Method and apparatus for process enforced configuration management
First Claim
1. Non-transitory machine readable media that include software instructions, wherein the instructions, when executed by at least one processor, cause the processor to perform a method comprising:
- receiving, from a configuration management system, at an analytics module, a configuration change request for a plurality of configurable elements (CEs) within a configurable computation system (CCS);
applying, by the analytics module, one or more authorization rules to the configuration change request to generate a selective configuration change authorization for a subset of the CEs meeting the one or more authorization rules;
providing, by the analytics module to one or more selective configuration locks in the CCS corresponding to the subset of the CEs over a network, a time window, during which configuration changes are enabled, in the selective configuration change authorization, wherein the one or more selective configuration locks are one or more hooks into a file system driver of the CCS to monitor and control changes to files associated with the CEs, and a communication of the time window is encrypted and authenticated between the analytics module and the one or more selective configuration locks; and
receiving configuration change status information at the analytics module from the one or more selective configuration locks regarding an occurrence of a failure of a configuration change.
9 Assignments
0 Petitions
Accused Products
Abstract
A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.
-
Citations
21 Claims
-
1. Non-transitory machine readable media that include software instructions, wherein the instructions, when executed by at least one processor, cause the processor to perform a method comprising:
-
receiving, from a configuration management system, at an analytics module, a configuration change request for a plurality of configurable elements (CEs) within a configurable computation system (CCS); applying, by the analytics module, one or more authorization rules to the configuration change request to generate a selective configuration change authorization for a subset of the CEs meeting the one or more authorization rules; providing, by the analytics module to one or more selective configuration locks in the CCS corresponding to the subset of the CEs over a network, a time window, during which configuration changes are enabled, in the selective configuration change authorization, wherein the one or more selective configuration locks are one or more hooks into a file system driver of the CCS to monitor and control changes to files associated with the CEs, and a communication of the time window is encrypted and authenticated between the analytics module and the one or more selective configuration locks; and receiving configuration change status information at the analytics module from the one or more selective configuration locks regarding an occurrence of a failure of a configuration change. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. Non-transitory machine readable media that include software instructions, wherein the instructions, when executed by at least one processor, cause the processor to perform a method comprising:
-
receiving over a network, from an analytics module, at one of one or more selective configuration locks in a configurable computation system (CCS) including a subset of configurable elements (CEs), a selective configuration change authorization having a time window during which configuration changes are enabled, wherein a communication of the time window is encrypted and authenticated between the analytics module and the one or more selective configuration locks, and the selective configuration change authorization is generated by applying one or more authorization rules to a configuration change request, the subset of the CEs meeting the one or more authorization rules; selectively locking, by the one or more selective configuration locks, the configuration changes by selectively enabling configuration changes to the subset of the CEs according to the time window in the selective configuration change authorization, wherein the one or more selective configuration locks are one or more hooks into a file system driver of the CCS to monitor and control changes to files associated with the CEs; and transmitting configuration change status information to the analytics module from the one or more selective configuration locks, the configuration change status information including information associated with a failure of a configuration change. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus, comprising:
-
a processing system configured to receive over a network, from an analytics module, at one of one or more selective configuration locks in a configurable computation system (CCS) including a subset of configurable elements (CEs), a selective configuration change authorization having a time window during which configuration changes are enabled, wherein a communication of the time window is encrypted and authenticated between the analytics module and the one or more selective configuration locks, and the selective configuration change authorization is generated by applying one or more authorization rules to a configuration change request, the subset of the CEs meeting the one or more authorization rules, the processing system configured to selectively lock, by the one or more selective configuration locks, the configuration changes by selectively enabling configuration changes to the subset of the CEs according to the time window in the selective configuration change authorization, wherein the one or more selective configuration locks are one or more hooks into a file system driver of the CCS to monitor and control changes to files associated with the CEs, the processing system configured to transmit configuration change status information to the analytics module from the one or more selective configuration locks, the configuration change status information including information associated with a failure of a configuration change. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification