least one layer of the set of layers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention relate to an approach for resolving and/or implementing policies based on layers of a network stack (e.g., cloud computing stack). Specifically, for a given policy that is being resolved, the system first evaluates the applicability of the policy to each layer in the network stack. For a given policy, the system then evaluates the relative effectiveness of applying the policy to achieve the overall goal of the policy. Based on the best fit evaluation of the relative comparison, the system then decides how and where the policy is enacted (e.g., determines a protocol for implementing the policy).

Citations

20 Claims

1. A computer-implemented method for implementing policies in a networked computing environment, comprising:
- evaluating an applicability of a policy to a set of layers of a network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device, the set of layers comprising;
  
  a business processes as a service layer providing at least one of;
  
  business application services or industry solutions,a platform as a service layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-drained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, and an infrastructure as a service layer comprising;
  
  an operations support system sub-layer providing service quality management, image management, service asset management, service operations management, and service automation management;
  
  an optimization sub-layer providing;
  
  heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing;
  
  security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  determining an effectiveness of the policy as applied to the set of layers; and
  
  determining, based on the effectiveness, a protocol for implementing the policy for at least one layer of the set of layers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, the evaluating comprising comparing a function of each layer of the set of layers to an underlying purpose of the policy.
  - 3. The computer-implemented method of claim 1, the determining comprising determining, for each layer of the set of layers, whether a set of standards set forth in the policy will be met if the policy is applied.
  - 4. The computer-implemented method of claim 1, further comprising:
    - generating a rules list from the policy and at least one other policy;
      
      resolving any conflicts in the rules list; and
      
      generating, responsive to the resolving, a consolidated policy from the rules list.
  - 5. The computer-implemented method of claim 1, the determining of the protocol comprising prioritizing parent policies of the set of policies over child policies of the set of policies.
  - 6. The computer-implemented method of claim 1, the networked computing environment comprising a cloud computing environment, and the network stack comprising a cloud computing stack.
  - 7. The computer implemented method of claim 1, wherein a solution service provider provides a computer infrastructure operable to perform the computer-implemented method for one or more consumers.

8. A system for implementing policies in a networked computing environment, comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the system to;
  
  evaluate an applicability of a policy to a set of layers of a network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device, the set of layers comprising;
  
  a business processes as a service layer providing at least one of;
  
  business application services or industry solutions,a platform as a service layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-drained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, andan infrastructure as a service layer comprising an operations support system sub-layer providing;
  
  service quality management, image management, service asset management, service operations management, and service automation management;
  
  an optimization sub-layer providing;
  
  heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing;
  
  security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  determine an effectiveness of the policy as applied to the set of layers; and
  
  determine, based on the effectiveness, a protocol for implementing the policy for at least one layer of the set of layers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the memory medium further comprising instructions for causing the system to compare a function of each layer of the set of layers to an underlying purpose of the policy.
  - 10. The system of claim 8, the memory medium further comprising instructions for causing the system to determine, for each layer of the set of layers, whether a set of standards set forth in the policy will be met if the policy is applied.
  - 11. The system of claim 8, the memory medium further comprising instructions for causing the system to consolidate the policy with at least one other policy of the set of policies that is also applicable to the at least one layer.
  - 12. The system of claim 11, the memory medium further comprising instructions for causing the system to:
    - generate a rules list from the policy and the at least one other policy;
      
      resolve any conflicts in the rules list; and
      
      generate, responsive to the resolving, a consolidated policy from the rules list.
  - 13. The system of claim 8, the memory medium further comprising instructions for causing the system to prioritize parent policies of the set of policies over child policies of the set of policies.
  - 14. The system of claim 8, the networked computing environment comprising a cloud computing environment, and the network stack comprising a cloud computing stack.

15. A computer program product for implementing policies in a networked computing environment, the computer program product comprising a computer readable hardware storage device, and program instructions stored on the computer readable storage media, to:
- evaluate an applicability of a policy to a set of layers of a network stack in the networked computing environment, the policy being drawn from a set of policies stored in at least one computer storage device, the set of layers comprising;
  
  a business processes as a service layer providing at least one of;
  
  business application services or industry solutions,a platform as a service layer comprising;
  
  an applications services sub-layer providing collaboration, analytics, and process management,an application lifecycle sub-layer providing developer and tester collaboration, development automation, and lifecycle traceability,an integration sub-layer providing process integration, application and data integration, identity integration, management integration, and spillover/failover services, anda workload services sub-layer providing elastic application runtimes, elastic application resources, workload and topology patterns, dynamic workload management, fine-drained service level agreement enforcement, application health management and self-healing, continuously available applications, multi-tenant applications, and workload and data mobility, andan infrastructure as a service layer comprising an operations support system sub-layer providing;
  
  service quality management, image management, service asset management, service operations management, and service automation management;
  
  an optimization sub-layer providing;
  
  heterogeneous platform management, workload acceleration, optimized workload placement, virtualized computation, network and storage, and power management, anda security sub-layer providing;
  
  security management, tenant isolation, identity management, intrusion detection, and data protection;
  
  determine an effectiveness of the policy as applied to the set of layers; and
  
  determine, based on the effectiveness, a protocol for implementing the policy for at least one layer of the set of layers.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, the computer readable hardware storage device further comprising instructions to compare a function of each layer of the set of layers to an underlying purpose of the policy.
  - 17. The computer program product of claim 15, the computer readable hardware storage device further comprising instructions to determine, for each layer of the set of layers, whether a set of standards set forth in the policy will be met if the policy is applied.
  - 18. The computer program product of claim 15, the computer readable hardware storage device further comprising instructions to consolidate the policy with at least one other policy of the set of policies that is also applicable to the at least one layer.
  - 19. The computer program product of claim 18, the computer readable hardware storage device further comprising instructions to:
    - generate a rules list from the policy and the at least one other policy;
      
      resolve any conflicts in the rules list; and
      
      generate, responsive to the resolving, a consolidated policy from the rules list.
  - 20. The computer program product of claim 15, the computer readable hardware storage device further comprising instructions to prioritize parent policies of the set of policies over child policies of the set of policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Anderson, Jason L., Boss, Gregory J., Coveyduc, Jeffrey L., Murakami, Shaun T., Reif, John, Singh, Animesh
Primary Examiner(s)
Nguyen, Dustin
Assistant Examiner(s)
Nguyen, Hao

Application Number

US14/705,170
Publication Number

US 20150236917A1
Time in Patent Office

727 Days
Field of Search

709201, 709203, 709223, 709224, 709226, 718 1, 718100
US Class Current
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Policy implementation in a networked computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy implementation in a networked computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links