Policy engine for cloud platform
First Claim
1. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising;
a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and
a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform,wherein the policy engine is configured to;
intercept each command to the cloud controller issued by the management computer system,direct the intercepted command to a particular rules engine of the plurality of rules engines,apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically editing a command payload for the intercepted command before forwarding the command payload to the cloud controller.
3 Assignments
0 Petitions
Accused Products
Abstract
A policy engine is situated within the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization'"'"'s policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization'"'"'s policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies.
54 Citations
32 Claims
-
1. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising; a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform, wherein the policy engine is configured to; intercept each command to the cloud controller issued by the management computer system, direct the intercepted command to a particular rules engine of the plurality of rules engines, apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and based on applying the one or more rules to the intercepted command for the cloud controller, automatically editing a command payload for the intercepted command before forwarding the command payload to the cloud controller. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
-
executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and for each intercepted command of one or more intercepted commands; directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines, applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and based on applying the one or more rules to the intercepted command for the cloud controller, automatically editing, by the policy engine, a command payload for the intercepted command before forwarding the command payload to the cloud controller. - View Dependent Claims (6, 7, 8)
-
-
9. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising; a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform, wherein the policy engine is configured to; intercept each command to the cloud controller issued by the management computer system, direct the intercepted command to a particular rules engine of the plurality of rules engines, apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and based on applying the one or more rules to the intercepted command for the cloud controller, automatically redirecting an issuing device of the intercepted command to access another networked service before forwarding the command payload to the cloud controller. - View Dependent Claims (10, 11, 12)
-
-
13. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising; a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform, wherein the policy engine is configured to; intercept each command to the cloud controller issued by the management computer system, direct the intercepted command to a particular rules engine of the plurality of rules engines, apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and based on applying the one or more rules to the intercepted command for the cloud controller, automatically accessing a networked service to establish a shut-down procedure for a web application on the cloud application platform before forwarding the command payload to the cloud controller. - View Dependent Claims (14, 15, 16)
-
-
17. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising; a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform, wherein the policy engine is configured to; intercept each command to the cloud controller issued by the management computer system, direct the intercepted command to a particular rules engine of the plurality of rules engines, apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and automatically perform an action based on applying the one or more rules to the intercepted command for the cloud controller, wherein the policy engine comprises a plurality of response rules engines, each response rules engine corresponding to a respective response received from the cloud controller, and wherein each response rules engine is configured to apply one or more response rules to a response received from the cloud controller and to automatically perform an action on the response based on applying the one or more response rules to the response received from the cloud controller. - View Dependent Claims (18, 19, 20)
-
-
21. A computer-implemented method comprising:
-
executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and for each intercepted command of one or more intercepted commands; directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines, applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and based on applying the one or more rules to the intercepted command for the cloud controller, automatically redirecting, by the policy engine, an issuing device of the intercepted command to access another networked service before forwarding the command payload to the cloud controller. - View Dependent Claims (22, 23, 24)
-
-
25. A computer-implemented method comprising:
-
executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and for each intercepted command of one or more intercepted commands; directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines, applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and based on applying the one or more rules to the intercepted command for the cloud controller, automatically accessing, by the policy engine, a networked service to establish a shut-down procedure for a web application on the cloud application platform before forwarding the command payload to the cloud controller. - View Dependent Claims (26, 27, 28)
-
-
29. A computer-implemented method comprising:
-
executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform, wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and for each intercepted command of the one or more intercepted commands; directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines, applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, and automatically performing, by the policy engine, an action based on applying the one or more rules to the intercepted command for the cloud controller, wherein the policy engine comprises a plurality of response rules engines, each response rules engine corresponding to a respective response received from the cloud controller, and wherein each response rules engine is configured to apply one or more response rules to a response received from the cloud controller and to automatically perform an action on the response based on applying the one or more response rules to the response received from the cloud controller. - View Dependent Claims (30, 31, 32)
-
Specification