Harmonized governance system for heterogeneous agile information technology environments
First Claim
1. A harmonized governance system for a heterogeneous agile environment, comprising:
- one or more computing devices configured as;
a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are performed by and on said resources, and (iii) roles assignable to one or more subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles; and
a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by the one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not;
one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources,wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;
each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and
the resources of each respective individual agile environment comprise one or more of computer systems, network systems, application containers, application systems, management systems, and storage systems,wherein the PAE is further configured to (i) in response to receiving a new attribute concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized attribute of the heterogeneous agile environment, mapping the new attribute to the abstracted, normalized attribute, and saving the mapping of the new attribute to the one or more data sources, (ii) in response to receiving a new operation concerning a resource of the individual agile environment that is not yet mapped to the abstracted, normalized operation of the heterogeneous agile environment, mapping the new operation to the abstracted, normalized operation, and saving the mapping of the new operation to the one or more data sources, and (iii) define new abstracted access control policies based on the abstracted roles, abstracted operations and abstracted resources.
5 Assignments
0 Petitions
Accused Products
Abstract
A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.
45 Citations
13 Claims
-
1. A harmonized governance system for a heterogeneous agile environment, comprising:
-
one or more computing devices configured as; a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are performed by and on said resources, and (iii) roles assignable to one or more subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles; and a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by the one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not; one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources, wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;
each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and
the resources of each respective individual agile environment comprise one or more of computer systems, network systems, application containers, application systems, management systems, and storage systems,wherein the PAE is further configured to (i) in response to receiving a new attribute concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized attribute of the heterogeneous agile environment, mapping the new attribute to the abstracted, normalized attribute, and saving the mapping of the new attribute to the one or more data sources, (ii) in response to receiving a new operation concerning a resource of the individual agile environment that is not yet mapped to the abstracted, normalized operation of the heterogeneous agile environment, mapping the new operation to the abstracted, normalized operation, and saving the mapping of the new operation to the one or more data sources, and (iii) define new abstracted access control policies based on the abstracted roles, abstracted operations and abstracted resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving, at a harmonized governance system for a heterogeneous agile environment that includes a number, n, of individual agile environments each comprising one or more computer systems, network systems, application containers, application systems, management systems, and storage systems, an indication of an attempted operation concerning a resource of a first one of the individual agile environments, and wherein the number, n, of individual agile environments each have individual, associated access policies for resources within the respective individual agile environments; and
each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment;mapping the indication of the attempted operation concerning the resource from an agile environment-specific operation of the first one of the individual agile environments to an abstracted, normalized operation of the heterogeneous agile environment; the harmonized governance system of the heterogeneous agile environment making a decision whether to allow or not allow the attempted operation; in response to the attempted operation being allowed, translating the abstracted, normalized operation of the heterogeneous agile environment to the agile environment-specific operation of the first one of the individual agile environments; transmitting the agile environment-specific operation of the first one of the individual agile environments to a management platform of the first one of the individual agile environments for execution thereby; in response to receiving a new attribute concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized attribute of the heterogeneous agile environment, mapping the new attribute to the abstracted, normalized attribute, and saving the mapping of the new attribute to one or more data sources; and in response to receiving a new operation concerning a resource of an individual agile environment that is not yet mapped to an abstracted, normalized operation of the heterogeneous agile environment, mapping the new operation to the abstracted, normalized operation, and saving the mapping of the new operation to one or more data sources; and defining new abstracted access control policies based on the abstracted roles, abstracted operations and abstracted resources. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification