KR101107434B1 - Secure custom application cloud computing architecture - Google Patents

Secure custom application cloud computing architecture Download PDF

Info

Publication number
KR101107434B1
KR101107434B1 KR1020117011874A KR20117011874A KR101107434B1 KR 101107434 B1 KR101107434 B1 KR 101107434B1 KR 1020117011874 A KR1020117011874 A KR 1020117011874A KR 20117011874 A KR20117011874 A KR 20117011874A KR 101107434 B1 KR101107434 B1 KR 101107434B1
Authority
KR
South Korea
Prior art keywords
server
cloud
delete delete
cloud computing
architecture
Prior art date
Application number
KR1020117011874A
Other languages
Korean (ko)
Other versions
KR20110067169A (en
Inventor
마가렛 러스티그
스캇 코스텔로
로렌 앤 코투그노
Original Assignee
유니시스 코포레이션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US22004509P priority Critical
Priority to US61/220,045 priority
Priority to US22082709P priority
Priority to US61/220,827 priority
Priority to US61/229,989 priority
Priority to US22998909P priority
Application filed by 유니시스 코포레이션 filed Critical 유니시스 코포레이션
Priority to PCT/US2009/052673 priority patent/WO2010151273A1/en
Publication of KR20110067169A publication Critical patent/KR20110067169A/en
Application granted granted Critical
Publication of KR101107434B1 publication Critical patent/KR101107434B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5072Grid computing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/10Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network

Abstract

Depending on the needs of the user, a secure custom application cloud computing architecture is provided for facilitating the smooth migration of virtual applications to (or from) the cloud computing environment. The architecture identifies the custom application and its associated network architecture needed to support the application. The network architecture is then replicated to the cloud and custom applications are migrated to the cloud. In some embodiments, the application can be stored in the cloud, deactivated, and then reactivated when needed.

Description

SECURE CUSTOM APPLICATION CLOUD COMPUTING ARCHITECTURE}

This application is dated June 24, 2009 in U.S. Provisional Patent Application 61 / 220,045, and U.S. Provisional Patent Application 61 / 220,827, issued June 30, 2009, U.S. Pat. Priority is claimed from provisional patent application 61 / 229,989, which is incorporated herein by reference.

This application includes matters that are subject to copyright protection. The copyright holder does not take any objection to the facsimile reproduction by patent disclosure when it appears as a file or record at the Office, but in all other cases the copyright is protected.

FIELD OF THE INVENTION The present invention relates to the field of secure computing architectures, and more particularly to cloud computing architectures that facilitate the deployment of custom multi-tiered applications. .

Cloud computing is a term that has been around for some time and generally refers to the concept of outsourcing to a third party what is needed for data storage or compute-computation, where the user is who provides the service. The third party provides all the necessary infrastructure, without even having to know where the service is being performed (ie, the service is performed in the “Internet cloud”). More specifically, cloud computing typically uses Internet technology to deliver massively scalable information technology resources as a service, to one or more consumers, compared to the location of the consumer of the service. It can be seen as a style of computing delivered from off-premise. In cloud computing, resiliently scalable resources are often dynamically distributed and redistributed, as required, with metered quality or quantity.

In general, cloud computing is known to be composed of different types of services such as, for example, Software as a service (SAAS), Platform as a service (PAAS), and Infrastructure as a service (IAAS). SAAS is a model of software distribution in which software is provided as an on-demand service. 1 illustrates a preferred SAAS environment. In SAAS, users regularly pay relatively low costs to access and use the software, instead of facing significant licensing prepaid costs associated with conventional software licensing models. Typically, a user accesses software on his desktop, laptop, or other computing device 110 that is connected to the Internet 130 via a router 120. In some cases, the software is accessed by a user launching a browser or other software application and entering a Uniform Resource Locator (URL) into the browser. The browser interprets the URL and sends an association request to one of the interfaces / web servers 140 via the Internet 130. The interface server receives the request and obtains the requested software from the back-end server 150 and / or the database 160. Thereafter, in some cases, software is loaded by the interface server 140 and provided to the user via a browser, with most of the processing occurring on the interface server 140. In other cases, software, or portions thereof, are transmitted to the computing device 110 for execution by the computing device 110. SAAS has the advantage that whenever the software is used, from any location on any computer, the user can access the most recent version of the software, including, for example, any patches, extensions, and the like. This is in contrast to the conventional software distribution model in which a user licenses access to a particular version of software for use on a particular computer.

Unlike SAAS, where the user simply licenses access to the underlying software, in PAAS, the user borrows access to the entire platform. Typically, these platforms are built around a core set of functionality, such as customer resource management, and are often designed to enable team collaboration, web services, and database integration. PAAS is known to be desirable because common issues such as scalability, storage, persistence, state management, application versioning and instrumentation, and database integration are usually covered behind the scenes by the PAAS provider. . 2 shows interface / web server 240, middleware server 250, back-end server 260, and database 270 located remotely from user computer 210 and accessed via the Internet 230. The preferred PAAS architecture is shown. In general, user computing device 210 is part of an enterprise or other group and accesses Internet 230 through one or more routers 220. By running a browser or other software on computing device 210, the platform can be accessed. An example of PAAS is the well-known Google App Engine platform from Google, Inc. (Mountain View, California).

In IAAS, a user borrows access to a specific infrastructure (eg, a physical server, or a virtual server with a particular computing and / or storage function). This provides the user with flexibility in setting specific requirements as to how the infrastructure should be configured, thereby allowing the user to refine the behavior of the borrowed system. 3 illustrates a preferred IAAS architecture. For example and not by way of limitation, a financial services institution may borrow a high-performance, high availability server 340 to query queries received from a computing device 310 that is connected to the Internet 330 via a router 320. In response, a payment is made based on the number of instructions executed by the server per second (eg, "MIPS", ie millions of instructions per second). This allows users of the institution to increase the increased computing power of high performance servers at the time of peak demand (eg, at the end of the month), while only paying the associated higher costs. In general, IAAS is desirable for businesses that still want to access the latest systems while reducing internal IT costs, either by renting the infrastructure the business needs or by subscribing to a service that delivers the infrastructure, For non-IAAS, it is desirable if the starting costs associated with building the required infrastructure are extraordinarily high. In another example, a user who is responsible for maintaining complex enterprise applications that are used only for a specific season or based on a schedule (eg, quarterly) uses IAAS to add additional servers at peak demand. This can distribute the demand to the additional servers and improve the overall response. For example, a large shopping web site may ask an IAAS operator to add an additional server during Christmas and close the server when demand subsides.

Cloud computing has few heritage investments to protect, and cloud computing is likely to be attractive to new companies that can build their businesses on the latest technology. Similarly, new projects (e.g., research and development (R & D), experimentation, etc.) of existing companies can benefit from cloud computing because access to significant computing resources can be gained at a relatively reasonable start-up cost. Cloud computing is also appealing to traditional businesses interested in IT-related capital expenditures with end-of-life servers.

Unlike new businesses and new projects in existing businesses, many current users are reluctant to move their business into the cloud. Because this movement involves transferring control of applications and data to third parties, including potentially sensitive data (eg, medical records, customer lists, current research and development project information, etc.). This communication not only exposes the business to risks, but can also lead to conflicts with certain legal requirements. One suggested solution to this problem is that certain cloud-like functions are performed on the user's network infrastructure and the remaining functions are performed “in the cloud,” while the user still takes advantage of some of the benefits of cloud computing. There is a "hybrid cloud," which makes it possible to leverage the desired level of control over applications and data. This model allows businesses to use public or external cloud solutions for their existing office business applications, freeing up key information technology resources for core workload and data processing.

While hybrid cloud appears to be a desirable solution to these existing companies' cloud computing dilemma, hybrid cloud has not been adopted quickly in industry. One reason for this late adoption is that current cloud computing proposals usually appear to require a “all or nothing” approach to implement. That is, the user predicts and evaluates what software, platform, and infrastructure can be moved into the cloud such that the software, platform, and infrastructure will remain permanently inside the cloud.

Another reason for the hybrid cloud to take a long time to gain popularity is that many businesses rely on complex custom or semi-custom applications, and many of these applications require a multi-layered architecture in order for them to function properly. -tier architecture). For example, a user may be willing to move certain software into the SAS model when the software is used in the form of “off the shelf” when used. For example, when rarely occurring computer aided drafting (CAD) software is actually needed, a law firm that wants to make the CAD software available to employees can make it available under the SAAS model. It can be found that it is considerably more cost effective than purchasing a license for each employee of. The SAAS model is more suitable because employees are more likely to want a standard version of CAD software.

In contrast, many current businesses rely on highly customized applications for their work. Examples of such applications include, but are not limited to, accounting and payroll systems, human resource records, time and attendance applications, document management systems, complaint handling, client status processing, and the like. In many cases, these applications are used enterprise-wide and are often implemented using "n-tier" architectures. For this reason, consider moving these applications "into the cloud." For example, an n-tier architecture can be implemented in an IAAS environment, but current technology requires that each server in each tier be brought online and configured separately. This is in contrast to the universal concept of "hands-free" typically associated with the cloud, so that in a custom environment, a cloud-based n-tier architecture In addition, it may be less desirable.In addition, applications tailored to use the platform or infrastructure of a particular cloud computing provider. It must be reorganized to operate within the guidelines established by the said operator. The costs associated with these migration can be significant, and therefore does not move a large number of companies have their applications into the cloud.

There is a need for network architectures, related systems and methods that enable businesses using custom applications and / or complex architectures to take advantage of cloud-based computing. Accordingly, the present invention relates to a security customized application cloud computing architecture that sufficiently overcomes one or more of the problems caused by the limitations and disadvantages of the prior art.

Features and advantages will be provided in the following description and may be learned by the practice of the secure customized application cloud computing architecture of the present invention. With the structure particularly pointed out herein, the objectives and other advantages of secure custom application cloud computing architectures will be realized and achieved.

1 is a block diagram illustrating a conventional SAAS architecture.
2 is a block diagram illustrating a conventional PAAS architecture.
3 is a block diagram illustrating a conventional IAAS architecture.
4 is a flow diagram illustrating a preferred provisioning logic flow that may be supported by the architecture of the present invention.
5 is a block diagram illustrating a preferred architecture prior to receiving a provisioning request.
6 is a block diagram illustrating a preferred architecture after a provisioning request has been received that may be supported by a virtual machine.
7 is a block diagram illustrating a preferred architecture after a provisioning request has been received that may be supported by a physical machine.
8 is a block diagram illustrating a preferred architecture when a physical machine provisioning request is performed.
9 is a block diagram illustrating a preferred user network architecture.
10 is a block diagram illustrating the preferred architecture of FIG. 9 with some migrated to cloud resources.

As described above, many businesses are unable to use cloud computing because of the complexity of their systems. By way of example, and without limitation, these businesses may rely on custom applications that require an extensive architecture to be implemented. 9 is a block diagram illustrating a network architecture and various components of the architecture, which may be used by a virtual hospital or business. Hospitals require a variety of high availability information, such as patient records, inventory management data, accounting data, human resource data, and the like, which information can be stored and access to the data May be provided through the center 930. In some embodiments, the data sensor 900 may be located geographically adjacent to the regional office 900 that serves the patient, but such proximity is not required. While these architectures and related systems and methods are shown differently depending on the data center 900, to those skilled in the art, computing systems within the data center 900 need not be deployed within the actual data center, and within the scope of the present invention, It will be appreciated that any private computing environment can replace this.

In the preferred architecture shown in FIG. 9, computing device 910 has client software that is executed by which each computing device can access information provided from data cents 930. Such client software may include, for example, one or more custom applications, a web browser, custom software running within the web browser (eg, plug-in, add-on). , Extension). Such client software may be written in languages interpretable by one or more computers, such as but not limited to JAVA, C ++, C #, AJAX.

Client software typically accesses data center 930 via private communications link 920. In some embodiments, the private communication link 920 may be a dedicated high speed connection, or a dial-up connection, or a virtual private network connection, or a connection similar thereto. The router 915 may facilitate communication in a private network shared by the computing device 910 and the data center 930. Within the data center 930, a router 935 facilitates communication between the private network and the private communication link 920 deployed within the data center 930.

In the preferred embodiment shown in FIG. 9, access to patient records is provided through a patient records system 940. Patient records interface server 942 may, for example, apply business process rules to data entered through appropriate client applications running on one or more computing devices 910, and the like. It provides the logic necessary to perform essential functions. Patient record database server 944 facilitates access to patient record database 946. The patient record database server 944 receives a database related query from the patient record interface server 940, retrieves and / or updates the patient record database 946, and sends it to the patient record interface server 940. You can return the result. The patient record interface server 940 can provide the returned information or a subset thereof to client software running on one of the user computing devices 910.

Inventory management system 950 provides access to inventory information, such as, for example, the number of hospital gowns, bandages, crutches, prescription and non-prescription medications currently in the warehouse. Promote In the illustrated embodiment, inventory management web server 952 provides an HTML and / or JAVA-based interface to the inventory management system. The user simply launches a web browser on one of the computing devices 910 and enters the appropriate Uniform Resource Locator (URL) to access the inventory management system. In the illustrated embodiment, the inventory management web server 952 includes a server computer having one or more microprocessors running a Windows Server 2008 operating system distributed by Microsoft Corporation. The inventory management web server 952 may also have an Internet Information Service (IIS) running within the operating system to facilitate providing web server functionality. The inventory management web server 952 may be configured to include scripts, as well as Hypertext Markup Language (HTML) or eXtensible Markup Language (XML) used to customize the performance and / or interfaces provided by the inventory management web server 952. It may include one or more custom pages written in, applets, and the like.

In the illustrated embodiment, the inventory management middleware server 953 receives user instructions, queries, or other requests from the inventory management web server 952, and based on the received requests, generates a report, Do business logic. In the illustrated embodiment, the inventory management middleware server 953 includes a server computer having one or more microprocessors running a Windows Server 2008 operating system distributed by Microsoft Corporation. Inventory management web server 952 may also have one or more applications running within an operating system that facilitates interfacing between inventory management web server 952 and inventory management database server 954. Such applications may be completely stand-alone or may use one or more static and / or dynamic link libraries (DLLs) of computer code.

Inventory management database server 954, for example, performs a query on data stored in inventory management database 956, and adds, updates, or removes records from inventory management database 956, and the like. Facilitate access to database 956. In the illustrated embodiment, inventory management database server 954 includes a server computer having one or more microprocessors running a Windows Server 2008 operating system distributed by Microsoft Corporation. The inventory management database server 954 may also have a SQL Server distributed by Microsoft Corporation running within an operating system. The SQL Server is a known database server that not only stores information in one or more related databases, but also facilitates loading and modifying stored information. In some embodiments, complex or frequently used queries, or other customizations, may be stored in database server 954 and / or inventory management database 956.

While inventory management system 950 has been described previously as including a computing system, a network architecture built on a Windows Server 2008 operating system environment, and software written accordingly, those skilled in the art will appreciate that the security-customized application cloud computing of the present invention. It is to be understood that within the spirit and scope of the architecture, alternative operating systems and / or software may be substituted. For example, one or more of the servers that make up the inventory management system 950 can run one of several existing Linux operating systems, where software running within the operating system is the aforementioned Windows Server 2008 operating system. It is similar to software running on the system.

In the embodiment shown in FIG. 9, accounting system 960 uses an architecture similar to that of inventory management system 950, where inventory management web server 952 is replaced by accounting web server 962, Inventory management middleware server 953 is replaced with accounting middleware server 963, inventory management database server 954 is replaced with accounting database server 964, inventory management database 956 is replaced with accounting database 966. do. Similarly, human resource system 970 uses an architecture similar to that of inventory management system 950, where human resource web server 972 replaces inventory management web server 952 and human resource middleware server 973. ) Replaces inventory management middleware server 953, human resource database server 974 replaces inventory management database server 954, and human resource database 976 replaces inventory management database 956.

9 illustrates communication between the local office 900 and the data center 930 via one router and one private communication link for clarity. In many practical embodiments, multiple routers and communication links will be used to reduce the likelihood of single point source errors and to enhance redundancy, which is intended to be part of the present invention. Similarly, although private communication link 920 is described above as a private and / or secure communication link, within the spirit and scope of the present invention, the Internet may replace it.

FIG. 9 illustrates certain functions performed by one server per system and by a fixed number of servers per system, which is purely for simplicity of description, and the invention is directed to the functions and number of such servers. It is not intended to be limiting. For example, the functionality provided by one server described above may in fact be provided by multiple servers participating as part of a cluster. Similarly, although the various systems provided by data center 930 are shown as using an n-tier architecture, within the spirit and scope of the present invention, alternative architectures may replace it.

In the preferred embodiment shown in FIG. 9, the hospital may need to periodically perform quarterly reports, or other complex accounting tasks. While these tasks are performed using existing systems, these tasks are resource intensive and may require significant CPU time, memory, and / or input / output (I / O) operations, and within accounting database 966. One or more records may need to be locked. As such, these tasks are often performed during the evening or during other periods when the demand for system use is reduced. Unfortunately, when an error occurs or a change is required, the task must be re-executed and, depending on the urgency of the information request, may need to be performed during periods of higher demand.

One solution is to bring online additional resources into the data center 930 to help solve computing computational needs. However, this requires the purchase of resources, which are idle or will not be fully utilized, except during relatively rare times during which complex tasks are performed. This is not a cost-effective solution for many businesses and therefore they will not invest in these resources.

In addition, assuming that many of the hospital's data are related to privacy and security, it is not desirable to push this data into the cloud. For example, the accounting information mentioned above in essence would include personal information about the treatment, costs, insurance companies, etc. of each patient. Thus, the example hospital will not be able to migrate its accounting system into the cloud. Since the system cannot be pushed into the cloud, hospitals will not be able to leverage the capabilities of conventional cloud computing to dynamically introduce new resources to meet the demands of the accounting system.

In contrast, the present invention provides that some systems provided by the data center 930 may temporarily migrate into the cloud, thereby freeing resources within the data center 930 to keep pace with accounting needs. Custom application cloud computing architecture. For example, FIG. 10 illustrates temporarily migrating inventory management system 950 into cloud resources 1000, such as web server 952, middleware server 953, database server 954, database. One or more of (956) may be free to help meet the needs of the accounting system.

In the embodiment shown in FIG. 10, when a user attempts to access the inventory management system through computing device 910, router 915 routes the request to router 1040 via the Internet 1005. In some embodiments, such routing may utilize the Stealth technique developed by the applicant of the present invention, Unisys Corporation (Bluebell, Pennsylvania, USA), which stealth technique is described in US patent application Ser. No. 12 / 346,578, filed. 12 / 346,561 and 12 / 336,568, which are incorporated herein by reference. In the illustrated embodiment, data previously stored in database 956 may be replicated to cloud database 1056. In some embodiments, database 956 may use one or more standby copies, which may facilitate faster replication to cloud database 1056. When replication is complete, the database server 954 can begin addressing the cloud database 1056 instead of the database 956.

When the data is being replicated, the cloud database server 1054 may be provisioned. The cloud database server 1054 may be provisioned as one or more real servers and / or virtual servers that facilitate access to the cloud database server 1054. Such provisioning may include, but is not limited to, replication of any customizations stored on or made to database server 954. When the cloud database server 1054 is ready to go online, the inventory management server 953 may be instructed to forward any database-related request to the cloud database server 1054.

While the cloud database server 1054 is provisioned, the cloud middleware server 1052 may also be provisioned. The cloud middleware server 1054 may include one or more physical and / or virtual machines, and for any customization stored on the inventory management middleware server 953, or for the inventory management middleware server 953. Can be provisioned according to the customizations made. For example, middleware software running on inventory management server 953 may use one director's template, script, or other customization, which customizations may include one or more known directories on inventory management server 953. Are stored in. As part of the provisioning procedure, the contents of these directories can be replicated to the cloud middleware server 1052, thereby allowing the cloud middleware server 1052 to perform the same function. Once the cloud middleware server 1052 is properly provisioned, the inventory management web server 952 may be instructed to use the cloud middleware server 1052 instead of the inventory management middleware server 953.

While the cloud middleware server 1052 is provisioned, the cloud web server 1050 may also be provisioned. Cloud web server 1050 may include one or more physical and / or virtual machines, and is provisioned according to any customization that is stored on inventory management web server 952 or made for the inventory management web server. Can be. Once the cloud web server 952 is properly provisioned, the router 915 and / or router 935 may be instructed to route all inventory management related requests to the cloud router 104.

While provisioning has been described above as occurring serially, within the spirit and scope of the present invention, the provisioning may occur in parallel.

Through the provisioning method mentioned above, the inventory management system 950 can be easily transformed into the cloud resource 1000 within the data center 930. As mentioned above, this frees the servers 952, 953 and 954 and the database 956, which may help with the increasing demand for the accounting system 960. In some embodiments, server 952 may be re-provisioned with a software configuration similar to that of accounting web server 962. Similarly, server 953 may be re-provisioned in a configuration similar to that of accounting middleware server 963, and server 954 may be re-provisioned in a software configuration similar to that of accounting database server 964. Data stored in the accounting database 966 can also be replicated to the database 956, which can be linked to promote database consistency. Once re-provisioning is completed for the newly enhanced accounting system 960 and an access request is received, the router 935 may use a round-robin approach to route the request to one of the accounting web servers 952 and 962. have. In another embodiment, router 935, or another device, may track utilization statistics, response time, and the like, to determine the appropriate server to which the request is routed. Such usage statistics may be generated by router 935 or provided by one or more of accounting web servers 952 and 962 and / or another device.

In some embodiments, in accordance with a periodic and predictable schedule, there is a need for additional resources, and initiation of migration from the data center 930 to cloud resources 1000 occurs based on the schedule. For example, if you know that additional resources are required every April 1, July 1, September 1, and January 1, the security-customized application cloud computing architecture of the present invention may have a migration process of March 31. It may be scheduled to start automatically on Sunday, June 30, August 31 and December 31, or to start automatically on the weekend before the date, to further mitigate any move-related issues. If the request is likely to last for a given time, automated deprovisioning using a process similar to the provisioning process described above can be scheduled in advance.

In yet another embodiment, the need for additional resources may occur dynamically, based on unpredictable problems. For example, if the accounting web server 962 fails, the architecture of the present invention may dynamically move the inventory management web server 952 to the cloud, thereby freeing the server 952 so that accounting The web server 962 may perform a function previously performed. In some embodiments, if a fail-over occurs, the entirety of inventory management system 950 is migrated to the cloud. The dynamic nature of the security-customized application cloud computing architecture of the present invention facilitates virtually seamless migration on demand, thereby allowing consumers to keep certain data and other information out of the cloud, Access to power and reliability can be obtained.

In some embodiments, the secure custom application cloud computing architecture herein can be used as a permanent location for a particular custom application. By way of example, and not by way of limitation, if an inventory management system is migrated into the cloud, the hospital may determine that there is no need for always-on access to the inventory management system. Thus, hospitals may request that custom applications be stored away for later use. In such embodiments, any user data, customizations, customized applications, etc. may be stored on one or more storage media for later recall. Thereafter, any virtual machine supporting the custom application can be shut down and indicated that any physical machine can be repurposed. When the hospital wants to use the inventory management system again, the hospital simply submits a provisioning request, and the custom application (including the network architecture supporting the custom application) can be rebuilt by the architecture of the present invention. In some embodiments, when an archived copy is created, the archive contains a snapshot of the correct system configuration, including any information present in the buffer, the current login status of any user, and the like. do. In this embodiment, all aspects of the system are restored when the repository is restored.

In some embodiments, access to the security customized application cloud computing architecture herein is provided as a service. 4 is a flow diagram illustrating a preferred method by which a customer can activate a service, such as provisioning one or more servers, in a secure tailored application cloud computing architecture. In Figure 4, the customer, i.e., the user, begins by subscribing to the service (block 400). Thereafter, a model of the user's network (“blueprint”) may be generated, including, but not limited to, any modeling, including any customization, linked libraries, other files used, and the like. In addition, there is a list of various hardware and software resources that activate the network. In some embodiments, the blueprint may include a list of directories in which any customization to the software is stored, or some other location. The blueprint may also include detailed specifications for various network components, such as the number and speed of processors in the minimum subset of computing devices that make up the network, and the memory available to each computing device. The size of the, the average response time for the query, and the number of concurrent users supported.

Then, based on the information in the blueprint, an optimal cloud configuration is determined (block 410). This cloud configuration may differ from the actual network configuration in that some resources presently provided by the physical server may be provided by one or more virtual machines.

When the user is ready to begin migrating his software to the cloud, the user does this by generating a provisioning request received by the architecture of the present invention (block 415). Such a provisioning request may include a blueprint, or a pointer to where the blueprint can be found. For example, the blueprint may be stored in a database associated with the architecture of the present invention, and the pointer may include a reference to the location of the blueprint in the database.

The provisioning request is examined (block 420) to determine whether one or more virtual machines can be fully satisfied. If so, then individual virtual machines are provisioned with the appropriate “persona” (block 425). Then proceed to block 440, which is described below. The persona is described in more detail below.

If more than one physical machine is requested, the logic flow continues to block 430 where a provisioning of a new physical server is requested. In some embodiments, one or more physical servers exist in an idle state in the data center serving the current architecture, or as part of a cloud computing environment, waiting for a provisioning request. In another embodiment, if such a server is not readily available, the architecture of the present invention may perform consolidation analysis of servers, or a subset of servers, in the cloud or in a data center. Preferred integrated analyzes are described in US patent application Ser. No. 10 / 549,652, which is incorporated herein by reference. This integrated analysis can move software and services currently running on multiple physical servers onto fewer physical servers, freeing one or more physical servers to satisfy user provisioning requests.

Once a suitable physical server is identified, the physical server is repurposed to one of a number of standard “personas” that best meets provisioning requirements (block 435). In some embodiments, a physical server may include a number of processors and / or a random quantity of random access memory (RAM). As will be appreciated by those skilled in the art, such RAM may store instructions and / or data used by the processor. These instructions allow the processor to execute a series of steps that accomplish the desired purpose, such as performing the accounting tasks mentioned above.

In some embodiments, the persona selected in accordance with the provisioning request may enable or disable access to one or more of the processor and / or portions of the RAM, thereby changing the performance characteristics of the physical server. Similarly, a persona can specify a particular operating system and default software configured within the operating system. Using the appropriate persona, if the physical server is repurposed or a virtual server is created (block 440), the server's configuration is compared to the provisioning request and / or blueprint, and any additional software to be loaded into the server, or Customization can be determined.

The aforementioned provisioning method is shown in FIGS. 5-8. 5 is a block diagram illustrating a preferred secure customized application cloud computing architecture prior to receiving a provisioning request. In FIG. 5, platform service orchestrator 500 manages the operation of the architecture and receives provisioning requests from users. uProvision 510 is a back-end service that tracks the various physical and virtual servers used within the architecture. The uOrchestrate adapter 520 automates the application of business rules (eg, instantiation of accounting and other procedures) to provisioning requests, typically to the operation of the architecture. For example, uOrchestrate adapter 520 instantiates a monitor that tracks the performance of provisioned servers. Examples of such performance information include the peak and average number of users being served simultaneously by the server, the number of queries received by the provisioned server, the number of instructions executed by the server per monitored time period, The amount of memory and / or storage space used by the provisioned server. This performance information can then be used for billing purposes. For example, the user may be charged based on units of million instruction per second (MIPS), or based on an average size of storage space used, or the like.

In addition to the software and services that manage the architecture, some embodiments of the architecture may include one or more dedicated servers to provide specific functionality to the architecture. For example, FIG. 5 includes MsSql server 540, which is a database server that facilitates storage of information used by various components of the architecture. Although described herein as using one version of a SQL server distributed by Microsoft Corporation (Redmond, Washington, USA), those skilled in the art, within the spirit and scope of the present invention, an alternative database may replace this. You will know.

Active Directory 550 is a server that manages user accounts and related information associated with the maintenance of the architecture. Active Directory is a technology associated with Windows Server, an operating system distributed by Microsoft Corporation. Although the architecture of the present invention is described as using Active Directory, those skilled in the art will appreciate that alternative directory and / or user account schemes, such as X.500, may be used within the spirit and scope of the present invention. will be.

Ticketing 560 is a server that is responsible for managing the implementation of specific provisioning requests. VM Farm 570 is a number of virtual machines running on one or more physical servers. VCenter 530 is a server that facilitates control of various virtual machines running in the architecture.

In FIG. 6, a new provisioning request is received, the provisioning request comprising a request for a server that can be implemented most as a server. In this embodiment, platform service orchestrator 500 alerts uOrchestrate adapter 520 a new provisioning request and uProvision 510 is alerted that a new virtual machine will be created. uProvision 510 sends a provisioning request to Ticketing 560, which instantiates a virtual machine within VM Farm 570. The virtual machine is added to the list of machines maintained by VCenter 530.

In FIG. 7, a new provisioning request is received, where the provisioning request includes a request that cannot be implemented as a virtual server. In this embodiment, platform service orchestrator 500 alerts uOrchestrate adapter 520 to a new provisioning request, and uProvision 510 is alerted that the physical machine will be provisioned. The uOrchestrate adapter 520 forwards a provisioning request to uAdap 700, which manages the physical server associated with the architecture. uAdapt 700 identifies physical server 710 to be used to satisfy a provisioning request. As described above, this physical server may be an existing server repurposed to satisfy a provisioning request, or an appropriately provisioned idle state server.

As shown in FIG. 8, in some embodiments, uAdapt 700 transfers control of physical server 710 to uProvision 510, where the physical server re-creates as a new physical server 800 (FIG. 8). Is specified. uProcision 510 specifies the persona to be implemented on the new physical server 800 and includes any customization to ensure that the appropriate software is loaded. Thereafter, control of the new physical server 800 is returned to uAdapt 700, and the user is notified that the server is available.

As will be appreciated by those skilled in the art, a blueprint of a user's network is created such that the secure custom application cloud computing architecture of the present invention can dynamically replicate one server, or the entire n-tier architecture, in the cloud. Combined with the ability to quickly migrate custom software from the user's network to the cloud, the secure custom application cloud computing architecture of the present invention can remove many obstacles that prevent users from using cloud computing. In addition, certain aspects of the secure customized application cloud computing architecture of the present invention may be implemented as one or more of hardware, software, firmware, or a combination thereof. Such software can be reliably stored on one or more computer readable media, eg, disks, floppies, flashes, thumbs, solid state drives, compact discs (CDs), DVDs, EPROMs. Software may include instructions that, when executable by a processor, cause the processor to perform a particular function.

Claims (18)

  1. delete
  2. delete
  3. delete
  4. delete
  5. delete
  6. In the security customized application cloud computing method,
    Receiving a request to apply for a service, wherein a custom application is migrated from a private computing environment to a cloud computing environment,
    Creating a model of the custom application,
    Evaluating the model and determining an optimal configuration supported by the cloud computing environment,
    Receiving a provisioning request,
    Instantiating one or more physical or virtual machines to facilitate migration of custom applications to the cloud computing environment, and
    Migrating a customized application to the cloud computing environment,
    Including,
    The model includes a detailed list of computing resources used to support the custom application, wherein the method includes:
    Receiving a request to archive the custom application,
    In a cloud computing environment, preserving some or all of the computing resources associated with the custom application, and
    Deprovisioning the computing resource associated with the custom application in a cloud environment
    Further comprising
    Security tailored application cloud computing method.
  7. 7. The method of claim 6, wherein the deprovisioning step includes shutting down any virtual server associated with the custom application.
  8. 7. The method of claim 6, wherein the deprovisioning step includes indicating that it is possible to re-provision any physical server associated with the custom application.
  9. delete
  10. delete
  11. delete
  12. delete
  13. delete
  14. delete
  15. delete
  16. delete
  17. delete
  18. delete
KR1020117011874A 2009-06-04 2009-08-04 Secure custom application cloud computing architecture KR101107434B1 (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
US22004509P true 2009-06-04 2009-06-04
US61/220,045 2009-06-24
US22082709P true 2009-06-26 2009-06-26
US61/220,827 2009-06-26
US61/229,989 2009-06-30
US22998909P true 2009-07-30 2009-07-30
PCT/US2009/052673 WO2010151273A1 (en) 2009-06-04 2009-08-04 Secure custom application cloud computing architecture

Publications (2)

Publication Number Publication Date
KR20110067169A KR20110067169A (en) 2011-06-21
KR101107434B1 true KR101107434B1 (en) 2012-01-19

Family

ID=43392195

Family Applications (4)

Application Number Title Priority Date Filing Date
KR1020117011874A KR101107434B1 (en) 2009-06-04 2009-08-04 Secure custom application cloud computing architecture
KR1020127033408A KR20130018335A (en) 2009-06-04 2009-08-04 Secure custom application cloud computing architecture
KR1020117027813A KR20110130538A (en) 2009-06-04 2009-08-04 Secure custom application cloud computing architecture
KR1020097016964A KR101053385B1 (en) 2009-06-04 2009-08-04 Security Custom Application Cloud Computing Architecture

Family Applications After (3)

Application Number Title Priority Date Filing Date
KR1020127033408A KR20130018335A (en) 2009-06-04 2009-08-04 Secure custom application cloud computing architecture
KR1020117027813A KR20110130538A (en) 2009-06-04 2009-08-04 Secure custom application cloud computing architecture
KR1020097016964A KR101053385B1 (en) 2009-06-04 2009-08-04 Security Custom Application Cloud Computing Architecture

Country Status (3)

Country Link
KR (4) KR101107434B1 (en)
CA (1) CA2674834A1 (en)
WO (1) WO2010151273A1 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101230009B1 (en) * 2011-05-06 2013-02-13 (주) 시스메이트 Network information security service system based on cloud computing
KR101297441B1 (en) * 2011-10-31 2013-08-16 삼성에스디에스 주식회사 Method and Apparatus for Provisioning SaaS Service in Multi-Tenant Environment
EP2870580A4 (en) * 2012-07-03 2016-05-18 Hewlett Packard Development Co Managing a hybrid cloud service
EP2831746A1 (en) * 2012-07-31 2015-02-04 Hewlett-Packard Development Company, L.P. Orchestrating hybrid cloud services
US9467355B2 (en) 2012-09-07 2016-10-11 Oracle International Corporation Service association model
US9542400B2 (en) 2012-09-07 2017-01-10 Oracle International Corporation Service archive support
US9276942B2 (en) 2012-09-07 2016-03-01 Oracle International Corporation Multi-tenancy identity management system
US10148530B2 (en) 2012-09-07 2018-12-04 Oracle International Corporation Rule based subscription cloning
US9621435B2 (en) * 2012-09-07 2017-04-11 Oracle International Corporation Declarative and extensible model for provisioning of cloud based services
US9397884B2 (en) 2012-09-07 2016-07-19 Oracle International Corporation Workflows for processing cloud services
CN103795749B (en) * 2012-10-30 2017-03-01 国际商业机器公司 Methods and apparatus for diagnosing problems running in the cloud environment software product
US9342333B2 (en) 2013-03-14 2016-05-17 Microsoft Technology Licensing, Llc Backend custom code extensibility
EP3018585A4 (en) * 2013-07-02 2017-02-22 Fujitsu Limited Machine provision method, machine provision system, and machine provision program
US10164901B2 (en) 2014-08-22 2018-12-25 Oracle International Corporation Intelligent data center selection
KR20160118708A (en) 2015-04-03 2016-10-12 한국전자통신연구원 A system and method for integrated service orchestration in distributed cloud envronment
US10142174B2 (en) 2015-08-25 2018-11-27 Oracle International Corporation Service deployment infrastructure request provisioning
WO2018021864A1 (en) * 2016-07-29 2018-02-01 주식회사 파수닷컴 Method for providing cloud-based service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080083025A1 (en) * 2006-09-29 2008-04-03 Microsoft Corporation Remote management of resource license
US20080080396A1 (en) * 2006-09-28 2008-04-03 Microsoft Corporation Marketplace for cloud services resources
US20090088142A1 (en) * 2007-09-28 2009-04-02 Microsoft Corporation Device migration

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080082667A1 (en) * 2006-09-28 2008-04-03 Microsoft Corporation Remote provisioning of information technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080080396A1 (en) * 2006-09-28 2008-04-03 Microsoft Corporation Marketplace for cloud services resources
US20080083025A1 (en) * 2006-09-29 2008-04-03 Microsoft Corporation Remote management of resource license
US20090088142A1 (en) * 2007-09-28 2009-04-02 Microsoft Corporation Device migration

Also Published As

Publication number Publication date
CA2674834A1 (en) 2010-12-04
KR101053385B1 (en) 2011-08-01
WO2010151273A1 (en) 2010-12-29
KR20130018335A (en) 2013-02-20
KR20110067169A (en) 2011-06-21
KR20110130538A (en) 2011-12-05
KR20110025728A (en) 2011-03-11

Similar Documents

Publication Publication Date Title
Boss et al. Cloud computing
Jonas et al. Occupy the cloud: Distributed computing for the 99%
US8806105B2 (en) Managing access of multiple executing programs to non-local block data storage
US9317338B2 (en) Method and system for modeling and analyzing computing resource requirements of software applications in a shared and distributed computing environment
US9262273B2 (en) Providing executing programs with reliable access to non-local block data storage
US8370493B2 (en) Saving program execution state
US9361390B2 (en) Web content management
US10229125B2 (en) Remote data protection in a networked storage computing environment
US8356274B2 (en) System and methods to create a multi-tenancy software as a service application
CN104160381B (en) Multi-tenant environments tenant-specific data set management method and system
US8826289B2 (en) Method and system for managing virtual and real machines
EP2650783A1 (en) On-demand database service system, method, and computer program product for verifying that a developed application will operate properly with at least one other application
US8260840B1 (en) Dynamic scaling of a cluster of computing nodes used for distributed execution of a program
US8903943B2 (en) Integrating cloud applications and remote jobs
CN100410882C (en) System and method for centralized software management in virtual machines
Weissman et al. The design of the force. com multitenant internet application development platform
US9230068B2 (en) Method and system for managing license objects to applications in an application platform
CN102667711B (en) Virtual Database System
EP1840744B1 (en) Method and apparatus for delivering managed applications to remote locations
Wu et al. Cloud storage as the infrastructure of cloud computing
Baun et al. Cloud computing: Web-based dynamic IT services
Reese Cloud application architectures: building applications and infrastructure in the cloud
US20120102480A1 (en) High availability of machines during patching
US9342368B2 (en) Modular cloud computing system
US20130124481A1 (en) Upgrade of highly available farm server groups

Legal Events

Date Code Title Description
A201 Request for examination
A107 Divisional application of patent
E902 Notification of reason for refusal
A107 Divisional application of patent
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20141224

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20151224

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20161230

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20171228

Year of fee payment: 7