HARMONIZED GOVERNANCE SYSTEM FOR HETEROGENEOUS AGILE INFORMATION TECHNOLOGY ENVIRONMENTS
First Claim
1. A harmonized governance system for a heterogeneous agile environment, comprising:
- a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are capable of being performed by and on said resources, and (iii) roles assignable to subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles;
a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not;
one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources;
a computer-based policy enforcement element (PEE) communicatively coupled to the respective management platforms and resources of the individual agile environments that make up the heterogeneous agile environment, the PEE configured to enforce and report authorization decisions of the PDE,wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;
each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and
the resources of each respective individual agile environment comprise one or more of compute systems, network systems, application containers, application systems, management systems, and storage systems.
5 Assignments
0 Petitions
Accused Products
Abstract
A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.
-
Citations
12 Claims
-
1. A harmonized governance system for a heterogeneous agile environment, comprising:
-
a computer-based policy administration element (PAE) communicatively coupled to respective management platforms of a plurality of individual agile environments that make up the heterogeneous agile environment, the PAE configured to administer and report governance policies, including rules, roles and assignment to resources of the heterogeneous agile environment according to abstracted and normalized (i) representations of the resources, (ii) operations which are capable of being performed by and on said resources, and (iii) roles assignable to subjects that will interact with said resources, and (iv) respective attributes of said representations, operations and roles; a computer-based policy decision element (PDE) communicatively coupled to receive indications of attempted governance operations by one or more subjects to resources within the individual agile environments that make up the heterogeneous agile environment, the PDE configured to determine and report whether the attempted governance operations should be permitted or not; one or more data sources accessible to the PAE and the PDE storing information about (i) the one or more subjects and respective attributes thereof, and (ii) resources of the heterogeneous agile environment and respective attributes of said resources; a computer-based policy enforcement element (PEE) communicatively coupled to the respective management platforms and resources of the individual agile environments that make up the heterogeneous agile environment, the PEE configured to enforce and report authorization decisions of the PDE, wherein different respective ones of the individual agile environments that make up the heterogeneous agile environment have individual, associated access policies for resources within the respective individual agile environments;
each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment; and
the resources of each respective individual agile environment comprise one or more of compute systems, network systems, application containers, application systems, management systems, and storage systems. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving, at a harmonized governance system for a heterogeneous agile environment that includes a number, n, of individual agile environments each comprising one or more compute systems, network systems, application containers, application systems, management systems, and storage systems, an indication of an attempted operation concerning a resource of a first one of the individual agile environments, and wherein the number, n, of individual agile environments each have individual, associated access policies for resources within the respective individual agile environments;
each respective individual agile environment has an associated, respective access control system for subjects, resources, and operations of the respective individual agile environment;mapping the indication of the attempted operation concerning the resource from an agile environment-specific language of the first one of the individual agile environments to an abstracted, normalized language of the heterogeneous agile environment; the harmonized governance system of the heterogeneous agile environment making a decision whether to allow or not allow the attempted operation; translating the decision from the abstracted, normalized language of the heterogeneous agile environment to a command in the agile environment-specific language of the first one of the individual agile environments; and transmitting the command in the agile environment-specific language of the first one of the individual agile environments to a management platform of the first one of the individual agile environments for execution thereby. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
Specification