Policy-Based Virtualization Method Involving Adaptive Enforcement
First Claim
Patent Images
1. A system comprising:
- a first telecommunications network node, wherein the first node is operable to execute a first system software instance and a policy enforcement point (PEP);
a second telecommunications network node operable to execute a policy decision point (PDP) wherein the policy decision point (PDP) is configured to make a decision as to whether a second system software instance should be allowed to execute concurrently with the first system software instance on the first node; and
wherein the policy enforcement point (PEP) is configured to prevent the execution of the second system software instance on the basis of a decision provided by the policy decision point (PDP).
18 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in which a permission for running a system software instance alongside another system software instance is issued on the basis of a first policy rule concerning the operation of a first software application and a second policy rule concerning the execution of second software application.
-
Citations
20 Claims
-
1. A system comprising:
-
a first telecommunications network node, wherein the first node is operable to execute a first system software instance and a policy enforcement point (PEP); a second telecommunications network node operable to execute a policy decision point (PDP) wherein the policy decision point (PDP) is configured to make a decision as to whether a second system software instance should be allowed to execute concurrently with the first system software instance on the first node; and wherein the policy enforcement point (PEP) is configured to prevent the execution of the second system software instance on the basis of a decision provided by the policy decision point (PDP). - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising transmitting from a first node, a message indicating a permission to execute on a second node a first software concurrently with a second software, wherein:
-
a. the first server is executing within a first system software instance, and the second software is within a second system software instance; b. the permission depends on a first telecommunications network policy rule and a second telecommunications network policy rule, wherein; i. the first rule relates to the operation of the first software, and ii. the second rule relates to the operation of the second software. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving a first telecommunications network policy rule, wherein the first rule relates to the operation of a first server in a telecommunications network; receiving a second telecommunications network policy rule, wherein the second rule relates to the operation of second server in the telecommunications network; transmitting a message containing a permission to migrate the second server to a first telecommunications network node, wherein; i. the first node is host to the first server, ii. the first server is executing within a first system software instance, iii. and the migration of the second server to the first node comprises the instantiation of a second system software instance at the first node and executing the second server within the second system software instance; and vi. the permission depends on the first policy rule and second policy rule. - View Dependent Claims (15, 16, 18, 19)
-
-
17. A method comprising:
-
receiving at a telecommunication network node request to migrate a first virtual server to the first node, wherein the first node is executing a second virtual server; and transmitting a message containing a permission to migrate the second server to a first telecommunications network node, wherein; i. the first node is host to the first server, ii. the first server is executing within a first system software instance, iii. and the migration of the second server to the first node comprises the instantiation of a second system software instance at the first node and executing the second server within the second system software instance; and vi. the permission depends on the first policy rule and second policy rule.
-
-
20. A system comprising:
-
a first telecommunications network node, wherein the first node is operable to execute a first software and a first software module, wherein the first software is executing within a first system software instance; a second telecommunications network node operable to execute a second software module wherein the second software module decides whether a second software should be allowed to execute within a second system software instance concurrently with the first virtual server on the first node; and wherein the first software module prevents the operation of the second software on the basis of a decision provided by the second software module.
-
Specification