Patent Application
20170171034
Cloud computing infrastructure deployments are often complex, involving many kinds of information technology resources that are interconnected and interrelated in a number of ways. To ultimately serve a single end user, a cloud owner may engage the services of multiple third-parties resource and service providers to supplement the owner's proprietary software and services. Resources may include, for instance: client-facing web page support; back-end accounting, electronic commerce, and database operations; security certificate provision, support, and verification; virtual desktops and user operating environments; and specialty software applications. Resources may be hosted natively on “bare metal” servers, or on “virtual machines” whereby operating system environments for server or client devices are emulated by a host system.
The configuration of a cloud typically involves laborious manual configuration of individual resources combined with stitching these resources together with a variety of scripts written in languages specific to platforms on which the resources reside. Once a cloud design is completed, it may be iteratively tested and debugged via reconfiguration and edits to scripts, until satisfactory operation is achieved. At that time, image records of component resource configurations and setup scripts may be stored. These images may then be later recalled to deploy a cloud, repair damaged deployments, or to bring more cloud resources online in parallel with a deployed cloud.
A cloud declarative language is used to configure and reconfigure cloud computing environments. The language includes physical and logical topology declarations as well as cloud operations commands, and allows users to declare commands at multiple topology hierarchies. The language may be used to create scripts and sets of scripts that are used to configure cloud stacks and other operational parameters. Scripts may be created through direct editing by cloud designers or with the aid of graphical user interfaces. Scripts may be automatically generated using templates of configurations and requirements and use for rapid prototyping and testing of cloud environments. Scripts may also be used to monitor conformance with specified configurations, and to facilitate deployment of incremental modifications to configurations.
Significant challenges are presented in cloud design, deployment, and maintenance by the wide variety of resource types, interfaces, programming languages, and operating systems involved. To address these challenges, a suite of solutions may be provided, including, inter alia: standardized cloud resource type definitions; standardized resource interfaces; a scripting language for defining and managing clouds; and software tools with graphical interfaces for cloud configuration management. Using such tools, cloud operators, such as cloud owners, may centrally observe and manipulate cloud configurations and deployments via a single standard interface, while minimizing the need for programmers and systems administrators to modify individual scripts, application settings, and platform configurations.
Such standardization provides the opportunity to automate the design, deployment, testing, and modification of cloud environments in new ways. For instance, it is often desirable to permute cloud configurations during testing or deployment to accommodate alternative resources or end user requirements. This may be achieved by first establishing a baseline cloud design via the descriptor language. The baseline cloud design may then be used to manually or automatically generate plural permuted configurations, resulting in plural cloud designs. Each of these cloud designs may then be used to automatically configure one or more separate cloud environments. For instance, a single cloud designs may be used to create both a “live” environment accessible by end users and a “testing” environment available only to developers working with the owner of the cloud.
Cloud computing solutions encompass not just multiple types of software written in multiple languages, but also fundamentally disparate tools operating in distinct ways networked across distinct platforms. For example, in the course of a single enterprise session, a user may use software applications written in C, Python, Java, Node.js, and .NET. Such applications may reside on a client apparatus and one or more remote servers. To support the session, myriad operations take place beyond those that the user is aware of, such as billing and credential verification services. To provide cloud-based computing or storage via the Internet or other networks, a cloud solution may include one or more data centers hosting various resource pools, such as collections of physical and/or virtualized computer servers, storage devices, networking equipment and the like, that may be used to implement and distribute the infrastructure and services offered by the cloud solution. The resources may take many forms, including physical computing infrastructure and logical or virtual instances of computing processes hosted on various physical infrastructures. A virtual computing instance may, for example, comprise one or more servers with a specified computational capacity, which may be specified by indicating the type and number of CPUs, the main memory size and so on, and a specified software stack, e.g., a particular version of an operating system, combined with a storage engine and/or application software.
Therefore a cloud system may include a multitude of system components each having any number of configuration parameters. In designing a cloud, a designer may address such high level considerations as capacity requirements planning (CRP) and network resource planning (NRP) in anticipation of the maximum load requirements and how the load should be balanced among available resources. This may include managing online and offline resources, e.g., network bandwidth, storage and computational resources, security relationships between remote devices and client devices through such technologies as Active Directory Federation Services (ADFS), and software restriction policies (SRP), in addition to Active Directory (AD) search and security, along with support of Domain Name Server (DNS) protocol and Dynamic Host Configuration Protocol (DHCP.)
Similarly, a designer may consider how a cloud will manage deployment and maintenance of software across the various cloud devices via automatic and semi-automatic mechanisms. For example, a cloud configuration may encompass Windows Deployment Services (WDS) operating system deployment and Windows Servers Update Services (WSUS.)
The robustness of a cloud may be addressed through configuration options pertaining to the division of computing labor across multiple processors in a single server or across multiple servers, as well as methods for detecting failures and switching over to alternate or backup resources. Myriad choices are available for local, network, and distributed data storage, e.g., through Scale-out File Services (SoFS.) Similarly, there are myriad ways to manage network traffic via controllers and gateways. Operations may be optimized, for instance, using just-in-time (JIT) administrative tools.
Security concerns in a cloud may be addressed through a variety of tools including simple scheduled backups to advanced threat analytics (ATA). In addition to AD user security measures, for instance, Just-Enough Administration (JEA) tools may be configured to limit console operations of power shell sessions.
All of these configuration options are in addition to fundamental enterprise and operating system configuration options, such as those managed by Desired State Configuration (DSC), and Enterprise Cloud Engine (ECE), and Operations Management Suite (OMS) tools.
In the example of
In
The computer 241 may also include other removable/non-removable, volatile/nonvolatile computer storage media. By way of example only,
The drives and their associated computer storage media provide storage of computer readable instructions, data structures, program modules and other data for the computer 241. In
The computer 241 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 246. The remote computer 246 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 241, although only a memory storage device 247 has been illustrated in
When used in a LAN networking environment, the computer 241 is connected to the LAN 245 through a network interface or adapter 237. When used in a WAN networking environment, the computer 241 typically includes a modem 250 or other means for establishing communications over the WAN 249, such as the Internet. The modem 250, which may be internal or external, may be connected to the system bus 221 via the user input interface 236, or other appropriate mechanism. In a networked environment, program modules depicted relative to the computer 241, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,
Other suites of tools may be available through the other implementations of such a GUI. For example, other configuration tools many be included for other kinds of cloud stacks, e.g., based on other operating systems, database tools, virtual environments, and applications.
If, however, a further web application proxy (WAP) and/or ADFS is required to manage a connection to a web client, there are a number of ways to add these to the cloud implementation. First, the WAP and ADFS could be added to the configuration through a second action comprising two steps. Second, two steps could be added to the four steps shown in
Similarly, a cloud configuration management system could store images of code, parameters, and data for both full configurations and for portions of configurations corresponding to various options.
In the cloud design 612, the computer 602 also stores information, such as parameters related to the configuration of the selected available components, in a form congruent with the descriptor language. Such information may be automatically generated in response to receiving the selection of the rendered available cloud design components. Additionally or alternatively, such parameters may be entered by the user via the station 604 using the descriptor language via text, or via drop-down menus or icon interfaces, for example.
The computer 602 may be configured to include, in the listing of available cloud design components, nested hierarchies of component groupings, where component parameters are maintained separately for each instance of a component in the hierarchy. This allows the user to manage cloud design in a modular form. Similarly, the computer 602 may be configured to store a library of custom modules 614 which may be used in creating in multiple cloud designs.
The computer 602 may be further configured to export the cloud design in a form comprising terms of the descriptor language 616. The exported design description 616 may then be transmitted, e.g., via a network 650, to other computer systems 630.
The computer 602 may be further configured to build a cloud deployment package 618 on demand according to the components selected and the specified component parameters. For example, the computer may gather the software, data, and parameters necessary and form images of cloud components to be deployed via the network 650 on other computers 630 to create or repair cloud deployments.
Similarly, the computer 602 may monitor the compliance of a cloud deployment to an intended cloud design. For example, the computer may compare the configuration of other computers 630 to a stored design 612, exported design 616, or package 618. The computer 602 may then, for example, create a report 620 of the number of discrepancies between the cloud design and the cloud deployment. The computer 602 may further apply changes to the cloud deployment to address at least one of the discrepancies. For example, the computer may install a new image of a cloud design package, or install those portions of the cloud design package which are not in conformity.
The computer 602 may be further configured to receive and store one or more sets of changes 622 to cloud designs, whereby a new cloud design may be created by applying the set of changes to another cloud design. The sets of changes 622 may be created by a user of the station 604 by a mechanism similar to those used for creating a cloud design. A set of changes 622 may be automatically generated by comparing two cloud designs. The sets of changes may be stored, expressed, or transmitted in terms of the descriptor language, and may be exported. Sets of changes 622 may be used singly or in combination to generate a new cloud design for storage, export, packaging, or as a reference design for purposes of checking compliance of a deployed cloud.
Depending on inputs from a user of the computer system via the graphical user interface, the system may proceed in a number of ways. In step 704, the computer may receive, via the graphical user interface, a selection of the rendered available cloud design components for the cloud design. For example, the user may enter a listing user the descriptor language, select graphic icons corresponding to available components, or select components via a drop-down menu system. The resulting listing is stored in a form congruent with the descriptor language in step 720.
In step 706, the system may adjust the performance of the selected components using the descriptor language to specify component parameters. This may occur automatically, in accordance to, for example, the order in which the user had made selections. Alternatively, the user may use the descriptor language, drop down menus, or graphic icons to enter or alter the parameters of selected components.
In step 708, nested hierarchies of component groupings are maintained. The component parameters are maintained separately for each instance of a component in the hierarchy. For example, the user may store a partial listing of available cloud design components as a custom module to be reused multiple times within a single cloud design, or used in multiple cloud designs. Such hierarchies may be stored separately, or with the cloud design via step 720 as required.
In step 710, sets of changes to cloud designs are maintained. For example, the user may store a listing of changes to be applied to a first cloud design to achieve a second cloud design. A set of changes may alternatively be automatically generated by comparing two cloud designs. The sets of changes may be stored, expressed, or transmitted in terms of the descriptor language, and may be exported. Sets of changes may be used singly or in combination to generate a new cloud design for storage, export, packaging, or as a reference design for purposes of checking compliance of a deployed cloud.
In step 730, the system optionally exports a cloud design in a form comprising terms of the descriptor language. The exported cloud design may be derived from a base cloud design in view of one or more sets of changes. In step 740, the system optionally builds a cloud deployment package on demand according to the components selected and the specified component parameters, or according to an exported design, or in accordance with a base cloud design in view of one or more sets of changes.
Optionally, in step 750, the system optionally monitors cloud design compliance by comparing a deployment to an intended design. The intended design may be in the form of a listing of selected components and specified component parameters as created in step 720, an exported design as created in step 730, or a package as created in step 740, for example. The intended design may reflect a base cloud design created in steps 704, 706, and 708, in further view of one or more sets of changes created in step 710. In step 752, the system optionally reports a number of discrepancies between the cloud design and the cloud deployment. In step 754, the system optionally applies changes to the cloud deployment to address at least one of the discrepancies. At the end of any operation in method 700, the user may be returned to the graphical user interface in step 702 to initiate other activities.
Dynamic, on-demand packaging as part of deployment in cloud environments may be achieved through the use of a packaging tool using a GUI and a cloud descriptor language. By standardizing interfaces of component resources, a single platform may be used to configure a wide variety of cloud environments dynamically, thus facilitating on-demand design revision, augmentation, and maintenance. Such a tool may provide a framework for managing aspects of cloud deployments as diverse as: general controls such as CPR and NRP; access control via ADFS and SRP; configuration management via DCE, ECE, and OMS; domain management via AD, DNS, and DHCP; control of code and configuration deployment via WDS and WSUS; management of data storage, e.g., via SoFS; control network operations through configuration of controllers and gateways; operational integrity and security assurance via JIT, JEA, ATA, and/or active agents; as well as general administration, credentials management, and web services. In addition, the packaging tool may be used to incorporate propriety custom modules and code libraries in a cloud deployment, whereby an operator of the packaging tool could design, implement, and maintain a cloud environment through the tool substantial without needing to resort to the services of third-party vendors or programmers to code custom scripts and settings. Instead, the developer may specify which packages are to be used for deployment. The packages may then be built on-demand as part of the deployment workflow. Further, the tool may be configured automatically permute the configuration, e.g., to facilitate testing of multiple package configurations and combinations in parallel or in rapid succession, without the need for the manual coding or building of individual configurations, thus saving time in the typical code-build-deploy-test cycle.
For example, a computing system apparatus for managing a set of cloud designs may be created using a processor, a memory, computer-executable instructions stored in the memory of the apparatus, and a database of available cloud design components. The cloud design components in the database may include user resources, database resources, and feature resources, and these cloud design components may have standardized interfaces described in a way that is congruent with a descriptor language that uses standardized parameters for the cloud design components.
The computing system apparatus may be configured such that, when executed by the processor of the apparatus, the computer-executable instructions cause the apparatus to manage cloud designs via a graphical user interface. The user of the computing system apparatus may further construct a listing of cloud design components for a first cloud design in the descriptor language using the graphical user interface to select components for the first cloud design by selecting available components from the database using the graphical user interface and adjusting performance of the selected components using the descriptor language to specify component parameters. The user may then further describe a set of changes, also using the descriptor language, where the set of changes may be applied to the first cloud design to create a second cloud design. In this manner, plural cloud designs can be created, stored, and managed in the concise form of a listing of cloud component features and parameters thereof. Further, plural cloud designs can be described in terms of baseline cloud design and incremental or stand-alone changes thereto.
The database may include plural resource options for each of data storage management, domain management, software applications, and network management.
The system may also include a configuration exporter, whereby cloud designs and sets of changes to cloud designs may be exported, each in compact form comprising the terms of the descriptor language. These are simpler to store and maintain than, e.g., images of built cloud system packages.
The system may also include a packager whereby a cloud deployment package may be built on demand according to the components selected and the specified component parameters of the cloud design. Similarly, a cloud deployment package may be built on demand according to the components selected and the specified parameters in a cloud design, as modified by one or more sets of changes.
The system may also include graphical user interface capability for creating and storing multiple sets of changes as well as a batch list, where the batch list indicates the first cloud design and the multiple sets of changes. The packager may then use the batch list to create multiple cloud deployment packages based on a baseline cloud design and upon each of the sets of changes. This allows rapid prototyping of multiple varying environments, such as may be desirable to test new features under of variety of infrastructure, configuration, and use case scenarios. The sets of changes may be applied independently to the baseline cloud design, or alternatively the sets of changes may be applied cumulatively.
The system may also include an exerciser which deploys the various cloud design system packages, and then tests each deployed package in an automated testing regimen.
The system may include a configuration compliance tool, whereby a cloud deployment is compared to a baseline cloud design as modified by one or more sets of changes, where the configuration compliance tool reports a number of discrepancies between the baseline cloud design as modified by the one or more set of changes and the cloud deployment. The configuration compliance tool may also apply changes to the deployed cloud design to address at least one of the discrepancies.
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 62/267,556, filed Dec. 15, 2015, the disclosure of which is hereby incorporated by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 62267556 | Dec 2015 | US |
