Methods and systems for managing a virtual data center with embedded roles based access control

US 8,806,486 B2
Filed: 09/01/2011
Issued: 08/12/2014
Est. Priority Date: 09/03/2010
Status: Active Grant

First Claim

Patent Images

1. A virtual data center control system comprising:

a web server configured to generate a user interface (UI) which enables a user to remotely control elements of said virtual data center by instructing said virtual data center control system to perform an activity associated with any of said elements, said elements including virtual machines and at least one firewall;

an application server configured to receive a request to perform the activity from the web server and configured to execute one or more tasks which implement said activity, wherein said one or more tasks can be synchronous tasks or asynchronous tasks; and

an interface configured to receive synchronous task commands from said web server and said asynchronous task commands from said application server and configured to transform said synchronous task commands and said asynchronous task commands into at least one of a hypervisor layer command, and to transmit said transformed commands toward a hypervisor layer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments provide techniques for customers to easily, quickly and remotely manage their virtual data centers. Using, for example, a “single pane of glass” GUI view which shows all of the components (including e.g., machines (cpu and RAM), network services (load balancers, firewalls, network address translation, IP management) and storage) of their virtual data centers, provides a complete overview and a starting point for system or component management. According to embodiments, a Roles Based Access Control (RBAC) system is provided which simulates the organizational structure and workflow of a typical IT department to enable workflow management via the GUI for any component or function of a customer'"'"'s virtual data center.

53 Citations

View as Search Results

40 Claims

1. A virtual data center control system comprising:
- a web server configured to generate a user interface (UI) which enables a user to remotely control elements of said virtual data center by instructing said virtual data center control system to perform an activity associated with any of said elements, said elements including virtual machines and at least one firewall;
  
  an application server configured to receive a request to perform the activity from the web server and configured to execute one or more tasks which implement said activity, wherein said one or more tasks can be synchronous tasks or asynchronous tasks; and
  
  an interface configured to receive synchronous task commands from said web server and said asynchronous task commands from said application server and configured to transform said synchronous task commands and said asynchronous task commands into at least one of a hypervisor layer command, and to transmit said transformed commands toward a hypervisor layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The virtual data center control system of claim 1,wherein said application server is further configured to generate a completed asynchronous task indication upon completion of one or more asynchronous tasks if said one or more asynchronous tasks are associated with the requested activity and further comprising:
    - wherein said UI includes UI control elements for enabling receipt of commands to perform at least one of the virtual data center functions of;
      
      create a virtual machine,configure a virtual machine,configure a network of virtual machines,establish role-based access to said virtual data center, andmonitor resource usage of said virtual data center.
  - 3. The virtual data center control system of claim 1, wherein said application server further comprises:
    - a job engine module configured to receive an asynchronous task from the UI and to schedule execution of said asynchronous task as a plurality of component tasks; and
      
      a task watcher module configured to monitor execution of said component asynchronous task commands and to generate an indication when all of the component asynchronous task commands associated with the asynchronous task are completed.
  - 4. The virtual data center control system of claim 1, wherein said activity is one of create a virtual machine, configure a virtual machine, configure a network of virtual machines, establish role-based access to said virtual data center, and monitor resource usage of said virtual data center.
  - 5. The virtual data center control system of claim 1, wherein said activity is any one of a plurality of activities including create a virtual machine, configure a virtual machine, configure a network of virtual machines, establish role-based access to said virtual data center, and monitor resource usage of said virtual data center, such that said UI includes at least one control element associated with each of said plurality of activities.
  - 6. The virtual data center control system of claim 1, wherein the web server is further configured to generate a first UI screen which depicts UI elements associated with all of the virtual machines associated with the virtual data center, and to generate a second UI screen which depicts UI elements associated with exposure of a network element associated with the virtual data center to a public network.
  - 7. The virtual data center control system of claim 6, wherein the web server is further configured to generate said first UI screen which depicts said UI elements associated with all of the virtual machines by displaying each of said virtual machines as belonging to one or more of three hierarchical containers, wherein said virtual machines are collected into groups and subgroups.
  - 8. The virtual data center control system of claim 6, wherein the web server is further configured to generate the second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to a public network by displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to set a firewall rule type associated with at least one source IP address and at least one destination IP address.
  - 9. The virtual data center control system of claim 1, wherein the web server is further configured to generate a UI screen which depicts UI elements associated with Roles Based Access Control (RBAC) of the virtual data center by displaying a matrix having, on one side, a plurality of virtual data center commands and having, on another side, a plurality of roles each associated with a different level of access to said virtual data center, and enabling a user to select, using said matrix, which of said plurality of roles have permission to actuate which of said plurality of virtual data center commands.
  - 10. The virtual data center control system of claim 1, wherein the web server is further configured to generate a UI screen which depicts UI elements associated with resource control of a server environment including a first UI control element for controlling a maximum resource limit for the server environment, a second UI control element for controlling priority allocation of the resource for each machine disposed in the server environment and a third UI control element associated with an oversubscription ratio for the server environment.
  - 11. The virtual data center control system of claim 1, wherein said elements further comprise at least one load balancer.
  - 12. The virtual data center control system of claim 1, wherein the web server is further configured to generate a UI screen which depicts UI elements associated with resource control of a server environment including a first UI control element for controlling a maximum resource limit for the server environment.

13. A method for remotely controlling a virtual data center, the method comprising:
- generating, by a server, a user interface (UI) enabling control of said virtual data center, wherein said UI includes control elements which enable a user to control functions associated with virtual machines and at least one firewall;
  
  receiving, at said server via said UI, a command to initiate a virtual data center control activity associated with one of the virtual machines and at least one firewall, or a command to add a new virtual machine to said virtual data center;
  
  executing, by said server, one or more tasks to implement said virtual data center control activity;
  
  determining, by said server, that said virtual data center control activity starts with a synchronous activity associated with obtaining information associated with said new virtual machine to be added;
  
  receiving, at said server via said UI, said information;
  
  determining, by said server, that said virtual data control activity continues with an asynchronous activity associated with setting up said new virtual machine; and
  
  setting up, by said server, said new virtual machine using said information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 14. The method of claim 13, further comprising:
    - determining whether said virtual data center control activity involves one or more asynchronous tasks;
      
      scheduling, by a job engine, said one or more asynchronous tasks associated with said virtual data center control activity; and
      
      updating said UI in response to a status of said virtual data center control command.
  - 15. The method of claim 14, further comprising:
    - displaying a fourth UI screen which enables a user to input said information including at least one of;
      
      a name for said new virtual machine, an operating system for said new virtual machine, a template from which to build said new virtual machine, a number of processors for said new virtual machine, an amount of memory for said new virtual machine, a VLAN to which said new virtual machine is to be connected and an IP address for said new virtual machine.
  - 16. The method of claim 15, further comprising:
    - displaying, proximate a UI element associated with said new virtual machine, a status bar indicating a status associated with the creation of said new virtual machine.
  - 17. The method of claim 13, wherein said step of generating said UI further comprises:
    - generating a first UI screen which depicts UI elements associated with all of the virtual machines associated with the virtual data center; and
      
      generating a second UI screen which depicts UI elements associated with exposure of a network element associated with the virtual data center to a public network.
  - 18. The method of claim 17, wherein each of said first and second UI screens are accessible via associated tabs in said UI.
  - 19. The method of claim 17, wherein said step of generating said first UI screen which depicts said UI elements associated with all of the virtual machines further comprises:
    - displaying each of said virtual machines as belonging to one or more of three hierarchical containers, wherein said virtual machines are collected into groups and subgroups.
  - 20. The method of claim 17, further comprising:
    - displaying, as an overlay to said first UI screen, a plurality of options for controlling one of said virtual machines in response to a user input received while a cursor is disposed over a UI element associated with said one of said virtual machines.
  - 21. The method of claim 20, wherein said plurality of options include:
    - requesting details of said one of said virtual machines, powering on or off said one of said virtual machines, suspending said one of said virtual machines, restarting said one of said virtual machines, cloning said one of said virtual machines and moving said one of said plurality of virtual machines.
  - 22. The method of claim 17, wherein said step of generating said second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to said public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to establish a correspondence between a public IP address, public port, a VLAN, a private port and a private IP address as a network address translation (NAT) rule.
  - 23. The method of claim 17, wherein said step of generating said second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to said public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to set a firewall rule type associated with at least one source IP address and at least one destination IP address.
  - 24. The method of claim 17, wherein said step of generating said second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to said public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to assign one or more virtual machines to a load balancer.
  - 25. The method of claim 17, further comprising:
    - generating a third UI screen which depicts UI elements associated with Roles Based Access Control (RBAC) of the virtual data center bydisplaying a list of users who are authorized to issue commands to said virtual data center.
  - 26. The method of claim 17, further comprising:
    - generating a third UI screen which depicts UI elements associated with Roles Based Access Control (RBAC) of the virtual data center bydisplaying a matrix having, on one side, a plurality of virtual data center commands and having, on another side, a plurality of roles each associated with a different level of access to said virtual data center, andenabling a user to select, using said matrix, which of said plurality of roles have permission to actuate which of said plurality of virtual data center commands.
  - 27. The method of claim 13, wherein the step of generating, by said server, said user UI enabling control of said virtual data center further comprises:
    - generating a UI screen which depicts UI elements which associated with resource control of a server environment including a first UI control element for controlling a maximum resource limit for the server environment, a second UI control element for controlling priority allocation of the resource for each machine disposed in the server environment and a third UI control element associated with an oversubscription ratio for the server environment.

28. A non-transitory, computer-readable medium containing a plurality of program instructions stored thereon which, when executed by a processor or computer, perform the functions comprising:
- generating a user interface (UI) enabling control of a virtual data center;
  
  receiving, via said UI, a command to initiate a virtual data center control activity;
  
  determining whether said virtual data center control activity involves one or more asynchronous tasks;
  
  scheduling, by a job engine, said one or more asynchronous tasks associated with said virtual data center control activity;
  
  updating said UI in response to a status of said virtual data center control command;
  
  receiving, as said command, a command to add a new virtual machine to said virtual data center;
  
  determining that said virtual data center control activity starts with a synchronous activity associated with obtaining information associated with said new virtual machine to be added;
  
  receiving said information;
  
  determining that said virtual data control activity continues with an asynchronous activity associated with setting up said new virtual machine; and
  
  setting up said new virtual machine using said information.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 29. The non-transitory, computer-readable medium of claim 28, wherein said step of generating said UI further comprises:
    - generating a first UI screen which depicts UI elements associated with all of the virtual machines associated with the virtual data center;
      
      generating a second UI screen which depicts UI elements associated with exposure of a network element associated with the virtual data center to a public network; and
      
      generating a third UI screen which depicts UI elements associated with Roles Based Access Control (RBAC) of the virtual data center.
  - 30. The non-transitory, computer-readable medium of claim 29, wherein each of said first, second and third UI screens are accessible via associated tabs in said UI.
  - 31. The non-transitory, computer-readable medium of claim 29, wherein said step of generating said first UI screen which depicts said UI elements associated with all of the servers further comprises:
    - displaying each of said servers as belonging to one or more of three hierarchical containers, wherein said servers are collected into groups and subgroups.
  - 32. The non-transitory, computer-readable medium of claim 29, further comprising:
    - displaying, as an overlay to said first UI screen, a plurality of options for controlling one of said virtual machines in response to a user input received while a cursor is disposed over a UI element associated with said one of said virtual machines.
  - 33. The non-transitory, computer-readable medium of claim 29, wherein said step of generating said second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to said public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to establish a correspondence between a public port, a VLAN, a private port and a private IP address as a network address translation (NAT) rule.
  - 34. The non-transitory, computer-readable medium of claim 29, wherein said step of generating said second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to said public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to set a firewall rule type associated with at least one source IP address and at least one destination IP address.
  - 35. The non-transitory, computer-readable medium of claim 29, wherein said step of generating said second UI screen which depicts UI elements associated with exposure of said network element associated with the virtual data center to said public network further comprises:
    - displaying as said UI elements associated with exposure of said network element, a mechanism which enables a user to assign one or more virtual machines to a load balancer.
  - 36. The non-transitory, computer-readable medium of claim 29, wherein said step of generating said third UI screen which depicts UI elements associated with RBAC of the virtual data center further comprises:
    - displaying a list of users who are authorized to issue commands to said virtual data center.
  - 37. The non-transitory, computer-readable medium of claim 29, wherein said step of generating said third UI screen which depicts UI elements associated with RBAC of the virtual data center further comprises:
    - displaying a matrix having, on one side, a plurality of virtual data center commands and having, on another side, a plurality of roles each associated with a different level of access to said virtual data center, andenabling a user to select, using said matrix, which of said plurality of roles have permission to actuate which of said plurality of virtual data center commands.
  - 38. The non-transitory, computer-readable medium of claim 28, further comprising:
    - displaying a fourth UI screen which enables a user to input said information including at least one of;
      
      a name for said new virtual machine, an operating system for said new virtual machine, a template from which to build said new virtual machine, a number of processors for said new virtual machine, an amount of memory for said new virtual machine, a VLAN to which said new virtual machine is to be connected and an IP address for said new virtual machine.
  - 39. The non-transitory, computer-readable medium of claim 38, further comprising:
    - displaying, proximate a UI element associated with said new virtual machine, a status bar indicating a status associated with the creation of said new virtual machine.
  - 40. The non-transitory, computer-readable medium of claim 38, wherein said plurality of options include:
    - requesting details of said one of said virtual machines, powering on or off said one of said virtual machines, suspending said one of said virtual machines, restarting said one of said virtual machines, cloning said one of said virtual machines and moving said one of said plurality of virtual machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Original Assignee
Time Warner Cable Enterprises LLC (Charter Communications Incorporated)
Inventors
Martin, Denis, Grimes, David, Warnock, Thomas, Dwyer, John
Primary Examiner(s)
Lee, Adam

Application Number

US13/223,893
Publication Number

US 20120072910A1
Time in Patent Office

1,076 Days
Field of Search

None
US Class Current

718/1
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2209/549   Remote execution

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/4843   by program, e.g. task dispa...

G06F 9/5077   Logical partitioning of res...

Methods and systems for managing a virtual data center with embedded roles based access control

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for managing a virtual data center with embedded roles based access control

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links