US20120221690A1 - Data Processing Environment Monitoring - Google Patents
Data Processing Environment Monitoring Download PDFInfo
- Publication number
- US20120221690A1 US20120221690A1 US13/400,505 US201213400505A US2012221690A1 US 20120221690 A1 US20120221690 A1 US 20120221690A1 US 201213400505 A US201213400505 A US 201213400505A US 2012221690 A1 US2012221690 A1 US 2012221690A1
- Authority
- US
- United States
- Prior art keywords
- data processing
- service
- cloud
- processing resources
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/3006—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3495—Performance evaluation by tracing or monitoring for systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/86—Event-based monitoring
Abstract
A method, apparatus, and computer program product for monitoring operation of data processing resources in a data processing environment. A request to monitor a service instance may be received by a processor unit, wherein the service instance comprises a data processing resource provided as a service by a provider of the data processing resources. Responsive to receiving the request to monitor the service instance, the processor unit establishes communications to receive monitored data from the service instance. The processor unit receives the monitored data from the service instance and provides the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of the data processing resources.
Description
- This application claims the benefit of U.S. Provisional Application No. 61/446,885, filed Feb. 25, 2011, which is incorporated herein by reference.
- 1. Field
- The disclosure relates generally to data processing systems and methods and, more specifically, to systems and methods for using data processing resources provided as a service, known as cloud computing, and to systems and methods for monitoring such data processing resources.
- 2. Description of the Related Art
- Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service. For example, cloud computing allows a consumer to obtain data processing resources, such as networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services as a service on a temporary basis when needed. Several vendors are currently offering various cloud services. For example, such services include infrastructure as a service, platform as a service, storage as a service, software as a service, and business process as a service cloud services. These services use vendor-specific service requests, access, and consumption models.
- A consumer of cloud computing services may have its own data processing system resources. For example, the consumer may be a business or other entity. The consumer may have invested in its own data processing system resources. These resources may include a computer network. The consumer's computer network provides a limited amount of processing capability and data storage resources. The consumer's computer network also provides specific data processing applications. The consumer's computer network may be located on-premise and may be operated as a private cloud.
- At certain times, the consumer may require data processing resources beyond those available in its computer network. For example, at certain times, the demand for data processing resources may outstrip the capability of the consumer's computer network. At these times, the response time of the consumer's computer network for some applications may increase to unacceptable levels. At other times, the consumer may require data processing applications that are not available on the consumer's own computer network. For example, the consumer may require, at times, the use of data processing applications that are not part of the consumer's core competency.
- At those times when the consumer requires data processing resources beyond its own, the consumer may purchase such resources as a service on a temporary basis from a provider of cloud computing services. For example, the consumer may obtain additional processing or storage resources or specific application functionality as a service on a temporary basis from the cloud computing provider's data processing resources. Different types of service offerings may provide parts of the solution used in processing the consumer's workload. The provider's available data processing resources is known as a public cloud.
- The consumer typically continues to operate its own computer network while some data processing resources are being obtained from a public cloud. Thus, data processing resources from the public cloud typically are obtained in order to supplement the data processing resources of the consumer's own private cloud at certain times of need. The simultaneous and coordinated operation of data processing resources from multiple clouds may be referred to as hybrid cloud computing. For example, operation of the consumer's private cloud along with resources obtained from one or more public clouds is a specific example of hybrid cloud computing.
- According to one illustrative embodiment, a method for monitoring operation of data processing resources in a data processing environment is provided. A request to monitor a service instance is received by a processor unit, wherein the service instance comprises a data processing resource provided as a service by a provider of the data processing resources. Responsive to receiving the request to monitor the service instance, the processor unit establishes communications to receive monitored data from the service instance. The processor unit receives the monitored data from the service instance and provides the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of the data processing resources.
- According to another illustrative embodiment, an apparatus comprising a processor unit is provided. The processor unit is configured to receive a request to monitor a service instance, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources. The processor unit is configured to establish communications to receive monitored data from the service instance, responsive to receiving the request to monitor the service instance. The processor unit is configured to receive the monitored data from the service instance and provide the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of data processing resources.
- According to another illustrative embodiment, a computer program product for monitoring operation of data processing resources in a data processing environment is provided. First, second, third, and fourth program instructions are stored on a computer readable storage medium. The first program instructions are to receive a request to monitor a service instance, wherein the service instance comprises a data processing resource provided as a service by a provider of the data processing resources. The second program instructions are to establish communications to receive monitored data from the service instance responsive to receiving the request to monitor the service instance. The third program instructions are to receive the monitored data from the service instance. The fourth program instructions are to provide the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of the data processing resources.
- Further objects, features, and benefits will be apparent from the following detailed description, and taking into consideration the attached drawing figures.
-
FIG. 1 is a schematic of an example of a cloud computing node in accordance with an illustrative embodiment; -
FIG. 2 is an illustration of a cloud computing environment in accordance with an illustrative embodiment; -
FIG. 3 is a set of functional abstraction layers in accordance with an illustrative embodiment; -
FIG. 4 is a block diagram of a data processing environment employing hybrid cloud integration in accordance with an illustrative embodiment; -
FIG. 5 is a block diagram of a data processing environment for monitoring data processing resources in accordance with an illustrative embodiment; -
FIG. 6 is a block diagram of a data processing environment employing virtual private security zones in accordance with an illustrative embodiment; -
FIG. 7 is a block diagram of a data processing environment employing virtual private security zones for monitoring data processing resources in accordance with an illustrative embodiment; -
FIG. 8 is a block diagram of a data processing environment employing virtual private security zones for a web server application in accordance with an illustrative embodiment; -
FIG. 9 is a block diagram of a data processing environment employing virtual private security zones for a web server application with proxy in accordance with an illustrative embodiment; -
FIG. 10 is a block diagram of a data processing system in accordance with an illustrative embodiment; -
FIG. 11 is a block diagram of a hybrid cloud integrator in accordance with an illustrative embodiment; -
FIG. 12 is a block diagram of a cloud service broker plug-in in accordance with an illustrative embodiment; -
FIG. 13 is a flowchart of a process for configuring a hybrid cloud service plug-in using a hybrid cloud service plug-in interface in accordance with an illustrative embodiment; -
FIG. 14 is a flowchart of a process for deploying an infrastructure as a cloud service broker plug-in in accordance with an illustrative embodiment; -
FIG. 15 is a flowchart of a process for hybrid cloud monitoring in accordance with an illustrative embodiment; -
FIG. 16 is a flowchart of a process for automated provisioning and configuration of a provider side monitoring gateway in accordance with an illustrative embodiment; -
FIG. 17 is a flowchart of a process for instantiation and configuration of a provider side monitoring gateway using a cloud service broker in accordance with an illustrative embodiment; -
FIG. 18 is a flowchart of a process for securing a provider side monitoring gateway via a cloud security service in accordance with an illustrative embodiment; and -
FIG. 19 is a flowchart of a process for accelerated setup of a provider side monitoring gateway in accordance with an illustrative embodiment. - It is understood in advance that although this disclosure includes a detailed description on cloud computing, implementation of the teachings recited herein are not limited to a cloud computing environment. Rather, the illustrative embodiments are capable of being implemented in conjunction with any other type of computing environment now known or later developed.
- For convenience, the detailed description includes the following definitions which have been derived from the “Draft NIST Working Definition of Cloud Computing” by Peter Mell and Tim Grance, dated Oct. 7, 2009.
- Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service. This cloud model may include at least five characteristics, at least three service models, and at least four deployment models.
- Characteristics are as follows:
- On-demand self-service: a cloud consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with the service's provider.
- Broad network access: capabilities are available over a network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
- Resource pooling: the provider's computing resources are pooled to serve multiple consumers using a multi-tenant model with different physical and virtual resources dynamically assigned and reassigned according to demand. There is a sense of location independence in that the consumer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center).
- Rapid elasticity: capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out, and rapidly released, to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
- Measured service: cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
- Service Models are as follows:
- Software as a Service (SaaS): the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based e-mail). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities with the possible exception of limited user-specific application configuration settings.
- Platform as a Service (PaaS): the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or consumer-acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage but has control over the deployed applications and possibly application hosting environment configurations.
- Infrastructure as a Service (IaaS): the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
- Deployment Models are as follows:
- Private cloud: the cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premises or off-premises.
- Community cloud: the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on-premises or off-premises.
- Public cloud: the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
- Hybrid cloud: the cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds) and service interoperability.
- A cloud computing environment is service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability. At the heart of cloud computing is an infrastructure comprising a network of interconnected nodes.
- Referring now to
FIG. 1 , a schematic of an example of a cloud computing node is depicted in accordance with an illustrative embodiment.Cloud computing node 110 is only one example of a suitable cloud computing node and is not intended to suggest any limitation as to the scope of use or functionality of the illustrative embodiments described herein. Regardless,cloud computing node 110 is capable of being implemented and/or performing any of the functionality set forth hereinabove. -
Cloud computing node 110 comprises computer system/server 112, which is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with computer system/server 112 include, but are not limited to, personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputer systems, mainframe computer systems, and distributed cloud computing environments that include any of the above systems or devices and the like. - Computer system/
server 112 may be described in the general context of computer system executable instructions, such as program modules being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, and so on that perform particular tasks or implement particular abstract data types. Computer system/server 112 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices. - As shown in
FIG. 1 , computer system/server 112 incloud computing node 110 is shown in the form of a general purpose computing device. The components of computer system/server 112 may include, but are not limited to, one or more processors orprocessor unit 116,system memory 128, andbus 118 that couples various system components includingsystem memory 128 toprocessor unit 116. -
Processor unit 116 executes instructions for software that may be loaded intosystem memory 128.Processor unit 116 may be a number of processors, a multi-processor core, or some other type of processor, depending on the particular implementation. A number, as used herein with reference to an item, means one or more items. Further,processor unit 116 may be implemented using a number of heterogeneous processor systems in which a main processor is present with secondary processors on a single chip. As another illustrative example,processor unit 116 may be a symmetric multi-processor system containing multiple processors of the same type. -
Bus 118 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnects (PCI) bus. - Computer system/
server 112 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server 112 and it includes both volatile media, non-volatile media, removable media, and non-removable media. -
System memory 128 can include computer system readable media in the form of volatile memory, such as random access memory (RAM) 130 and/orcache memory 132. Computer system/server 112 may further include other removable/non-removable and volatile/non-volatile computer system storage media. By way of example only,storage system 134 can be provided for reading from and writing to a non-removable, non-volatile magnetic media (not shown and typically called a “hard drive”). Although not shown, a magnetic disk drive for reading from and writing to a removable, non-volatile magnetic disk (e.g., a “floppy disk”) and an optical disk drive for reading from or writing to a removable, non-volatile optical disk such as a CD-ROM, DVD-ROM, or other optical media can be provided. In such instances, each can be connected tobus 118 by one or more data media interfaces. As will be further depicted and described below,memory 128 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the illustrative embodiments. - Program/
utility 140, having a set (at least one) ofprogram modules 142, may be stored inmemory 128 by way of example and not limitation, as well as an operating system, one or more application programs, other program modules, and program data. Each of the operating systems, one or more application programs, other program modules, and program data or some combination thereof may include an implementation of a networking environment.Program modules 142 generally carry out the functions and/or methodologies of the illustrative embodiments as described herein. - Computer system/
server 112 may also communicate with one or moreexternal devices 114, such as a keyboard, a pointing device,display 124, etc.; one or more devices that enable a user to interact with computer system/server 112; and/or any devices (e.g., network card, modem, etc.) that enable computer system/server 112 to communicate with one or more other computing devices. Such communication can occur via I/O interfaces 122. Still yet, computer system/server 112 can communicate with one or more networks, such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) vianetwork adapter 120. As depicted,network adapter 120 communicates with the other components of computer system/server 112 viabus 118. It should be understood that, although not shown, other hardware and/or software components could be used in conjunction with computer system/server 112. Examples include, but are not limited to, microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data archival storage systems, etc. - Referring now to
FIG. 2 , an illustration of a cloud computing environment is depicted in accordance with an illustrative embodiment. In this illustrative example,cloud computing environment 250 comprises one or morecloud computing nodes 210 with which local computing devices used by cloud consumers may communicate. For example,cloud computing node 110 inFIG. 1 is one example ofcloud computing nodes 210. Local computing devices which may communicate withcloud computing nodes 210 may include, for example, personal digital assistant (PDA) orcellular telephone 254A,desktop computer 254B,laptop computer 254C, and/orautomobile computer system 254N.Cloud computing nodes 210 may communicate with one another. They may be grouped (not shown) physically or virtually, in one or more networks, such as private, community, public, or hybrid clouds as described hereinabove or a combination thereof. This allowscloud computing environment 250 to offer infrastructure, platforms, and/or software as services for which a cloud consumer does not need to maintain resources on a local computing device. It is understood that the types ofcomputing devices FIG. 2 are intended to be illustrative only and thatcloud computing nodes 210 andcloud computing environment 250 can communicate with any type of computerized device over any type of network and/or network addressable connection (e.g., using a web browser). Program code located on one ofcloud computing nodes 210 may be stored on a computer recordable storage medium in one ofcloud computing nodes 210 and downloaded to a computing device withincomputing devices cloud computing nodes 210 may store program code on a computer readable storage medium on the server computer. The server computer may download the program code to a client computer incomputing devices - Referring now to
FIG. 3 , a set of functional abstraction layers is depicted in accordance with an illustrative embodiment. The set of functional abstraction layers may be provided bycloud computing environment 250 inFIG. 2 . It should be understood in advance that the components, layers, and functions shown inFIG. 3 are intended to be illustrative only and illustrative embodiments are not limited thereto. As depicted, the following layers and corresponding functions are provided: - Hardware and
software layer 360 includes hardware and software components. Examples of hardware components include mainframes, in one example IBM® zSeries® systems; RISC (Reduced Instruction Set Computer) architecture based servers, in one example IBM® pSeries® systems; IBM® xSeries® systems; IBM® BladeCenter® systems; storage devices; and networks and networking components. Examples of software components include network application server software, in one example IBM® WebSphere® application server software; and database software, in one example IBM® DB2® database software. (IBM®, zSeries®, pSeries®, xSeries®, BladeCenter®, WebSphere®, and DB2® are trademarks of International Business Machines Corporation registered in many jurisdictions worldwide.) -
Virtualization layer 362 provides an abstraction layer from which the following examples of virtual entities may be provided: virtual servers; virtual storage; virtual networks including virtual private networks; virtual applications and operating systems; and virtual clients. - In one example,
management layer 364 may provide the functions described below. Resource provisioning provides dynamic procurement of computing resources and other resources that are utilized to perform tasks within the cloud computing environment. Metering and pricing provide usage and cost tracking as resources are utilized within the cloud computing environment and billing or invoicing for consumption of these resources. In one example, these resources may comprise application software licenses. Security provides identity verification for cloud consumers and tasks as well as protection for data and other resources. User portal provides access to the cloud computing environment for consumers and system administrators. Service level management provides cloud computing resource allocation and management such that required service levels are met. Service Level Agreement (SLA) planning and fulfillment provides pre-arrangement for, and procurement of, cloud computing resources for which a future requirement is anticipated in accordance with an SLA. -
Workloads layer 366 provides examples of functionality for which the cloud computing environment may be utilized. Examples of workloads and functions which may be provided from this layer include: mapping and navigation; software development and lifecycle management; virtual classroom education delivery; data analytics processing; transaction processing; and workload monitoring, management, and security processing. - The different illustrative embodiments recognize and take into account a number of different considerations. For example, the different illustrative embodiments recognize and take into account that many enterprises have an existing investment in information technology resources. These enterprises want to use their existing infrastructure, software, and management resources. At times, such enterprises also may want to augment their own data processing resources selectively with cloud based services. Thus, for economic and functional reasons, there may be a need to use on-premise enterprise infrastructure, platform, applications, or data, and off-premise cloud service infrastructure, platform, applications, or data in an integrated manner.
- The different illustrative embodiments recognize and take into account that, in cases of cloud computing, server, network, data, and applications used in processing the enterprise workload may reside within an enterprise data center, may be with partners of the enterprise, or may reside over the Internet in a public cloud. Thus, processing a workload using a combination of on-premise enterprise resources and public cloud resources involves using some of the on-premise infrastructure, platform, applications, or data as well as some off-premise cloud based services and data. Cloud computing solutions of this type may create integration, interoperability, management and security challenges.
- For example, the different illustrative embodiments recognize and take into account that cloud computing consumers desire to maintain a seamless interface across on-premise and off-premise cloud boundaries. However, the governing policies for cloud operation and security related procedures always need to be in place. These competing requirements create the need for an integrated infrastructure and management solution that can span across the consumer data center and into one or more public cloud environments.
- The different illustrative embodiments recognize and take into account that easy access to public cloud services allows such services to be consumed within an enterprise in a non-centralized and unmanaged manner. De-centralizing and moving data processing resources to off-site vendors increases the complexity and time required to support them. Typically, this complexity is only evident when the cloud resources being consumed are reported to the enterprise information technology department. Security and system governance lapses may result from this lack of management. Regulatory and business compliance may require policy based data sharing across a hybrid cloud. However, current unmanaged methods for accessing cloud service resources cannot guarantee such compliance. The different illustrative embodiments also recognize and take into account the desirability of controlling cloud vendor selection based on business conditions and established policies.
- The different illustrative embodiments recognize and take into account that policy based workload management across a hybrid cloud and automated support of cloud computing services will reduce information technology costs. Such hybrid cloud management and support will improve security and compliance and thereby will increase enterprise adoption of cloud technologies.
- Various providers of cloud services use vendor specific service request, access, and consumption models. The different illustrative embodiments recognize and take into account the desirability of a vender neutral and service specific interface to all clouds that provide a desired cloud service.
- The different illustrative embodiments recognize and take into account that integrated monitoring of data processing resources and workload processing across a hybrid cloud is needed to establish automated policy based workload management. However, such integrated monitoring cannot be achieved using existing solutions. Existing solutions for monitoring data processing resources and workload processing are not adapted for the dynamic nature of hybrid cloud computing environments. In particular, such solutions are not adapted for hybrid cloud environments formed of separate dynamic networks of data processing resources that often must be separated from each other by firewalls to provide appropriate levels of security.
- Therefore, the different illustrative embodiments recognize and take into account the need for an integrated infrastructure and monitoring solution that can span across a hybrid cloud computing environment. In particular, the different illustrative embodiments recognize and take into account the need for an integrated infrastructure and monitoring solution that can span across a customer data center into one or more public cloud environments. The different illustrative embodiments recognize and take into account that consumers of data processing resources desire to view the state of a workload running on a hybrid cloud using a single integrated view. An integrated infrastructure and monitoring solution in accordance with an illustrative embodiment makes possible such an integrated view.
- The different illustrative embodiments also recognize and take into account that such an integrated infrastructure and monitoring solution should be implemented and maintained as efficiently as possible. For example, any required changes to monitoring agents or to other parts of the monitoring infrastructure should be minimized and confined to as few components as possible. Currently available solutions for monitoring data processing resources and workload processing do not provide such efficiency. Currently available solutions for monitoring data processing resources and workload processing are too cumbersome to set up and use, particularly in a hybrid cloud computing environment.
- In accordance with an illustrative embodiment, a hybrid cloud integrator provides for integration of on-premise infrastructure, platform, applications, and data with public cloud based infrastructure, platform, services and data. A hybrid cloud integrator, in accordance with an illustrative embodiment, may be used to extend on-premise data center capabilities by augmenting such capabilities with data processing capabilities provided in a public cloud. For example, such cloud based capabilities may include infrastructure as a service or storage as a service capabilities. In accordance with an illustrative embodiment, the desired solution for processing a workload may be implemented in a hybrid cloud environment that integrates multiple private cloud and public cloud based services.
- A hybrid cloud integrator, in accordance with an illustrative embodiment, may be used to extend the reach of a consumer's on-premise data processing monitoring and management functionality to monitor and manage the data processing resource capabilities extended in a public cloud. In accordance with an illustrative embodiment, a hybrid cloud computing environment including both private cloud and public cloud based services may be monitored and managed in a more effective manner as a single logical cloud of resources. Hybrid cloud integration, in accordance with an illustrative embodiment, allows policy based integration of infrastructure, services, and data across the hybrid cloud. In accordance with an illustrative embodiment, monitoring and management of the integrated infrastructure and services can be performed in a centralized manner. In this way, workload specific actions can be taken consistently and in a vendor neutral manner even if the components of the workload are processed using multiple cloud based services.
- In accordance with an illustrative embodiment, a hybrid cloud integrator provides an integration platform for integrating workload monitoring and management across a hybrid cloud. The hybrid cloud integrator, in accordance with an illustrative embodiment, may comprise a hybrid cloud integrator framework. Hybrid cloud integration components may be plugged-in to the framework as needed in a systematic manner.
- For example, in accordance with an illustrative embodiment, integration components that may be plugged-in to the hybrid cloud integrator framework may include a cloud service broker plug-in, a cloud monitoring plug-in, and a cloud security services plug-in. Together, the plug-ins may be used to provision and configure an on-premise or consumer side monitoring gateway and an off-premise or provider cloud side monitoring gateway. These gateways are employed to provide for integrated workload monitoring across a hybrid cloud.
- In accordance with an illustrative embodiment, a consumer of data processing resources may use the integration components provided in the hybrid cloud integrator to identify and define hybrid cloud monitoring participants across the hybrid cloud. Such participants may include both an on-premise monitoring infrastructure and one or more off-premise cloud based services that are to be monitored using the on-premise monitoring infrastructure. The consumer of data processing resources may specify parameters needed to enable integration for hybrid cloud monitoring. For example, such parameters may include port identifications, Internet Protocol or other addresses, encryption methods used, and the like. Coordination of actions among the integration component plug-ins is automated so that implementation of the hybrid cloud monitoring setup may be completed automatically. Thus, illustrative embodiments provide for the efficient set up of an integrated infrastructure and monitoring solution for hybrid cloud monitoring.
- In accordance with an illustrative embodiment, data processing service instances in a cloud may be monitored using monitoring agents. The monitoring agents may provide monitored data to an on-premise monitoring infrastructure via the hybrid cloud integration structure established using the hybrid cloud integrator. In accordance with an illustrative embodiment, as additional data processing service instances are established in the cloud, or as data processing service instances are terminated, monitoring of already established or remaining instances may continue without requiring changes in the monitoring agents for those instances or in the rest of the monitoring infrastructure. Thus, illustrative embodiments provide for the efficient maintenance and operation of an integrated infrastructure and monitoring solution for hybrid cloud monitoring.
- The different illustrative embodiments recognize and take into account that current cloud based services accessible over the internet are provided by multiple vendors. Multiple vendors may offer directly competing services. For example, both IBM SBDTC and Amazon EC2 offer infrastructure as a service cloud services. Different protocols and application programming interfaces are required for interfacing with these competing services. Currently, consumers of these services have to develop and maintain vendor-specific code to access the same service from different vendors. Consumers of cloud computing services would prefer to maintain a single vendor neutral and service specific interface to all clouds that provide a desired service. Consumers also desire to control vendor selection based on business considerations.
- In accordance with an illustrative embodiment, a cloud service broker, a cloud security service, and a cloud monitoring service may be provided as plug-in components for a hybrid cloud integrator. These three components may operate together automatically to set up and provide monitoring of data processing resources across a hybrid cloud.
- Referring now to
FIG. 4 , a block diagram of a data processing environment employing hybrid cloud integration is depicted in accordance with an illustrative embodiment.Data processing environment 400 includes consumerdata processing resources 402 and providerdata processing resources 404. In some embodiments, providerdata processing resources 404 may be referred to as first data processing resources, and consumerdata processing resources 402 may be referred to as second data processing resources or vice versa. - Consumer
data processing resources 402 may include data processing resources that are owned or controlled exclusively by consumer ofdata processing resources 405. For example, consumer ofdata processing resources 405 may be a business entity or other organization or enterprise that uses consumerdata processing resources 402 to process consumer processedconsumer workload 406. - Consumer
data processing resources 402 may include any combination of data processing systems and devices for processing consumer processedconsumer workload 406. For example, consumerdata processing resources 402 may include any combination of data processing infrastructure, networks, processors, data storage, databases, and applications. - Consumer
data processing resources 402 may include or may be referred to asprivate cloud 408. Consumerdata processing resources 402 may include data processing resources that are located on-premise 410 or may be referred to as being on-premise 410. On-premise 410 may mean that all of consumerdata processing resources 402 are co-located in a single location that is owned or controlled by consumer ofdata processing resources 405 that also owns or controls consumerdata processing resources 402. Alternatively, on-premise 410 may mean that consumerdata processing resources 402 are under the control of consumer ofdata processing resources 405 for exclusive use by consumer ofdata processing resources 405, even though some or all of consumerdata processing resources 402 are physically located in a number of remote locations. - Provider
data processing resources 404 are data processing resources that are available to be shared by a number of consumers of data processing resources, including consumer ofdata processing resources 405. Providerdata processing resources 404 may include any combination of data processing systems or devices. For example, providerdata processing resources 404 may include any combination of data processing infrastructure, networks, processors, data storage, or applications. - Provider
data processing resources 404 may be provided asservices 414. For example, providerdata processing resources 404 may be provided asservices 414 bypublic cloud 412.Public cloud 412 makes providerdata processing resources 404 available to consumer ofdata processing resources 405 asservices 414. For example,services 414 may include one or more of infrastructure as aservice 416, platform as aservice 417, software as aservice 418, or other data processing related services. - At certain times, consumer of
data processing resources 405 may use providerdata processing resources 404 to process provider processedconsumer workload 420. Provider processedconsumer workload 420 typically is a portion of all ofconsumer workload 421 that consumer ofdata processing resources 405 needs to be processed. In some cases, provider processedconsumer workload 420 may be all ofconsumer workload 421 that consumer ofdata processing resources 405 needs to be processed. For example, consumer ofdata processing resources 405 may use providerdata processing resources 404 to process provider processedconsumer workload 420 when consumerdata processing resources 402 are overloaded with processing consumer processedconsumer workload 406. At other times, consumer ofdata processing resources 405 may employ providerdata processing resources 404 to process provider processedconsumer workload 420 when processing of provider processedconsumer workload 420 is not one of the core competencies of consumer ofdata processing resources 405. As another example, consumer ofdata processing resources 405 may use providerdata processing resources 404 to process provider processedconsumer workload 420 when particular applications required to process provider processedconsumer workload 420 are not available among consumerdata processing resources 402. In any case, processing of provider processedconsumer workload 420 using providerdata processing resources 404 may require that a number ofapplications 422 ordata 424, or bothapplications 422 anddata 424, be provided to providerdata processing resources 404 in order to process provider processedconsumer workload 420. - Thus, at times, all of
consumer workload 421 being processed by or for consumer ofdata processing resources 405 may be processed in part as consumer processedconsumer workload 406 on consumerdata processing resources 402, such asprivate cloud 408, and in part as provider processedconsumer workload 420 on providerdata processing resources 404, such aspublic cloud 412. In this case, the integration ofprivate cloud 408 andpublic cloud 412 to processconsumer workload 421 for consumer ofdata processing resources 405 formshybrid cloud 426. - Operation of
hybrid cloud 426 requires communication between consumerdata processing resources 402 and providerdata processing resources 404. However, security concerns may require the prevention of unauthorized access to consumerdata processing resources 402 from providerdata processing resources 404 or from any other unauthorized sources. Therefore,firewall 428 may be provided between consumerdata processing resources 402 and providerdata processing resources 404.Firewall 428 is designed to block unauthorized access to consumerdata processing resources 402 by providerdata processing resources 404 or by any other unauthorized sources while permitting authorized communications between consumerdata processing resources 402 and providerdata processing resources 404.Firewall 428 may be implemented in either hardware or software or using a combination of both hardware and software. For example, without limitation,firewall 428 may be implemented in consumerdata processing resources 402. - In accordance with an illustrative embodiment,
hybrid cloud integrator 430 provides integration across consumerdata processing resources 402 and providerdata processing resources 404 to implement integrated data processing resources forminghybrid cloud 426. For example, without limitation,hybrid cloud integrator 430 may be implemented by consumer ofdata processing resources 405 on consumerdata processing resources 402. - In accordance with an illustrative embodiment,
hybrid cloud integrator 430 includesframework 432,integration platform 434, and a number of plug-ins 436. For example,framework 432 may be implemented in software as a software framework.Framework 432 may be implemented onintegration platform 434.Integration platform 434 provides the underlying hardware and software required to implementhybrid cloud integrator 430. For example,integration platform 434 may include the hardware, operating system, and runtime environment in whichhybrid cloud integrator 430 is implemented. -
Framework 432 provides plug-ininterface 438. Plug-ininterface 438 allows a number of plug-ins 436 to be installed inhybrid cloud integrator 430. Plug-ins 436 are software components that are configured to provide functionality for integrated use of consumerdata processing resources 402 and providerdata processing resources 404. Plug-ins 436 may include, for example, a number of service deployment andintegration components 440, a number ofdata integration components 441, and a number ofmanagement integration components 442. - In accordance with an illustrative embodiment, service deployment and
integration components 440 may be used by consumer ofdata processing resources 405 to deployservices 414 in providerdata processing resources 404 that are needed to process or monitor provider processedconsumer workload 420. Service deployment andintegration components 440 also may be used to integrateservices 414 deployed in providerdata processing resources 404 with consumerdata processing resources 402 to provide integrated data processing resources to processconsumer workload 421. For example, service deployment andintegration components 440 may include cloud service broker plug-in 443. As will be described in more detail below, cloud service broker plug-in 443 may be used for provisioning providerdata processing resources 404 inpublic cloud 412 for use by consumer ofdata processing resources 405. -
Data integration components 441 may be used by consumer ofdata processing resources 405 to migrate, replicate, transform, and integrate data used in processingconsumer workload 421 between consumerdata processing resources 402 and providerdata processing resources 404. Service deployment andintegration components 440 anddata integration components 441 may be used to enforce workload and data specific deployment and integration policies specified by consumer ofdata processing resources 405. -
Management integration components 442 may include any components that may be used by consumer ofdata processing resources 405 to monitor and manage the processing of provider processedconsumer workload 420 by providerdata processing resources 404.Management integration components 442 may include plug-in components that may be used by consumer ofdata processing resources 405 to monitor the processing of provider processedconsumer workload 420 by providerdata processing resources 404 in order to manage such processing. For example,management integration components 442 may include cloud monitoring plug-in 445 and cloud security service plug-in 447. As will be described in more detail below, cloud monitoring plug-in 445 may be used for managing monitoring of processing of provider processedconsumer workload 420 on providerdata processing resources 404. Cloud security service plug-in 447 may be used for managing security for the monitoring of the processing of provider processedconsumer workload 420 on providerdata processing resources 404.Management integration components 442 may also, or alternatively, include metering components or other management related components. - Operating characteristics of plug-
ins 436 are defined byconfiguration data 444. In accordance with an illustrative embodiment,framework 432 may provide serviceconnectivity management function 446. Serviceconnectivity management function 446 allowscurrent configuration data 444 from plug-ins 436, and other information about plug-ins 436, to be made available to a user onuser interface 448. Serviceconnectivity management function 446 also allowsconfiguration data 444 to be received fromuser interface 448 for plug-ins 436. Thus, serviceconnectivity management function 446 provides a connection between plug-ins 436 anduser interface 448 allowing users to view and change the operating configuration of plug-ins 436 viauser interface 448. -
Framework 432 also may provideruntime management function 450.Runtime management function 450 provides for managing operation of plug-ins 436 during operation thereof. Specifically,runtime management function 450 may provide for activating plug-ins 436 and for controlling operation of plug-ins 436 after plug-ins 436 are activated. -
Framework 432 also may provide communication between plug-ins 451. Communication between plug-ins 451 allows plug-ins 436 to interact with each other. For example, communication between plug-ins 451 allows one of plug-ins 436 to access and make use of the functionality provided by another of plug-ins 436 inframework 432. - In accordance with an illustrative embodiment,
hybrid cloud integrator 430 provides flexible and reliable automated integration of data processing resources acrosshybrid cloud 426 to process a workload. For example,hybrid cloud integrator 430 may be used byworkload manager 452 to access providerdata processing resources 404 automatically when needed to supplement consumerdata processing resources 402.Hybrid cloud integrator 430 also may be used byworkload manager 452 to monitor the processing of provider processedconsumer workload 420 by providerdata processing resources 404. -
Workload manager 452 may provideautomated workload management 454.Automated workload management 454 includes automatically managing workload processing on available data processing resources. An example of a system that provides this type of automated workload management is the IBM® Tivoli® Service Automation Manager, TSAM, available from International Business Machines Corporation. Illustrative embodiments may be used, however, in combination with any currently available workload manager providing automated workload management functions or with any workload manager that may become available in the future. Illustrative embodiment also may be used in combination with workload managers in which automated workload management functions are implemented in combination with a human operator. -
Workload manager 452 may provideautomated workload management 454 based onpolicies 456.Policies 456 may define limitations under whichworkload manager 452 may use available data processing resources. For example,policies 456 may define when or under whatconditions workload manager 452 may use providerdata processing resources 404 to processconsumer workload 421.Policies 456 also may specify which providerdata processing resources 404 may be used to processconsumer workload 421.Policies 456 also may specify consumer data that may be replicated and accessed by providerdata processing resources 404 and the portion ofconsumer workload 421 that may be processed by providerdata processing resources 404.Policies 456 may specify security and privacy constraints that must be applied for processingconsumer workload 421 by providerdata processing resources 404. -
Policies 456 may be developed using businessrules management engine 458. Businessrules management engine 458 may take into consideration a variety of business related and other factors to determinepolicies 456. For example, factors used by businessrules management engine 458 to determinepolicies 456 may include financial, security, compliance, customer relations factors, or other suitable factors. -
Workload manager 452 may provide automatic policy based provisioning 460 based onpolicies 456. For example, policy based provisioning 460 may call for the provisioning of providerdata processing resources 404 to process provider processedconsumer workload 420. In this case,workload manager 452 may usehybrid cloud integrator 430 to deploy providerdata processing resources 404 needed to process provider processedconsumer workload 420. For example, service deployment andintegration components 440 may be used to deployservices 414 inpublic cloud 412 that are needed to process provider processedconsumer workload 420. Service deployment andintegration components 440 may establish communication with providerdata processing resources 404 throughfirewall 428. For example, such communication may be established via applicationprogramming interface portal 461 inpublic cloud 412.Applications 422,data 424, or bothapplications 422 anddata 424 needed for processing provider processedconsumer workload 420 may be provided to providerdata processing resources 404 byworkload manager 452 viahybrid cloud integrator 430. -
Hybrid cloud integrator 430 also may be used to establishworkload processing image 462 inpublic cloud 412.Workload processing image 462pre-defines services 414 needed to process provider processedconsumer workload 420. By establishingworkload processing image 462 in advance, providerdata processing resources 404 needed to process provider processedconsumer workload 420 may be deployed more rapidly whenworkload manager 452 determines that providerdata processing resources 404 will be used for this purpose. - In accordance with an illustrative embodiment,
hybrid cloud integrator 430 allowsworkload manager 452 to access providerdata processing resources 404 as easily as consumerdata processing resources 402. Plug-ins 436 inhybrid cloud integrator 430 handle all of the special requirements of providerdata processing resources 404 needed to access those resources. - In accordance with an illustrative embodiment,
hybrid cloud integrator 430 also provides for monitoring the processing of provider processedconsumer workload 420 by providerdata processing resources 404. For example, as will be described in more detail below, service deployment andintegration components 440 andmanagement integration components 442 may be used to establish and manage monitoring of the processing of provider processedconsumer workload 420. Monitored data from providerdata processing resources 404 may be provided tomonitoring infrastructure 468 viahybrid cloud integrator 430. Similarly, consumerprocessing monitoring agent 466 may be implemented in consumerdata processing resources 402. Consumerprocessing monitoring agent 466 collects data for monitoring the processing of consumer processedconsumer workload 406 by consumerdata processing resources 402. Monitored data from consumerdata processing resources 402 may be provided from consumerprocessing monitoring agent 466 tomonitoring infrastructure 468. -
Monitoring infrastructure 468 may be implemented in consumerdata processing resources 402.Monitoring infrastructure 468 may receive monitoring information for providerdata processing resources 404 viahybrid cloud integrator 430 and monitoring information from consumerprocessing monitoring agent 466 for consumerdata processing resources 402.Monitoring infrastructure 468 may process the received monitoring information to generate an integrated display of workload processing conditions for providerdata processing resources 404 and consumerdata processing resources 402. This integrated display may be presented to a user, such as a system administrator, onmonitoring station 472. Thus, in accordance with an illustrative embodiment, a display of workload processing conditions acrosshybrid cloud 426 may be presented to a user in an integrated manner. Such an integrated display allows a user to monitor and manage workload processing acrosshybrid cloud 426 in an integrated, effective, and efficient manner. -
Monitoring infrastructure 468 also may look for and detect the occurrence ofevents 473 from the monitoring information provided tomonitoring infrastructure 468.Events 473 may be defined by the occurrence of specified conditions or patterns in the monitored data. For example, monitored data exceeding a defined threshold for at least a specified time period may indicate the occurrence of one ofevents 473. In accordance with an illustrative embodiment,events 473 may be defined by the occurrence of any condition, state, or pattern of interest in the monitored data provided tomonitoring infrastructure 468. -
Events 473 may be provided as input to event correlation andaggregation function 474. Event correlation andaggregation function 474 may provide, and may be referred to as, an event correlation service. Event correlation andaggregation function 474 may aggregate and correlateevents 473 over periods of time. Event correlation andaggregation function 474 may determine whether the aggregated and correlatedevents 473 indicate the presence of data processing conditions that should be or may be addressed to maintain or improve system performance. For example, event correlation andaggregation function 474 may determine that a series of detectedevents 473 has occurred indicating that consumerdata processing resources 402 or providerdata processing resources 404 are overloaded. Similarly, event correlation andaggregation function 474 may determine that a series of detectedevents 473 has occurred indicating that consumerdata processing resources 402 or providerdata processing resources 404 are being underutilized. In accordance with an illustrative embodiment, any data processing condition of interest that may be defined by aggregated or correlatedevents 473 may be detected by event correlation andaggregation function 474. - In response to a determination by event correlation and
aggregation function 474 that a data processing condition of interest exists, servicedesk ticketing function 476 may send event basedservice request 478 toworkload manager 452. For example, servicedesk ticketing function 476 may generate event basedservice request 478 in response to a determination by event correlation andaggregation function 474 that a data processing condition exists that should be or may be addressed to maintain or improve system performance. Event basedservice request 478 may indicate toworkload manager 452 the particular condition that has been determined to exist. In this case,workload manager 452 may determine the appropriate action to take in response to the indicated condition. Alternatively, servicedesk ticketing function 476 may determine the action that needs to be taken in response to a particular condition that has been determined to exist. In this case, event basedservice request 478 may indicate toworkload manager 452 the action that is being requested. - In any case,
workload manager 452 may determine whether or not any action may be taken in response to a particular data processing condition based onpolicies 456. Ifworkload manager 452 determines that action will be taken in response to a particular data processing condition,workload manager 452 may implement such action based onpolicies 456. For example,workload manager 452 may respond to event basedservice request 478 by implementing appropriate policy based provisioning 460 of data processing resources as needed to respond to a detected data processing condition. -
Workload manager 452 also may respond to event basedservice request 478 by generatingservice fulfillment response 480. For example,service fulfillment response 480 may be generated byworkload manager 452 and delivered to servicedesk ticketing function 476.Service fulfillment response 480 may indicate that event basedservice request 478 has been received byworkload manager 452.Service fulfillment response 480 also may indicate that appropriate action has been taken, or will be taken, in response to event basedservice request 478. In this case,service fulfillment response 480 may or may not specify the particular action taken, or to be taken, byworkload manager 452 in response to event basedservice request 478. In some cases,workload manager 452 may not be able to take action to change data processing conditions in response to event basedservice request 478. For example,policies 456 may preventworkload manager 452 from taking action in response to event basedservice request 478 at a particular time. In this case,service fulfillment response 480 may indicate that action will not be taken byworkload manager 452 in response to event basedservice request 478 or that the implementation of such action may be delayed.Policies 456, responsible for such a failure to act or for such a delay, may or may not be identified inservice fulfillment response 480. - The information provided by event based
service request 478 andservice fulfillment response 480 may be formatted appropriately and displayed for a user onmonitoring station 472. By displaying information from event basedservice request 478 andservice fulfillment response 480 in this manner, a user is able to monitor the detection of data processing system conditions for which an appropriate action may be taken and the response ofworkload manager 452 to the detection of such conditions. - In accordance with an illustrative embodiment,
hybrid cloud integrator 430 makes it possible forworkload manager 452 to respond to determined data processing conditions of interest in consumerdata processing resources 402, in providerdata processing resources 404, or both. Furthermore,hybrid cloud integrator 430 makes it possible forworkload manager 452 to access consumerdata processing resources 402, providerdata processing resources 404, or both, for responding to determined conditions of interest. Thus,hybrid cloud integrator 430 makes it possible forworkload manager 452 to provide integrated data processing resource management acrosshybrid cloud 426 by providing for monitoring of data processing conditions acrosshybrid cloud 426 and by providing access to data processing resources acrosshybrid cloud 426 when responding to such conditions. - For example,
hybrid cloud integrator 430 may be used to establish monitoring of the processing of portions ofconsumer workload 421 by providerdata processing resources 404 while processing of other portions ofconsumer workload 421 by consumerdata processing resources 402 also is monitored at the same time. Based on such monitoring, an overload condition or underutilization condition on consumerdata processing resources 402, on providerdata processing resources 404, or both, may be determined In response to such a determination,workload manager 452 may activate or deactivate selected consumerdata processing resources 402, may deploy or release selected providerdata processing resources 404 usinghybrid cloud integrator 430 in the manner described, or both. Processing of portions ofconsumer workload 421 then may be allocated byworkload manager 452 across the reconfigured resources ofhybrid cloud 426 to remedy the determined overload or underutilization condition. The particular action taken byworkload manager 452 in response to the determined condition may be determined bypolicies 456. - Turning now to
FIG. 5 , a block diagram of a data processing environment for monitoring data processing resources in accordance with an illustrative embodiment is depicted. In this example,data processing environment 500 is an example of one implementation ofdata processing environment 400 inFIG. 4 . In this example,data processing environment 500 comprises consumerdata processing resources 502 and providerdata processing resources 504. One or more of consumerdata processing resources 502 and providerdata processing resources 504 may comprise cloud based resources, in which the data processing resources are provided as a service. In this case,data processing environment 500 may be referred to as a hybrid cloud. - Consumer
data processing resources 502 may comprise, for example, on-premise data processing resources. For example, consumerdata processing resources 502 may comprise data processing resources found in a customer data center. In other examples, consumerdata processing resources 502 may comprise cloud based resources in which consumerdata processing resources 502 are provided as a service. For example, consumerdata processing resources 502 may comprise private cloud or public cloud data processing resources. In any case, various applications, middleware components, and other workload processing resources, such as those represented byservice instances data processing resources 502. These processing resources may be referred to as workload processing service instances or simply as service instances. For example,service instances data processing resources 502 to process all or portions of a consumer workload. - Provider
data processing resources 504 may comprise cloud based resources that are provided as a service. For example, providerdata processing resources 504 may comprise infrastructure as a service, platform as a service, software as a service, or other cloud services. In this example, providerdata processing resources 504 comprisepublic clouds Public clouds public clouds - Various cloud provided
service instances public clouds service instances hybrid cloud integrator 520 to provision resources onpublic clouds service instances hybrid cloud integrator 520 is implemented on consumerdata processing resources 502. - A consumer of data processing resources will desire to manage
service instances data processing environment 500 in an integrated manner. Such integrated management requires integrated monitoring ofservice instances data processing environment 500. Such integrated monitoring may be provided bymonitoring infrastructure 522. For example,monitoring infrastructure 522 may be implemented on consumerdata processing resources 502.Monitoring infrastructure 522 may be implemented using any combination of hardware and software components to provide the desired integrated monitoring functionality. For example, without limitation,monitoring infrastructure 522 may comprise an IBM Tivoli monitoring server for providing such integrated monitoring. - Monitoring of
service instances data processing resources 502 may be straightforward. Consumerside monitoring agents data processing resources 502 to monitorservice instances side monitoring agents service instances monitoring infrastructure 522. For example, consumerside monitoring agents monitoring infrastructure 522. For example, without limitation, consumerside monitoring agents - Monitoring of
service instances data processing resources 504 by monitoringinfrastructure 522 may be more problematic. In many cases, providerdata processing resources 504 may be separated from consumerdata processing resources 502 by one ormore firewalls public clouds Firewall 528 may be provided by or associated with consumerdata processing resources 502. In this case,firewall 528 may be implemented to prevent unauthorized access to consumerdata processing resources 502 from outside of consumerdata processing resources 502. In particular,firewall 528 may prevent data from being pushed from providerdata processing resources 504 to consumerdata processing resources 502. - In accordance with an illustrative embodiment, monitoring of
service instances data processing resources 504 by monitoringinfrastructure 522 is enabled by consumerside monitoring gateway 534 operating in combination with providerside monitoring gateways side monitoring gateway 534 and providerside monitoring gateways hybrid cloud integrator 520. - In accordance with an illustrative embodiment, consumer
side monitoring gateway 534 may be implemented bycloud monitoring service 540 implemented inhybrid cloud integrator 520. For example,cloud monitoring service 540 may be implemented as a cloud monitoring plug-in to the software framework provided byhybrid cloud integrator 520. Consumerside monitoring gateway 534 may pull monitored data acrossfirewall 528 from providerside monitoring gateways side monitoring gateway 534 may then push such monitored data tomonitoring infrastructure 522. - Provider
side monitoring gateways cloud service broker 542,cloud security service 544, andcloud monitoring service 540. For example,cloud service broker 542 may be implemented as a cloud service broker plug-in to the software framework provided byhybrid cloud integrator 520.Cloud service broker 542 may be used to provision providerside monitoring gateways public clouds Cloud service broker 542 also may be used by a consumer of data processing resources to provision resources inpublic clouds service instances Cloud service broker 542 may provide a vendor neutral interface for a consumer of data processing resources to access providerdata processing resources 504 on variouspublic clouds - After provider
side monitoring gateways cloud service broker 542,cloud service broker 542 may activatecloud security service 544.Cloud security service 544 may be implemented as a cloud security service plug-in to the software framework provided byhybrid cloud integrator 520.Cloud security service 544 may configure the firewall and access settings of providerside monitoring gateways side monitoring gateways side monitoring agents side monitoring gateways side monitoring gateway 534. - After
cloud security service 544 has completed the security and isolation configuration of providerside monitoring gateways cloud service broker 542 may activatecloud monitoring service 540 to configure and start providerside monitoring gateways Cloud monitoring service 540 may configure port settings for providerside monitoring gateways side monitoring agents side monitoring gateway Cloud monitoring service 540 also may configure providerside monitoring gateways side monitoring gateway 534.Cloud monitoring service 540 also may configure consumerside monitoring gateway 534 to contact providerside monitoring gateways side monitoring gateways side monitoring gateway 534 bycloud monitoring service 540 allows for communication to take place between providerside monitoring gateways side monitoring gateway 534. -
Service instances cloud service broker 542. When eachservice instance cloud monitoring service 540 may install, configure, and start a corresponding providerside monitoring agent service instances public clouds cloud service broker 542 andcloud monitoring service 540 may coordinate with each other. In one illustrative embodiment,cloud service broker 542 provisions a service instance and invokescloud security service 544.Cloud security service 544 configures the service instances provisioned in the cloud so thatcloud monitoring service 540 can access the service instance and enable monitoring of the service via a monitoring agent. As discussed elsewhere herein,cloud service broker 542,cloud security service 544, andcloud monitoring service 540 may use communication services provided by the framework ofhybrid cloud integrator 520. Further, the framework ofhybrid cloud integrator 520 may provide for communication between plug-in components ofhybrid cloud integrator 520. The coordination betweencloud service broker 542,cloud security service 544, andcloud monitoring service 540 may use communication services provided by the framework ofhybrid cloud integrator 520. - Provider
side monitoring agents side monitoring agents side monitoring agents corresponding service instances side monitoring gateways side monitoring gateways side monitoring gateways side monitoring gateway 534. -
Cloud security service 544 may be implemented as a cloud security service plug-in to the software framework provided byhybrid cloud integrator 520.Cloud security service 544 may be employed bycloud service broker 542 when implementing providerside monitoring gateways side monitoring agents service instances public clouds service instances side monitoring gateways side monitoring gateway 534 tomonitoring infrastructure 522. Virtual private security zones and the use thereof in various applications will be described in more detail below. - When activated, provider
side monitoring agents service instances side monitoring gateways side monitoring gateway 534 may then be activated to retrieve the monitored data acrossfirewall 528 from providerside monitoring gateways side monitoring gateway 534 tomonitoring infrastructure 522. From the point of view ofmonitoring infrastructure 522, monitored data fromservice instances data processing resources 504 may be received from providerside monitoring agents service instances data processing resources 502 is received from consumerside monitoring agents side monitoring gateways side monitoring gateway 534 thus may be transparent tomonitoring infrastructure 522. -
Monitoring infrastructure 522 may generate an integrated view of monitoredservice instances data processing environment 500 from the monitored data provided by consumerside monitoring agents side monitoring agents user 552 via aninteractive monitoring portal 554. For example,user 552 may be a system administrator.Monitoring portal 554 may be accessed byuser 552 using a browser and used in an interactive manner on a monitoring dashboard. The integrated view of monitored services generated by monitoringinfrastructure 522 also may be used to provide for fully automated or partially automated management of data processing resources acrossdata processing environment 500. For example, the integrated view of monitored services generated by monitoringinfrastructure 522 may be used by an automated workload manager to provide fully automated or partially automated integrated workload management acrossdata processing environment 500. - Example scenarios, in accordance with illustrative embodiments, for using the components of a hybrid cloud integrator to establish integrated monitoring of data processing resources across a hybrid cloud data processing environment are presented in more detail below.
- The illustrations of
FIG. 4 andFIG. 5 are not meant to imply physical or architectural limitations to the manner in which different illustrative embodiments may be implemented. Other components in addition to or in place of the ones illustrated may be used. Some components may be unnecessary in some illustrative embodiments. Also, the blocks are presented to illustrate some functional components. One or more of these blocks may be combined or divided into different blocks when implemented in different illustrative embodiments. - For example, a request to monitor a service instance may be generated automatically as part of creation of the service instance, may be generated automatically as part of modification of the service instance, or may be generated as part of a life cycle of the service instance. A request to monitor a service instance may be made by a user of the service instance, by a provider of data processing resources, or by a consumer of data processing resources. Monitored data from a service instance may be provided from self-monitoring by the service instance, from a monitoring agent configured to monitor the service instance, from a script internal to the service instance, or from a script external to the service instance.
- Turning now to
FIG. 6 , a block diagram of a data processing environment employing virtual private security zones in accordance with an illustrative embodiment is depicted. In this example,data processing environment 600 is an example of one implementation ofdata processing environment 400 inFIG. 4 ordata processing environment 500 inFIG. 5 . In this example,data processing environment 600 comprisesdata processing resources 602. For example,data processing resources 602 may comprise data processing resources that are provided as a service. In this case,data processing resources 602 may comprise cloud computing resources. For example,data processing resources 602 may comprise a public cloud, a private cloud, or another type of cloud computing resource. -
Multiple service instances data processing resources 602. For example,service instances individual service instances individual service instances individual service instances individual service instances individual service instances service instances individual service instances service instances individual service instances - In accordance with an illustrative embodiment, management of security and isolation among multiple data processing service instances is facilitated by the use of security zones. Such security zones may be used to define and implement particular security and isolation policies that apply to individual service instances or groups of service instances. The security policies for a service instance may define allowed inbound and outbound communications with applications and services running in the instance using specified ports and IP addresses. These policies may be defined based on the requirements associated with specific workloads, with data being processed, or with business processes accessing the data processing resources. Using the policies, one or more security zones may be defined. These defined security zones then may be associated with service instances used to process workloads. When a new security policy is to be enforced, a security zone conforming to that policy may first be defined. When a new service instance is created, security and isolation policies for that service instance may be established easily by adding that new service instance to an appropriate existing security zone based on the workload process the service instance is to perform. In this case, the new service instance inherits the security and isolation policy from the zone in which it is placed. Thus, a new security and isolation policy need not be implemented individually for a new service instance where an appropriate security zone is already in existence. When a security and isolation policy needs to be changed, the policy can be changed at the level of the security zone. This change may then be applied automatically to all service instances assigned to the changed security zone. Thus, each service instance affected by a change in security and isolation policy need not be individually modified in response to a change in policy that affects multiple service instances.
- In the example in
FIG. 6 , two security zones are established,security zone A 616 andsecurity zone B 618. In this example,service instances security zone A 616.Service instances security zone B 618. In accordance with an illustrative embodiment, the members of a security zone share the same security policy. - For example, in accordance with an illustrative embodiment, security zone policy may dictate that member instances of a security zone have access to each other. Such access may be unrestricted access or may be restricted in some way defined by security zone policy. For example, security zone policy may restrict access to specified ports. The security zone policy may also dictate that service instances do not have access to service instances that are not members of their security zone. Applying this example policy to the security zones in
FIG. 6 , we see thatservice instances service instance 608, becauseservice instances security zone B 618.Service instances service instances security zone B 618 andservice instances security zone B 618.Service instances service instance 608, because all of these service instances are members ofsecurity zone A 616.Service instances service instances security zone A 616, andservice instances security zone A 616. - Individual service instances may be members of more than one security zone. In other words, security zones may overlap. For example, in
FIG. 6 service instance 608 is a member of bothsecurity zone A 616 andsecurity zone B 618. Thus, applying the example security policy just described,service instance 608 has access to all of theother service instances service instance 608. - In accordance with an illustrative embodiment, security zones may be implemented in
data processing environment 600 usinghybrid cloud integrator 620. For example, security zones may be implemented indata processing environment 600 usingcloud service broker 622 andcloud security service 624 components ofhybrid cloud integrator 620.Cloud service broker 622 may be implemented as a cloud service broker plug-in to the software framework provided byhybrid cloud integrator 620.Cloud security service 624 may be implemented as a cloud security service plug-in to the software framework provided byhybrid cloud integrator 620. -
Cloud security service 624 may provide cloudsecurity zone manager 626. Cloudsecurity zone manager 626 may be configured to manage security zone policies andmemberships 628. For example, security zone policies andmemberships 628 may comprise the security policies that apply to each of the number of security zones and the identity of the service instances that are members of the security zones. For each managed security zone, cloudsecurity zone manager 626 may configure firewall and port settings of zone member service instances so that the desired security policy is implemented among service instances. Cloudsecurity zone manager 626 also may maintainaccess keys 630 to security zone policies andmemberships 628. A client, such asworkload management application 632, may be allowed to change the policies or membership of a security zone only if the client is identified as the owner or authorized administrator for that security zone to the cloudsecurity zone manager 626 by presenting an appropriate one ofaccess keys 630. -
Cloud service broker 622 may communicate with and accesscloud security service 624 to establish or modify the security of service instances whencloud service broker 622 is invoked by the consumer of data processing services to provision or remove service instances ondata processing resources 602. For example,workload management application 632 may send a request to provision services ondata processing resources 602. For example,workload management application 632 may comprise an automated workload manager.Cloud service broker 622 may provide a vendor neutral interface forworkload management application 632 to accessdata processing resources 602. Responsive to receiving the request fromworkload management application 632,cloud service broker 622 may provision a service instance ondata processing resources 602 to satisfy the request.Cloud service broker 622 may then pass the request along with access credentials fromworkload management application 632 to cloudsecurity service 624. In response,cloud security service 624 uses the stored management keys and zone policy definitions to apply the security policies to the new service instance. For example, without limitation, this may include modifications to the firewall rules of the service instance.Cloud security service 624 also adds the new service instance as a member of the appropriate security zone or zones. - By the use of
cloud security service 624,workload management application 632 need not specify individual security policies for each new service instance requested. When requesting a new service instance,workload management application 632 only needs to identify tocloud service broker 622 the appropriate security zone or zones of which the new instance is to be a member.Cloud service broker 622 then may usecloud security service 624 to apply automatically the appropriate security policies to the new service instance. - Application of security policies by
cloud security service 624 may be implemented in multiple ways dependent on the services available by the cloud services provider. For example, without limitation, the security policies may be applied directly toservice instances service instances service instances Cloud security service 624 may use the public interfaces of the security mechanisms provided by the cloud service providers to apply the security policies necessary for the isolation ofservice instances - If
workload management application 632, or another application, needs to change a security policy that affects many individual service instances, that change may be implemented as a change to security zone policy viacloud security service 624.Cloud security service 624 knows which instances are members of the security zones to which the changes are to be applied.Workload management application 632, or the other application, need not make such a policy change by accessing and changing all of the affected service instances individually. - Turning now to
FIG. 7 , a block diagram of a data processing environment employing virtual private security zones for monitoring data processing resources in accordance with an illustrative embodiment is depicted. In this example,service instances side monitoring gateway 712 are implemented ondata processing resources 700.Instances side monitoring gateway 712 are members ofsecurity zone A 713.Instances side monitoring gateway 712 are members ofsecurity zone B 714. Providerside monitoring gateway 712 is the only member ofsecurity zone G 716. - In this example,
security zone A 713 andsecurity zone B 714 may represent zones comprising service instances processing distinct workloads. All ofservice instances side monitoring gateway 712, because providerside monitoring gateway 712 is a member of bothsecurity zone A 713 andsecurity zone B 714. However,service instances security zone A 713 cannot accessservice instances security zone B 714, and vice versa. -
Security zone G 716 is a separate zone for providerside monitoring gateway 712.Security zone G 716 thus may be defined by security policies that are particularly relevant to operation of providerside monitoring gateway 712. For example, security policy forsecurity zone G 716 may define permissions allowing access to providerside monitoring gateway 712 by consumerside monitoring gateway 718. As described above, consumerside monitoring gateway 718 may be implemented inhybrid cloud integrator 720 on separate data processing resources fromdata processing resources 700. - Turning now to
FIG. 8 , a block diagram of a data processing environment employing virtual private security zones for a web server application in accordance with an illustrative embodiment is depicted. In this example,security zone W 802 is a defined zone for one ormore web servers 804. Security policy forsecurity zone W 802 is defined to permit access toweb servers 804 fromexternal internet 806.Security zone A 807 includes all ofsecurity zone W 802 and a number ofapplication server instances security zone A 807 may deny access to and fromexternal internet 806 by and toapplication server instances security zone A 807 may grant access toapplication server instances application servers 814.Web servers 804 are members of bothsecurity zone W 802 andsecurity zone A 807. Therefore, access is permitted betweenweb servers 804 andapplication server instances - Turning now to
FIG. 9 , a block diagram of a data processing environment employing virtual private security zones for a web server application with proxy in accordance with an illustrative embodiment is depicted. In this example,security zone P 902 containsweb proxy 904. Security policy forsecurity zone P 902 may provide thatweb proxy 904 has access from and toexternal internet 906.Security zone W 908 is defined for one ormore web servers 910 and includesweb proxy 904. Security policy forsecurity zone W 908 may deny access from and toexternal internet 906 to and byweb servers 910. However, since they are in the samesecurity zone W 908,web proxy 904 can talk withweb servers 910.Security zone A 912 includesweb servers 910 andapplication server instances security zone A 912 may provide that access to and fromexternal internet 906 by and toapplication server instances security zone A 912 may grant access toapplication server instances application servers 920. In this example,web servers 910 cannot be accessed directly fromexternal internet 906. However,web servers 910 can be accessed fromexternal internet 906 indirectly viaweb proxy 904.Application server instances web servers 910, becauseweb servers 910 are included insecurity zone A 912 withapplication server instances - The illustrations of
FIGS. 4-9 are not meant to imply physical or architectural limitations to the manner in which different illustrative embodiments may be implemented. Other components in addition to and/or in place of the ones illustrated may be used. Some components may be unnecessary in some illustrative embodiments. Also, the blocks are presented to illustrate some functional components. One or more of these blocks may be combined and/or divided into different blocks when implemented in different illustrative embodiments. - For example, illustrative embodiments may be implemented for application in a hybrid cloud environment that comprises one or more public clouds in combination with one or more private clouds. Illustrative embodiments may be implemented for application in a hybrid cloud environment that may include multiple private clouds, community clouds, or public clouds in any combination. In accordance with an illustrative embodiment, a hybrid cloud integrator may be used to provide integration of data processing resources across multiple private, public, and community clouds in any combination.
- A hybrid cloud integrator in accordance with an illustrative embodiment may be used for integrated monitoring and management across a hybrid cloud for purposes of detecting and responding to data processing conditions other than data processing resource overload and underutilization conditions. For example, a hybrid cloud integrator in accordance with an illustrative embodiment may be used to provide integrated management across a hybrid cloud for monitoring, metering, security, or any other data processing related conditions or combinations of conditions.
- Integrated monitoring and management of data processing resources across a hybrid cloud using a hybrid cloud integrator in accordance with an illustrative embodiment may be implemented automatically using an automated management system, such as
workload manger 452. Alternatively, monitoring and management using a hybrid cloud integrator in accordance with an illustrative embodiment may be provided by a human system manager using appropriate system interfaces, such asuser interface 448,monitoring station 472, ormonitoring portal 554, in combination with other appropriate system interfaces. Monitoring and management using a hybrid cloud integrator in accordance with an illustrative embodiment may be provided by an automated management system and a human system manager operating together. - Referring now to
FIG. 10 , a block diagram of a data processing system is depicted in accordance with an illustrative embodiment. In this example,data processing system 1000 is one example of a data processing system that may be used to implement consumerdata processing resources 402 and providerdata processing resources 404 inFIG. 4 or consumerdata processing resources 502 and providerdata processing resources 504 inFIG. 5 . In this illustrative example,data processing system 1000 includescommunications fabric 1002, which provides communications betweenprocessor unit 1004,memory 1006,persistent storage 1008,communications unit 1010, input/output (I/O)unit 1012, anddisplay 1014. -
Processor unit 1004 serves to execute instructions for software that may be loaded intomemory 1006.Processor unit 1004 may be a number of processors, a multi-processor core, or some other type of processor, depending on the particular implementation. “A number,” as used herein with reference to an item, means one or more items. Further,processor unit 1004 may be implemented using a number of heterogeneous processor systems in which a main processor is present with secondary processors on a single chip. As another illustrative example,processor unit 1004 may be a symmetric multi-processor system containing multiple processors of the same type. -
Memory 1006 andpersistent storage 1008 are examples ofstorage devices 1016. A storage device is any piece of hardware that is capable of storing information, such as, for example, without limitation, data, program code in functional form, and/or other suitable information either on a temporary basis and/or a permanent basis.Storage devices 1016 also may be referred to as computer readable storage devices in these examples.Memory 1006, in these examples, may be, for example, a random access memory or any other suitable volatile or non-volatile storage device.Persistent storage 1008 may take various forms, depending on the particular implementation. - For example,
persistent storage 1008 may contain one or more components or devices. For example,persistent storage 1008 may be a hard drive, a flash memory, a rewritable optical disk, a rewritable magnetic tape, or some combination of the above. The media used bypersistent storage 1008 also may be removable. For example, a removable hard drive may be used forpersistent storage 1008. -
Communications unit 1010, in these examples, provides for communications with other data processing systems or devices. In these examples,communications unit 1010 is a network interface card.Communications unit 1010 may provide communications through the use of either or both physical and wireless communications links. - Input/
output unit 1012 allows for input and output of data with other devices that may be connected todata processing system 1000. For example, input/output unit 1012 may provide a connection for user input through a keyboard, a mouse, and/or some other suitable input device. Further, input/output unit 1012 may send output to a printer.Display 1014 provides a mechanism to display information to a user. - Instructions for the operating system, applications, and/or programs may be located in
storage devices 1016, which are in communication withprocessor unit 1004 throughcommunications fabric 1002. In these illustrative examples, the instructions are in a functional form onpersistent storage 1008. These instructions may be loaded intomemory 1006 for execution byprocessor unit 1004. The processes of the different embodiments may be performed byprocessor unit 1004 using computer implemented instructions, which may be located in a memory, such asmemory 1006. - These instructions are referred to as program instructions, program code, computer usable program code, or computer readable program code that may be read and executed by a processor in
processor unit 1004. The program code in the different embodiments may be embodied on different physical or computer readable storage media, such asmemory 1006 orpersistent storage 1008. -
Program code 1018 is located in a functional form on computerreadable media 1020 that is selectively removable and may be loaded onto or transferred todata processing system 1000 for execution byprocessor unit 1004.Program code 1018 and computerreadable media 1020 formcomputer program product 1022 in these examples. In one example, computerreadable media 1020 may be computerreadable storage media 1024 or computerreadable signal media 1026. Computerreadable storage media 1024 may include, for example, an optical or magnetic disk that is inserted or placed into a drive or other device that is part ofpersistent storage 1008 for transfer onto a storage device, such as a hard drive, that is part ofpersistent storage 1008. Computerreadable storage media 1024 also may take the form of a persistent storage, such as a hard drive, a thumb drive, or a flash memory, that is connected todata processing system 1000. In some instances, computerreadable storage media 1024 may not be removable fromdata processing system 1000. - Alternatively,
program code 1018 may be transferred todata processing system 1000 using computerreadable signal media 1026. Computerreadable signal media 1026 may be, for example, a propagated data signal containingprogram code 1018. For example, computerreadable signal media 1026 may be an electromagnetic signal, an optical signal, and/or any other suitable type of signal. These signals may be transmitted over communications links, such as wireless communications links, optical fiber cable, coaxial cable, a wire, and/or any other suitable type of communications link. In other words, the communications link and/or the connection may be physical or wireless in the illustrative examples. - In some advantageous embodiments,
program code 1018 may be downloaded over a network topersistent storage 1008 from another device or data processing system through computerreadable signal media 1026 for use withindata processing system 1000. For instance, program code stored in a computer readable storage medium in a server data processing system may be downloaded over a network from the server todata processing system 1000. The data processing system providingprogram code 1018 may be a server computer, a client computer, or some other device capable of storing and transmittingprogram code 1018. - The different components illustrated for
data processing system 1000 are not meant to provide architectural limitations to the manner in which different embodiments may be implemented. The different illustrative embodiments may be implemented in a data processing system including components in addition to or in place of those illustrated fordata processing system 1000. Other components shown inFIG. 10 can be varied from the illustrative examples shown. The different embodiments may be implemented using any hardware device or system capable of running program code. As one example, the data processing system may include organic components integrated with inorganic components and/or may be comprised entirely of organic components excluding a human being. For example, a storage device may be comprised of an organic semiconductor. - In another illustrative example,
processor unit 1004 may take the form of a hardware unit that has circuits that are manufactured or configured for a particular use. This type of hardware may perform operations without needing program code to be loaded into a memory from a storage device to be configured to perform the operations. - For example, when
processor unit 1004 takes the form of a hardware unit,processor unit 1004 may be a circuit system, an application specific integrated circuit (ASIC), a programmable logic device, or some other suitable type of hardware configured to perform a number of operations. With a programmable logic device, the device is configured to perform the number of operations. The device may be reconfigured at a later time or may be permanently configured to perform the number of operations. Examples of programmable logic devices include, for example, a programmable logic array, programmable array logic, a field programmable logic array, a field programmable gate array, and other suitable hardware devices. With this type of implementation,program code 1018 may be omitted because the processes for the different embodiments are implemented in a hardware unit. - In still another illustrative example,
processor unit 1004 may be implemented using a combination of processors found in computers and hardware units.Processor unit 1004 may have a number of hardware units and a number of processors that are configured to runprogram code 1018. With this depicted example, some of the processes may be implemented in the number of hardware units, while other processes may be implemented in the number of processors. - As another example, a storage device in
data processing system 1000 is any hardware apparatus that may store data.Memory 1006,persistent storage 1008, and computerreadable media 1020 are examples of storage devices in a tangible form. - In another example, a bus system may be used to implement
communications fabric 1002 and may be comprised of one or more buses, such as a system bus or an input/output bus. Of course, the bus system may be implemented using any suitable type of architecture that provides for a transfer of data between different components or devices attached to the bus system. Additionally,communications unit 1010 may include one or more devices used to transmit and receive data, such as a modem or a network adapter. Further, a memory may be, for example,memory 1006, or a cache, such as found in an interface and memory controller hub that may be present incommunications fabric 1002. - Referring now to
FIG. 11 , a block diagram of a hybrid cloud integrator is depicted in accordance with an illustrative embodiment. In this example,hybrid cloud integrator 1100 is an example of one implementation ofhybrid cloud integrator 430 ofFIG. 4 orhybrid cloud integrator 520 ofFIG. 5 .Hybrid cloud integrator 1100 includes plug-in interface andruntime management functions 1102 and serviceconnectivity management function 1104. In accordance with an illustrative embodiment, plug-in interface andruntime management functions 1102 and serviceconnectivity management function 1104 are implemented insoftware framework 1105. A number of plug-ins hybrid cloud integrator 1100 and managed during runtime using plug-in interface and runtime management functions 1102. - Service
connectivity management function 1104 provides access to plug-ins user interface 1116. Serviceconnectivity management function 1104 allows an operator to manage the configuration and other parameters of plug-ins user interface 1116. Serviceconnectivity management function 1104 may be used to obtain information about plug-ins ins user interface 1116. For example, serviceconnectivity management function 1104 may allow a user to access configuration information and other information from plug-ins user interface 1116. Serviceconnectivity management function 1104 also may be used to provide configuration data and other parameter information to plug-ins user interface 1116. For example, serviceconnectivity management function 1104 allows a user to change configuration and other parameters of plug-ins user interface 1116. In accordance with an illustrative embodiment, serviceconnectivity management function 1104 may employ a common service connectivity management protocol for interaction between plug-ins user interface 1116. Thus, serviceconnectivity management function 1104 provides a common infrastructure for configuring plug-ins - Plug-in interface and
runtime management functions 1102 may provide various functions for installing and managing plug-ins runtime management functions 1102 may provide the following function for registering a plug-in as an integration provider inhybrid cloud integrator 1100. This function causes the plug-in to be loaded intohybrid cloud integrator 1100 and activated. -
- RegisterIntegrationProvider (ProviderName, LocationUrl), where ProviderName is an unique name for the provider and LocationUrl is the physical location of the provider plug-in.
- The following functions may be implemented by selected ones of plug-
ins -
GetIntegrationCapabilities ( ). This function returns one or more integration capabilities supported by a plug-in. For each integration type { integration identifier display name display summary display configuration } Get metadata for specific capability type. The metadata defines the configuration properties of a specific managed connection type. GetOnPremiseEndpoints (IntegrationIdentifier). This function returns a list of configuration properties for one or more on-premise endpoints of integration identified by IntegrationIdentifier. For each on-premise endpoint: { endpoint identifier display name display summary display description configuration property[0 ..n] }. For each configuration property: { configuration identifier configuration type (boolean, integer, uint, etc) required or optional default value display name display summary display description }. GetOffPremiseEndpoints (IntegrationIdentifier) This function returns a list of configuration properties for one or more off-premise endpoints of integration identified by IntegrationIdentifier. For each off-premise endpoint { endpoint identifier display name display summary display description configuration property[0 ..n] }. For each configuration property { configuration identifier configuration type (boolean, integer, uint, etc) required or optional default value display name display summary display description }. Add instance of specific capability type. This function creates an instance of managed connection type. This function creates an instance of name InstanceName of an integration of type IntegrationType with the necessary endpoint configurations. AddIntegration (IntegrationIdentifier, InstanceName, OnPremiseEndpointConfig, OffPremiseEndpointConfig), wherein: OnPremiseEndpointConfig { endpoint identifier configuration value [0..n] } OffPremiseEndpointConfig { endpoint identifier configuration value [0..n] } configuration value { configuration identifier configuration value }. Delete, start, stop the instance of specific integration type. This function updates an instance of specific capability type. This function is used to modify an instance of managed connection type. See AddIntegration (...). DeleteIntegration (IntegrationIdentifier, InstanceName) Get status of specific capability instance. This function is used to retrieve status data of the managed connection instance for hybrid cloud integration. Get logs of specific capability instance. This function is used to retrieve log data of a service connectivity management function touchpoint instance. Unregister plug-in. This function is used to shut down the plug-in and release all instances. - Plug-in interface and
runtime management functions 1102 in accordance with an illustrative embodiment may provide different functions from those functions listed as examples above. - Plug-
ins cloud service broker 1106,cloud service broker 1108, cloud metering plug-in 1110, cloud monitoring plug-in 1112, and cloud security service plug-in 1114. In this example, storagecloud service broker 1106 andcloud service broker 1108 are examples of service deployment andintegration components 440 inFIG. 4 . In this example, cloud metering plug-in 1110, cloud monitoring plug-in 1112, and cloud security service plug-in 1114 are examples ofmanagement integration components 442 inFIG. 4 . -
Hybrid cloud integrator 1100 may be implemented onintegration platform 1118. For example,software framework 1105 and plug-ins integration platform 1118.Integration platform 1118 compriseshardware 1120.Hardware 1120 may include data processing system hardware, such as computer hardware. For example, without limitation,hardware 1120 may include IBM® WebSphere® Data Power 9004 1U appliance hardware.Operating system 1122 runs onhardware 1120. For example, without limitation,operating system 1122 may include the IBM® MCP 6.0 embedded LINUX® operating system.Operating system 1122 supportsappliance foundation 1124. For example, without limitation,appliance foundation 1124 may include the IBM® WebSphere® BEDROCK appliance foundation.Runtime environment 1126 is at the highest level ofintegration platform 1118. For example, without limitation,runtime environment 1126 may include a JAVA/sMASH runtime environment. In accordance with an illustrative embodiment,integration platform 1118 may be implemented usinghardware 1120,operating system 1122,appliance foundation 1124, andruntime environment 1126 components that are different from the components listed as examples herein. - A hybrid cloud integrator plug-in, in accordance with an illustrative embodiment, is described in more detail with reference to a specific example. Referring now to
FIG. 12 , a block diagram of a cloud service broker plug-in is depicted in accordance with an illustrative embodiment.Cloud service broker 1200 is an example of a hybrid cloud integrator plug-in in accordance with an illustrative embodiment. In accordance with an illustrative embodiment,cloud service broker 1200 is implemented as a plug-in component ofhybrid cloud integrator 1202. For example,cloud service broker 1200 may be deployed in a software framework ofhybrid cloud integrator 1202, in the manner described above, to provide data processing services, provisioning, and management in a hybrid cloud.Cloud service broker 1200 may be configured for a particular application via a user interface associated withhybrid cloud integrator 1202. Use ofcloud service broker 1200, in accordance with an illustrative embodiment, thus centralizes configuration for cloud access. -
Cloud service broker 1200 may be, for example, an infrastructure as a service cloud service broker. An infrastructure as a service cloud service broker may be used to provision infrastructure as a service cloud services. Alternatively,cloud service broker 1200 may be configured to provision and manage other types of cloud services. - In accordance with an illustrative embodiment,
cloud service broker 1200 may be used byapplications 1204 to provisioncloud services applications 1204 may includeworkload management applications 1210.Workload management applications 1210 may be used by consumer ofdata processing resources 1212, for example, to allocate portions ofconsumer workload 1214 for processing bycloud services Applications 1204 may be implemented on consumerdata processing resources 1216. For example, consumerdata processing resources 1216 may include a computer network that is owned or controlled by consumer ofdata processing resources 1212 for the exclusive use of consumer ofdata processing resources 1212. -
Cloud services public clouds cloud services public clouds Public clouds public cloud interfaces data processing resources 1212 provisions and managescloud services public cloud interfaces public clouds public clouds FIG. 12 ,cloud service broker 1200 may be used to provide cloud service provisioning and management for a single cloud of any type or for more than two clouds of any type. - In accordance with an illustrative embodiment,
cloud service broker 1200 provides cloudservice broker interface 1226. Cloudservice broker interface 1226 provides a single vendor neutral interface for provisioning and managingcloud services public clouds cloud service broker 1200 may be made accessible within consumerdata processing resources 1216 from a published location.Applications 1204 and other users wishing to usecloud services service broker interface 1226 provided bycloud service broker 1200.Applications 1204 and other users requesting cloud provisioning or management services via cloudservice broker interface 1226 need not be aware of cloud specific configurations andpublic cloud interfaces -
Cloud service broker 1200 may provide access to multiple vendor-provided cloud services, such ascloud services cloud service broker 1200 providesinterface management 1228 for managingpublic cloud interfaces public clouds Cloud service broker 1200 interfaces with individual vendor-provided cloud services, such ascloud services public cloud interfaces cloud service broker 1200 manages vendor-specific requirements transparently to the clients ofcloud service broker 1200, such asapplications 1204. For example, addition, deletion, and modification in vendor-providedcloud services public cloud interfaces cloud service broker 1200 in a manner that is transparent toapplications 1204 and other users. Thus,applications 1204 are shielded from library and application programming interface changes at the cloud level.Applications 1204, such asworkload management applications 1210, only need be aware of cloudservice broker interface 1226 to usecloud services Applications 1204 need not have details ofpublic cloud interfaces -
Cloud service broker 1200 may support provisioning and management ofcloud services cloud service broker 1200 may be defined by cloud type plug-ins 1230 tocloud service broker 1200. Individual cloud type plug-ins 1230 may be provided for each different cloud type that is supported bycloud service broker 1200. Cloud type plug-ins 1230 may define the particular parameters and protocols needed bycloud service broker 1200 to provision and managecloud services ins 1230 may come provided withproduct 1232. Cloud type plug-ins 1230 that come provided withproduct 1232 are provided along withcloud service broker 1200 whencloud service broker 1200 is first obtained and installed inhybrid cloud integrator 1202. Alternatively, or additionally, cloud type plug-ins 1230 may be downloaded 1234 and implemented, configured, and activated incloud service broker 1200 at a later time. -
Cloud service broker 1200 may be used for provisioning and management ofcloud services cloud service broker 1200 may be used to provision and managecloud services Cloud service broker 1200 may maintaincloud definitions 1236 for each such cloud instance.Cloud definitions 1236 define the details of cloud instances of various cloud types supported bycloud service broker 1200. Each such cloud instance are defined by unique attributes that are specified incloud definitions 1236. Cloud instances may be identified incloud definitions 1236 by an identifying cloud name or handle and the associated cloud instance attributes. The cloud name is used as an external key that is used by the system to identify automatically which cloud to address. Cloud attributes may include, for example and without limitation, cloud type, end-point address, and location data. The cloud type may be identified based on supported application programming interfaces. For example, IBM Compute Cloud and Amazon EC2 Cloud are examples of cloud types. The cloud end-point address may be, for example, a universal resource locator. The cloud location includes cloud type specific location data. These details may be saved bycloud service broker 1200 ascloud definitions 1236.Applications 1204, or other users ofcloud service broker 1200, may use the name associated with one ofcloud service broker 1200cloud definitions 1236 to direct workload tocloud services - Examples of
cloud service broker 1200cloud definitions 1236 include the following: -
CloudName: IBMCCSBY; CloudType: IBMCC; CloudEndPoint: https://www-180.ibm.com/cloud/enterprise/beta; CloudLocation: 2. CloudName: IBMCCRAL; CloudType: IBMCC; CloudEndPoint: https://www-147.ibm.com/cloud/enterprise; CloudLocation: 1. CloudName: EC2USEAST; CloudType: AMZEC2; CloudLocation: us-east-1a. - In accordance with an illustrative embodiment,
cloud service broker 1200 may be used to provisioncloud services Cloud service broker 1200 also may provide an extensible set ofservice handlers 1238. For example,cloud service broker 1200, in accordance with an illustrative embodiment, may provide a framework for handling custom service call parameters, exception handling, and result handling. An abstract class may be used to provide a common framework for all cloud type service implementations. A list of common services in the framework may be extended without the prerequisite of having all cloud type plug-ins 1230 updated first.Cloud service broker 1200 may default to an exception for any not yet implemented cloud type plug-ins. For example,cloud service broker 1200 may default to UnsupportedCloudServiceException for any not yet implemented cloud type plug-ins. - Examples of
service handlers 1238 that may be supported bycloud service broker 1200 may include, without limitation, one or more of the following: -
listAddresses listAddress addressed listImages listImage imageID listInstances listInstances instance ID make Address makeImage instanceID imageName <imageDescription> makeInstance imageID instanceName instanceType <addressID> restartInstance imageID deleteAddress addressID deleteImage imageID deleteInstance instanceID registerCloudDefinition CloudName CloudType <CloudEndPoint> <CloudLocation> unregisterCloudDefinition CloudName - In accordance with an illustrative embodiment,
cloud service broker 1200 may provide an administrative control point for enforcement ofpolicies 1240.Policies 1240 may be defined by consumer ofdata processing resources 1212 or another entity to define limits or conditions for provisioning services bycloud service broker 1200. For example,policies 1240 may define or limit the cloud types or cloud instances that may be provisioned bycloud service broker 1200 or the conditions under which cloud services may be provisioned bycloud service broker 1200. - Referring now to
FIG. 13 , a flowchart of a process for configuring a hybrid cloud service plug-in using a hybrid cloud service plug-in interface is depicted in accordance with an illustrative embodiment. The hybrid cloud service plug-in is registered using the hybrid cloud integrator plug-in interface (step 1300). Static and dynamic attributes of the hybrid cloud service plug-in to be deployed are defined (step 1302). For each attribute of the hybrid cloud service plug-in, configuration parameters, type, source, and default values are defined or selected (step 1304). On-premise and off-premise connections for the hybrid cloud service plug-in are defined (step 1306). Attribute, type, and default values are defined for each connection (step 1308). Hybrid cloud service plug-in life cycle management methods are defined (step 1310). Hybrid cloud service plug-in log locations and log configuration parameters may be defined (step 1312). Policy control points for the hybrid cloud service plug-in may be defined (step 1314), with the process terminating thereafter. - Referring now to
FIG. 14 , a flowchart of a process for deploying an infrastructure as a cloud service broker plug-in is depicted in accordance with an illustrative embodiment. The cloud service broker plug-in is registered and configured with the hybrid cloud integrator framework plug-in interface (step 1400). Control points for accessing each cloud providing off-premise infrastructure as a service are defined (step 1402). Plug-in interaction points for setting up secure connectivity and isolation of off-premise instances are defined (step 1404). Interfaces for monitoring and metering plug-ins are defined (step 1406). Interfaces for off-premise image management are defined (step 1408). Interfaces for hybrid cloud service functions are defined (step 1410, with the process terminating thereafter. - Referring now to
FIG. 15 , a flowchart of a process for hybrid cloud monitoring is depicted in accordance with an illustrative embodiment. The method illustrated inFIG. 15 may be implemented, for example, indata processing environment 400 and usinghybrid cloud integrator 430 ofFIG. 4 or indata processing environment 500 and usinghybrid cloud integrator 520 ofFIG. 5 . The process illustrated inFIG. 15 may be used to provide monitoring of data processing resources in a hybrid cloud environment. In this example, the hybrid cloud integrator is assumed to be implemented on a consumer side of the hybrid cloud. For example, the hybrid cloud integrator may be implemented in a physical server or in a virtual server deployed in the on-premise consumer data processing resources on the consumer side of the hybrid cloud. - Hybrid cloud monitoring, in accordance with an illustrative embodiment, may begin with setting up a hybrid cloud integrator with a cloud service broker, cloud security service, and cloud monitoring service plug-ins (step 1500). For example,
step 1500 may include loading the appropriate plug-ins into the hybrid cloud integrator framework. In other cases, one or more of the appropriate plug-ins already may be in place in the hybrid cloud integrator. - The hybrid cloud integrator then may be connected to the network so it can access consumer side data processing resources as well as provider side data processing resources (step 1502). The network access may be from inside the consumer network infrastructure and the access to provider side resources may be restricted because of firewalls and proxy servers at the boundary of the consumer side network and external networks including the network where the provider side resources are located.
- The hybrid cloud monitoring service in the hybrid cloud integrator then may be configured via the hybrid cloud integrator user interface (step 1504). For example,
step 1504 may include configuring the cloud monitoring service on the hybrid cloud integrator as a provider of monitoring data for cloud provided services to a monitoring infrastructure. The monitoring infrastructure may be implemented on the consumer side of the hybrid cloud.Step 1504 may include using the hybrid cloud integrator user interface to configure the cloud monitoring service as a new consumer side provider to the monitoring infrastructure. For example, this configuration step may include, without limitation, providing a name, description, and role for the cloud monitoring service acting as a provider to the monitoring infrastructure. Parameters to be provided as part of the configuration step may include, without limitation, identification of the host server for the monitoring infrastructure, identification of a port for communicating with the monitoring infrastructure, identification of an address for the consumer side monitoring gateway that will communicate with the monitoring infrastructure, and identification of a protocol for communication between the consumer side monitoring gateway and the monitoring infrastructure. -
Step 1504 also may include configuring the cloud monitoring service on the hybrid cloud integrator by identifying the service or services to be monitored on the provider side of the hybrid cloud. This step may include creating a new provider side service participant to be monitored. For example, this step may include, without limitation, identifying a name, description, and role of the cloud service to be monitored. Parameters to be provided at this part of the configuration may include, without limitation, an end-point address and location for the cloud service to be monitored. For example, without limitation, the end-point address may be provided as a universal resource locater address for the cloud service to be monitored. - A provider side monitoring gateway then is established and a provider side monitoring agent is set up, configured, and started (step 1506). The provider side monitoring gateway may be provided on the provider side of a firewall that separates the provider side from the consumer side of a hybrid cloud. For example, the provider side of the hybrid cloud may be provided on a public cloud.
Step 1506 may be implemented using the services of the cloud service broker and the cloud security service. In one example,step 1506 may include automated instantiation and configuration of the provider side monitoring gateway using the services of the cloud service broker. In another example,step 1506 may include setting up an existing provider side monitoring gateway for use with the provider side monitoring agent.Step 1506 may include receiving via the hybrid cloud integrator a user selection indicating the process to be used to establish the provider side monitoring gateway.Step 1506 may include providing configuration parameters for the provider side monitoring gateway to the hybrid cloud integrator via the hybrid cloud integrator user interface. Such configuration parameters may include, without limitation, identification of a monitoring gateway image to be used to establish the provider side monitoring gateway and an address for the provider side monitoring gateway. For example, without limitation, the address for the provider side monitoring gateway may be provided as an internet protocol address. In any case, the provider side monitoring agent may monitor processing on the provider side of the hybrid cloud and provide resulting monitored data to the provider side monitoring gateway. - A consumer side monitoring gateway is configured and started on the consumer side of the hybrid cloud (step 1508). For example,
step 1508 may include implementing the consumer side monitoring gateway by a cloud monitoring service plug-in to the hybrid cloud integrator. The consumer side monitoring gateway provides the source of provider side monitoring information to a monitoring infrastructure for monitoring resources on the provider side of the hybrid cloud.Step 1508 may include configuring the consumer side monitoring gateway to communicate with the monitoring infrastructure. - A connection between the consumer side monitoring gateway and the monitoring infrastructure is then set-up (step 1510). The monitoring infrastructure may be implemented in the consumer side data processing system. Thus, the monitoring infrastructure may be on the same side of the firewall as the consumer side monitoring gateway. The monitoring infrastructure may be implemented using a number of commercially available products for monitoring the operation of data processing resources. In another embodiment, cloud based monitoring services may be used instead of a physical monitoring infrastructure.
- A connection between the consumer side monitoring gateway and the provider side monitoring gateway is then set-up (step 1512). The connection between the consumer side monitoring gateway and the provider side monitoring gateway may be established as a secure connection through the firewall that separates the consumer side from the provider side of the hybrid cloud.
- Connections between monitoring agents on consumer side service instances and the monitoring infrastructure are set-up (step 1514). The consumer side monitoring agents provide monitoring information related to operation of the consumer side service instances to the monitoring infrastructure. The consumer side monitoring agents may be on the same side of the firewall as the monitoring infrastructure. Therefore, the consumer side monitoring agents may be set-up to push monitoring information to the monitoring infrastructure as such information is detected or generated by the consumer side monitoring agents.
- Connections between monitoring agents on provider side service instances and the provider side monitoring gateway are set-up (step 1516). The provider side monitoring agents provide monitoring information related to operation of the provider side service instances to the provider side monitoring gateway. For example, a monitoring agent may be installed and configured for each of several public cloud service instances to be monitored. Each public cloud side monitoring agent may be configured to monitor desired operating conditions of a public cloud service instance. Each public cloud side monitoring agent is configured to provide monitoring information to the provider side monitoring gateway. The provider side monitoring gateway is configured to receive the monitoring information from the public cloud side monitoring agents. Provisioning resources for the public cloud side monitoring agents and installing and configuring the monitoring agents may be performed remotely using appropriate service deployment component and management integration component plug-ins in a hybrid cloud integrator in accordance with an illustrative embodiment.
- Monitored data, received from the provider side monitoring agents by the provider side gateway, is transferred from the provider side monitoring gateway to the consumer side monitoring gateway (step 1518).
Step 1518 may include transferring data through the firewall separating the consumer side from the provider side of the hybrid cloud. Therefore, for security reasons,step 1518 may be implemented by pulling data from the provider side monitoring gateway for transfer to the consumer side monitoring gateway. The provider side monitoring gateway may not be allowed to push data through the firewall to the consumer side of the hybrid cloud. Security of the consumer's data processing resources is maintained in this process since no data is pushed across the firewall from the provider side of the hybrid cloud. - The monitoring information pulled from the provider side gateway may be provided to the monitoring infrastructure via the consumer side gateway. From the point of view of the monitoring infrastructure, the consumer side gateway provides monitoring information in the same manner as a consumer side monitoring agent for monitoring data processing resources on the consumer side of the hybrid cloud. With monitoring information for consumer side data processing resources provided by the consumer side monitoring agents and monitoring information for provider side data processing resources provided by the consumer side gateway, a monitoring infrastructure is able to monitor simultaneously the operation of data processing resources on both sides of a hybrid cloud.
- It may be determined that a new service instance to be monitored has been established on the provider side of the hybrid cloud (step 1520). In response to determining that a new service instance has been established, a provider side monitoring agent may be started on the new instance and connected to the provider side monitoring gateway (step 1522).
Step 1522 may include provisioning for the new monitoring agent on the provider side of the hybrid cloud and installing and configuring the new monitoring agent on the provider side of the hybrid cloud using the appropriate hybrid cloud integrator plug-ins.Step 1522 also may include configuring the provider side monitoring gateway to receive monitoring information from the new provider side monitoring agent. For example,step 1522 may include using the cloud security service plug-in in the hybrid cloud integrator to implement security policies that allow for communication between the new provider side monitoring agent and the provider side monitoring gateway. Security policies that allow for communication between the new provider side monitoring agent and the provider side monitoring gateway may be implemented, for example, by adding the new provider side monitoring agent to the appropriate security zone that also includes the provider side monitoring gateway. The new provider side monitoring agent then may monitor the operation of the new service instance and provide monitoring information to the provider side monitoring gateway for transfer to the monitoring infrastructure via the consumer side monitoring gateway as described above. - It also may be determined that a service instance that was being monitored has been closed or otherwise will not be monitored for some reason (step 1524). In response to determining that monitoring of a service instance is to be stopped, the monitoring connection to the closed service instance is disconnected (step 1526). If the closed service instance is on the consumer side of the hybrid cloud,
step 1526 may include disconnecting the connection between a monitoring agent on the consumer side service instance and the monitoring infrastructure. If the closed service instance is on the provider side of the hybrid cloud,step 1526 may include closing the connection between the provider side monitoring gateway and the provider side monitoring agent for the closed instance. Closing the connection between the provider side monitoring gateway and the provider side monitoring agent for the closed instance may include configuring the provider side monitoring gateway to no longer receive information from the monitoring agent for the closed instance. For example,step 1526 may include using the cloud security service plug-in in the hybrid cloud integrator to implement security policies that prevent further communication between a provider side monitoring agent and the provider side monitoring gateway. Security policies that prevent communication between the provider side monitoring agent and the provider side monitoring gateway may be implemented, for example, by removing the provider side monitoring agent for the closed instance from the security zone that also includes the provider side monitoring gateway.Step 1526 also may include closing the monitoring agent that is no longer needed. Closing the monitoring agent that is no longer needed allows data processing resources that were being used for the closed monitoring agent to be released. - After closing a service instance on the provider side of a hybrid cloud, it may be determined that there are no more service instances running on the provider side or otherwise that are to be monitored (step 1528). In response to determining that there are no longer any provider side service instances to be monitored, the provider side monitoring gateway may be closed (
step 1528, with the process terminating thereafter. Closing the provider side monitoring gateway when there are no longer any provider services to be monitored allows the provider services that were being used for the provider side gateway to be released. - Returning now to step 1520, in response to determining that a new service instance has not been established, the process proceeds to step 1524 to determine that a service instance that was being monitored has been closed or otherwise will not be monitored for some reason. In response to determining that monitoring of a service instance is not to be stopped, the process iterates back to
step 1518 and monitored data is transferred from the provider side monitoring gateway to the consumer side monitoring gateway. - Returning now to step 1528, in response to determining that there are provider side service instances to be monitored, the process iterates back to
step 1518 and monitored data is transferred from the provider side monitoring gateway to the consumer side monitoring gateway. - In some cases, it may not be desirable to close the provider side monitoring gateway and release the corresponding provider data processing resources immediately when it is determined that there are no remaining provider side service instances to be monitored. For example, in some cases, it may be expected that monitoring of provider side services will be restarted after only a short intermission. In these cases, it may be preferred to keep the provider side gateway in place but inactive even when there are no provider side service instances to be monitored. This allows the provider side monitoring gateway to be restarted quickly when new provider side service instances to be monitored are started. If the provider side monitoring gateway was closed and the corresponding provider side resources released, resources would need to be re-provisioned for the provider side monitoring gateway on the provider side of the hybrid cloud and the provider side monitoring gateway reinstalled and configured when new provider side service instances to be monitored are started. This process of provisioning, installing, and configuring a new provider side monitoring gateway would take much longer than restarting a temporarily deactivated gateway.
- Referring now to
FIG. 16 , a flowchart of a process for automated provisioning and configuration of a provider side monitoring gateway is depicted in accordance with an illustrative embodiment. In this example, the process ofFIG. 16 is an example of one implementation ofsteps FIG. 15 . The process ofFIG. 16 may be initiated in response to the selection by a user, such as an administrator of a hybrid cloud, of a process for establishing hybrid cloud monitoring using automated setup and configuration of a provider side monitoring gateway. For example, options for the setup and configuration of a provider side monitoring gateway may be presented to the user via a graphical user interface to the hybrid cloud integrator. - Operation of the process to be described here assumes that the parameters of the consumer side monitoring gateway have been established, that a system administer has access to the data processing resources on which the provider side monitoring gateway will be established, and that a pre-built image with a monitoring agent installed and configured as a gateway exists on the provider data processing resources where the provider side monitoring gateway is to be established. In other embodiments, the process to be described may be implemented without requiring a pre-built image with a monitoring agent installed. In such an embodiment, a generic image may be used to provision a virtual machine with a generic operating system, such as, without limitation, SuSE Linux®. A monitoring agent may be installed remotely in the virtual machine and configured as a provider side monitoring gateway.
- The process of
FIG. 16 may begin by providing an image identification for a pre-built gateway image, a user identification, and a password to the cloud monitoring service of the hybrid cloud integrator (step 1600). The user identification, password, and image identification may be entered by a user through the hybrid cloud integrator user interface. The image identification may identify a pre-built provider side monitoring gateway image in the provider data processing resources that can be used to provision and deploy a cloud side monitoring gateway in the provider data processing environment. The user identification and password may provide access to the provider data processing resources for deploying the provider side monitoring gateway. Typically, the user identification and password may belong to the provider of cloud monitoring services or the cloud monitoring administrator on the consumer side of data processing resources. - The cloud service broker then may be invoked to instantiate a provider side monitoring gateway instance from a pre-built monitoring gateway image (step 1602). For example, in
step 1602 the cloud monitoring service on the hybrid cloud integrator may invoke the cloud service broker to instantiate the gateway instance on the provider data processing resources.Step 1602 may be implemented automatically and transparent to the user. The cloud security service on the hybrid cloud integrator then may be invoked to configure the provider side monitoring gateway for authorized and restricted access (step 1604). - When the gateway instance on the provider data processing resources is confirmed to be up and running, the internet address of the provider side monitoring gateway may be retrieved and used in configuring the consumer side monitoring gateway (step 1606). For example, without limitation, the address of the provider side monitoring gateway may be an internet protocol address. The cloud monitoring service in the hybrid cloud integrator then may start the consumer side monitoring gateway (
step 1608, with the process terminating thereafter. In this example, steps 1606 and 1608 are examples of steps for implementingstep 1508 inFIG. 15 . - Referring now to
FIG. 17 , a flowchart of a process for instantiation and configuration of a provider side monitoring gateway using a cloud service broker is depicted in accordance with an illustrative embodiment. In this example, the process ofFIG. 17 is an example of one implementation ofstep 1602 inFIG. 16 . The process ofFIG. 17 may be initiated under the following assumptions. The hybrid cloud monitoring administrator has necessary credentials to provision a service instance to act as the provider side monitoring gateway on the provider data processing resources. A prebuilt image with a monitoring gateway installed and configured exists and is made available on the provider data processing resources. The service address, such as a Uniform Resource Identifier (URI), for the cloud service broker is known to the monitoring service plug-in in the hybrid cloud integrator. When required, the administrator may create and provide the necessary public and private key files. These files may be placed in the key vault managed by the cloud security service on the hybrid cloud integrator. Alternatively, these key files may be generated automatically. - To begin the process of
FIG. 17 , configuration parameters and attributes of the provider data processing resources on which the provider side monitoring gateway is to be established are used to define the provider data processing resources to the cloud service broker (step 1700). These configuration parameters and attributes of the provider data processing resources may have been entered by a user, such as a system administrator, via the hybrid cloud integrator user interface. This information then may be made available to the cloud service broker in the hybrid cloud integrator. - For example, without limitation, the hybrid cloud integrator user interface may invoke the cloud service broker with a request of the form:
-
Csb/{CLOUD_NAME}/registerCloudDefinition, where {CLOUD_NAME} is the cloud name specified in the general information for the provider data processing resources in the configuration parameters. - Example arguments that may be posted with this request may include, without limitation:
-
Cloud_User, the cloud monitor administrator user identification. Cloud_Password, the cloud monitor administrator password. Cloud_Type, specified in the general information for the provider data processing resources in the configuration parameters. Cloud_Endpoint, from the public data processing resources configuration parameters. Cloud_Location, a code indicating the location of the public data processing resources. - The cloud service broker then is invoked to instantiate a provider side monitoring gateway instance on the provider data processing resources from a monitoring gateway image (step 1702). Prior to step 1702, the user, such as the system administrator, may have configured hybrid cloud monitoring and defined the configuration parameters for hybrid cloud monitoring. These configuration parameters may include parameters for the provider side monitoring gateway and for a consumer side monitoring infrastructure. These configuration parameters may have been entered by the user, such as the system administrator, via the hybrid cloud user interface. The user interface then may pass the hybrid cloud monitoring configuration parameters to the cloud monitoring service in the hybrid cloud integrator. The cloud monitoring service then may invoke the cloud service broker to instantiate the service instance on the provider data processing resources.
- For example, the cloud monitoring service on the hybrid cloud integrator may invoke the cloud service broker with a request of the form:
-
- csb/{CLOUD_NAME}/makelnstance.
- Arguments that may be posted with this request may include, for example, without limitation:
-
- Cloud_User, the cloud monitor administrator user identification.
- Cloud_Password, the cloud monitor administrator password.
- Image_ID, the identification of the image to be used for the provider side gateway.
- Instance_Name, the desired name to be set for the service instance. Instance_Type, for example, one of SMALL, MEDIUM, LARGE, XLARGE, BRONZE, SILVER, GOLD, PLATINUM, or another designator indicating the type of service instance.
- The address of the established provider side monitoring gateway instance then is obtained (step 1704). For example, the address of the provider side gateway may be an internet protocol address.
Step 1704 may be implemented by a polling loop that waits and issues the request csb/{CLOUD_NAME}/listlnstance until the returned STATUS moves from PROVISIONING to ACTIVE. When ACTIVE, the address of the provider side gateway instance will be returned as part of the listlnstance output. The polling loop may cease if STATUS goes from PROVISIONING to FAILED. - Referring now to
FIG. 18 , a flowchart of a process for securing a provider side monitoring gateway via a cloud security service is depicted in accordance with an illustrative embodiment. The process ofFIG. 18 may be used, for example, to implementstep 1604 ofFIG. 16 . - The process of
FIG. 18 begins with invoking the cloud security service as the provider side monitoring gateway is instantiated (step 1800). For example,step 1800 may include invoking the cloud security service by the cloud service broker while the provider side monitoring gateway is instantiated. The cloud security service may be implemented as a plug-in to the hybrid cloud integrator. The cloud security service may implement the functions of a cloud security zone manager, as described above with reference toFIG. 6 . For example, without limitation,step 1800 may include a request from the cloud service broker to the cloud security service to process security zoning for the new service instance. This request may be of the form: -
- csm/{CLOUD_NAME}/registerNewCloudInstance, with parameters passed:
- instance-id <NamedSecurityZone-List> where instance-id is the identification of the new instance that the cloud service broker provisioned and the optional NamedSecurityZone-List is a list of security zone names that the new instance is to be added to explicitly.
- csm/{CLOUD_NAME}/registerNewCloudInstance, with parameters passed:
- The security zone policies from the cloud security service then may be applied to the new service instance to ensure proper isolation (
step 1802, with the process terminating thereafter. - Referring now to
FIG. 19 , a flowchart of a process for accelerated setup of a provider side monitoring gateway is depicted in accordance with an illustrative embodiment. In this example, the process ofFIG. 19 is an example of one implementation ofsteps FIG. 15 . The process ofFIG. 16 may be used when a provider side monitoring gateway is to be provisioned and instantiated on provider side data processing resources. In some situations, a provider side monitoring gateway may already be provisioned, but hybrid cloud monitoring on the provider data processing resources is not enabled. In such situations, the provider data processing resources can be readily monitored using hybrid cloud monitoring by using the already provisioned provider side monitoring gateway. This later process is described in the process ofFIG. 19 . Thus, the process ofFIG. 19 may be used optionally in place of the process ofFIG. 16 in some situations. The process ofFIG. 19 may be initiated in response to the selection by a user of this process for establishing the provider side monitoring gateway from among other options for establishing a provider side monitoring gateway. For example, these options may be presented to the user via a graphical user interface to the hybrid cloud integrator. - The process of
FIG. 19 may be operated based on the following assumptions. The configuration parameters of the consumer side monitoring gateway are already specified. The cloud monitoring administrator has access to the provider data processing resources on which the provider side monitoring gateway is deployed. A service instance has been created on the provider data processing resources and a monitoring gateway has been installed and configured on the service instance as a provider side monitoring gateway. - The process of
FIG. 19 begins with receiving the address and port of the pre-provisioned provider side monitoring gateway (step 1900). For example, without limitation, the address of the pre-provisioned monitoring gateway may be an internet protocol address. The address and port of the pre-provisioned provider side monitoring gateway may be provided as input by a user, such as a system administrator, via the hybrid cloud integrator user interface. The provider side monitoring gateway may have been previously configured either automatically or manually by the administrator. The user interface of the hybrid cloud integrator may pass this address and port information to a cloud monitoring service on the hybrid cloud integrator. The cloud monitoring service then may use the address and port of the pre-provisioned provider side monitoring gateway to configure the consumer side monitoring gateway, and the consumer side monitoring gateway then may be started (step 1902, with the process terminating thereafter. - Hybrid cloud integration in accordance with an illustrative embodiment provides a well defined method and apparatus for integrating on-premise infrastructure, platform, applications, and data with off-premise cloud based infrastructure, platform, services, and data. A hybrid cloud integrator in accordance with an illustrative embodiment provides a structured framework of interfaces for hybrid cloud service configuration and deployment of service plug-ins. Using these interfaces and application programming interfaces, hybrid cloud service plug-ins may be defined, configured, and deployed to create integrated hybrid cloud services.
- Hybrid cloud integration in accordance with an illustrative embodiment may be used to provide integration capabilities across a hybrid cloud comprising any combination of data processing resources. In one example, described in detail herein, a hybrid cloud integrator in accordance with an illustrative embodiment may be used to provide integration across a hybrid cloud comprising a consumer's private cloud and a provider's pubic cloud. However, hybrid cloud integration in accordance with an illustrative embodiment may be used to provide integration capabilities for various other types of hybrid clouds. For example, a hybrid cloud integrator in accordance with an illustrative embodiment may be used to provide integration across a hybrid cloud comprising multiple private clouds. As another example, a hybrid cloud integrator in accordance with an illustrative embodiment may be used to provide integration across a hybrid cloud comprising multiple public clouds.
- Each line of business within a single enterprise may have its own data processing resources implemented as a private cloud. Each such private cloud may have its own point-of-delivery and point-of-control. Multiple private clouds of this type may be integrated into a single hybrid cloud and made available to a consumer of data processing resources within the enterprise. A hybrid cloud integrator in accordance with an illustrative embodiment may be used to provide integration across such a hybrid cloud. A hybrid cloud formed by integrating private cloud services across multiple private clouds using a hybrid cloud integrator in accordance with an illustrative embodiment allows a consumer of resources of one private cloud to consume, from the consumer's point-of-delivery, resources and services made available on another private cloud. The hybrid cloud integrator may be configured to allow administrators of each private cloud to manage their clouds from their respective points-of-control. Hybrid cloud integrator plug-in services in accordance with an illustrative embodiment may be configured to allow the consumer of data processing resources to enforce the same security, monitoring, and governance requirements on the consumer's data processing operations performed across the hybrid cloud, wherever the consumer's workload is being processed. Thus, using a hybrid cloud integrator in accordance with an illustrative embodiment, workload management may be achieved in a hybrid cloud formed across multiple private clouds.
- As another example, hybrid cloud integration in accordance with an illustrative embodiment may be used to integrate across a hybrid cloud between two or more public clouds. In this case, use of a hybrid cloud integrator in accordance with an illustrative embodiment allows a consumer of data processing resources of one public cloud to perform and control consumer data processing operations by coordinating and consuming resources and services from multiple public clouds using a single point-of-delivery and point-of-control. Plug-in components in the hybrid cloud integrator may be configured to allow the consumer to enforce the same security, monitoring, and governance requirements on the consumer's data processing operations performed across the hybrid cloud, wherever the consumer's workload is being processed. Thus, using a hybrid cloud integrator in accordance with an illustrative embodiment, workload management may be achieved in a hybrid cloud formed across multiple public clouds.
- As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method, or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.), or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module,” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
- Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain or store a program for use by or in connection with an instruction execution system, apparatus, or device.
- A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
- Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including, but not limited to, wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
- Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++, or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
- Aspects of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatuses (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- These computer program instructions also may be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
- The computer program instructions also may be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus, or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowcharts or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It also will be noted that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
- The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
- The corresponding structures, materials, acts, and equivalents of all means or step plus function elements in the claims below are intended to include any structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present invention has been presented for purposes of illustration and description but is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the invention. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.
Claims (25)
1. A method for monitoring operation of data processing resources in a data processing environment, comprising:
receiving, by a processor unit, a request to monitor a service instance, wherein the service instance comprises a data processing resource provided as a service by a provider of the data processing resources;
responsive to receiving the request to monitor the service instance, establishing, by the processor unit, communications to receive monitored data from the service instance;
receiving, by the processor unit, the monitored data from the service instance; and
providing, by the processor unit, the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of the data processing resources.
2. The method of claim 1 , wherein the request to monitor the service instance is selected from a request to monitor the service instance that is generated automatically as part of creation of the service instance, a request to monitor the service instance that is generated automatically as part of modification of the service instance, or a request to monitor the service instance that is generated as part of a life cycle of the service instance.
3. The method of claim 1 , wherein the request to monitor the service instance is selected from a request to monitor the service instance that is made by a user of the service instance, a request to monitor the service instance that is made by the provider of the data processing resources, or a request to monitor the service instance that is made by a consumer of the data processing resources.
4. The method of claim 1 , wherein the monitored data from the service instance is selected from monitored data from self-monitoring by the service instance, monitored data from a monitoring agent configured to monitor the service instance, monitored data from a script internal to the service instance, or monitored data from a script external to the service instance.
5. The method of claim 1 , wherein:
establishing the communications to receive the monitored data comprises establishing, by the processor unit, a monitoring gateway; and
receiving the monitored data from the service instance comprises receiving the monitored data by the monitoring gateway.
6. The method of claim 5 , wherein:
the monitoring gateway is a consumer side monitoring gateway;
establishing the communications to receive the monitored data comprises establishing, by the processor unit, a provider side monitoring gateway on the data processing resources provided by the provider of the data processing resources, wherein the provider side monitoring gateway is configured to receive the monitored data from the service instance; and
receiving the monitored data from the service instance comprises retrieving, by the consumer side monitoring gateway, the monitored data from the provider side monitoring gateway.
7. The method of claim 6 , wherein the provider side monitoring gateway is on a side of a firewall with the service instance and wherein the consumer side monitoring gateway is on an other side of the firewall with consumer data processing resources.
8. The method of claim 6 , wherein the provider side monitoring gateway is implemented on first data processing resources, wherein the consumer side monitoring gateway is implemented on second data processing resources, wherein the first data processing resources and the second data processing resources comprise a hybrid cloud, and wherein the hybrid cloud is selected from the group of hybrid clouds consisting of:
a first hybrid cloud, wherein the first data processing resources are provided as a service on a public cloud and the second data processing resources are provided on a private cloud;
a second hybrid cloud, wherein the first data processing resources are provided as a service on a private cloud and the second data processing resources are provided on an other private cloud; and
a third hybrid cloud, wherein the first data processing resources are provided as a service on a public cloud and the second data processing resources are provided on another public cloud.
9. The method of claim 6 further comprising establishing, by the processor unit, a provider side monitoring agent associated with the service instance, wherein the provider side monitoring agent is configured to provide the monitored data from the service instance to the provider side monitoring gateway.
10. The method of claim 9 further comprising:
receiving, by the processor unit, a request to monitor an other service instance, wherein the other service instance comprises another data processing resource provided as a service by the provider of the data processing resources;
responsive to receiving the request to monitor the other service instance, establishing, by the processor unit, an other provider side monitoring agent associated with the other service instance, wherein the other provider side monitoring agent is configured to provide other monitored data from the other service instance to the provider side monitoring gateway;
configuring the provider side monitoring gateway to receive the other monitored data from the other provider side monitoring agent;
retrieving, by the consumer side monitoring gateway, the other monitored data from the provider side monitoring gateway; and
providing, by the consumer side monitoring gateway, the other monitored data to the monitoring infrastructure.
11. The method of claim 1 , wherein:
receiving the request to monitor the service instance comprises receiving the request to monitor the service instance by a monitoring service, wherein the monitoring service is implemented as a plug-in to a software framework; and
the monitoring service is configured to establish the communications to receive the monitored data from the service instance.
12. The method of claim 11 , wherein:
the monitoring service is configured to invoke a service broker to establish the communications to receive the monitored data from the service instance; and
the service broker is implemented as the plug-in to the software framework.
13. An apparatus, comprising a processor unit configured to:
receive a request to monitor a service instance, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources;
establish, responsive to receiving the request to monitor the service instance, communications to receive monitored data from the service instance;
receive the monitored data from the service instance; and
provide the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of data processing resources.
14. The apparatus of claim 13 , wherein the processor unit is configured to:
establish the communications to receive the monitored data by establishing a monitoring gateway; and
receive the monitored data from the service instance by the monitoring gateway.
15. The apparatus of claim 14 , wherein:
the monitoring gateway is a consumer side monitoring gateway;
the processor unit is configured to establish a provider side monitoring gateway on the data processing resources provided by the provider of the data processing resources, wherein the provider side monitoring gateway is configured to receive the monitored data from the service instance; and
the consumer side monitoring gateway is configured to retrieve the monitored data from the provider side monitoring gateway.
16. The apparatus of claim 15 , wherein the provider side monitoring gateway is on a side of a firewall with the service instance and wherein the consumer side monitoring gateway is on an other side of the firewall.
17. The apparatus of claim 16 , wherein the provider side monitoring gateway is implemented on first data processing resources, wherein the consumer side monitoring gateway is implemented on second data processing resources, wherein the first data processing resources and the second data processing resources comprise a hybrid cloud, and wherein the hybrid cloud is selected from the group of hybrid clouds consisting of:
a first hybrid cloud, wherein the first data processing resources are provided as a service on a public cloud and the second data processing resources are provided on a private cloud;
a second hybrid cloud, wherein the first data processing resources are provided as a service on a private cloud and the second data processing resources are provided on an other private cloud; and
a third hybrid cloud, wherein the first data processing resources are provided as a service on a public cloud and the second data processing resources are provided on an other public cloud.
18. The apparatus of claim 13 , wherein the processor unit comprises:
a software framework; and
a monitoring service implemented as a plug-in to the software framework, wherein the monitoring service is configured to establish the communications to receive the monitored data from the service instance.
19. The apparatus of claim 18 , wherein:
the processor unit comprises a service broker implemented as the plug-in to the software framework; and
the monitoring service is configured to invoke the service broker to establish the communications to receive the monitored data from the service instance.
20. A computer program product for monitoring operation of data processing resources in a data processing environment, comprising:
a computer readable storage medium;
first program instructions to receive a request to monitor a service instance, wherein the service instance comprises a data processing resource provided as a service by a provider of the data processing resources;
second program instructions to establish communications to receive monitored data from the service instance responsive to receiving the request to monitor the service instance;
third program instructions to receive the monitored data from the service instance;
fourth program instructions to provide the monitored data to a monitoring infrastructure, wherein the monitoring infrastructure is configured to monitor operation of the data processing resources; and
wherein the first, second, third, and fourth program instructions are stored on the computer readable storage medium.
21. The computer program product of claim 20 , wherein:
the second program instructions comprise program instructions to establish a monitoring gateway; and
the third program instructions comprise program instructions to receive the monitored data from the from the service instance by the monitoring gateway.
22. The computer program product of claim 21 , wherein:
the monitoring gateway is a consumer side monitoring gateway;
the second program instructions comprise program instructions to establish a provider side monitoring gateway on the data processing resources provided by the provider of the data processing resources, wherein the provider side monitoring gateway is configured to receive the monitored data from the service instance; and
the third program instructions comprise program instructions to retrieve the monitored data from the provider side monitoring gateway by the consumer side monitoring gateway.
23. The computer program product of claim 22 , wherein the provider side monitoring gateway is implemented on a side of a firewall with the service instance and wherein the consumer side monitoring gateway is implemented on an other side of the firewall.
24. The computer program product of claim 22 , wherein the provider side monitoring gateway is implemented on first data processing resources, wherein the consumer side monitoring gateway is implemented on second data processing resources, wherein the first data processing resources and the second data processing resources comprise a hybrid cloud, and wherein the hybrid cloud is selected from the group of hybrid clouds consisting of:
a first hybrid cloud, wherein the first data processing resources are provided as a service on a public cloud and the second data processing resources are provided on a private cloud;
a second hybrid cloud, wherein the first data processing resources are provided as a service on a private cloud and the second data processing resources are provided on an other private cloud; and
a third hybrid cloud, wherein the first data processing resources are provided as a service on a public cloud and the second data processing resources are provided on an other public cloud.
25. The computer program product of claim 20 , wherein:
the first, second, third, and fourth program instructions comprise program instructions provided as a plug-in to a software framework.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/400,505 US20120221690A1 (en) | 2011-02-25 | 2012-02-20 | Data Processing Environment Monitoring |
US13/533,517 US9128773B2 (en) | 2011-02-25 | 2012-06-26 | Data processing environment event correlation |
US13/680,385 US8988998B2 (en) | 2011-02-25 | 2012-11-19 | Data processing environment integration control |
US13/680,458 US9053580B2 (en) | 2011-02-25 | 2012-11-19 | Data processing environment integration control interface |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161446885P | 2011-02-25 | 2011-02-25 | |
US13/400,505 US20120221690A1 (en) | 2011-02-25 | 2012-02-20 | Data Processing Environment Monitoring |
Related Child Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/533,517 Continuation-In-Part US9128773B2 (en) | 2011-02-25 | 2012-06-26 | Data processing environment event correlation |
US13/680,385 Continuation-In-Part US8988998B2 (en) | 2011-02-25 | 2012-11-19 | Data processing environment integration control |
US13/680,458 Continuation-In-Part US9053580B2 (en) | 2011-02-25 | 2012-11-19 | Data processing environment integration control interface |
Publications (1)
Publication Number | Publication Date |
---|---|
US20120221690A1 true US20120221690A1 (en) | 2012-08-30 |
Family
ID=46719762
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/358,186 Expired - Fee Related US9104672B2 (en) | 2011-02-25 | 2012-01-25 | Virtual security zones for data processing environments |
US13/400,505 Abandoned US20120221690A1 (en) | 2011-02-25 | 2012-02-20 | Data Processing Environment Monitoring |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/358,186 Expired - Fee Related US9104672B2 (en) | 2011-02-25 | 2012-01-25 | Virtual security zones for data processing environments |
Country Status (1)
Country | Link |
---|---|
US (2) | US9104672B2 (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120226808A1 (en) * | 2011-03-01 | 2012-09-06 | Morgan Christopher Edwin | Systems and methods for metering cloud resource consumption using multiple hierarchical subscription periods |
US20130080509A1 (en) * | 2011-09-27 | 2013-03-28 | Alcatel-Lucent Shanghai Bell Co. Ltd. | Cloud computing access gateway and method for providing a user terminal access to a cloud provider |
US20130238772A1 (en) * | 2012-03-08 | 2013-09-12 | Microsoft Corporation | Cloud bursting and management of cloud-bursted applications |
US8769644B1 (en) | 2013-03-15 | 2014-07-01 | Rightscale, Inc. | Systems and methods for establishing cloud-based instances with independent permissions |
US8943606B2 (en) | 2012-09-14 | 2015-01-27 | Rightscale, Inc. | Systems and methods for associating a virtual machine with an access control right |
US8988998B2 (en) | 2011-02-25 | 2015-03-24 | International Business Machines Corporation | Data processing environment integration control |
US9009697B2 (en) | 2011-02-08 | 2015-04-14 | International Business Machines Corporation | Hybrid cloud integrator |
US9053580B2 (en) | 2011-02-25 | 2015-06-09 | International Business Machines Corporation | Data processing environment integration control interface |
US9063789B2 (en) | 2011-02-08 | 2015-06-23 | International Business Machines Corporation | Hybrid cloud integrator plug-in components |
US9104672B2 (en) | 2011-02-25 | 2015-08-11 | International Business Machines Corporation | Virtual security zones for data processing environments |
US9128773B2 (en) | 2011-02-25 | 2015-09-08 | International Business Machines Corporation | Data processing environment event correlation |
US9338218B1 (en) * | 2011-12-21 | 2016-05-10 | Emc Corporation | Distributed platform as a service |
US9336061B2 (en) | 2012-01-14 | 2016-05-10 | International Business Machines Corporation | Integrated metering of service usage for hybrid clouds |
US9444896B2 (en) | 2012-12-05 | 2016-09-13 | Microsoft Technology Licensing, Llc | Application migration between clouds |
US20180367434A1 (en) * | 2017-06-20 | 2018-12-20 | Vmware, Inc. | Methods and systems to adjust resources and monitoring configuration of objects in a distributed computing system |
US10223234B2 (en) | 2016-08-15 | 2019-03-05 | Microsoft Technology Licensing, Llc | Monitoring a web application using an outside-in strategy |
CN112965879A (en) * | 2021-03-17 | 2021-06-15 | 北京奇艺世纪科技有限公司 | Data processing method and device, electronic equipment and readable storage medium |
CN113918352A (en) * | 2021-12-13 | 2022-01-11 | 统信软件技术有限公司 | Service resource allocation method, computing device and storage medium |
Families Citing this family (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9069599B2 (en) * | 2008-06-19 | 2015-06-30 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US8819768B1 (en) | 2011-05-03 | 2014-08-26 | Robert Koeten | Split password vault |
US8898459B2 (en) | 2011-08-31 | 2014-11-25 | At&T Intellectual Property I, L.P. | Policy configuration for mobile device applications |
US8918841B2 (en) * | 2011-08-31 | 2014-12-23 | At&T Intellectual Property I, L.P. | Hardware interface access control for mobile applications |
US9781205B2 (en) * | 2011-09-12 | 2017-10-03 | Microsoft Technology Licensing, Llc | Coordination engine for cloud selection |
US9021546B1 (en) * | 2011-11-08 | 2015-04-28 | Symantec Corporation | Systems and methods for workload security in virtual data centers |
US8447851B1 (en) * | 2011-11-10 | 2013-05-21 | CopperEgg Corporation | System for monitoring elastic cloud-based computing systems as a service |
JP2015508607A (en) * | 2012-01-09 | 2015-03-19 | クゥアルコム・インコーポレイテッドQualcomm Incorporated | Gateway controlled by cloud computing for communication networks |
US8813205B2 (en) * | 2012-02-06 | 2014-08-19 | International Business Machines Corporation | Consolidating disparate cloud service data and behavior based on trust relationships between cloud services |
WO2013138979A1 (en) * | 2012-03-19 | 2013-09-26 | Empire Technology Development Llc | Hybrid multi-tenancy cloud platform |
FR2988943A1 (en) * | 2012-03-29 | 2013-10-04 | France Telecom | SYSTEM FOR SUPERVISING THE SAFETY OF AN ARCHITECTURE |
US9313048B2 (en) * | 2012-04-04 | 2016-04-12 | Cisco Technology, Inc. | Location aware virtual service provisioning in a hybrid cloud environment |
US9201704B2 (en) | 2012-04-05 | 2015-12-01 | Cisco Technology, Inc. | System and method for migrating application virtual machines in a network environment |
US9288182B1 (en) * | 2012-05-01 | 2016-03-15 | Amazon Technologies, Inc. | Network gateway services and extensions |
US9450967B1 (en) | 2012-05-01 | 2016-09-20 | Amazon Technologies, Inc. | Intelligent network service provisioning and maintenance |
US9438556B1 (en) | 2012-05-01 | 2016-09-06 | Amazon Technologies, Inc | Flexibly configurable remote network identities |
US9294437B1 (en) * | 2012-05-01 | 2016-03-22 | Amazon Technologies, Inc. | Remotely configured network appliances and services |
US9171178B1 (en) * | 2012-05-14 | 2015-10-27 | Symantec Corporation | Systems and methods for optimizing security controls for virtual data centers |
TWI459210B (en) * | 2012-10-09 | 2014-11-01 | Univ Nat Cheng Kung | Multi-cloud communication system |
US9003479B2 (en) * | 2012-12-11 | 2015-04-07 | International Business Machines Corporation | Uniformly transforming the characteristics of a production environment |
WO2014120218A1 (en) * | 2013-01-31 | 2014-08-07 | Hewlett-Packard Development Company, L.P. | Determining transferability of a computing resource to a cloud computing environment |
US9300633B2 (en) | 2013-03-25 | 2016-03-29 | International Business Machines Corporation | Network-level access control management for the cloud |
US20150067761A1 (en) * | 2013-08-29 | 2015-03-05 | International Business Machines Corporation | Managing security and compliance of volatile systems |
CN103607426B (en) * | 2013-10-25 | 2019-04-09 | 中兴通讯股份有限公司 | Security service customization method and device |
US9519513B2 (en) | 2013-12-03 | 2016-12-13 | Vmware, Inc. | Methods and apparatus to automatically configure monitoring of a virtual machine |
JP2015158773A (en) * | 2014-02-24 | 2015-09-03 | 富士通株式会社 | Operation verification device for virtual apparatus, operation verification system for virtual apparatus, and program |
US9678731B2 (en) | 2014-02-26 | 2017-06-13 | Vmware, Inc. | Methods and apparatus to generate a customized application blueprint |
US20150378763A1 (en) | 2014-06-30 | 2015-12-31 | Vmware, Inc. | Methods and apparatus to manage monitoring agents |
US9509718B1 (en) * | 2014-07-17 | 2016-11-29 | Sprint Communications Company L.P. | Network-attached storage solution for application servers |
US9380068B2 (en) * | 2014-08-18 | 2016-06-28 | Bank Of America Corporation | Modification of computing resource behavior based on aggregated monitoring information |
US10127317B2 (en) * | 2014-09-18 | 2018-11-13 | Red Hat, Inc. | Private cloud API |
GB2531317A (en) * | 2014-10-16 | 2016-04-20 | Airbus Group Ltd | Security system |
US10057186B2 (en) * | 2015-01-09 | 2018-08-21 | International Business Machines Corporation | Service broker for computational offloading and improved resource utilization |
US9667657B2 (en) * | 2015-08-04 | 2017-05-30 | AO Kaspersky Lab | System and method of utilizing a dedicated computer security service |
US9762616B2 (en) * | 2015-08-08 | 2017-09-12 | International Business Machines Corporation | Application-based security rights in cloud environments |
US9967288B2 (en) * | 2015-11-05 | 2018-05-08 | International Business Machines Corporation | Providing a common security policy for a heterogeneous computer architecture environment |
EP3526943A4 (en) * | 2016-10-12 | 2020-05-27 | Nokia Technologies Oy | Cloud service security management |
US10699003B2 (en) * | 2017-01-23 | 2020-06-30 | Hysolate Ltd. | Virtual air-gapped endpoint, and methods thereof |
US10200411B1 (en) * | 2017-01-24 | 2019-02-05 | Intuit Inc. | Method and system for providing instance re-stacking and security ratings data to identify and evaluate re-stacking policies in a cloud computing environment |
US20180287999A1 (en) * | 2017-03-31 | 2018-10-04 | Fortinet, Inc. | Per-application micro-firewall images executing in containers on a data communications network |
US10979457B2 (en) * | 2017-12-20 | 2021-04-13 | Check Point Public Cloud Security Ltd | Cloud security assessment system using near-natural language compliance rules |
US10887350B2 (en) * | 2018-04-09 | 2021-01-05 | Nicira, Inc. | Method and system for applying compliance policies on private and public cloud |
US11595241B2 (en) * | 2018-10-10 | 2023-02-28 | Johnson Controls Tyco IP Holdings LLP | Systems and methods for managing a security system |
US11481228B2 (en) * | 2019-03-13 | 2022-10-25 | Oracle International Corporation | Self-service orchestration platform |
CN111124646B (en) * | 2019-12-23 | 2023-03-14 | 百度国际科技(深圳)有限公司 | Privatization transformation implementation method and device, electronic equipment and storage medium |
EP4173232A1 (en) * | 2020-06-29 | 2023-05-03 | Illumina, Inc. | Temporary cloud provider credentials via secure discovery framework |
US11809911B2 (en) | 2020-12-09 | 2023-11-07 | Dell Products L.P. | Resuming workload execution in composed information handling system |
US11853782B2 (en) | 2020-12-09 | 2023-12-26 | Dell Products L.P. | Method and system for composing systems using resource sets |
US11934875B2 (en) | 2020-12-09 | 2024-03-19 | Dell Products L.P. | Method and system for maintaining composed systems |
US11809912B2 (en) | 2020-12-09 | 2023-11-07 | Dell Products L.P. | System and method for allocating resources to perform workloads |
US11928515B2 (en) | 2020-12-09 | 2024-03-12 | Dell Products L.P. | System and method for managing resource allocations in composed systems |
US11797341B2 (en) | 2021-01-28 | 2023-10-24 | Dell Products L.P. | System and method for performing remediation action during operation analysis |
US11768612B2 (en) | 2021-01-28 | 2023-09-26 | Dell Products L.P. | System and method for distributed deduplication in a composed system |
US11558452B2 (en) * | 2021-05-20 | 2023-01-17 | Sap Se | Transparent multiple availability zones in a cloud platform |
US11947697B2 (en) | 2021-07-22 | 2024-04-02 | Dell Products L.P. | Method and system to place resources in a known state to be used in a composed information handling system |
US11928506B2 (en) * | 2021-07-28 | 2024-03-12 | Dell Products L.P. | Managing composition service entities with complex networks |
US11803432B1 (en) * | 2022-06-13 | 2023-10-31 | Snowflake Inc. | Data clean rooms using defined access |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6421737B1 (en) * | 1997-05-02 | 2002-07-16 | Hewlett-Packard Company | Modularly implemented event monitoring service |
US20080244579A1 (en) * | 2007-03-26 | 2008-10-02 | Leslie Muller | Method and system for managing virtual and real machines |
US20100192170A1 (en) * | 2009-01-28 | 2010-07-29 | Gregory G. Raleigh | Device assisted service profile management with user preference, adaptive policy, network neutrality, and user privacy |
US20110016214A1 (en) * | 2009-07-15 | 2011-01-20 | Cluster Resources, Inc. | System and method of brokering cloud computing resources |
Family Cites Families (53)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6473794B1 (en) | 1999-05-27 | 2002-10-29 | Accenture Llp | System for establishing plan to test components of web based framework by displaying pictorial representation and conveying indicia coded components of existing network framework |
US7020697B1 (en) | 1999-10-01 | 2006-03-28 | Accenture Llp | Architectures for netcentric computing systems |
US7310666B2 (en) | 2001-06-29 | 2007-12-18 | International Business Machines Corporation | Method and system for restricting and enhancing topology displays for multi-customer logical networks within a network management system |
US6957263B2 (en) | 2002-11-19 | 2005-10-18 | Fujitsu Limited | Connection management system and graphical user interface for large-scale optical networks |
US7567510B2 (en) * | 2003-02-13 | 2009-07-28 | Cisco Technology, Inc. | Security groups |
US9003048B2 (en) * | 2003-04-01 | 2015-04-07 | Microsoft Technology Licensing, Llc | Network zones |
US20040240408A1 (en) | 2003-06-02 | 2004-12-02 | Mobimate Ltd. | System, method and apparatus for the generation and deployment of mobile applications |
CA2559603A1 (en) | 2004-03-13 | 2005-09-29 | Cluster Resources, Inc. | System and method for providing advanced reservations in a compute environment |
US7644161B1 (en) | 2005-01-28 | 2010-01-05 | Hewlett-Packard Development Company, L.P. | Topology for a hierarchy of control plug-ins used in a control system |
US7996455B2 (en) | 2005-06-17 | 2011-08-09 | Adaptive Computing Enterprises, Inc. | System and method for providing dynamic roll-back reservations in time |
US8863143B2 (en) | 2006-03-16 | 2014-10-14 | Adaptive Computing Enterprises, Inc. | System and method for managing a hybrid compute environment |
US8488451B2 (en) | 2005-03-22 | 2013-07-16 | At&T Intellectual Property I, Lp | System and method for allocating processing bandwith in a residential gateway utilizing transmission rules and data mapping |
PL1922822T3 (en) | 2005-08-11 | 2018-07-31 | Wi-Tronix, Llc | Universal event/data recorder system |
US8312459B2 (en) * | 2005-12-12 | 2012-11-13 | Microsoft Corporation | Use of rules engine to build namespaces |
EP1977364B1 (en) * | 2006-01-17 | 2020-06-03 | Microsoft Technology Licensing, LLC | Securing data in a networked environment |
US7761912B2 (en) * | 2006-06-06 | 2010-07-20 | Microsoft Corporation | Reputation driven firewall |
US8261236B2 (en) | 2007-10-30 | 2012-09-04 | International Business Machines Corporation | Detecting plug-in and fragment issues with software products |
US7886021B2 (en) | 2008-04-28 | 2011-02-08 | Oracle America, Inc. | System and method for programmatic management of distributed computing resources |
EP2286333A4 (en) * | 2008-06-05 | 2012-08-08 | Neocleus Israel Ltd | Secure multi-purpose computing client |
US9069599B2 (en) | 2008-06-19 | 2015-06-30 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer with security zone facilities |
US8381298B2 (en) * | 2008-06-30 | 2013-02-19 | Microsoft Corporation | Malware detention for suspected malware |
US8250215B2 (en) | 2008-08-12 | 2012-08-21 | Sap Ag | Method and system for intelligently leveraging cloud computing resources |
US20100042670A1 (en) | 2008-08-13 | 2010-02-18 | Electronic Data Systems Corporation | Integrated development engine for a cloud computing environment |
US8745361B2 (en) * | 2008-12-02 | 2014-06-03 | Microsoft Corporation | Sandboxed execution of plug-ins |
WO2010073087A1 (en) * | 2008-12-22 | 2010-07-01 | Nokia Corporation | Device management session trigger |
US8055493B2 (en) | 2009-01-30 | 2011-11-08 | Hewlett-Packard Development Company, L.P. | Sizing an infrastructure configuration optimized for a workload mix using a predictive model |
US20100250746A1 (en) | 2009-03-30 | 2010-09-30 | Hitachi, Ltd. | Information technology source migration |
US20100292857A1 (en) | 2009-05-18 | 2010-11-18 | Consolidated Edison Company Of New York, Inc. | Electrical network command and control system and method of operation |
US20110126197A1 (en) | 2009-11-25 | 2011-05-26 | Novell, Inc. | System and method for controlling cloud and virtualized data centers in an intelligent workload management system |
US8370482B2 (en) | 2009-11-30 | 2013-02-05 | Xerox Corporation | Method and system for storing and distributing social and business contact information online |
US9389980B2 (en) | 2009-11-30 | 2016-07-12 | Red Hat, Inc. | Detecting events in cloud computing environments and performing actions upon occurrence of the events |
US8037187B2 (en) | 2009-12-11 | 2011-10-11 | International Business Machines Corporation | Resource exchange management within a cloud computing environment |
WO2011091056A1 (en) * | 2010-01-19 | 2011-07-28 | Servicemesh, Inc. | System and method for a cloud computing abstraction layer |
US8856319B1 (en) * | 2010-02-03 | 2014-10-07 | Citrix Systems, Inc. | Event and state management in a scalable cloud computing environment |
US8332517B2 (en) * | 2010-03-31 | 2012-12-11 | Incnetworks, Inc. | Method, computer program, and algorithm for computing network service value pricing based on communication service experiences delivered to consumers and merchants over a smart multi-services (SMS) communication network |
US20110289329A1 (en) | 2010-05-19 | 2011-11-24 | Sumit Kumar Bose | Leveraging smart-meters for initiating application migration across clouds for performance and power-expenditure trade-offs |
US9047348B2 (en) | 2010-07-22 | 2015-06-02 | Google Inc. | Event correlation in cloud computing |
US9363312B2 (en) | 2010-07-28 | 2016-06-07 | International Business Machines Corporation | Transparent header modification for reducing serving load based on current and projected usage |
US8812653B2 (en) | 2010-08-05 | 2014-08-19 | Novell, Inc. | Autonomous intelligent workload management |
US8327373B2 (en) | 2010-08-24 | 2012-12-04 | Novell, Inc. | System and method for structuring self-provisioning workloads deployed in virtualized data centers |
US8595556B2 (en) | 2010-10-14 | 2013-11-26 | International Business Machines Corporation | Soft failure detection |
US8589355B2 (en) | 2010-10-29 | 2013-11-19 | International Business Machines Corporation | Data storage in a cloud |
US20120159337A1 (en) * | 2010-12-17 | 2012-06-21 | Kerry Travilla | System and method for recommending media content |
US9213539B2 (en) | 2010-12-23 | 2015-12-15 | Honeywell International Inc. | System having a building control device with on-demand outside server functionality |
US9063789B2 (en) | 2011-02-08 | 2015-06-23 | International Business Machines Corporation | Hybrid cloud integrator plug-in components |
US20120204187A1 (en) * | 2011-02-08 | 2012-08-09 | International Business Machines Corporation | Hybrid Cloud Workload Management |
US9009697B2 (en) | 2011-02-08 | 2015-04-14 | International Business Machines Corporation | Hybrid cloud integrator |
US8988998B2 (en) | 2011-02-25 | 2015-03-24 | International Business Machines Corporation | Data processing environment integration control |
US9128773B2 (en) | 2011-02-25 | 2015-09-08 | International Business Machines Corporation | Data processing environment event correlation |
US9104672B2 (en) | 2011-02-25 | 2015-08-11 | International Business Machines Corporation | Virtual security zones for data processing environments |
US9053580B2 (en) | 2011-02-25 | 2015-06-09 | International Business Machines Corporation | Data processing environment integration control interface |
US8694647B2 (en) | 2011-03-18 | 2014-04-08 | Microsoft Corporation | Read-only operations processing in a paxos replication system |
US9336061B2 (en) | 2012-01-14 | 2016-05-10 | International Business Machines Corporation | Integrated metering of service usage for hybrid clouds |
-
2012
- 2012-01-25 US US13/358,186 patent/US9104672B2/en not_active Expired - Fee Related
- 2012-02-20 US US13/400,505 patent/US20120221690A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6421737B1 (en) * | 1997-05-02 | 2002-07-16 | Hewlett-Packard Company | Modularly implemented event monitoring service |
US20080244579A1 (en) * | 2007-03-26 | 2008-10-02 | Leslie Muller | Method and system for managing virtual and real machines |
US20100192170A1 (en) * | 2009-01-28 | 2010-07-29 | Gregory G. Raleigh | Device assisted service profile management with user preference, adaptive policy, network neutrality, and user privacy |
US20110016214A1 (en) * | 2009-07-15 | 2011-01-20 | Cluster Resources, Inc. | System and method of brokering cloud computing resources |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9009697B2 (en) | 2011-02-08 | 2015-04-14 | International Business Machines Corporation | Hybrid cloud integrator |
US9063789B2 (en) | 2011-02-08 | 2015-06-23 | International Business Machines Corporation | Hybrid cloud integrator plug-in components |
US9128773B2 (en) | 2011-02-25 | 2015-09-08 | International Business Machines Corporation | Data processing environment event correlation |
US8988998B2 (en) | 2011-02-25 | 2015-03-24 | International Business Machines Corporation | Data processing environment integration control |
US9053580B2 (en) | 2011-02-25 | 2015-06-09 | International Business Machines Corporation | Data processing environment integration control interface |
US9104672B2 (en) | 2011-02-25 | 2015-08-11 | International Business Machines Corporation | Virtual security zones for data processing environments |
US20120226808A1 (en) * | 2011-03-01 | 2012-09-06 | Morgan Christopher Edwin | Systems and methods for metering cloud resource consumption using multiple hierarchical subscription periods |
US8959221B2 (en) * | 2011-03-01 | 2015-02-17 | Red Hat, Inc. | Metering cloud resource consumption using multiple hierarchical subscription periods |
US20130080509A1 (en) * | 2011-09-27 | 2013-03-28 | Alcatel-Lucent Shanghai Bell Co. Ltd. | Cloud computing access gateway and method for providing a user terminal access to a cloud provider |
US9002932B2 (en) * | 2011-09-27 | 2015-04-07 | Alcatel Lucent | Cloud computing access gateway and method for providing a user terminal access to a cloud provider |
US9338218B1 (en) * | 2011-12-21 | 2016-05-10 | Emc Corporation | Distributed platform as a service |
US9473374B2 (en) | 2012-01-14 | 2016-10-18 | International Business Machines Corporation | Integrated metering of service usage for hybrid clouds |
US9336061B2 (en) | 2012-01-14 | 2016-05-10 | International Business Machines Corporation | Integrated metering of service usage for hybrid clouds |
US20130238772A1 (en) * | 2012-03-08 | 2013-09-12 | Microsoft Corporation | Cloud bursting and management of cloud-bursted applications |
US9229771B2 (en) * | 2012-03-08 | 2016-01-05 | Microsoft Technology Licensing, Llc | Cloud bursting and management of cloud-bursted applications |
US8943606B2 (en) | 2012-09-14 | 2015-01-27 | Rightscale, Inc. | Systems and methods for associating a virtual machine with an access control right |
US9444896B2 (en) | 2012-12-05 | 2016-09-13 | Microsoft Technology Licensing, Llc | Application migration between clouds |
US8769644B1 (en) | 2013-03-15 | 2014-07-01 | Rightscale, Inc. | Systems and methods for establishing cloud-based instances with independent permissions |
US9215229B2 (en) | 2013-03-15 | 2015-12-15 | RightScale Inc. | Systems and methods for establishing cloud-based instances with independent permissions |
US10223234B2 (en) | 2016-08-15 | 2019-03-05 | Microsoft Technology Licensing, Llc | Monitoring a web application using an outside-in strategy |
US11405300B2 (en) * | 2017-06-20 | 2022-08-02 | Vmware, Inc. | Methods and systems to adjust resources and monitoring configuration of objects in a distributed computing system |
US20180367434A1 (en) * | 2017-06-20 | 2018-12-20 | Vmware, Inc. | Methods and systems to adjust resources and monitoring configuration of objects in a distributed computing system |
CN112965879A (en) * | 2021-03-17 | 2021-06-15 | 北京奇艺世纪科技有限公司 | Data processing method and device, electronic equipment and readable storage medium |
CN113918352A (en) * | 2021-12-13 | 2022-01-11 | 统信软件技术有限公司 | Service resource allocation method, computing device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
US9104672B2 (en) | 2015-08-11 |
US20120222084A1 (en) | 2012-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9104672B2 (en) | Virtual security zones for data processing environments | |
US8988998B2 (en) | Data processing environment integration control | |
US9053580B2 (en) | Data processing environment integration control interface | |
US9009697B2 (en) | Hybrid cloud integrator | |
US9063789B2 (en) | Hybrid cloud integrator plug-in components | |
US9128773B2 (en) | Data processing environment event correlation | |
US10827008B2 (en) | Integrated user interface for consuming services across different distributed networks | |
US20120204187A1 (en) | Hybrid Cloud Workload Management | |
US9473374B2 (en) | Integrated metering of service usage for hybrid clouds | |
US10089130B2 (en) | Virtual desktop service apparatus and method | |
US9354983B1 (en) | Integrated it service provisioning and management | |
US9591016B1 (en) | Assessing security risks associated with connected application clients | |
US9614737B1 (en) | Appliance backnets in dedicated resource environment | |
US9600308B2 (en) | Virtual machine monitoring in cloud infrastructures | |
US10360410B2 (en) | Providing containers access to container daemon in multi-tenant environment | |
US11057464B1 (en) | Synchronization of data between local and remote computing environment buffers | |
US11520609B2 (en) | Template-based software discovery and management in virtual desktop infrastructure (VDI) environments | |
US11201930B2 (en) | Scalable message passing architecture in a cloud environment | |
CN116848528A (en) | Techniques for automatically configuring minimum cloud service access rights for container applications | |
US20230007092A1 (en) | Prediction-based resource provisioning in a cloud environment | |
EP4018629A1 (en) | Desktop virtualization with a dedicated cellular network connection for client devices | |
US20230148314A1 (en) | Fast Launch Based on Hibernated Pre-launch Sessions | |
US20210406074A1 (en) | Dynamic product resource mapping of cloud resources |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BEATY, KIRK A.;NAIK, VIJAY K.;RAPAPORT, GIL;AND OTHERS;SIGNING DATES FROM 20120214 TO 20120219;REEL/FRAME:027743/0575 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |