EXTERNAL FEATURE PROVISION FOR CLOUD APPLICATIONS

Information

  • Patent Application
  • 20170286083
  • Publication Number
    20170286083
  • Date Filed
    August 27, 2015
    9 years ago
  • Date Published
    October 05, 2017
    7 years ago
Abstract
A computer implemented method to execute a software application in a first network attached computing environment comprising: receiving a definition of the application, the definition identifying a set of software components and including configuration information for installing and executing the components in the first environment; installing and configuring the components in the first environment in accordance with the definition, wherein the definition further includes, for an identified component in the set, software agent information about a software agent that implements part of a software feature, the agent being provided by a second network attached computing environment external to and communicatively connected with the first environment, the second environment providing another part of the software feature, the method further comprising obtaining, installing and configuring the agent based on the agent information to provide part of the software feature for the application.
Description
TECHNICAL FIELD

The present disclosure relates to the provision of software features for applications deployed to networked computing environments. In particular, it relates to software features for applications deployed to cloud computing environments, the features being provided by networked environments external to a cloud environment.


BACKGROUND

Historically, organizations and businesses developed or acquired bespoke or off-the-shelf software solutions for execution using dedicated computer hardware. Such software solutions find broad application in many varied areas of business such as: financial management; sales and order handling; record storage and management; human resource record management; payroll; marketing and advertising; internet presence etc. The acquisition, management and maintenance of such software and hardware can require costly investment in systems development, management and revision—functions that can extend beyond the core business concerns of an organization.


As organizations increasingly seek to decouple such systems management from their core business processes to control costs, breadth of concern and liabilities, dedicated service offerings are provided to take the place of in-house systems. Computer systems are increasingly provided by third parties as services in the same way as utilities, a shift that has been partly facilitated by improvements in the availability of high-speed network connections allowing consuming businesses to access and use networked third party systems. Such systems can include substantially all aspects of a business computer system including hardware, operating systems software, file systems and data storage software including database applications and the like, middleware and transaction handling software, and commercial software. In this way consuming businesses can be relieved of concerns relating to the exact nature, arrangement and management of computing systems and focus resources elsewhere. The computing system is abstracted from the consuming business and can be logically thought of as a ‘cloud’ in which all system concerns are encapsulated and at least partly managed by a third party. Thus, such arrangements are known as ‘cloud computing’.


Service providers can provide computing infrastructure on a service basis, either using dedicated hardware or hardware shared by multiple systems employing, for example, virtualization software. Such services can be described as Infrastructure as a Service (or IaaS). Service providers can also provide software platform resources such as, inter alia, operating systems, execution runtime environments, databases, middleware, network services such as web servers and development tools and the like. Such services can be described as Platform as a Service (or PaaS). Generally, all such facilities can be described as Software as a Service (SaaS).


Infrastructure and platform services can be implemented so as to abstract any particular deployed application from underlying resources employed. A software application may require specific resources, for example a specific operating system, execution environment, database and web server. The application can be deployed to a platform provided by a platform service provider, the platform having potentially many and numerous alternative resources being selected and configured to satisfy the specific requirements of the application. Further, the platform itself can operate with an infrastructure provided by an infrastructure service provider, certain attributes and resources of which may be at least partly specified for the application. The infrastructure may also have many and numerous alternative resources being selected and configured to satisfy the requirements of the platform and the application. Thus, an application deployment can involve an assembly of multiple resources selected from a potentially greater number of available resources at each of the application, platform and infrastructure level.


The selection of resources by a systems integrator on behalf of a consuming business depends upon resource availability by service providers. That is to say that a third party service provider must provide, support and manage a resource for a systems integrator to utilize the resource in an application assembly. As consuming businesses depend increasingly on SaaS, the ability to select particular resources for assembly is supplemented by a requirement to select particular features, characteristics or functions of resources as part of an assembly, such features being common to potentially multiple resources. For example, data security services such as encryption can be required across many disparate resources in a cloud application from a file system and data storage to networking and database. Further, the exact nature, quality and formulation of a service may be subject to organizational, legal and/or regulatory requirements, all of which much be satisfied by a cloud service provider if a cloud consumer is to successfully deploy a cloud application.


A cloud service provider that does not provide a required resource, facility or feature may be unusable by a cloud consumer. In some cases, a cloud service provider may provide part of a feature, such as a feature for a subset of software components available to cloud consumers using the service provider. For example, a particular encryption feature may be available for a database product at a cloud service provider but may not be available for file systems or networking. Further, management of features common to many resources of components in a cloud application may involve managing multiple disparate components. For example, encryption of a file system may be managed by a file system or operating system management interface, whereas equivalent encryption of a database may be managed by a database control panel. Yet further, where a cloud consumer deploys cloud applications across multiple cloud environments, such as multiple public cloud environments or a combination of public and private cloud environments, the use of features may require many different management and configuration services for each component employing the feature in each application in each cloud environment. Thus the potential for a lack of availability of features within cloud environments, coupled with the potential for a lack of availability of features for all components, coupled with a need to manage features separately for different cloud applications, different cloud environments and different components introduces considerable burdens to cloud consumers.


SUMMARY

The present disclosure accordingly provides, in a first aspect, a computer implemented method to execute a software application in a first network attached computing environment comprising: receiving a definition of the application, the definition identifying a set of software components and including configuration information for installing and executing the components in the first environment; installing and configuring the components in the first environment in accordance with the definition, wherein the definition further includes, for an identified component in the set, software agent information about a software agent that implements part of a software feature, the agent being provided by a second network attached computing environment external to and communicatively connected with the first environment, the second environment providing another part of the software feature, the method further comprising obtaining, installing and configuring the agent based on the agent information to provide part of the software feature for the application.


In this way a feature of an environment, such as the second environment, external to an application execution environment, such as the first environment, is selectable for a component and for inclusion in an application assembly definition by way of an augmented registry irrespective of whether the feature is provided by the application execution environment for the component. Further, the feature can be provided for multiple, potentially disparate components, from the same external environment by the same service provider by way of the component-specific agents providing part of the feature within the application itself. Accordingly there is a centralization of the feature at the external environment by a service provider and the feature can be configured and managed centrally for all components for which the feature is installed. The central configuration and management provides for assured commonality of configuration and management for a feature spanning multiple components in a cloud application deployment. Equally, where required, separation of the configuration and management for different components can be achieved, with configuration and management taking place through a single external environment (e.g. a single management interface). Conceivably, the feature can be extended to apply to multiple applications installed in common or disparate cloud environments, providing centralization of functioning, configuration and management of the feature for potentially multiple components in potentially multiple applications across potentially multiple cloud environments.


In one embodiment, the identified component in the set is a first component and the definition includes, for a second component in the set, second software agent information about a second software agent that implements part of the software feature for the second component, the software feature being common to both the first and second software components.


In one embodiment, the second environment provides another part of the software feature for both the first and second components.


In one embodiment, the first environment is a virtualized computing environment providing a virtual machine for the execution of the application.


In one embodiment, the virtual machine is a first virtual machine and the application is a first application, wherein the first environment further provides a second virtual machine for execution of a second application, the second application including a software agent implementing part of the software feature, wherein the second environment provides another part of the software feature for the software agents of both the first and second applications.


In one embodiment, the software agent is a software interface, software stub and/or software skeleton providing access to the part of the software feature provided by the second environment.


In one embodiment, the second environment is a virtualized computing environment providing a virtual machine for execution of the part of the software feature provided by the second environment.


In one embodiment, the second environment is a virtualized computing environment providing a first virtual machine for execution of the part of the software feature provided by the second environment for the first component and a second virtual machine for execution of the part of the software feature provided by the second environment for the second component.


In one embodiment, the second environment is a virtualized computing environment providing a first virtual machine of the second environment for execution of the part of the software feature provided by the second environment for the first application and a second virtual machine of the second environment for execution of the part of the software feature provided by the second environment for the second application.


In one embodiment, the software feature is one of: cryptography; anti-malware; virus detection; virus remediation; firewall; network intrusion detection; and integrity monitoring.


The present disclosure accordingly provides, in a second aspect, a computer system adapted to execute a software application in a first network attached computing environment comprising a processor configured to: receive a definition of the application, the definition identifying a set of software components and including configuration information for installing and executing the components in the first environment; install and configuring the components in the first environment in accordance with the definition, wherein the definition further includes, for an identified component in the set, software agent information about a software agent that implements part of a software feature, the agent being provided by a second network attached computing environment external to and communicatively connected with the first environment, the second environment providing another part of the software feature, the processor being further configured to obtain, install and configure the agent based on the agent information to provide part of the software feature for the application.


The present disclosure accordingly provides, in a third aspect, a non-transitory computer-readable storage medium storing a computer program or suite of computer programs which upon execution by a computer system performs the method described above.





BRIEF DESCRIPTION OF THE DRAWINGS

An embodiment will now be described, by way of example only, with reference to the accompanying drawings, in which:



FIG. 1 is a conceptual diagram of a network attached cloud computing environment 100 with which embodiments of the present disclosure can be applied.



FIG. 2 is a flow diagram illustrating assembly and deployment of a software application for a cloud computing environment.



FIG. 3 is a block diagram of a computer system suitable for the operation of embodiments of the present disclosure.



FIG. 4 is a flow diagram illustrating assembly and deployment of a software application with a software feature partly provided by a network attached computing service external to the cloud computing environment in accordance with embodiments of the present disclosure.



FIG. 5 is a schematic representation of relationships between a software feature and an exemplary application deployed in a network connected cloud computing environment in accordance with embodiments of the present disclosure.



FIG. 6 is a schematic representation of relationships between a feature and an exemplary application deployed in a network connected cloud computing environment in accordance with embodiments of the present disclosure.



FIG. 7 is a schematic illustration of the feature of FIG. 5 applied to multiple applications deployed to multiple network attached cloud computing environments in accordance with embodiments of the present disclosure.



FIG. 8 is an exemplary data schema defining entity relationships for a feature in accordance with a preferred embodiment of the present disclosure.



FIG. 9 is a flowchart of a method of the registry augmenter of FIG. 4 in accordance with embodiments of the present disclosure.



FIG. 10 is a flowchart of a method of the application assembler of FIG. 4 in accordance with embodiments of the present disclosure.



FIG. 11 is a schematic illustration of cloud applications in execution having a feature provided by an external environment in accordance with embodiments of the present disclosure invention.





DETAILED DESCRIPTION


FIG. 1 is a conceptual diagram of a network attached cloud computing environment 100 with which embodiments of the present disclosure can be applied. A cloud computing environment 100 is a shared, virtualized computing environment as described below. The cloud computing environment 100 includes one or more hardware devices 102 such as computer systems each having: one or more processor units; a memory store; an internal bus; and one or more interfaces for communication with, inter alia, devices, computer systems, peripherals and the like. While a single hardware layer 102 is depicted in FIG. 1, it will be apparent to those skilled in the art that multiple connected, interoperating or cooperating hardware devices could be employed such as multiple computer systems arranged in rack-based computing arrangements and the like.


An operating system 104 is stored in a memory or other store for execution by processor(s) of the environment 100. The operating system includes, inter alia, services for networking 106, file system 108 and programmatic interfaces 110 for operating system services, devices and the like. A virtualization software component 112 provides a virtualized computing environment in which the physical arrangement of a computer system (including the hardware 102) is abstracted to generate one or more virtual computer systems, known as virtual machines 114, 116, 118, 120.


For example, a virtual machine can be provided as a particular operating system executing within a virtualized computing environment having a hypervisor on a hardware device or, potentially, a distributed arrangement of hardware devices. The virtualized computing environment can be provided as a service-based technology such that the environment is delivered as a service for the installation and execution of a software application. In one embodiment, the virtualized environment is provided as part of a Cloud Computing service provided by a Cloud Computing service provider such as BT Cloud Compute available from British Telecommunications plc. Additionally or alternatively, the virtualized computing environment can be provided as, or operate with, a service based infrastructure and/or platform such as IaaS and/or PaaS.


Software applications are deployed to the cloud computing environment 100 by instantiating virtual machines 114, 116, 118, 120 and installing and configuring operating system and application software therein. Deployment of a software application includes any or all of installing, configuring, arranging and adapting the software application such that the application is executable within the virtualized computing environment. For example, a web based software application can be installed to execute with an operating system executing on a virtual machine, the virtual machine being configured to include networking facilities and the virtual machine also having installed thereon a web server having a certain configuration, a database and certain other requirements defined for the application. All such installation and configuration such that the web based software application is executable in the virtualized computing environment is part of the deployment of the application.


A software application for deployment to the cloud computing environment 100 has associated an assembly definition suitable for use in deploying the software application with the virtualized computing environment. For example, the assembly definition can include a specification of an architecture of the software application and/or an architecture of software components required for the application. The assembly definition further includes specifiers or descriptors of application or other software or platform components that are required for the deployment of the application.


In the exemplary arrangement of FIG. 1, a cloud application is deployed in a virtual machine 114 by the provision of a software platform (PaaS), and software components (SaaS). The platform includes an operating system 124 hosted in the virtual machine along with middleware software 126 and database software 130. Application components 128 execute in conjunction with these platform components. Thus the software application can be considered a stack of software components executing within the virtual machine 114, as depicted in FIG. 1. Where multiple virtual machines 114, 116, 118, 120 are instantiated, multiple, potentially disparate, stacks of software components can be deployed as multiple applications, all executing in the cloud computing environment 100.


The cloud computing environment of FIG. 1 is network attached in that it is suitable for being in communication with other computer systems such as computer systems of entities, users or organizations using applications deployed in the cloud computing environment. The precise nature of the network is not relevant here, save to say that a wired, wireless, mobile or fixed network could be employed.



FIG. 2 is a flow diagram illustrating assembly and deployment of a software application 204 for a cloud computing environment 200. An application component registry 220 is provided, the registry 220 storing or being associated with a set of software components 222 suitable for selection as part of a software application 204 for deployment to the cloud environment 200. The registry 220 is a data store, memory, repository, knowledgebase or the like and has associated an interface for the selection of components 222 in the construction of an application 204. In one embodiment, the registry 220 is provided as a catalogue of components 222 from which the software application 204 can be assembled.


Components 222 can include any number of components for selection in the assembly of the application 204. Such components can range from infrastructure components (IaaS), platform components (PaaS), application software components (SaaS) and business process components (Business Process as a Service, BPaaS). For example, the registry 220 can offer components 222 including any number of operating systems such as multiple variants, versions or editions of Microsoft® Windows®, multiple Linux® distributions and potentially multiple kernel compilations or packages of each Linux® distribution. Further, the registry 220 can include: middleware software such as messaging middleware, transaction middleware, web services middleware, including potentially multiple offerings from differing vendors and supporting differing platforms, operating systems etc.; execution or runtime environments such as one or more java virtual machine environments of particular editions, versions and configurations, including potentially multiple offerings from differing vendors and supporting differing platforms, operating systems etc.; database software including database middleware, object oriented databases, relational databases, including potentially multiple offerings from differing vendors and supporting differing platforms, operating systems etc.; server software such as data servers, web servers, messaging servers and the like; business, commercial, application, web, internet and other software; and any other software components 222 that may conceivably be assembled into a cloud application 204 stack.


Application 204 is defined by an assembly definition 224 specifying a set 226 of the components 222 required for the assembly and deployment of the application 204. The assembly definition 224 is constructed, designed or specified via an interface of the registry 220. The interface can be a user interface for a human application designer or builder, or a programmatic, data or other interface for the interaction of an automated application design tool such as an automated application builder adapted to identify components 222 for assembly based on an application requirements specification or the like.


Each component 222 has associated descriptive information (not shown). Descriptive information includes one or more descriptions of the component 222 which may include, inter alia: a description of the function, purpose, compatibilities and characteristics of the component 222; a description of configurable aspects of the component 222; information regarding parameter of the component 222; details of compatible environments for the component 222; information regarding dependencies of the component 222 such as other components; and the like. The description can be human readable for presentation to an application designer or builder for the construction of an application for assembly and deployment to the cloud computing environment 200. Alternatively, the description can be a machine readable description for input to an application design tool such as an automated application builder adapted to identify components 222 for assembly based on an application requirements specification or the like. Such machine readable descriptions can be provided in, inter alia, meta-document form such as XML, a data structure or other bytecode or binary format.


Each component 222 further has associated deployment information specifying how the component 222 is to be deployed when assembled as part of a cloud application 204. In preferred embodiments the deployment information is associated with one or more software packages constituting or embodying the component 222. For example, where component 222 is the Microsoft® Windows® operating system, the deployment information is associated with one or more software packages constituting all software files required for the installation and execution of the Microsoft® Windows® operating system. One way such an association can be realized is to include a link or reference to packages constituting Microsoft® Windows® files residing in a store, such as a store accessible by, or stored within, the cloud environment 200. The deployment information further includes configuration information for assembling, installing and/or configuring the component 222. Such configuration information can include executable or parseable software modules such as scripts, batch files, shell scripts, perl scripts, launchers, installers, wizards and the like for the installation and configuration of the component 222. The deployment information can be dependent upon additional information provided by an application designer, builder, assembly tool or other entity responsible for causing, triggering or commencing the assembly of the application 204. For example, the deployment information can be responsive to parameters, configuration options or attributes provided by an application designer. The nature and type of such additional information as may be required and/or provided for the deployment information depends on the characteristics of the component 222. For example, an operating system component can be configured to define particular file systems, memory models, device drivers, storage arrangements, network facilities, user interfaces and the like. On the other hand, a middleware component can be configured to employ particular application runtime environments, messaging mechanisms for message oriented middleware, specify a transaction middleware configuration, application server usage and the like. The vast array of potential software components 222 in the application component registry 220 is such that the precise nature and configuration of each cannot be exhaustively defined and it will be apparent to those skilled in the art that any component suitable for deployment in a cloud computing environment 200 could be employed, and any and all applicable deployment configurations including parameters and options can be specified.


In use set 226 of components 222 are selected for deployment as part of an assembly definition 224. The assembly definition 224 is a representation of, specification of or reference to components 222 selected for deployment of an application including relevant configuration parameters, options and the like. The assembly definition 224 can be embodied as a set of one or more documents in a machine readable language such as markup language documents (e.g. XML), documents in defined or self-defining semantic document formats, defined data structures or binary format(s). An application assembler software component 214 accesses or receives the assembly definition 224 to deploy an application in the cloud computing environment 200 so that the application can execute in the cloud computing environment 200. The application assembler 214 and application component registry 220 are illustrated as separate software elements external to the cloud environment 200. In one embodiment the assembler 214 and registry 220 are provided by network attached computer systems communicatively connected to each other and the cloud environment 200, such as by way of a computer network. Alternatively, the assembler 214 and registry 220 are provided within the cloud computing environment 200, such as hosted at a computer system of the environment 200. Further, the assembler 214 and registry 220 can be provided as separate, separable or integrated elements. For example, the assembler 214 and registry 220 can be functions or facilities of a common software element.


The cloud computing environment 200 includes an infrastructure 202 such as a hardware and/or software infrastructure for supporting the deployment of cloud applications 204, 205. The infrastructure can be provided as a service such as is known as IaaS 206. Atop the infrastructure the cloud computing environment 200 can support one or more platforms (PaaS 208), software applications (SaaS 210) and business process software (BPaaS 212).


In use, the application assembler 214 executes, interprets, parses or otherwise processes deployment information, including any associated configuration information, for each component 222 in a set of components 226 of the assembly definition 224 to effect the deployment of the components 222 as an application 204 in the cloud environment 200. Parameters, options and the like specified as part of the configuration associated with the deployment information for components 222 in the set 226 are used by the application assembler 214 in the deployment of the application 204. In this way, the application 204 is deployed to the cloud computing environment 200.


In some embodiments an application for deployment may not be constructed entirely from components 222 existing in the registry 220. Certain modifications, bespoke tailoring, arrangements or supplements to one or more components 222 may be required for the deployment of an application. For example, additional modules, database drivers, runtime environment extensions, libraries, toolkits, business process software and the like may be required in addition to components 222 in the registry 220. Such requirements can be fulfilled by the provision of bespoke components and/or newly developed components, enhancements, supplements or modifications 228 (hereinafter referred to as bespoke components 228). Bespoke components 228 can be included in a deployed cloud application 204 as part of the process of assembly by the application assembler 214 and/or after assembly and during installation, execution, configuration or at runtime of the deployed cloud application 204. Notably, the provision, availability, servicing and support of any such bespoke components 228 may depend on the availability of appropriate services, resources, facilities and the like in the cloud computing environment 200. Thus, the services provided by a cloud computing service provider can limit the ability of an application designer to specify an assembly definition 224 and provide required or desired bespoke components 228.



FIG. 3 is a block diagram of a computer system suitable for the operation of embodiments of the present disclosure. A central processor unit (CPU) 102 is communicatively connected to a storage 104 and an input/output (I/O) interface 106 via a data bus 108. The storage 104 can be any read/write storage device such as a random access memory (RAM) or a non-volatile storage device. An example of a non-volatile storage device includes a disk or tape storage device. The I/O interface 106 is an interface to devices for the input or output of data, or for both input and output of data. Examples of I/O devices connectable to I/O interface 106 include a keyboard, a mouse, a display (such as a monitor) and a network connection.



FIG. 4 is a flow diagram illustrating assembly and deployment of a software application 404 with a software feature partly provided by a network attached computing service 430 external to the cloud computing environment 400 in accordance with embodiments of the present disclosure. Many of the elements of FIG. 4 are the same as those described above with respect to FIG. 2 and these will not be repeated here. The arrangement of FIG. 4 further includes a network connected environment 430 that is external to the cloud computing environment 200. The external environment 430 is provided by a network attached computing service external to the cloud computing environment 200 such that the external environment 430 and the cloud computing environments 200 are provided as separate network connected computing environments that may interoperate, collaborate or communicate only via one or more networks existing therebetween. The external environment 430 includes one or more features 434 as a software feature, function or service for inclusion with a cloud application 404 deployed in the cloud computing environment 400. The feature 434 is a supplementary feature for one or more components 422 in the application component registry 420. The feature 434 is not a component 422 in its own right: rather the feature is a service or function that is applicable to at least two different components 422 and that can be outsourced, delegated or contracted to the external service provider providing the external environment 430. Specifically, the applicability of the feature 434 to multiple components can span different varieties, configurations, versions or vendors of a type of component (such as different components of the type “operating system” etc.) and/or multiple disparate types of component (such as types including: databases, file systems, middleware etc.) Features can include: security features such as encryption, decryption, key management, intrusion detection, virus detection, firewalls, proxies and the like; authentication features; access control features; features providing or supporting particular protocols, file formats, network communication formats or conversion between formats or protocols and the like; features providing data governance technology or services; language features such as internationalization features; patch management processes; financial handling features such as financial transaction and electronic commerce features; diagnostic features; features required to comply with legal or regulatory requirements; reliability, availability and serviceability features; features providing services in a particular geographic location where required, such as for security, regulatory or legal requirements; and other features conceivably applicable to and/or deployable for components 422 as will be apparent to those skilled in the art.


The arrangement of FIG. 4 further includes a registry augmenter 436 as a software, hardware or firmware tool for augmenting the application component registry 420 such that the registry 420 identifies the availability of feature 434 with compatible components 422. The identification of compatible components and the inclusion of the feature 434 therewith in both the registry 420 and subsequently on assembly and deployment of the application 404 is described below.


Turning now to FIG. 5 there is provided a schematic representation of relationships between the feature 434 and an exemplary application 554 deployed in a network connected cloud computing environment 500 in accordance with embodiments of the present disclosure. The application 554 includes a stack of components C502 to C516 assembled from a registry 572 and deployed to the cloud environment 500 based on an assembly definition 558. The registry 572 of components 560 has been augmented to include the feature 434 in compatible components. Methods for the augmentation are described in detail below. Compatible components are components in the registry 572 for which the feature 434 has associated feature implementation information comprising a software agent A502, A518, A529, A512 associated with a compatible component, such as by reference to the component. Software agents A502, A518, A520, A512 each has associated a reference C502, C518, C520, C512 to a component that may exist in the registry 572. Notably, the feature 434 may include software agents associated with components not existing in the registry 572. Further, components 560 may exist in the registry 572 for which there is no associated agent in the feature 434. Yet further, each agent may be associated with more than one component reference, such as where an agent is applicable to multiple components, such as multiple versions of a component (e.g. multiple versions of Microsoft® Windows® may be associated with a single agent). The software agents A502, A518, A520, A512 are software functions, routines, procedures, subroutines, libraries, stubs, hooks, skeletons, proxies, gateways, routers, classes, objects, scripts or the like suitable for installation with a deployed cloud application in the cloud computing environment 500. Specifically, each of the software agents A502, A518, A520, A512 is suitable for deployment with, in association with, as part of, or supplementing a corresponding component according to the associated component reference C502, C518, C520, C512 for the agent. The registry 572 is augmented by the registry augmenter 436 to provide the feature 434 by way of the agents A502, A518, A520, A512 in conjunction with the compatible components 560 in the registry 572. The registry 572 can be augmented by inclusion of a feature description in association with a compatible component and, additionally, deployment information for a compatible component can be augmented, modified or supplemented to include deployment information for an agent associated with a compatible component, such deployment information for an agent being provided by the feature 434. To this end, the component reference associated with each software agent includes component configuration information 566 associated with the component reference for agent A502. The component configuration information 566 defines how a component in the registry 572 should be configured for compatibility with an agent to provide the feature 434. Further, the component configuration information 566 defines how deployment information 562 for a component in the registry 572 should be configured, modified or supplemented to achieve the deployment of an agent to provide the feature 434 as part of the deployment of the component. The component configuration information 566 further includes software agent information identifying information about the associated software agent A502 in order that agent information is included in an assembly definition 558 for application assembler 556 to obtain, install and configure the agent A502 when assembling and deploying an application 554.


Further, the component configuration information defines any pre-requisites or dependencies of an agent for the feature 434 that require inclusion in application assembly definition 558 in order that the feature can be applied. For example, other features, other components, other configurations and the like can be specified as dependencies or pre-requisites. Such dependencies or pre-requisites can be defined in a configuration for an agent 564 or a configuration 566 for a component associated with an agent.


Specifically, the component configuration information defines, specifies, indicates or refers to a location of one or more software packages constituting a functional implementation of an agent A502, A518, A520, A512 which, in a preferred embodiment, will reside in a repository of the external environment 430. In an alternative embodiment, the software packages for agents A502, A518, A520, A512 can be located elsewhere than the external environment 430.


For example, a component C502 in the registry 572 for deployment as part of the application 554 has associated deployment information. The component C502 in the registry 572 is determined to be compatible with the feature 434 based on the availability of an agent A502 in association with a reference to the component C502 (‘C502 ref’). In response to this determination, the component C502 in the registry 572 is augmented to indicate the availability of the feature 434 such that an application builder or designer seeking to construct an application assembly is able to select the feature 434 as part of the component C502. To provide for deployment of the feature 434 with component C502, the component C502 is further augmented in the registry 572 such that the deployment information 562 for the component C502 is supplemented by deployment information for the agent A502 from the feature component configuration 566. Further, any specific configuration or configuration changes required for the component C502 to support, provide or interact with the agent A502 are also reflected in the registry 572 based on the configuration 566. Accordingly, an application builder or designer generates an assembly definition 558 for the application 554 including all required components C502 to C516 for the application and selecting the feature 434 for component C502. Subsequently, the application assembler 556 assembles the application 554 for deployment to the cloud environment 500. The application assembler 556 parses, interprets or otherwise processes the assembly definition 558 with reference to the deployment information 562 for all components therein, including deployment information 562 and configuration information that is augmented in the registry 572 for the feature 434. The application assembler 556 assembles the application 554 based upon the assembly definition 558 and with reference to the registry 572 and the deployment information and configuration information for components 560 indicated in the assembly definition 558. For the implementation of the feature 434 for component C502 the application assembler 556 obtains a software package for agent A502 for inclusion with the assembled application from a location indicated in the augmented deployment information for the component C502. The application assembler 556 also optionally accesses an agent configuration 564 which indicates how the agent A502 is to be configured for implementation in application 554. Such configuration information can be component specific (e.g. where the agent A502 supports multiple components) and/or can indicate parameters, options, configuration elements and the like for definition by an application builder as part of the assembly definition 558. Where such parameters etc. require specifying in the assembly definition 558 the agent configuration 564 will be reflected by corresponding indications in the component configuration 566 for augmentation of a component entry 560 in the registry 572. Thus the application 554 is deployed including the components C502 to C516 with component C502 having integrated, linked, associated or supplemented by a software package for agent A502 for providing the feature 434 for the component C502.



FIG. 5 further illustrates a second application of feature 434 to component C512 also included in the assembly for application 554 and deployed to the cloud environment 500. Component C512 is compatible with feature 434 by way of agent A512 having an associated component reference for C512. The component reference ‘C512 ref’, with associated configuration 568, is used to augment the registry 572 and the agent A512, with associated configuration 570, is used by the application assembler 556 to assemble application 554 with feature 434 provided for component A512 by way of inclusion of a software package for agent A512 in the assembled application 554.


By way of further example, FIG. 6 is a schematic representation of relationships between a feature 634 and an exemplary application 604 deployed in a network connected cloud computing environment 600 in accordance with embodiments of the present disclosure. The feature 634 provides encryption as a service known as “BestCrypt” providing support for four disparate components: the NTFS file system for file system encryption provided partly by agent A602; MBroker for message brokered middleware encryption provided partly by agent A604; ext2 for file system encryption provided partly by A606; and MySQL for database encryption provided partly by agent A608. The application component registry 672 is augmented to offer the BestCrypt feature 634 for compatible components NTFS, MBroker, ext2 and MySQL. An application assembly definition 658 defines an application as comprising: a Microsoft® Windows® operating system having an NTFS filing system with the BestCrypt encryption feature enabled; a middleware component including a Java® Virtual Machine (JVM) runtime environment; a MySQL database installation having a scheme ‘Schema_A’ and having BestCrypt encryption feature enabled; a web server; and a Java application including a native library accessed via a Java® native interface (JNI). The assembly includes all installation and deployment information including configuration information for the components and the agents of feature 634. For example, the installation of Microsoft® Windows® may include the installation of a software package for the A602 agent as a file system driver or intermediary to implement the encryption functionality of the BestCrypt feature 634 as part of the file system and operating system. Similarly, the MySQL installation may include the installation of a plugin library, hook, stub or skeleton software as a software package for the A608 agent to implement the encryption functionality of the BestCrypt feature 634 as part of the MySQL database runtime to encrypt data stored in databases managed by MySQL.


The application assembler 656 processes the assembly definition 568 with reference to the feature 634 stored in the external environment 430 and the registry 672 (and any other software package repositories as indicated in deployment information and configuration information for installed components and features) in order to assemble the application 654. The assembly can include: configuring the cloud environment 500 to provide a required infrastructure according to the assembly 658; accessing software packages; installing software packages; configuring software packages; installing agents for features; configuring agents for features; and other steps as may be required in order to assemble the software application for execution in the cloud environment 600. On deployment the application 654 includes the components specified in the assembly definition 658 with agents installed and configured to provide the BestCrypt feature for the NTFS file system and the MySQL database. The configuration, management and operation of these agents A502, A512 in use to provide the BestCrypt feature is described below.


In this way a feature 634 of an external environment 430 is selectable for a component and for inclusion in an application assembly definition 658 by way of an augmented registry 672 irrespective of whether the feature 634 is provided by the cloud service provider for the component. Further, the feature 634 can be provided for multiple, potentially disparate components, from the same external environment 430 by the same service provider by way of the component-specific agents providing part of the feature within the application 604 itself Accordingly there is a centralization of the feature at the external environment 430 by a service provider and the feature can be configured and managed centrally for all components for which the feature is installed. The central configuration and management provides for assured commonality of configuration and management for a feature spanning multiple components in a cloud application deployment. Equally, where required, separation of the configuration and management for different components can be achieved, with configuration and management taking place through a single external environment (e.g. a single management interface). Conceivably, the feature can be extended to apply to multiple applications installed in common or disparate cloud environments, providing centralization of functioning, configuration and management of the feature for potentially multiple components in potentially multiple applications across potentially multiple cloud environments.


In use, the feature 634 is provided in part by the application 654 deployed to the cloud environment 600, and in part by functionality provided by the external environment 430. That part of the feature 634 that is provided by the application 654 is provided by one or more software agents A602, A608 integrated with the application 654 as part of the assembly and deployment of the application 654. When used herein, the provision of “part” of a feature by an element, such as an application (by way of one or more agents) and/or by an external environment, shall be interpreted to mean that the feature is at least partly implemented, executed, instantiated, realized, accessed or obtained at that element, which can include part of the substantive function of the feature (e.g. computer program code implementing part of the feature itself) or alternatively an entrypoint, hook, proxy, stub or skeleton for the feature so as to provide access to the feature provided substantially elsewhere (another ‘part’ of the feature). That is to say that a software package for a software agent can be a mere stub or interface for a feature, thus a part of the feature, while the substantive function or content of the feature is provided elsewhere such as within the external environment 430. In embodiments, a combination of a part of a feature implemented at the external environment 430 and a part of the feature implemented by a software agent in a cloud application constitutes implementation of substantially the whole feature. Thus, in one embodiment, a part of a feature implemented at or by a software agent for inclusion within, integration by, assembly within or linking to an application is an “application part”, “application portion” or application-side part of the feature, which can include a portion of the implementation of the feature such as a software implementing an application portion of the function of the feature. Similarly, a part of a feature implemented as or by a network attached computing environment external to a cloud computing environment in which the application executes can be considered to be an external part, service-provider part, externally implemented part, remotely implemented part, remote portion, service-provider portion, another portion which can include a portion of the implementation of the feature such as software implementing an application portion of the function of the feature. In one embodiment, the application part of a feature is an interface, proxy or link to an implementation of the substantive functions of the feature, the substantive functions being implemented in the external environment (e.g. as an ‘external part’). In such an embodiment the feature can be comprised of an interface part (or proxy part, reference part) at the application (e.g. an agent) and a substantive part at the external environment.



FIG. 7 is a schematic illustration of the feature of FIG. 5 applied to multiple applications 704a, 704b, 704c deployed to multiple network attached cloud computing environments 700a, 700b in accordance with embodiments of the present disclosure. It can be seen in FIG. 7 that the feature 434 is applied by way of the multiple software agents A502, A518, A520, A512 across disparate applications and cloud environments while being centrally managed as a managed service at the external environment 430. The cloud environments 700a, 700b could conceivably reside in different computer systems provided by different cloud service providers, either as public cloud services or private cloud services.



FIG. 8 is an exemplary data schema 800 defining entity relationships for the feature 434 in accordance with one embodiment of the present disclosure. The data entities in the entity relationship diagram can be used by the registry augmenter 436 to augment an application component registry 420 to include features for compatible components, and by the application assembler 414 to access agent configuration information and to satisfy dependencies.


A feature 880 is associated with one or more agents 882 that are embodied as software packages for providing part of the feature functionality within a deployed application in a cloud computing environment. An agent is associated with one or more application components 888, each application component being associated with a component configuration 886 as hereinbefore described. An agent 882 is further associated with an agent configuration 884 as hereinbefore described. Thus the registry augmenter 436 uses the application component 888 associations for agents 882 of a feature 880 to identify potentially compatible application components within an application component registry 420 for augmentation of the registry 420 to offer the feature 880 in conjunction with compatible components.


An agent 882 has zero or more dependencies, each dependency defining a requirement, pre-requisite or other condition that must be satisfied before the agent 882 can be applied for a component in an application assembly. A dependency 890 is associated with zero or more agents 882 (whether associated with the same feature 880 or not), application components 888 (whether associated with the same feature 880 or not) and/or other features 880 such that the associated agents 882, components 888 and/or features 880 are required in order for the dependency to be satisfied. Thus, the registry augmenter 436 uses the dependencies 890 for an agent 882 for a feature 880 to associate features, components and/or agents in the application component registry 420 to ensure dependencies are satisfied during feature selection (or, alternatively, to indicate such dependencies during feature selection to inform an application designer or builder). Additionally or alternatively, the application assembler 414 uses the dependencies 890 for an agent 882 for a feature 880 to select, assemble and deploy pre-requisite features, components and/or agents as part of the application assembly and deployment process to ensure dependencies are satisfied by an application on installation and/or at runtime.



FIG. 9 is a flowchart of a method of the registry augmenter 436 of FIG. 4 in accordance with embodiments of the present disclosure. The augmenter 436 processes the application component registry 420 for a feature 434 to augment the registry 420 to indicate availability of the feature 434 and to provide configuration and deployment information for the feature 434 for compatible components. Initially, at 902, the augmenter 436 commences iteration for each component in the application component registry 420. At 904 the method determines if a current component is compatible with the feature 434. In one embodiment compatibility with the feature 434 is determined with reference to agents 882 associated with the feature 434 and components 888 associated with the agents 882 such that a current component that has associated an agent 882 for the feature 434 is compatible with the feature 434. Alternative approaches to identifying compatibility can be employed as will be apparent to those skilled in the art including, inter alia: the maintenance of a register, record or table of compatibilities; references to a service maintaining compatibility information; and the like.


If the method determines that the current component is compatible with the feature 434 at 904 the method proceeds to 906 where the registry 420 is augmented to indicate availability of the feature 434 for the current component. In one embodiment augmentation of the registry 420 includes augmenting, modifying, supplementing or otherwise adapting deployment information for the current component in the registry 420 based on agent configuration information 884 for an agent 882 associated with the current component in the definition of the feature 434. Further, in one embodiment, augmentation of the registry 420 includes augmenting, modifying, supplementing or otherwise adapting the registry 420 to include, indicate or define pre-requisite components 888, features 880 or agents 882 based on agent dependency information 890 for an agent 882 associated with the current component in the definition of the feature 434.


Subsequently, at 908, the method determines if further components are to be processed in the registry 420 and iterates accordingly.



FIG. 10 is a flowchart of a method of the application assembler 424 of FIG. 4 in accordance with embodiments of the present disclosure. The application assembler 424 is a software, hardware or firmware component operable to assemble a cloud application 404 in accordance with an assembly definition 424 as a definition of the application identifying a set 426 of software components and including configuration information for installing and executing the components in a cloud computing environment 400. Components in the set 426 are selected from the registry 420 augmented by the registry augmenter 436. Components in the set 426 can have associated software agent information for a software agent to implement a feature 434, the software agent information informing how the application assembler 414 is to obtain, install and configure a software agent to provide part of the software feature for the application.


Initially, at 1002, the method receives an assembly definition 424 identifying a set 426 of components and configuration information for installing and executing the components in a cloud environment 400. At 1004 the method commences iteration through the components in the assembly definition 424. At 1006 a current software component is installed and configured based on the assembly definition. The installation will include reference to the registry 420 or a store of component information external to the registry 420 including deployment information for the current component. At 1014 the method determines if the assembly definition 424 for the current component includes agent information for a software feature 434 provided by an external environment. Where agent information is provided for the current component, the method obtains the software agent at 1008, installs the software agent at 1010 and configures the software agent at 1012. The installation and configuration of the software agent at 1010 and 1012 can be undertaken simultaneously or in a different order to that illustrated, and agent configuration can also be obtained in whole or in part from the external environment. Notably, the location of the agent for obtaining the agent at 1008 can be indicated in the assembly definition 424. Subsequently, at 1016, the method iterates for the next component in the assembly definition 424.


It will be apparent to those skilled in the art that the 1006 and 1014 may be undertaken in a different order to those illustrated. Further, in some embodiments the application assembler 414 can undertake additional steps. For example, the application assembler 414 can undertake dependency checking for a software agent with reference to a definition of agency dependencies 890, and may undertake 1008 to 1012 for pre-requisite agents. Further, the method can include the installation of pre-requisite features (by way of the installation of associated agents) and/or the installation of pre-requisite components (which may themselves include agent information).



FIG. 11 is a schematic illustration of cloud applications 1104, 1105 in execution having a feature provided by an external environment 430 in accordance with embodiments of the present disclosure. On deployment of a cloud application including a feature provided by a managed service provider at an external environment 430, one or more software agents of the feature deployed as part of the cloud application serve to provide part of the feature, with another part of the feature being provided by the external environment 430. Furthermore, configuration and management of the feature for a particular application, or a particular component of an application, or a suite of applications, is centralized at the external environment 430. In use, a deployed and executing cloud application 1104 includes, as part of, in association with, or accessibly by a component of the application 1104, a software agent 1118 providing part of the feature of the external environment 430. Another part of the feature is provided by a feature provision function 1106 of the external environment 430 as a software, hardware, firmware or combination component of the external environment adapted to provide part of the feature. For example, where the feature relates to encryption services, the agent 1118 may provide a part of the feature of encryption and decryption functions including cryptographic algorithms within the application 1104 whereas the feature provision component 1106 may provide key storage, key management, access control lists, authorization and authentication services for the encryption feature. The external environment 430 provides part of the feature by way of the feature provision component 1106 for potentially multiple components within an application, for potentially multiple applications and for potentially multiple cloud environments. In one embodiment the feature provision component 1106 is a multi-threaded component including multiple threads T1 to Tn each being dedicated to a particular component, application or cloud environment. Alternatively, multi-process, multi-processor, multi-task or other environments providing multiple discrete processing facilities or streams could be employed. The arrangement of particular facilities (such as threads) of the feature provision component 1106 can be configurable such that an application requiring commonality in provision of a feature across all components implementing the feature in the application may enjoy centralization of the feature provision 1106 in a single, or small set of, threads. Alternatively, an application requiring multiple instances of a feature being separately implemented may enjoy separation of the feature provision 1106 into multiple discrete and separate threads. Each thread of the feature provision component 1106 includes application specific data 1114 for maintaining state and/or record information in respect of the provision of the feature. Alternatively, such storage can be provided on a component-specific or cloud environment-specific basis, or a configurable mixture.


Further, the external environment 430 provides a feature management component 1108 for the management and configuration of a feature deployed in an application 1104. The feature management component 1108 provides component, application or cloud environment specific feature management facilities such as feature configuration, servicing, support, maintenance, update, logging, subscription, access control and other management functions and services as may be required. The operation of the feature management component 1108 can be multi-threaded as described above with respect to the feature provision component 1106, including further application, component or cloud environment specific data 1116.


As illustrated in FIG. 11, further applications (whether in the same cloud environment, as illustrated, or a different cloud environment) are able to implement a feature from a common external environment 430 with separation in the feature provision 1106 and management 1108 facilities. The separation of the functionality of the common feature provision 1106 and feature management 1108 facilities can be provided securely so as to ensure security of the feature functionality at the shared external environment 430. In one embodiment the external environment 430 is a virtualized environment such as a cloud computing environment in which feature provision 1106 and feature management 1108 are provided in secure and different virtual machines for different or unrelated applications such that security between the provision of features for different or unrelated applications can be assured via the virtualization mechanism. Thus, in this way, the feature provided by the external environment 430 is a managed cloud service in itself.


Insofar as embodiments of the disclosure described are implementable, at least in part, using a software-controlled programmable processing device, such as a microprocessor, digital signal processor or other processing device, data processing apparatus or system, it will be appreciated that a computer program for configuring a programmable device, apparatus or system to implement the foregoing described methods is envisaged as an aspect of the present disclosure. The computer program may be embodied as source code or undergo compilation for implementation on a processing device, apparatus or system or may be embodied as object code, for example.


Suitably, the computer program is stored on a carrier medium in machine or device readable form, for example in solid-state memory, magnetic memory such as disk or tape, optically or magneto-optically readable memory such as compact disk or digital versatile disk etc., and the processing device utilizes the program or a part thereof to configure it for operation. The computer program may be supplied from a remote source embodied in a communications medium such as an electronic signal, radio frequency carrier wave or optical carrier wave. Such carrier media are also envisaged as aspects of the present disclosure.


It will be understood by those skilled in the art that, although the present invention has been described in relation to the above described example embodiments, the invention is not limited thereto and that there are many possible variations and modifications which fall within the scope of the invention.


The scope of the present invention includes any novel features or combination of features disclosed herein. The applicant hereby gives notice that new claims may be formulated to such features or combination of features during prosecution of this application or of any such further applications derived therefrom. In particular, with reference to the appended claims, features from dependent claims may be combined with those of the independent claims and features from respective independent claims may be combined in any appropriate manner and not merely in the specific combinations enumerated in the claims.

Claims
  • 1. A computer implemented method to execute a software application in a first network attached computing environment comprising: receiving a definition of the application, the definition identifying a set of software components and including configuration information for installing and executing the components in the first environment; andinstalling and configuring the components in the first environment in accordance with the definition,wherein the definition further includes, for an identified component in the set, software agent information about a software agent that implements part of a software feature, the agent being provided by a second network attached computing environment external to and communicatively connected with the first environment, the second environment providing another part of the software feature, the method further comprising obtaining, installing and configuring the agent based on the agent information to provide part of the software feature for the application.
  • 2. The method of claim 1 wherein the identified component in the set is a first component and the definition includes, for a second component in the set, second software agent information about a second software agent that implements part of the software feature for the second component, the software feature being common to both the first and second software components.
  • 3. The method of claim 2 wherein the second environment provides another part of the software feature for both the first and second components.
  • 4. The method of claim 1 wherein the first environment is a virtualized computing environment providing a virtual machine for the execution of the application.
  • 5. The method of claim 4 wherein the virtual machine is a first virtual machine and the application is a first application, wherein the first environment further provides a second virtual machine for execution of a second application, the second application including a software agent implementing part of the software feature, wherein the second environment provides another part of the software feature for the software agents of both the first and second applications.
  • 6. The method of claim 1 wherein the software agent is at least one of a software interface, a software stub or a software skeleton providing access to the part of the software feature provided by the second environment.
  • 7. The method of claim 1 wherein the second environment is a virtualized computing environment providing a virtual machine for execution of the part of the software feature provided by the second environment.
  • 8. The method of claim 2 wherein the second environment is a virtualized computing environment providing a first virtual machine for execution of the part of the software feature provided by the second environment for the first component and a second virtual machine for execution of the part of the software feature provided by the second environment for the second component.
  • 9. The method of claim 5 wherein the second environment is a virtualized computing environment providing a first virtual machine of the second environment for execution of the part of the software feature provided by the second environment for the first application and a second virtual machine of the second environment for execution of the part of the software feature provided by the second environment for the second application.
  • 10. The method of claim 1 wherein the software feature is one of: cryptography; anti-malware; virus detection; virus remediation; firewall; network intrusion detection; or integrity monitoring.
  • 11. A computer system adapted to execute a software application in a first network attached computing environment comprising: a processor configured to:receive a definition of the application, the definition identifying a set of software components and including configuration information for installing and executing the components in the first environment; andinstall and configuring the components in the first environment in accordance with the definition,wherein the definition further includes, for an identified component in the set, software agent information about a software agent that implements part of a software feature, the agent being provided by a second network attached computing environment external to and communicatively connected with the first environment, the second environment providing another part of the software feature, the processor being further configured to obtain, install and configure the agent based on the agent information to provide part of the software feature for the application.
  • 12. A non-transitory computer-readable storage medium storing a computer program or suite of computer programs which upon execution by a computer system performs the method of claim 1.
Priority Claims (1)
Number Date Country Kind
14275181.7 Sep 2014 EP regional
CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a National Phase entry of PCT Application No. PCT/EP2015/069670, filed on 27 Aug. 2015, which claims priority to EP Patent Application No. 14275181.7, filed on 3 Sep. 2014, which are hereby fully incorporated herein by reference.

PCT Information
Filing Document Filing Date Country Kind
PCT/EP2015/069670 8/27/2015 WO 00