Policy and identity based workload provisioning

US 9,800,655 B2
Filed: 07/21/2014
Issued: 10/24/2017
Est. Priority Date: 01/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

interrogating, by a computer, a resource infrastructure to acquire for resource identities associated with resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure, wherein the resource infrastructure is a hardware and software infrastructure and the resources are hardware and software resources; and

managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions; and

provisioning, by the computer, the resources for access within the workloads based on requests from requestors and enforcement of policy specifications and identity-based constraints, wherein each workload identity and requestor identity for each requestor are formulated with a statement of roles and permissions for each identity relative to the resource identities, and wherein each workload is one of;

a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, wherein provisioning further includes reserving, by a workload scheduler processing on the computer, the resources by annotating metadata of each resource for a specific use and annotating each resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool.

45 Citations

View as Search Results

20 Claims

1. A method, comprising:
- interrogating, by a computer, a resource infrastructure to acquire for resource identities associated with resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure, wherein the resource infrastructure is a hardware and software infrastructure and the resources are hardware and software resources; and
  
  managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions; and
  
  provisioning, by the computer, the resources for access within the workloads based on requests from requestors and enforcement of policy specifications and identity-based constraints, wherein each workload identity and requestor identity for each requestor are formulated with a statement of roles and permissions for each identity relative to the resource identities, and wherein each workload is one of;
  
  a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, wherein provisioning further includes reserving, by a workload scheduler processing on the computer, the resources by annotating metadata of each resource for a specific use and annotating each resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising, managing, by the computer, the policy specification that are assigned to the requestor identities and the workload identities.
  - 3. The method of claim 1 further comprising, presenting, by the computer, a visual presentation of a state of the resource infrastructure on a display.
  - 4. The method of claim 1 further comprising, tracking, the computer, the resource identities, the workload identities, and the requestor identities active within the resource infrastructure.
  - 5. The method of claim 4, wherein tracking further includes recording resource usage for each resource within the resource infrastructure using the resource identities, the workload identities, and the requestor identities.
  - 6. The method of claim 1, wherein interrogating further includes interrogating each resource by performing a hardware search to discover hardware resources present within the resource infrastructure.
  - 7. The method of claim 6, wherein interrogating further includes interrogating each resource to determine the stage of readiness for that resource.
  - 8. The method of claim 7, wherein interrogating further includes discovering new hardware recently made available within the resource infrastructure.
  - 9. The method of claim 6, wherein interrogating further includes interrogating at least some of the hardware resources without interacting with an operating system associated with the hardware resources.
  - 10. The method of claim 1, wherein interrogating further includes determining a state of readiness for each resource and an overall state for the resource infrastructure.

11. A method, comprising:
- identifying, by a computer, a workload having a type of resource requested by a requestor to be provisioned, wherein the type of resource is a hardware or software resource;
  
  obtaining, by the computer, an identity-based policy specification to handle provisioning of a resource within the workload, the resource of the type requested by the requestor;
  
  evaluating, by the computer, the identity-based policy specification based on a requestor identity for the requestor and a workload identity for the workload, and wherein each identity is formulated from one or more identifiers and secrets that provide a state of roles and permissions for which that identity has in relation to available resources of the type requested by the requestor wherein the workload is one of;
  
  a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, anddynamically provisioning, by the computer, a resource based on the evaluation of the identity-based policy specification, wherein dynamically provisioning further includes reserving, by a workload scheduler processing on the computer, the resource by annotating metadata of the resource for a specific use and annotating the resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein evaluating further includes organizing the available resources of the type requested by the requestor within a pool of resources based on states of readiness for each of the available resources.
  - 13. The method of claim 11, wherein dynamically provisioning further includes reserving the resource within a resource infrastructure to handle the workload.
  - 14. The method of claim 13, wherein reserving further includes configuring the resource for deployment within the resource infrastructure.
  - 15. The method of claim 14, wherein configuring further includes assigning access rights to the requestor with respect to the configured resource and the workload.
  - 16. The method of claim 15, wherein configuring further includes initiating the configured resource within the resource infrastructure to handle the workload on behalf of the requestor.

17. A system, comprising:
- a resource infrastructure having a plurality of hardware and software resources;
  
  one or more processors of one or more hardware resources managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions; and
  
  a provisioning service configured and adapted to;
  
  i) execute on the one or more processors the hardware resources and ii) provision at least some of the resources to handle workloads based on identities associated with requestors, the workloads, and the resources, each identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions for which that identity has in relation to the resource, and wherein each workload is one of;
  
  a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, and wherein reserving the at least some of the resources by annotating, by a workload scheduler portion of the provisioning service, metadata of each resource for a specific use and annotating each resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17 further comprising, a prospector service configured and adapted to:
    - i) execute on one or more processors associated with one or more of the hardware resources, ii) interrogate the resource infrastructure to discover the resource identities for the resources and identify the stage of readiness for each of the resources, and iii) interact with the provisioning service to provide the resource identities and the states of readiness.
  - 19. The system of claim 17 further comprising, a workload deployment service configured and adapted to:
    - execute on one or more processors associated with one or more of the hardware resources, ii) configure the resources that are being provisioned by the provisioning service, and iii) initiate the configured resources within the resource infrastructure to handle the workloads.
  - 20. The system of claim 19, wherein the workload deployment service is further configured and adapted to:
    - iv) scheduling at least one configured resource for handling a particular workload based on a policy before initiating within the resource infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Inventors
Haskins, Gregory Matthew, Bahi, David H., Westervelt, Daniel Edward, Bultmeyer, Jonathan Paul, Carter, Stephen R
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Bucknor, Olanrewaju

Application Number

US14/336,840
Publication Number

US 20140359132A1
Time in Patent Office

1,191 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2209/5011   Pool

G06F 2209/503   Resource availability

G06F 9/5011   the resources being hardwar...

G06F 9/505   considering the load

H04L 67/1008   based on parameters of serv...

Policy and identity based workload provisioning

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy and identity based workload provisioning

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links