Policy and identity based workload provisioning
First Claim
Patent Images
1. A method, comprising:
- interrogating, by a computer, a resource infrastructure to acquire for resource identities associated with resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure, wherein the resource infrastructure is a hardware and software infrastructure and the resources are hardware and software resources; and
managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions; and
provisioning, by the computer, the resources for access within the workloads based on requests from requestors and enforcement of policy specifications and identity-based constraints, wherein each workload identity and requestor identity for each requestor are formulated with a statement of roles and permissions for each identity relative to the resource identities, and wherein each workload is one of;
a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, wherein provisioning further includes reserving, by a workload scheduler processing on the computer, the resources by annotating metadata of each resource for a specific use and annotating each resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload.
5 Assignments
0 Petitions
Accused Products
Abstract
Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool.
45 Citations
20 Claims
-
1. A method, comprising:
-
interrogating, by a computer, a resource infrastructure to acquire for resource identities associated with resources within the resource infrastructure and to determine a stage of readiness for each resource within the resource infrastructure, wherein the resource infrastructure is a hardware and software infrastructure and the resources are hardware and software resources; and managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions; and provisioning, by the computer, the resources for access within the workloads based on requests from requestors and enforcement of policy specifications and identity-based constraints, wherein each workload identity and requestor identity for each requestor are formulated with a statement of roles and permissions for each identity relative to the resource identities, and wherein each workload is one of;
a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, wherein provisioning further includes reserving, by a workload scheduler processing on the computer, the resources by annotating metadata of each resource for a specific use and annotating each resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
identifying, by a computer, a workload having a type of resource requested by a requestor to be provisioned, wherein the type of resource is a hardware or software resource; obtaining, by the computer, an identity-based policy specification to handle provisioning of a resource within the workload, the resource of the type requested by the requestor; evaluating, by the computer, the identity-based policy specification based on a requestor identity for the requestor and a workload identity for the workload, and wherein each identity is formulated from one or more identifiers and secrets that provide a state of roles and permissions for which that identity has in relation to available resources of the type requested by the requestor wherein the workload is one of;
a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, anddynamically provisioning, by the computer, a resource based on the evaluation of the identity-based policy specification, wherein dynamically provisioning further includes reserving, by a workload scheduler processing on the computer, the resource by annotating metadata of the resource for a specific use and annotating the resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
a resource infrastructure having a plurality of hardware and software resources; one or more processors of one or more hardware resources managing policy specifications assigned to workload identities for workloads and assigned to requestor identities for requestors of the workloads, and each workload identity and each requester identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions; and a provisioning service configured and adapted to;
i) execute on the one or more processors the hardware resources and ii) provision at least some of the resources to handle workloads based on identities associated with requestors, the workloads, and the resources, each identity formulated from that identity'"'"'s one or more identifiers and secrets that provide a statement of roles and permissions for which that identity has in relation to the resource, and wherein each workload is one of;
a Virtual Machine (VM), an Operating System (OS), a cloud computing environment, a hardware device, a software agent, and a software application, and wherein reserving the at least some of the resources by annotating, by a workload scheduler portion of the provisioning service, metadata of each resource for a specific use and annotating each resource with a the stage of readiness and instantiate a hypervisor of the resource infrastructure to change the stage of readiness within an acceptable threshold to handle the workload. - View Dependent Claims (18, 19, 20)
-
Specification