Policy engine for cloud platform

US 10,805,351 B2
Filed: 04/09/2018
Issued: 10/13/2020
Est. Priority Date: 04/26/2010
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising;

a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and

a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform,wherein the policy engine is configured to;

intercept each command to the cloud controller issued by the management computer system,direct the intercepted command to a particular rules engine of the plurality of rules engines,apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically editing a command payload for the intercepted command before forwarding the command payload to the cloud controller.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy engine is situated within the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization'"'"'s policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization'"'"'s policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies.

54 Citations

View as Search Results

32 Claims

1. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising;
  
  a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and
  
  a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform,wherein the policy engine is configured to;
  
  intercept each command to the cloud controller issued by the management computer system,direct the intercepted command to a particular rules engine of the plurality of rules engines,apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically editing a command payload for the intercepted command before forwarding the command payload to the cloud controller.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the intercepted command is a cloud controller command for creating or managing a web application on the web application platform.
  - 3. The system of claim 1, wherein the policy engine is installed on the management computer system.
  - 4. The system of claim 1, wherein the policy engine is installed on the cloud computing environment.

5. A computer-implemented method comprising:
- executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment;
  
  intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and
  
  for each intercepted command of one or more intercepted commands;
  
  directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines,applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically editing, by the policy engine, a command payload for the intercepted command before forwarding the command payload to the cloud controller.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein one or more of the intercepted commands is a cloud controller command for creating or managing a web application on the web application platform.
  - 7. The method of claim 5, wherein the policy engine is installed on the management computer system.
  - 8. The method of claim 5, wherein the policy engine is installed on the cloud computing environment.

9. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising;
  
  a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and
  
  a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform,wherein the policy engine is configured to;
  
  intercept each command to the cloud controller issued by the management computer system,direct the intercepted command to a particular rules engine of the plurality of rules engines,apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically redirecting an issuing device of the intercepted command to access another networked service before forwarding the command payload to the cloud controller.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein the intercepted command is a cloud controller command for creating or managing a web application on the web application platform.
  - 11. The system of claim 9, wherein the policy engine is installed on the management computer system.
  - 12. The system of claim 9, wherein the policy engine is installed on the cloud computing environment.

13. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising;
  
  a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and
  
  a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform,wherein the policy engine is configured to;
  
  intercept each command to the cloud controller issued by the management computer system,direct the intercepted command to a particular rules engine of the plurality of rules engines,apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically accessing a networked service to establish a shut-down procedure for a web application on the cloud application platform before forwarding the command payload to the cloud controller.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the intercepted command is a cloud controller command for creating or managing a web application on the web application platform.
  - 15. The system of claim 13, wherein the policy engine is installed on the management computer system.
  - 16. The system of claim 13, wherein the policy engine is installed on the cloud computing environment.

17. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to implement components comprising;
  
  a web application platform configured to execute in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment; and
  
  a policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform,wherein the policy engine is configured to;
  
  intercept each command to the cloud controller issued by the management computer system,direct the intercepted command to a particular rules engine of the plurality of rules engines,apply, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andautomatically perform an action based on applying the one or more rules to the intercepted command for the cloud controller,wherein the policy engine comprises a plurality of response rules engines, each response rules engine corresponding to a respective response received from the cloud controller, and wherein each response rules engine is configured to apply one or more response rules to a response received from the cloud controller and to automatically perform an action on the response based on applying the one or more response rules to the response received from the cloud controller.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the intercepted command is a cloud controller command for creating or managing a web application on the web application platform.
  - 19. The system of claim 17, wherein the policy engine is installed on the management computer system.
  - 20. The system of claim 17, wherein the policy engine is installed on the cloud computing environment.

21. A computer-implemented method comprising:
- executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment;
  
  intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and
  
  for each intercepted command of one or more intercepted commands;
  
  directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines,applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically redirecting, by the policy engine, an issuing device of the intercepted command to access another networked service before forwarding the command payload to the cloud controller.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein one or more of the intercepted commands is a cloud controller command for creating or managing a web application on the web application platform.
  - 23. The method of claim 21, wherein the policy engine is installed on the management computer system.
  - 24. The method of claim 21, wherein the policy engine is installed on the cloud computing environment.

25. A computer-implemented method comprising:
- executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment;
  
  intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and
  
  for each intercepted command of one or more intercepted commands;
  
  directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines,applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andbased on applying the one or more rules to the intercepted command for the cloud controller, automatically accessing, by the policy engine, a networked service to establish a shut-down procedure for a web application on the cloud application platform before forwarding the command payload to the cloud controller.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein one or more of the intercepted commands is a cloud controller command for creating or managing a web application on the web application platform.
  - 27. The method of claim 25, wherein the policy engine is installed on the management computer system.
  - 28. The method of claim 25, wherein the policy engine is installed on the cloud computing environment.

29. A computer-implemented method comprising:
- executing a web application platform on a plurality of computers in a cloud computing environment, the web application platform comprising a plurality of virtualized computing resources that are configured to host deployed web applications that are accessible by user devices that are external to the web application platform,wherein the web application platform comprises a cloud controller that is configured to receive a plurality of commands issued by a management computer system, the plurality of commands being requests to manage web applications hosted on the web application platform in the cloud computing environment;
  
  intercepting, by a policy engine installed on one or more computers, each command of the plurality of commands issued to the cloud controller issued by the management computer system, the policy engine comprising a plurality of rules engines, each rules engine corresponding to a respective command of the plurality of commands for the cloud controller of the web application platform; and
  
  for each intercepted command of the one or more intercepted commands;
  
  directing, by the policy engine, the intercepted command to a particular rules engine of the plurality of rules engines,applying, by the particular rules engine, one or more rules to the intercepted command for the cloud controller, andautomatically performing, by the policy engine, an action based on applying the one or more rules to the intercepted command for the cloud controller,wherein the policy engine comprises a plurality of response rules engines, each response rules engine corresponding to a respective response received from the cloud controller, and wherein each response rules engine is configured to apply one or more response rules to a response received from the cloud controller and to automatically perform an action on the response based on applying the one or more response rules to the response received from the cloud controller.
- View Dependent Claims (30, 31, 32)
- - 30. The method of claim 29, wherein one or more of the intercepted commands is a cloud controller command for creating or managing a web application on the web application platform.
  - 31. The method of claim 29, wherein the policy engine is installed on the management computer system.
  - 32. The method of claim 29, wherein the policy engine is installed on the cloud computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pivotal Software, Inc. (Broadcom, Inc.)
Original Assignee
Pivotal Software, Inc. (Broadcom, Inc.)
Inventors
Lucovsky, Mark, Collison, Derek, Spivak, Vadim, Chen, Gerald C., Laddad, Ramnivas
Primary Examiner(s)
Zee, Edward

Application Number

US15/948,874
Publication Number

US 20180302442A1
Time in Patent Office

918 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/629   to features or functions of...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 63/0245   Filtering by information in...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

Policy engine for cloud platform

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Policy engine for cloud platform

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links