Process and system for comprehensive IT discovery without credentials

US 9,778,953 B2
Filed: 06/16/2009
Issued: 10/03/2017
Est. Priority Date: 06/16/2009
Status: Active Grant

First Claim

Patent Images

1. A method for discovering dependencies, configurations and utilizations among IT resources comprising:

preparing at least one prediscovery script, the at least one prediscovery script associated with the discovering the dependencies, the configurations and the utilizations among the IT resources;

obfuscating the prepared prediscovery script;

sending the obfuscated prediscovery script to at least one user who has a privilege on at least one target server to run the obfuscated prediscovery script in the at least one target server;

running the obfuscated prediscovery script on said at least one target server on a list to configure said at least one target server to discover the dependencies, the configurations and the utilizations among the IT resources and further to configure the at least one target server to prevent accessing files or directories that include financial information;

discovering, based on the dependencies of the at least one target server, at least one outside server which is not on the list;

running the obfuscated prediscovery script on the discovered outside server;

providing to an analysis system at least one result of the running of the obfuscated prediscovery script on the at least one target server and the at least one outside server to parse and analyze the at least one result to generate data;

providing the generated data to a user, the generated data representing the dependencies, the configurations and the utilizations among the IT resources and the at least one outside server, the generated data excluding the files or the directories that include the financial information,determining from the generated data whether the obfuscated prediscovery script needs to be re-executed on a specific target server under a different parameter representing a different level of privilege, wherein the at least one user can adjust a level of privilege when re-executing the obfuscated prediscovery script in the at least one target server based on the at least one result of the run prediscovery script, the level of privilege including;

a normal user privilege and a root user privilege; and

determining from the generated data an optimization of the IT resources, said optimization including a reconstructing of an IT environment of said IT resources for operational efficiency, said reconstructing of an IT environment comprising;

moving of an application from one server to another server, and eliminating an unused software application and/or stale data in the IT resources, wherein the eliminating of the unused software application or stale data comprises respectively;

deleting an software application of the IT resources that has not been accessed for a ore-determined amount of time, or deleting data that has not been accessed for a pre-determined amount of time, wherein the generated data is utilized in a virtualization of the IT resources, mapping a logical storage device to one or more physical storage devices, andwherein the analysis system does not require user privileges, does not directly communicate with the at least one target server except receiving the at least one result of the run prediscovery script from the at least one target server, and the dependencies, the configurations and the utilizations among the IT resources, including discovering dependent applications of a first application on said at least one target server and dependencies among a number of target servers and their related applications, are discovered without requiring user privileges, wherein the discovering dependencies include discovering which application programs communicate with each other.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for discovering dependencies, configurations and utilizations among IT resources are disclosed. A discovery team writes a prediscovery script without requesting credentials and sends it to a system administrator (SA) who already has necessary credentials to execute the prediscovery script. Then, the SA reviews the prediscovery script and executes the prediscovery script on a target server. While or after executing the prediscovery script, the target server generates a result of an execution of the prediscovery script and provides the result to an analysis system. The analysis system analyzes and parses the result and generates a user-friendly data (e.g., graph or spreadsheet) that represents the result. Then, the analysis system provides the user-friendly data to the discovery team. The analysis system does not require credentials and does not directly communicate with the target server except receiving the result of the executed prediscovery script from the target server.

62 Citations

View as Search Results

18 Claims

1. A method for discovering dependencies, configurations and utilizations among IT resources comprising:
- preparing at least one prediscovery script, the at least one prediscovery script associated with the discovering the dependencies, the configurations and the utilizations among the IT resources;
  
  obfuscating the prepared prediscovery script;
  
  sending the obfuscated prediscovery script to at least one user who has a privilege on at least one target server to run the obfuscated prediscovery script in the at least one target server;
  
  running the obfuscated prediscovery script on said at least one target server on a list to configure said at least one target server to discover the dependencies, the configurations and the utilizations among the IT resources and further to configure the at least one target server to prevent accessing files or directories that include financial information;
  
  discovering, based on the dependencies of the at least one target server, at least one outside server which is not on the list;
  
  running the obfuscated prediscovery script on the discovered outside server;
  
  providing to an analysis system at least one result of the running of the obfuscated prediscovery script on the at least one target server and the at least one outside server to parse and analyze the at least one result to generate data;
  
  providing the generated data to a user, the generated data representing the dependencies, the configurations and the utilizations among the IT resources and the at least one outside server, the generated data excluding the files or the directories that include the financial information,determining from the generated data whether the obfuscated prediscovery script needs to be re-executed on a specific target server under a different parameter representing a different level of privilege, wherein the at least one user can adjust a level of privilege when re-executing the obfuscated prediscovery script in the at least one target server based on the at least one result of the run prediscovery script, the level of privilege including;
  
  a normal user privilege and a root user privilege; and
  
  determining from the generated data an optimization of the IT resources, said optimization including a reconstructing of an IT environment of said IT resources for operational efficiency, said reconstructing of an IT environment comprising;
  
  moving of an application from one server to another server, and eliminating an unused software application and/or stale data in the IT resources, wherein the eliminating of the unused software application or stale data comprises respectively;
  
  deleting an software application of the IT resources that has not been accessed for a ore-determined amount of time, or deleting data that has not been accessed for a pre-determined amount of time, wherein the generated data is utilized in a virtualization of the IT resources, mapping a logical storage device to one or more physical storage devices, andwherein the analysis system does not require user privileges, does not directly communicate with the at least one target server except receiving the at least one result of the run prediscovery script from the at least one target server, and the dependencies, the configurations and the utilizations among the IT resources, including discovering dependent applications of a first application on said at least one target server and dependencies among a number of target servers and their related applications, are discovered without requiring user privileges, wherein the discovering dependencies include discovering which application programs communicate with each other.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 18)
- - 2. The method according to claim 1, further comprising:
    - obtaining a list of the at least one user who receives the obfuscated prediscovery script;
      
      andobtaining the list of the at least one target server where the obfuscated prediscovery script is run.
  - 3. The method according to claim 1, wherein the at least one prediscovery script comprises requests for one or more of:
    - a request to determine currently running processes, a request to determine network statistics, a request for collecting configuration files in the IT resources, a request to enhance or reduce the collected configuration files, a request to determine the dependencies of the IT resources, a request to determine the configurations of the IT resources, a request to determine the utilizations of the IT resources and a request for collecting log files.
  - 4. The method according to claim 1, further comprising:
    - storing the result of the run prediscovery script or the generated data in a database.
  - 5. The method according to claim 1, wherein the generated data is utilized in one or more of:
    - an availability assessment of the IT resources, a reliability assessment of the IT resources, an availability improvement of the IT resources, a reliability improvement of the IT resources, a server consolidation, a server migration, an auditing of the IT resources and a compliance assessment and improvement of the IT resources.
  - 6. The method according to claim 5, wherein the reliability improvement of the IT resources comprises:
    - planning a recovery of the IT resources by creating a mirroring server to prevent losing a connectivity of a primary server.
  - 7. The method according to claim 5, wherein said availability assessment of the IT resources comprises:
    - determining when an IT resource is available and when an IT resource is unavailable, and an availability improvement of the IT resources comprises;
      
      improving a number of ports in a router.
  - 8. The method according to claim 5, wherein said reliability assessment of the IT resources comprises:
    - determining how frequently an IT resource is crashed or disabled, and a reliability improvement of the IT resources comprises;
      
      increasing a size of a memory resource to prevent a frequent freezing or stalling of the IT resource.
  - 9. The method according to claim 1, wherein the running the obfuscated prediscovery script on the target server requires a highest privilege on the target server, the discovering the dependencies requires no privilege on the target server, and the preparing the prediscovery script requires no credential on the target server.
  - 10. The method according to claim 1, further comprising:
    - implementing logic to adjust a coverage of the obfuscated prediscovery script, the coverage being a range in which the prediscovery script can find dependencies, configurations and utilizations among said IT resources.
  - 11. The method according to claim 1, further comprising:
    - optimizing said prediscovery script according to a known resource constraint, the constraint comprising one or more of;
      
      a limited memory space to store results, a limited CPU time allotted, a limited network bandwidth allotted.
  - 18. A computer program product comprising a computer readable medium that excludes only a propagating signal, the computer readable medium embodying computer program instructions being run by a processor for causing a computer to perform method steps for discovering dependencies, configurations and utilizations among IT resources, said method steps comprising the steps of claim 1.

12. A system for discovering dependencies, configurations and utilizations among IT resources comprising:
- a computing system being used by a user for preparing at least one prediscovery script, the at least one prediscovery script associated with the discovering the dependencies, the configurations and the utilizations among the IT resources;
  
  the computing system obfuscating the prepared prediscovery script;
  
  wherein the user preparing the prediscovery script sends the obfuscated prediscovery script to at least one user who has a privilege on at least one target server to run the obfuscated prediscovery script in the at least one target server;
  
  the at least one target server running obfuscated prediscovery script for discovering one or more of;
  
  the dependencies, the configurations and the utilizations among the IT resources while preventing the at least one target server from accessing files or directories that include financial information and discovering, based on the dependencies of the at least one target server, at least one outside server which is not on the list;
  
  the discovered outside server running the obfuscated prediscovery script;
  
  an analysis system for receiving at least one result of the running of the obfuscated prediscovery script on the at least one target server and the at least one outside server;
  
  the analysis system for parsing and analyzing the at least one result to generate data, said analysis system providing the generated data to a user, the generated data representing one or more of;
  
  the dependencies, the configurations and the utilizations among the IT resources and the at least one outside server, the generated data excluding the files or the directories that include the financial information, anddetermining from the generated data whether the obfuscated prediscovery script needs to be re-executed on a specific target server under a different parameter representing a different level of privilege, wherein the at least one user can adjust a level of privilege when re-running the prediscovery script in the target server based on the result of the run prediscovery script, the level of privilege including;
  
  a normal user privilege and a root user privilege; and
  
  determining from the generated data an optimization of the IT resources, said optimization including a reconstructing of an IT environment of said IT resources for operational efficiency, said reconstructing of an IT environment comprising;
  
  moving of an application from one server to another server, and eliminating an unused software application and/or stale data in the IT resources, wherein the eliminating of the unused software application or stale data comprises respectively;
  
  deleting an software application of the IT resources that has not been accessed for a pre-determined amount of time, or deleting data that has not been accessed for a pre-determined amount of time, wherein the generated data is utilized in a virtualization of the IT resources, mapping a logical storage device to one or more physical storage devices, andwherein the analysis system does not require user privileges, does not directly communicate with the at least one target server except receiving the at least one result of the run prediscovery script from the at least one target server, and the dependencies, the configurations and the utilizations among the IT resources, including discovering dependent applications of a first application on said at least one target server and dependencies among a number of target servers and their related applications, are discovered without requiring user privileges, wherein the discovering dependencies include discovering which application programs communicate with each other.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system according to claim 12, wherein a second teamobtains, from customers, a list of the at least one user who receive the obfuscated prediscovery script;
    - andobtains, from the customers, the list of the at least one target server where the obfuscated prediscovery script is run.
  - 14. The system according to claim 12, wherein the at least one prediscovery script comprises requests for one or more of:
    - a request to determine currently running processes, a request to determine network statistics, a request for collecting configuration files in the IT resources, a request to enhance or reduce the collected configuration files, a request to determine the dependencies of the IT resources, a request to determine the configurations of the IT resources, a request to determine the utilizations of the IT resources and a request for collecting log files.
  - 15. The system according to claim 12, wherein the generated data is utilized in one or more of:
    - an availability assessment of the IT resources, a reliability assessment of the IT resources, an availability improvement of the IT resources, a reliability improvement of the IT resources, a server consolidation, a server migration, auditing of the IT resources and a compliance assessment and improvement of the IT resources.
  - 16. The system according to claim 12, wherein said prediscovery script implements logic to adjust a coverage of the obfuscated prediscovery script, the coverage being a range in which the prediscovery script can find dependencies, configurations and utilizations among said IT resources.
  - 17. The system according to claim 12, wherein said prediscovery script is optimized according to a known resource constraint, the constraint comprising one or more of:
    - a limited memory space to store results, a limited CPU time allotted, a limited network bandwidth allotted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Aiken, Louis E., Baker, John K., Bhattacharya, Kamal, Boettcher, Robert P., Devarakonda, Murthy V., Joukov, Nikolai A., Kane, Sr., Timothy P., Lee, Steve, Markley, Matthew A., Pfitzmann, Birgit M., Tacci, Michael, Vogl, Norbert G., Walker, Anthony G. D.
Primary Examiner(s)
JEON, JAE UK

Application Number

US12/485,345
Publication Number

US 20100319060A1
Time in Patent Office

3,031 Days
Field of Search

717121, 717120, 717130, 717131
US Class Current
CPC Class Codes

G06F 9/50 Allocation of resources, e....

H04L 63/10 for controlling access to d...

Process and system for comprehensive IT discovery without credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Process and system for comprehensive IT discovery without credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others