Sharing a java virtual machine
US-2015120962-A1 · Apr 30, 2015 · US
Enforcing rules for bound services in a distributed network management system that uses a label-based policy model
US2016294645A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016294645-A1 |
| Application number | US-201514834182-A |
| Country | US |
| Kind code | A1 |
| Filing date | Aug 24, 2015 |
| Priority date | Apr 6, 2015 |
| Publication date | Oct 6, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. A bound service executed by the particular managed server is identified. The bound service has different high-level characteristics from other services executed by the particular managed server. Relevant rules within the set of rules are determined that are relevant to the bound service. A set of relevant managed servers that are relevant to the bound service are selected by identifying managed servers of the plurality that are referenced by the relevant rules. Function-level instructions are generated that regulate communication between the bound service and the set of relevant managed servers based on the relevant rules. The function-level instructions are sent to the particular managed server for use in configuring a management module to implement the administrative domain-wide management policy.
First claim
Opening claim text (preview).
1 . A method of generating management instructions for a particular managed server within an administrative domain according to an administrative domain-wide management policy that comprises a set of one or more rules, wherein the administrative domain includes a plurality of managed servers, the method comprising: identifying a bound service executed by the particular managed server, the bound service having different high-level characteristics from other services executed by the particular managed server; determining relevant rules within the set of rules that are relevant to the bound service; selecting a set of relevant managed servers that are relevant to the bound service by identifying managed servers of the plurality that are referenced by the relevant rules; generating function-level instructions regulating communication between the bound service and the set of relevant managed servers based on the relevant rules; and sending, to the particular managed server, the function-level instructions to implement the administrative domain-wide management policy. 2 . The method of claim 1 , further comprising sending the function-level instructions to the set of relevant managed servers to implement the administrative domain-wide management policy. 3 . The method of claim 1 , wherein identifying the bound service comprises: obtaining a managed server label describing a high-level characteristic of the particular managed server, the managed server label specifying a dimension and the particular managed server's value for the dimension; obtaining a service label describing a high-level characteristic of a service executed by the managed server, the service label specifying the dimension and the service's value for the dimension; and identifying the service as the bound service in response to the particular managed server's value for the dimension differing from the service's value for the dimension. 4 . The method of claim 1 , wherein identifying the bound service comprises: identifying a service as the bound service in response to obtaining process information indicating that the service is bound to a port not conventionally used by the service. 5 . The method of claim 1 , wherein determining the relevant rules within the set of rules comprises: obtaining a label set describing high-level characteristics of the bound service, the label set specifying a dimension and the bound service's value for the dimension; identifying a rule with a scope label set specifying one or more values for the dimension; and selecting the rule for inclusion in the relevant rules in response to determining that the one or more values of the dimension specified in the scope label set include the bound service's value for the dimension. 6 . The method of claim 1 , wherein the bound service comprises a group of services having similar high-level characteristics executed by the particular managed server; and wherein determining the relevant rules within the set of rules comprises identifying rules specifying at least one of the services in the bound service. 7 . The method of claim 1 , wherein selecting the set of relevant managed servers comprises: obtaining a service label set of another bound service executed by another managed server, the other managed server not referenced by the relevant rules; and adding the other managed server to the set of relevant managed servers in response to determining that the other bound service has a service label set referenced by at least one of the relevant rules. 8 . The method of claim 1 , wherein generating the function-level instructions comprises: generating a function-level instruction specifying a port of the particular managed server, and a port of one of the relevant managed servers, the ports used in communications between the bound service and the one of the relevant managed servers. 9 . The method of claim 8 , wherein the particular managed server blocks communications between the bound service and one of the relevant managed servers in response to the one of the relevant managed servers communicating with the bound service through a port not specified by any of the function-level instructions. 10 . The method of claim 1 , further comprising: identifying another managed server executing another instance of the bound service, the other instance of the bound service having different high-level characteristics from other services executed by the other managed server, the other instance of the bound service having same high-level characteristics as the bound service executed by the particular managed server; and determining relevant rules within the set of rules that are relevant to the other bound service, the relevant rules determined for the other bound service matching the relevant rules determined for the bound service executed by the particular managed server. 11 . A non-transitory, computer-readable storage medium stores computer program modules executable by one or more processors to perform steps for generating management instructions for a particular managed server within an administrative domain according to an administrative domain-wide management policy that comprises a set of one or more rules, wherein the administrative domain includes a plurality of managed servers, the steps comprising: identifying a bound service executed by the particular managed server, the bound service having different high-level characteristics from other services executed by the particular managed server; determining relevant rules within the set of rules that are relevant to the bound service; selecting a set of relevant managed servers that are relevant to the bound service by identifying managed servers of the plurality that are referenced by the relevant rules; generating function-level instructions regulating communication between the bound service and the set of relevant managed servers based on the relevant rules; and sending, to the particular managed server, the function-level instructions to implement the administrative domain-wide management policy. 12 . The medium of claim 11 , the steps further comprising sending the function-level instructions to the set of relevant managed servers to implement the administrative domain-wide management policy. 13 . The medium of claim 11 , wherein identifying the bound service comprises: obtaining a managed server label describing a high-level characteristic of the particular managed server, the managed server label specifying a dimension and the particular managed server's value for the dimension; obtaining a service label describing a high-level characteristic of a service executed by the managed server, the service label specifying the dimension and the service's value for the dimension; and identifying the service as the bound service in response to the particular managed server's value for the dimension differing from the service's value for the dimension. 14 . The medium of claim 11 , wherein identifying the bound service comprises: identifying a service as the bound service in response to obtaining process information indicating that the service is bound to a port not conventionally used by the service. 15 . The medium of claim 11 , wherein determining the relevant rules within the set of rules comprises: obtaining a label set describing high-level characteristics of the bound service, the label set specifying a dimension and the bound service's value for the dimension; identifying a rule with a scope label set specifying one or more values for the dimension; and selecting the rule for inclusion in the
Assignees
Inventors
Classifications
Assignment of logical groups to network elements · CPC title
- H04L41/5054Primary
Automatic deployment of services triggered by the service manager, e.g. service implementation by automatic configuration of network components · CPC title
- H04L41/0813Primary
characterised by the conditions triggering a change of settings · CPC title
wherein the managed service relates to simple transport services, i.e. providing only network infrastructure · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016294645A1 cover?
- Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. A bound service executed by the particular managed server is identified. The bound service has different high-level characteristics from other services executed by the particular managed serv…
- Who is the assignee on this patent?
- Illumio Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/5054. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Oct 06 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).