SYSTEM AND METHOD FOR DISCOVERY ENRICHMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM

US 20110126275A1
Filed: 04/16/2010
Published: 05/26/2011
Est. Priority Date: 11/25/2009
Status: Active Grant

First Claim

Patent Images

1. A system for discovery enrichment in an intelligent workload management system, comprising:

an authentication server that generates authentication tokens defining entitlements for a plurality of unique identities across a plurality of authentication domains, wherein the authentication server generates the authentication tokens from federated identity information stored in an identity vault;

a discovery engine that discovers a model describing an operational state for an information technology infrastructure and enriches the model with the federated information stored in the identity vault and actual activity monitored for the plurality of unique identities in the information technology infrastructure, wherein the discovery engine is configured to;

discover, from the federated information stored in the identity vault, information that describes one or more physical resources and one or more virtualized resources in the information technology infrastructure, one or more applications and one or more services running in the information technology infrastructure, and dependencies between the physical resources, the virtualized resources, the applications, and the services;

discover information that describes the plurality of unique identities access to the physical resources, the virtualized resources, the applications, and the services in the infrastructure, wherein the discovered access information includes the entitlements defined in the authentication tokens generated at the authentication server and the actual activity monitored for the plurality of unique identities in the infrastructure; and

capture a snapshot of the model of the information technology infrastructure, wherein the snapshot includes the information that describes the physical resources, the virtualized resources, the applications, and the services, the dependencies between the physical resources, the virtualized resources, the applications, and the services, and the discovered access information; and

a management infrastructure that manages the captured snapshot of the infrastructure model, wherein the management infrastructure is configured to;

detect one or more problems or incidents in the information technology infrastructure in response to determining that the captured snapshot of the infrastructure model violates one or more predetermined policies; and

manage one or more remediation workloads in response to detecting the one or more problems or incidents in the information technology infrastructure.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and method described herein for discovery enrichment in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for managing identities and access credentials, which may provide information that can enrich discovery of physical and virtual infrastructure resources. For example, a discovery engine may reference federated identity information stored in an identity vault and enrich a discovered infrastructure model with the federated identity information. Thus, the model may generally include information describing physical and virtualized resources in the infrastructure, applications and services running in the infrastructure, and information derived from the federated identity information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services.

499 Citations

20 Claims

1. A system for discovery enrichment in an intelligent workload management system, comprising:
- an authentication server that generates authentication tokens defining entitlements for a plurality of unique identities across a plurality of authentication domains, wherein the authentication server generates the authentication tokens from federated identity information stored in an identity vault;
  
  a discovery engine that discovers a model describing an operational state for an information technology infrastructure and enriches the model with the federated information stored in the identity vault and actual activity monitored for the plurality of unique identities in the information technology infrastructure, wherein the discovery engine is configured to;
  
  discover, from the federated information stored in the identity vault, information that describes one or more physical resources and one or more virtualized resources in the information technology infrastructure, one or more applications and one or more services running in the information technology infrastructure, and dependencies between the physical resources, the virtualized resources, the applications, and the services;
  
  discover information that describes the plurality of unique identities access to the physical resources, the virtualized resources, the applications, and the services in the infrastructure, wherein the discovered access information includes the entitlements defined in the authentication tokens generated at the authentication server and the actual activity monitored for the plurality of unique identities in the infrastructure; and
  
  capture a snapshot of the model of the information technology infrastructure, wherein the snapshot includes the information that describes the physical resources, the virtualized resources, the applications, and the services, the dependencies between the physical resources, the virtualized resources, the applications, and the services, and the discovered access information; and
  
  a management infrastructure that manages the captured snapshot of the infrastructure model, wherein the management infrastructure is configured to;
  
  detect one or more problems or incidents in the information technology infrastructure in response to determining that the captured snapshot of the infrastructure model violates one or more predetermined policies; and
  
  manage one or more remediation workloads in response to detecting the one or more problems or incidents in the information technology infrastructure.

2. A system for discovery enrichment in an intelligent workload management system, comprising:
- an identity vault that stores federated information defining entitlements for a plurality of unique identities across a plurality of authentication domains;
  
  an authentication server that generates authentication tokens defining the entitlements for the plurality of unique identities from the federated information stored in the identity vault;
  
  a discovery engine that discovers a model describing an operational state for an information technology infrastructure and enriches the model with the federated information stored in the identity vault and actual activity monitored for the plurality of unique identities in the information technology infrastructure, wherein the discovery engine is configured to;
  
  discover, from the federated information stored in the identity vault, information that describes one or more physical resources and one or more virtualized resources in the information technology infrastructure;
  
  discover, from the federated information stored in the identity vault, information that describes one or more applications and one or more services running in the information technology infrastructure;
  
  discover, from the federated information stored in the identity vault, information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services discovered in the information technology infrastructure;
  
  discover information that describes the plurality of unique identities access to the physical resources, the virtualized resources, the applications, and the services in the infrastructure, wherein the discovered access information includes the entitlements defined in the authentication tokens generated at the authentication server and the actual activity monitored for the plurality of unique identities in the infrastructure; and
  
  capture a snapshot of the model of the information technology infrastructure, wherein the snapshot includes the information that describes the physical resources, the virtualized resources, the applications, and the services, the dependencies between the physical resources, the virtualized resources, the applications, and the services, and the discovered access information.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 3. The system of claim 2, further comprising a configuration management database configured to persistently store the captured snapshot of the infrastructure model.
  - 4. The system of claim 2, wherein the authentication tokens include single sign-on authentication tokens that provide portable data abstractions encapsulating the entitlements for the unique identities across the plurality of authentication domains.
  - 5. The system of claim 2, wherein the discovery engine discovers the information that describes the physical resources and the virtualized resources using one or more of Internet Control Message Protocol pings, Simple Network Management Protocol Gets, Transmission Control Protocol port probes, or agent-based discovery techniques.
  - 6. The system of claim 2, wherein the discovery engine discovers the information that describes the applications and the services using an application fingerprinting technique that matches one or more artifacts in the discovered information for the physical resources and the virtualized resources to one or more predetermined attributes that uniquely describe the applications and the services.
  - 7. The system of claim 2, wherein the dependencies describe relationships between one or more of the physical resources that host one or more of the virtualized resources, and wherein the dependencies further describe relationships between one or more of the virtualized resources that host one or more of the applications or one or more of the services.
  - 8. The system of claim 2, wherein the entitlements defined in the authentication tokens indicate whether the plurality of unique identities are authorized or permitted to interact with one or more of the physical resources, the virtualized resources, the applications, or the services.
  - 9. The system of claim 8, wherein the snapshot further includes the authentication tokens that indicate whether the plurality of unique identities are authorized or permitted to interact with the physical resources, the virtualized resources, the applications, or the services.
  - 10. The system of claim 9, further comprising a workload engine configured to manage one or more remediation workloads in response to detecting one or more problems or incidents in the information technology infrastructure.
  - 11. The system of claim 10, further comprising a management infrastructure configured to detect the one or more problems or incidents in the information technology infrastructure in response to determining that the captured snapshot of the infrastructure model violates one or more predetermined policies.

12. A method for discovery enrichment in an intelligent workload management system, comprising:
- storing, in an identity vault, federated information defining entitlements for a plurality of unique identities across a plurality of authentication domains;
  
  generating, at an authentication server, authentication tokens defining the entitlements for the plurality of unique identities from the federated information stored in the identity vault; and
  
  discovering, by a discovery engine, a model describing an operational state for an information technology infrastructure enriched with the federated information stored in the identity vault and actual activity monitored for the plurality of unique identities in the information technology infrastructure, wherein discovering the model of the information technology infrastructure includes;
  
  discovering, from the federated information stored in the identity vault, information that describes one or more physical resources and one or more virtualized resources in the information technology infrastructure;
  
  discovering, from the federated information stored in the identity vault, information that describes one or more applications and one or more services running in the information technology infrastructure;
  
  discovering, from the federated information stored in the identity vault, information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services discovered in the information technology infrastructure;
  
  discovering information that describes the plurality of unique identities access to the physical resources, the virtualized resources, the applications, and the services in the infrastructure, wherein the discovered access information includes the entitlements defined in the authentication tokens generated at the authentication server and the actual activity monitored for the plurality of unique identities in the infrastructure; and
  
  capturing a snapshot of the model of the information technology infrastructure, wherein the snapshot includes the discovered information that describes the physical resources, the virtualized resources, the applications, and the services, the dependencies between the physical resources, the virtualized resources, the applications, and the services, and the discovered access information.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, further comprising persistently storing the captured snapshot of the infrastructure model in a configuration management database.
  - 14. The method of claim 12, wherein the authentication tokens include single sign-on authentication tokens that provide portable data abstractions encapsulating the entitlements for the unique identities across the plurality of authentication domains.
  - 15. The method of claim 12, wherein the discovery engine discovers the information that describes the physical resources and the virtualized resources using one or more of Internet Control Message Protocol pings, Simple Network Management Protocol Gets, Transmission Control Protocol port probes, or agent-based discovery techniques.
  - 16. The method of claim 12, wherein the discovery engine discovers the information that describes the applications and the services using an application fingerprinting technique that matches one or more artifacts in the discovered information for the physical resources and the virtualized resources to one or more predetermined attributes that uniquely describe the applications and the services.
  - 17. The method of claim 12, wherein the dependencies describe relationships between one or more of the physical resources that host one or more of the virtualized resources, and wherein the dependencies further describe relationships between one or more of the virtualized resources that host one or more of the applications or one or more of the services.
  - 18. The method of claim 12, wherein the entitlements defined in the authentication tokens indicate whether the plurality of unique identities are authorized or permitted to interact with one or more of the physical resources, the virtualized resources, the applications, or the services.
  - 19. The method of claim 18, wherein the snapshot further includes the authentication tokens that indicate whether the plurality of unique identities are authorized or permitted to interact with the physical resources, the virtualized resources, the applications, or the services.
  - 20. The method of claim 12, further comprising managing one or more remediation workloads in response to detecting one or more problems or incidents in the information technology infrastructure, wherein a management infrastructure detects the one or more problems or incidents in response to determining that the captured snapshot of the infrastructure model violates one or more predetermined policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Westerfeld, Kurt, Choudhary, Usman, Anderson, Eric W. B.

Granted Patent

US 8,695,075 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/31   User authentication

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45533   Hypervisors; Virtual machin...

G06Q 10/06   Resources, workflows, human...

G06Q 10/06313   Resource planning in a proj...

G06Q 10/10   Office automation; Time man...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/14   for detecting or protecting...

H04L 9/3213   using tickets or tokens, e....

SYSTEM AND METHOD FOR DISCOVERY ENRICHMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

499 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DISCOVERY ENRICHMENT IN AN INTELLIGENT WORKLOAD MANAGEMENT SYSTEM

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

499 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links