HARMONIZED GOVERNANCE SYSTEM FOR HETEROGENEOUS AGILE INFORMATION TECHNOLOGY ENVIRONMENTS

US 20170228552A1
Filed: 07/15/2016
Published: 08/10/2017
Est. Priority Date: 02/08/2016
Status: Active Grant

First Claim

Patent Images

1. A harmonized governance system for a heterogeneous agile environment, comprising:

a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are capable of being performed by and on said resources, and (iii) roles assignable to subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles;

a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not;

one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources;

a computer-based policy enforcement element (PEE) communicatively coupled to the respective management platforms and resources of the individual agile environments that make up the heterogeneous agile environment, the PEE configured to enforce and report authorization decisions of the PDE,wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;

each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and

the resources of each respective individual agile environment comprise one or more of compute systems, network systems, application containers, application systems, management systems, and storage systems.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Citations

12 Claims

1. A harmonized governance system for a heterogeneous agile environment, comprising:
- a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are capable of being performed by and on said resources, and (iii) roles assignable to subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles;
  
  a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not;
  
  one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources;
  
  a computer-based policy enforcement element (PEE) communicatively coupled to the respective management platforms and resources of the individual agile environments that make up the heterogeneous agile environment, the PEE configured to enforce and report authorization decisions of the PDE,wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;
  
  each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and
  
  the resources of each respective individual agile environment comprise one or more of compute systems, network systems, application containers, application systems, management systems, and storage systems.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The harmonized governance system of claim 1, wherein for each of the respective ones of the individual agile environments that make up the heterogeneous agile environment, the computer-based PAE maintains harmonized mappings of the abstracted and normalized representations of the resources, and respective attributes of said resources, of the respective individual agile environments and corresponding equivalent virtualized agile environment-specific resources, said mappings stored in the one or more data stores.
  - 3. The harmonized governance system of claim 1, wherein for each of the respective ones of the individual agile environments that make up the heterogeneous agile environment, the computer-based PAE maintains harmonized mappings of the abstracted and normalized operations, and respective attributes of said operations, which are capable of being performed by said resources of the respective individual agile environments and corresponding equivalent agile environment-specific operations, said mappings stored in the one or more data stores.
  - 4. The harmonized governance system of claim 1, wherein for each of the respective ones of the individual agile environments that make up the heterogeneous agile environment, the computer-based PAE maintains harmonized mappings of the abstracted and normalized roles, and respective attributes of said roles, assignable to subjects that will interact with said resources of the respective individual agile environments and corresponding equivalent agile environment-specific roles, said mappings stored in the one or more data stores.
  - 5. The harmonized governance system of claim 4, wherein the abstracted and normalized roles comprise abstracted operations which are capable of being performed by said resources of the respective individual agile environments.

6. A method comprising:
- receiving, at a harmonized governance system for a heterogeneous agile environment that includes a number, n, of individual agile environments each comprising one or more compute systems, network systems, application containers, application systems, management systems, and storage systems, an indication of an attempted operation concerning a resource of a first one of the individual agile environments, and wherein the number, n, of individual agile environments each have individual, associated access policies for resources within the respective individual agile environments;
  
  each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment;
  
  mapping the indication of the attempted operation concerning the resource from an agile environment-specific language of the first one of the individual agile environments to an abstracted, normalized language of the heterogeneous agile environment;
  
  the harmonized governance system of the heterogeneous agile environment making a decision whether to allow or not allow the attempted operation;
  
  translating the decision from the abstracted, normalized language of the heterogeneous agile environment to a command in the agile environment-specific language of the first one of the individual agile environments; and
  
  transmitting the command in the agile environment-specific language of the first one of the individual agile environments to a management platform of the first one of the individual agile environments for execution thereby.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, further comprising reporting a plurality of attempted operations concerning resources of the n individual agile environments in the abstracted, normalized language of the heterogeneous agile environment to an administrator of the harmonized governance system.
  - 8. The method of claim 7, wherein said reporting is via one of:
    - a dashboard or a transmitted report.
  - 9. The method of claim 6, wherein the indication of the attempted operation concerning the resource of the first one of the individual agile environments comprises an indication of an action to be performed on or by the resource.
  - 10. The method of claim 6, wherein making the decision whether to authorize or not authorize the attempted operation comprises determining whether policies governing the attempted operation concerning the resource permit said attempted operation.
  - 11. The method of claim 10, wherein the policies governing the attempted operation concerning the resource comprise one or more of governance policies, role-based access control policies, attribute-based access control policies, placement-policies, and relationship policies.
  - 12. The method of claim 11, wherein the abstracted, normalized language of the heterogeneous agile environment comprises abstracted, normalized representations of subjects, resources, and operations, where subjects are actors that can perform one or more operations on a resource, resources are compute, network, storage, application containers, or application systems in an agile environment, and operations are actions performed on or by a resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
HyTrust, Inc. (Entrust Corp.)
Inventors
Rangarajan, Govindarajan, Prafullchandra, Hemma

Granted Patent

US 9,734,349 B1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/50   Allocation of resources, e....

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

HARMONIZED GOVERNANCE SYSTEM FOR HETEROGENEOUS AGILE INFORMATION TECHNOLOGY ENVIRONMENTS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

HARMONIZED GOVERNANCE SYSTEM FOR HETEROGENEOUS AGILE INFORMATION TECHNOLOGY ENVIRONMENTS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links