US20080263543A1 - On-Demand active role-based software provisioning - Google Patents

On-Demand active role-based software provisioning Download PDF

Info

Publication number
US20080263543A1
US20080263543A1 US12146764 US14676408A US2008263543A1 US 20080263543 A1 US20080263543 A1 US 20080263543A1 US 12146764 US12146764 US 12146764 US 14676408 A US14676408 A US 14676408A US 2008263543 A1 US2008263543 A1 US 2008263543A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
software
device
role
software package
set forth
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12146764
Inventor
Puthukode G. Ramachandran
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dropbox Inc
Original Assignee
Ramachandran Puthukode G
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99933Query processing, i.e. searching
    • Y10S707/99934Query formulation, input preparation, or translation

Abstract

Automated software provisioning based upon a set of role definitions for a user of a configurable device such as a computer or personal digital assistant. The present invention may be realized as an enhancement or extension to currently available software distribution tools which are used to distribute software to remote and local machines, and to permit unattended software installation and maintenance. The invention provides role-based software provisioning which automatically distributes the appropriate software programs and updates to computers that are owned by users based on the role of each user, thereby avoiding the need for intensive manual efforts to determine which computers need what software. The invention may also be interfaced to a License Management system in order to accomplish automatic recovery of unused software licenses, and to obtain permission for installing new licenses, based on user role changes.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS (CLAIMING BENEFIT UNDER 35 U.S.C. 120)
  • This is a continuation application of U.S. patent application Ser. No. 10/728,162, filed on Dec. 4, 2003, by Puthukode G. Ramachandran.
  • FEDERALLY SPONSORED RESEARCH AND DEVELOPMENT STATEMENT
  • This invention was not developed in conjunction with any Federally sponsored contract.
  • MICROFICHE APPENDIX
  • Not applicable.
  • INCORPORATION BY REFERENCE
  • U.S. patent application Ser. No. 09/864,392, filed on May 24, 2001, by P. D. Griffin, et al., and U.S. patent application Ser. No. 10/728,162, filed on Dec. 4, 2003, by Puthukode G. Ramachandran, which are commonly assigned, are incorporated by reference, in their entireties including figures, to the present patent application
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • This is a continuation application of U.S. patent application Ser. No. 10/728,162, filed on Dec. 4, 2003, by Puthukode G. Ramachandran, which is currently under allowance. The present invention related to an improved data processing system and, in particular, to a method and system for provisioning and de-provisioning software and resources assigned to a computing system based upon the organizational role of the user of the computing system.
  • 2. Background of the Invention
  • Modern enterprise computing environments include a variety of networked computing devices such as servers, gateways, desktop clients, and pervasive devices including personal digital assistants (“PDA”) and pocket PC's. Within a company's or organization's computing resources, there may be literally thousands of these devices at any given time, usually with one user assigned to each device.
  • So, for example, a particular member of an organization or company employee may have a desktop computer or PC assigned to him or her, usually located on his or her desk in his or her office. Additionally, this member or employee may also be assigned a PDA, as well as a laptop computer for use in telecommuting or during business trips.
  • Each of these devices will have a variety of hardware and software resources installed on it, some of which may be a part of a “standard” or “company wide” configuration, and other parts of which may be dependent on the member's or employee's function in the company or organization. For example, a company may adopt Linux as their company-wide operating system, so both the laptop and desktop PC's may be configured with a version of the Linux operating system along with some utility programs to allow them to access the company's wired or wireless networks. Additionally, the employee may have a job description which will require him or her to draft documents, and prepare budgets, so both the laptop and the desktop computers may be configured with IBM's Lotus WordPro [TM] word processor application program, as well as Lotus 1-2-3 [TM] spreadsheet application. Further, assume that this employee or member is involved in sales, so a contact management application program may be provided on the desktop and laptop computers, as well. The PDA may also be configured with “filters” or “readers” for the word processor, spreadsheet, and contact management file types, as well.
  • Now consider a second employee or member of the same organization who has a different job description, such as a technical support engineer. This person's computers would receive the company-wide options, such as the Linux operating system and networking components, but would not necessarily need the contact management application or the spreadsheet program. Instead, this second employee would need a Java [TM] programming suite, such as IBM's Visual Age [TM] suite, and a client program to remotely access a trouble ticket database.
  • In some organizations and company's, there is a manual process for configuring and maintaining these types of computers. As a new employee or member is added to the group, a person within the Information Technology (“IT”) group is responsible to select the appropriate computer platforms, to select the appropriate application programs, and to install each program manually. Then, as the user's job function changes (e.g. he or she moves to a different department, is promoted, etc.), someone within the IT group must manually change the software configuration of the user's computers (e.g. laptop, desktop, PDA, etc.). Additionally, each time an application program is upgraded, the IT group must manually apply the upgrades to the user's computer(s), as well as re-install all of the application programs each time a computer is replaced or repaired. Even worse, most of these installation and upgrade actions require the IT professional to be physically colocated with the computer being modified, which may require substantial travel to support a geographically distributed work force.
  • This manual process can be onerous even to a small group or company, and can be paralyzing to medium and large size enterprises. The record keeping requirements can be substantial in order to manage licenses (e.g. manage a company's investment in software products), proliferate new application program installations, provide upgrades, and “swap out” computers for newer or more powerful systems.
  • To answer this problem, several companies have developed enterprise configuration management (“CM”) tools which allow an IT department to manage the software configurations of a wide variety of networked computers from a centralized and remote location. One such CM tool is IBM's Tivoli Configuration Manager. Other tools with similar objectives are provided by Computer Associates and BMC Software.
  • Then IBM Tivoli Configuration Manager can help a company or organization gain total control over their enterprise software and hardware using its software distribution module which allows an IT department to rapidly and efficiently deploy complex mission-critical applications to multiple locations from a central point. Following initial deployment of systems, the Tivoli CM inventory module automatically scans for and collects hardware and software configuration information from computer systems across the managed enterprise. The software deployment lifecycle has many steps, and Tivoli CM allows IT departments to manage the systems from packaging, planning and administration to delivery, installation and reporting.
  • Tivoli CM provides a function known as “multicasting”, which can significantly reduce network bandwidth usage, and which can help in an environment where there are slow speed links between locations (e.g. reaching wirelessly networked devices or systems located through a slow bridge). Using multicasting, software distribution time is independent of the number of targets, as each software package is only sent across the network once.
  • Tivoli CM also supports pervasive computing devices with integrated support for Palm Computing's PalmOS [TM], PocketPC's, and Nokia Communicator devices. This allows an IT department to update the configuration information and software on these devices using the same tools with which desktop and server systems are managed. By gaining control over the growing number of pervasive devices being deployed for business applications across the corporate enterprise; IT administrators do not need to learn to use a separate, specialized tool for managing these pervasive computing devices.
  • Tivoli CM also includes Enterprise Directory Support, which allows IT administrators to leverage organizational information stored in enterprise directories in order to determine a set of targets for a software distribution or an inventory scan. This allows software distribution and inventory operations to be targeted by specific users, and administrators can store information about users in a single location
  • Additionally, Tivoli CM provides secure management of systems outside a corporate firewall through supporting secure software distribution and inventory operations through firewalls. Environments that have multiple levels of firewalls are also supported, which reduces security exposures inherent in managing in an extended enterprise environment, and allows a IT department to extend their management systems to support a company's or organization's customers and business partners, as well.
  • All of these management functions are conveniently provided through Administrative Consoles which run under a popular operating system such as Microsoft Corporation's Windows operating systems. By providing a single administrative console for both software distribution and inventory operations, and requiring only a single log-on for access to all IBM Tivoli Configuration Manager administrative tools, improved operational efficiency and ease of use for administrators are realized.
  • However, there still remains a primarily manual task of determining which software application programs and modules should be provisioned onto which computing systems based upon the intended user or “owner” of each system. While these types of configuration management systems greatly simplify the distribution, updating, uninstalling, and inventorying of a list or set of application programs for each computing system within the managed enterprise, they do little to help the IT administrator identify the proper application programs which should or should not be provisioned onto a particular computer or device.
  • SUMMARY OF THE INVENTION
  • The present invention automates the task of software provisioning using directory services such as Lightweight Directory Access Protocol (“LDAP”) directories and Software distribution tools such as IBM Tivoli Configuration Manager using role-based criteria for user associated with each system to be provisioned and managed. Role-based software provisioning simplifies IT management and offers an automated solution to deploy software based on user roles.
  • The present invention may be realized as an enhancement or extension to currently available software distribution tools from various system management companies such as Tivoli and Computer Associates. These software distribution tools are used to distribute software to remote and local machines, and to permit unattended software installation and maintenance. These system management tool providers, however, view the managed computer resources purely from the management perspective, thereby leaving the task of determining which specific software programs are to be configured on each user's computer up to human IT administrator.
  • Our new role-based software provisioning automatically distributes the appropriate software programs and updates to computers that are owned by users based on the role of each user in the directory, thereby avoiding the need for intensive manual efforts to determine which computers need what software.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The following detailed description when taken in conjunction with the figures presented herein provide a complete disclosure of the invention.
  • FIG. 1 a depicts a typical distributed data processing system in which the present invention may be implemented.
  • FIG. 1 b depicts a typical computer architecture that may be used within a data processing system in which the present invention may be implemented.
  • FIG. 2 depicts the organization and functions of the various networked systems according to the present invention.
  • FIG. 3 illustrates a name search request and response process.
  • FIG. 4 illustrates an LDAP event notification process.
  • FIG. 5 depicts the arrangement of systems for configuration management using the IBM Tivoli CM product as a platform.
  • FIG. 6 provides a logical process illustration according to the present invention.
  • FIG. 7 provides an enhanced logical process illustration according to the present invention wherein a license manager server is consulted to allow installation of new software or recover licenses for uninstalled software.
  • DESCRIPTION OF THE INVENTION
  • The present invention is preferably realized in conjunction with a software configuration management tool such as IBM's Tivoli Configuration Management system, or a similar tool such as those offered by Microsoft Corporation or Computer Associates. Alternatively, or in addition, the present invention may be realized in conjunction with a role-based security and access system, such as the one described in the related and incorporated patent application, or in conjunction with a role-based identity management system.
  • Suitable Computing Platforms
  • It will be readily recognized by those skilled in the art that the present invention may be realized as a software or firmware product being executed by one or more suitable computing platforms. Therefore, we first turn our attention to characteristics of suitable computing platforms for the present invention.
  • With reference now to the figures, FIG. 1 a depicts a typical network of data processing systems, each of which may implement the present invention or a portion of the present invention. A distributed data processing system (100) includes a computer network (101), which is a communication medium that may be used to provide communications links between various devices and computers connected together within the distributed data processing system (100). A computer network (101) may include permanent connections, such as wire or fiber optic cables, or temporary connections made through telephone or wireless communications. In the depicted example, two server systems (102, 103) are connected to the computer network (101) along with a storage unit (104). In addition, one or more client systems (105-107) also are connected to the network (101). The clients (105-107) and the servers (102-103) may be represented by a variety of computing devices, such as mainframes, personal computers, personal digital assistants (“PDAs”), etc. The distributed data processing system (100) may include additional servers, clients, routers, other devices, and peer-to-peer architectures that are not shown.
  • In the depicted example, the distributed data processing system (100) may also include the Internet with computer network (101) representing a worldwide collection of networks and gateways that use various protocols to communicate with one another, such as Lightweight Directory Access Protocol (“LDAP”), Transport Control Protocol/Internet Protocol (“TCP/IP”), Hypertext Transport Protocol (“HTTP”), Wireless Application Protocol (“WAP”), etc. Of course, the distributed data processing system (100) may also include a number of different types of networks, such as, for example, an intranet, a local area network (“LAN”), and/or a wide area network (“WAN”). For example, a server (102) may directly support a client (109) and network (110), which incorporates wireless communication links. A network-enabled phone (111) connects to the network (110) through a wireless link (112), and a personal digital assistance (“PDA”) (113) connects to the network (110) through a wireless link (114), too. The telephone (111) and the PDA (113) can also directly transfer data between themselves across a wireless link (115) using an appropriate technology, such as Bluetooth [TM] wireless technology or an InfraRed Data Arrangement (“IrDA”), to create so-called personal area networks or personal ad hoc networks. In a similar manner, a PDA (113) can transfer data to another PDA (117) via a wireless communication link (116).
  • The present invention could be implemented on a variety of hardware platforms; FIG. 1 a is intended as an example of a heterogeneous computing environment and not as an architectural limitation for the present invention.
  • FIG. 1 b depicts a typical computer architecture of a data processing system, such as those shown in FIG. 1 a, in which the present invention may be implemented. A data processing system (120) contains one or more central processing units (“CPUs”) (122) connected to an internal system bus (123), which interconnects random access memory (“RAM”) (124), read-only memory (126), and input/output adapter (128), which supports various I/O devices such as a printer (130), one or more disk units (132), or other devices not shown, such as a sound system, etc. The system bus (123) also connects a communication adapter (134) that provides access to communication link (136). A user interface adapter (148) connects various user devices, such as a keyboard (140) and a mouse (142), or other devices not shown, such as a touch screen, stylus, microphone, etc. A display adapter (144) connects the system bus (123) to a display device (146), such as a cathode ray tube (“CRT”), liquid crystal display (“LCD”) or plasma display.
  • Those of ordinary skill in the art will appreciate that the hardware in FIG. 1 b may vary depending on the system implementation. For example, the system may have one or more processors and one or more types of non-volatile memory. Other peripheral devices may be used in addition to or in place of the hardware depicted in FIG. 1 b. In other words, one of ordinary skill in the art would not expect to find exactly the same components or architectures within a network-enabled phone and a fully featured desktop workstation. The depicted examples are not meant to imply architectural limitations with respect to the present invention.
  • In addition to being able to be implemented on a variety of hardware platforms, the present invention may be implemented in a variety of software environments. A typical operating system may be used to control program execution within each data processing system. For example, one device may run a UNIX [TM] operating system, while another device contains a simple JAVA [TM] runtime environment. A representative computer platform may include a browser, which is a well-known software application for accessing hypertext documents in a variety of formats, such as graphic files, word processing files, eXtensible Markup Language (“XML”), Hypertext Markup Language (“HTML”), Handheld Device Markup Language (“HDML”), Wireless Markup Language (“WML”), and various other formats and types of files. Hence, it should be noted that the distributed data processing system shown in FIG. 1 b is contemplated as being fully able to support a variety of peer-to-peer subnets and peer-to-peer services.
  • While the present invention will be described with reference to preferred embodiments in which object-oriented applications are utilized, the invention is not limited to the use of an object-oriented programming language. Rather, most programming languages could be utilized in an implementation of the present invention. In the preferred embodiment, though, Java Naming and Directory Interface (“JNDI”) application programming interfaces (“APIs”) are used to provide naming and directory functionality to system management functionality written using the Java programming language. The JNDI architecture consists of an API and a service provider interface (“SPI”). Java applications use the JNDI API to access a variety of naming and directory services, while the SPI enables a variety of naming and directory services to be plugged in transparently, thereby allowing a Java application using the JNDI API to access those services, which may include LDAP, Common Object Request Broker Architecture (“CORBA”), Common Object Services (“COS”) name service, and Java Remote Method Invocation (“RMI”) Registry. In other words, JNDI allows the system administration functionality of the present invention to be independent of any specific directory service implementation so that a variety of directories can be accessed in a common way.
  • It should also be noted that the present invention may be implemented, in part or in whole, using a distinction of client functionality versus server functionality. In other words, the data representations of objects may be manipulated either by a client or by a server, but the client and server functionality may be implemented as client and server processes on the same physical device. Thus, with regard to the descriptions of the preferred embodiments herein, client and server may constitute separate remote devices or the same device operating in two separate capacities. The data and application code of the present invention may be stored in local or distributed memory.
  • Role-based Software Provisioning Architecture
  • FIG. 2 illustrates our role-based software provisioning architecture from a high level perspective (20). Computer network (21) or set of networks is used to interface a group of computing systems, including a configuration management server (22), which is preferably an IBM Tivoli Configuration Management system with a License Management option. The CM Server (22) is equipped with one or more configurable and deployable software packages (22′) which can be downloaded to any system under management and installed for use by a user of such a system. As will be described in more detail in the following paragraphs, these software packages may include original installations, updates, enhancements, or de-installation files for application programs such as, but not limited to, word processors (e.g. MS Word, Lotus WordPro), spreadsheets (e.g. MS Excel, Lotus 1-2-3), web browsers (e.g. MS Internet Explorer, Netscape Navigator), software development tools (e.g. IBM Visual Age), work flow automation clients, messaging clients (e.g. Lotus Notes, Netscape Communicator, MS Outlook), contact management packages, games, utilities, and the like. These packages may include fully independent executable modules, or plug-ins and extensions such as dynamic link libraries (“DLL”).
  • The CM Server (22) is also equipped with a Directory Service (29) protocol, as described in detail in the following paragraphs, which allows it to locate any user's computer, files or directories which are connected to the computer network (21), to modify those files and directories, and to receive notifications (e.g. “events”) when certain files and directories on those systems are changed by other computing processes.
  • Additionally, the CM Server (22) is enhanced to include our new role-based CM auto-provisioning logical processes (27), preferably including one or more standard user roles (28) which can be used to assist in defining a new user's role model, as described in further detail in the following paragraphs.
  • According to this architecture, each user of a plurality of users (User 1, User 2, . . . User N) is supplied with one or more computing systems such as a laptop computer, a desktop computer, and/or a pervasive computing device (e.g. PDA, WAP-enabled wireless telephone, PocketPC, etc.) (24, 25, 26). Virtual users may also be defined to “own” a community resource such as a server or gateway system.
  • Each of these user's computing devices is enhanced to include a directory service client (200, 202, 204) product matching the directory service protocol (29) of the enhanced CM Server (22) so as to allow the CM Server to find each of the devices (24, 25, 26), receive notifications from the devices, and make changes to those devices' files and directories. It is important to note that with selection of the appropriate directory service or directory protocol, a wide variety of computing devices (24, 25, 26) can be incorporated and maintained by this architecture, including, but not limited to, systems running Microsoft Windows [TM] operating system variants (e.g. 95/98/2000/NT/XP/CE, etc.), PalmOS [TM], IBM's OS/2, Sun Microsystem's Solaris, UNIX, Linux, or even server-class operating system such as IBM's OS/390 or AIX. Further, a mixture of these types of devices may be configured and managed by a single CM Server system, as well.
  • Each of the user devices (24, 25, 26) are also enhanced to include a user role (201, 203, 205) which defines the user's needs for software applications, as described in more detail in the following paragraphs.
  • In a general sense of operation, each computing device within the enterprise is assigned a single user or owner, where each user may own one or more computing devices. For simplification of implementation, we restrict each device to having just one assigned user, but with additional logic, it is possible to extend the present invention to allow multiple user's for a single computing device.
  • Each new user is assigned one or more “roles” which determine his or her computing needs, typically based upon his or her job description or position within the company or organization. This determines an initial set of software programs and utilities (e.g. a initial software package) to be installed on each of his or her computing devices by the CM Server.
  • When a user's role changes, the CM Server receives notification of the change via the directory service, reevaluates his or her software needs based upon his or her current role definition(s), and updates the software, provisions new software, or de-provisions (e.g. recovers unused licenses) as necessary. As the preferred embodiment includes or incorporates a highly capable CM Server, all of this provisioning and configuration management can be performed remotely and on a scheduled basis.
  • Directory Services and Protocols
  • A directory service or directory protocol allows a networked computer to find or locate any other suitably equipped computer, and to potentially copy or modify the files, folders and directories on that other computer, regardless of the hardware or operating system of the two computers, through a commonly adopted or implemented protocol. One computer can be a relatively sophisticated device such as a desktop PC or web server computer, while the other computer can be similarly sophisticated or less sophisticated such as a PDA or PocketPC.
  • There are several known Directory Service protocols available for use in the present invention, including the Internet Engineering Task Force's (“IETF”) X.500 protocol, and it's widely-adopted subset known as Lightweight Directory Access Protocol (“LDAP”), which is defined in the IETF's Request for Comments (“RFC”) number 1777. A version 3 of LDAP is defined by RFC 2251, which includes enhanced security features. X.500 and LDAP are well known in the art, as their standards (e.g. the RFC's) are readily available to the public any may be generally implemented without license or fee.
  • Additionally, there are a number of suitable alternate Directory Service protocols and products available in the market such as Microsoft Corporation's Active Directory, Novell's Network Directory Service (“NDS”), and Sun Microsystem's Java Naming and Directory Interface (“JNDI”). Many of these alternate Directory Services incorporate part or all of LDAP or X.500 (e.g. “comply with” the RFC's), but also include some proprietary or non-standard functions as well. Widespread adoption of such products as Active Directory, NDS, and JNDI has given rise to them being referred to as “open” or “standard” by those skilled in the art, but in reality, most of these products require a license to use.
  • As such, our preferred embodiment uses any suitable directory service protocol, and especially LDAP through incorporation of JNDI. In the present description, we therefore provide details with respect to an embodiment employing LDPA an JNDI, but it will be recognized by those skilled in the art that other directory services and directory protocols may be used as well.
  • LDAP directories have become ubiquitous in the enterprise IT environment, and as such, our invention leverages the functionality they provide. The LDAP directories are the primary user repository in many enterprises. These directories also contain resources information such as computers and printers. The directories are very efficient in storing and retrieving user and resources information and the relationship that exists between users and resources.
  • LDAP is a software-based protocol for enabling anyone or any networked system to locate organizations, individuals, and other resources such as computer files and devices in a network. These resources may be located on the “public” Internet, or on a corporate intranet. LDAP is a subset of X.500, a broader standard for directory services in a network. Many vendors of software have adopted LDAP or have made their products compliant with LDAP, including IBM, Cisco, Microsoft and Novell.
  • In a computer networked environment, a “directory” indicates where in the network something is located. The domain name system (“DNS”) is the directory system used on TCP/IP networks such as the Internet, which relates domain names to a specific network addresses. If a domain name is unknown, a directory service such as LDAP allows a person or system to search on other criteria. For example, as shown in FIG. 3, a directory server (31) (a.k.a. an LDAP Directory System Agent or DSA) may receive a name search request (34) from a first client device (32), access a database (36) which correlates information to names and network addresses, and return (35) a network name (e.g. a URL), network address (e.g. IP address), or both to the first client (32) regarding the location and/or name of a second client (33) on the network. With respect to the present invention, this type of search and location function is useful to find the devices assigned to a user when configuring the software on those devices. The IETF RFC's fully explain the LDAP messaging protocol and search protocol.
  • JNDI (“Java Naming and Directory Interface”) is one available programming paradigm which supports both LDAP client and server functions in the Java environment, and as such, is an aspect of our preferred embodiment. It will be recognized by those skilled in the art that other programming paradigms support LDAP functions as well, and can be alternately used to realize the present invention.
  • JNDI, which is part of the Java Enterprise application programming interface (“API”) set, enables Java platform-based applications to access multiple naming and directory services, some of which are LDAP functions. JNDI allows developers to create portable applications that are enabled for a number of different naming and directory services, including: file systems; directory services such as LDAP, Novell Directory Services, and Network Information System (“NIS”); as well as distributed object systems such as the Common Object Request Broker Architecture (“CORBA”), Java Remote Method Invocation (“JRMI”), and Enterprise JavaBeans (“EJB”).
  • JNDI allows an LDAP client to register as a “listener” to events posted by LDAP event sources. When a watched file or resource on the LDAP event source changes (e.g. is modified, deleted or added), the event source device sends an event notification to all registered “listeners”. For example, as shown in FIG. 4, a first client device (32) may register as an event listener for changes to the LDAP directory resources (42) (e.g. files and folders) on a second client (33). When one of these resources (42) is changed, the second client (33) sends an event notification (41) to the registered listener, the first client device (32). The first client device can then act appropriately in response to the event.
  • For our purposes, the present invention employs event notification to know when a user's role has been changed. As shown in FIG. 4, the user's role (203) including his or her identification (e.g. name, employee number, member number, etc.) are stored within the LDAP directory or file system (42). During initial system configuration, this role is downloaded from the CM Server into the local LDAP directory of the client device. Later, when the user's role changes (e.g. job function is modified), an event is posted to the CM Server (shown as client 1 in this figure), which triggers our role-based CM logical processes. These logical processes and role definitions are defined in more detail in the following paragraphs.
  • Configuration Management Systems
  • In general, the various CM systems available on the market operate on similar concepts and functional arrangements. Shown in FIG. 5 are some details of the Tivoli CM architecture, but it will be readily apparent to those skilled in the art that the present invention may be realized in conjunction with other CM tools and systems, as well as with role-based security and access systems and/or identity management systems. The present description includes details of our preferred embodiment using the Tivoli CM, but it will be recognized by those skilled in the art that these other configurations may also be implemented without departing from the scope of the present invention.
  • Turning to FIG. 5, an arrangement (50) of several networked devices is shown. The Tivoli CM Server (22) operates as a centralized organizer of software installation, updating, and inventorying logic, drawing its various configuration definitions from a configuration repository (52) and its application program files for installation and download from a source host (54). An inventory data handler (51) is also preferably provided which provides periodic inventory scans of installed bases of software on the managed devices. A repeater server (not shown) may be deployed to hold software packages for later distribution from the CM sever (53) to realize multicasting on a scheduled basis, as previously described.
  • According to our preferred arrangement, each organizational department is optionally provided with a departmental gateway (55, 56) through which a plurality of user devices (24, 25, 57, 58) are accessible using the directory service protocol (e.g. LDAP in our preferred embodiment). In this arrangement (50), the normal functions of the CM Server such as new device configuration, installation of application programs, updating of application programs, and de-installation of application programs can be accomplished in the usual manner.
  • As shown in FIG. 2 and previously described, the CM Server (22) is modified to include or have remote call access to our new role-based CM logic, which preferably includes one or more model or standard user role definitions for assistance in provisioning new systems for new users.
  • User Role Definitions
  • Also as previously discussed and shown in FIG. 2, each user's device is configured to include a user role definition (201, 203, 205) in the directory served by the LDAP client. This user role definition is preferably in the form of a file, but may alternately be stored in other manners so long as it can be initially created, written or downloaded from the remote CM server, and it can be monitored such that changes to it result in an event notification being sent to the CM server and the role-based CM logical processes (27).
  • For example, Table 1 shows an example of a model role definition (28) for a technical support specialist, while Table 2 shows an example of a model role definition (28) for a sales person, whose software needs have been previously described.
  • TABLE 1
    Model Technical Support Role Definition
    <CM_role_definition>
    <CM_role_name> Tech_support </CM_role_name>
    <user_name> TBD </user_name>
    <device>
    <device_description> IBM ThinkPad </device_description>
    <OS> Linux Ver. 9.0 </OS>
    <networking> TCPIP_pkg_15 </networking>
    <application_programs>
    Lotus WordPro;
    Lotus 1-2-3;
    IBM Visual Age;
    IBM_inside_trouble_tkt_client;
    </application_programs>
    </device>
    <device>
    <device_description> Palm Tungsten </device_description>
    <OS> native </OS>
    <networking> native </networking>
    <application_programs>
    Lotus WordPro_reader_for_PalmOS;
    IBM_inside_trouble_tkt_reader_for_PalmOS;
    </application_programs>
    </device>
    </CM_role_definition>
  • As can be seen from Table 1, an undesignated (e.g. new) technical support person would normally be configured with certain programs for his or her laptop computer (e.g. an IBM ThinkPad) and his or her Palm PDA.
  • TABLE 2
    Model Saleperson Role Definition
    <CM_role_definition>
    <CM_role_name> Sales </CM_role_name>
    <user_name> TBD </user_name>
    <device>
    <device_description> IBM ThinkPad </device_description>
    <OS> Linux Ver. 9.0 </OS>
    <networking> TCPIP_pkg_15 </networking>
    <application_programs>
    Lotus WordPro;
    Lotus 1-2-3;
    Goldmine Ver. 12;
    </application_programs>
    </device>
    <device>
    <device_description> Palm Tungsten </device_description>
    <OS> native </OS>
    <networking> native </networking>
    <application_programs>
    Lotus WordPro_reader_for_PalmOS;
    Lotus 1-2-3_reader_for_PalmOS;
    Goldmine_reader_for_PalmOS;
    </application_programs>
    </device>
    </CM_role_definition>
  • Table 2 shows a different configuration of software to be loaded onto new devices (e.g. a laptop and a PDA) for new sales persons. These examples are shown in a markup language format such as eXtensible Markup Language (“XML”), but could equally well be implemented in binary, text, or other formats.
  • To effect assignment of a user role to a specific device during initial configuration, the role-based CM logic must assign a user name or other identifier (e.g. user number, employee number, etc.) to the model role definition, allow the IT administrator to modify the model role definition through the administration console, and then to download the role definition into the appropriate machine(s) as needed. For example, in our preferred embodiment, only the portion of the role definitions which applies to a particular device is downloaded into that device's LDAP directory, such as only downloading the laptop definitions to a laptop computer, and only downloading the PDA definitions to a PDA device. Alternatively, though, the entire user role definition may be stored in each device assigned to a user which would allow polling of any of the user's device to obtain a full description of all of the user's devices.
  • Also, during initial configuration of each device, the appropriately designated software packages as listed in the role definitions, are prepared and remotely installed by the CM Server onto the user's devices in the conventional manner.
  • After initial configuration, an IT administrator may retrieve a user's role definitions from one or more of the user's devices using the directory services, modify the role, and re-download it to the device(s). Or, the user may modify his or her own role definitions, which would trigger an event notification and appropriate software changes, as described in the following paragraphs.
  • Role-Based CM Logical Processes
  • Turning to FIG. 6, the logical processes according to our invention are shown in a generalized manner. These logical processes may be implemented as one program in a suitable programming language, or in a set of coordinated and cooperating programs in a suitable programming language, as necessary. For example, they may be implemented as Java servlets or as one C program, according to the implementer's preferences. In our preferred embodiment, these processes have been realized in a set of C and/or Java programs which remotely connect to the Configuration Manager server.
  • In one manner of starting (61) the role-based CM logic (60) such as by invocation by an IT administrator, if (62) a new user is being defined, the administrator is allowed to pick a “standard” or predefined role definition (28), such as the salespersons' or technical support specialists' role as previously described. The administrator may modify the role definitions as needed, or create an entirely new role definition, using as suitable editor such as an XML editor. This role definition is then stored for later download to the user's device(s) along with the indicated software packages during initial installation.
  • If (64) the user already has a defined role but a new device is being added for the user (e.g. the user has a new PDA but previously had a desktop PC configured), the logical process allows the new device to be configured (65) with the software packages as indicated by the role definitions for that user, including downloading of the role definition into the user's device(s), until all the devices (67) have been properly configured.
  • If (69) the role of the user is to be changed, then the IT administrator is provided an opportunity to consult the existing role definitions and modify them for that user (600), followed by reconfiguring (65) the software applications on each device which is affected by the role change (e.g. uninstalling a package, upgrading a package, or installing a package), until all the devices (67) have been properly configured.
  • Upon receipt of a change event notification via the directory service protocol (41) as a result of a user's change to his or her own role definitions (or as the result of a remote administrator changing the role definitions), the change to the role is automatically analyzed (600) with optional administrator review, followed by automatic reconfiguration (66) of the affected devices until all the devices (67) have been properly configured.
  • In keeping with the periodic inventory functions of the conventional CM Server systems, these logical processes may also be automatically initiate periodically as well, allowing all of the user's devices to be periodically automatically reconfigured to have only the software packages needed according to their current roles.
  • Additionally, in keeping with the license management and recovery functions of the conventional CM Server systems, the logical processes of the present invention will assist in automatically recovering unused software licenses due to user role changes which otherwise would go wastefully allocated until the next manual inventory of that user's software configurations.
  • Integration to Role-Based Security Systems or Identity Management Systems
  • As previously mentioned, the present invention may alternatively be implemented in conjunction with available role-based security and access systems such as the system described in the related patent application, allowing role definitions of such a system to be utilized in the automatic configuration of user's devices. It is within the skill of those in the art to adapt the presently described embodiment to this alternate embodiment when provided with the description contained herein.
  • Integration of License Manager Server
  • According to another aspect of a preferred embodiment, a license management server such as the Tivoli License Manager (“TLM”) (59) shown in FIG. 5 is incorporated into the overall system arrangement, and the logical processes of the invention are adapted to interface to the license manager server as described in the following paragraphs.
  • Tivoli License Manager is a well-known system, often employed in conjunction with the Tivoli Configuration Manager system, which provides a comprehensive software asset management function for organizations large and small. TLM tracks the number of owned or leased software licenses, where they are deployed, and how many are unused. When a new computer is configured with one or more software packages, TLM can take the licenses out of available inventory and record them (500) as being installed on the new computer. If a software package on a computer is uninstalled, TLM can “recover” that license, putting it back into available inventory. Using TLM, an enterprise can more efficiently manage their investment in software licenses, avoid over spending on unnecessary licenses, and comply with copyright and end user license agreement (“EULA”) provisions. It will be recognized by those skilled in the art, however, that alternate license manager systems and platforms may be used in place of the Tivoli product without departing from the scope of the present invention.
  • Turning to FIG. 7, an enhanced logical process (70) according to the present invention is shown which utilizes such a license manager for license management and recovery. Whenever a role is changed or created, an LDAP event is generated and handled as previously described (61, 62, 63, 64, 69, 600), however instead of proceeding directly to configuring one or more software packages onto the affected computer, a license manager server (59) is consulted (71) to determine if it is permissible to add the software package(s) to the computer. If the role change results in the removal or uninstallation of one or more software packages, the consultation (71) also notifies the license manager server (59) to return the license to available inventory (e.g. recover the license(s)).
  • CONCLUSION
  • The present invention may be realized in a variety of forms, programming languages, methodologies, and operating systems on a variety of computing platforms without departure from the spirit and scope of the present invention. A number of example embodiment details have been disclosed as well as optional aspects of the present invention in order to illustrate the invention, but which do not define the scope of the invention. Therefore, the scope of the present invention should be determined by the following claims.

Claims (23)

  1. 1. A method for automatically provisioning a networked device with one or more software programs comprising the steps of:
    associating with said user and a networked device at least one computer-readable role definition, said role definition containing at least one software package identifier according to an organizational role to be performed by said user;
    storing said role definition in a medium using a directory service protocol;
    retrieving a software package as identified by said software package identifier; and
    configuring said device with said retrieved software package using said directory service protocol.
  2. 2. The method as set forth in claim 1 further comprising the steps of:
    configuring said device to send an event notification to a configuration management system upon modification of said stored role definition;
    reevaluating the software package requirements of said device with respect to said modified stored role definition; and
    reconfiguring said device's software packages according to said modified role definition including uninstalling any software packages no longer needed for said modified role.
  3. 3. The method as set forth in claim 1 further comprising providing a Configuration Management tool to perform said steps of storing, retrieving and configuring.
  4. 4. The method as set forth in claim 1 further comprising providing a directory service protocol selected from the list of X.500, Lightweight Directory Access Protocol, Active Directory, and Network Directory Service.
  5. 5. The method as set forth in claim 2 wherein said step of configuring said device to send an event notification comprises configuring said device to send a Lightweight Directory Access Protocol event notification.
  6. 6. The method as set forth in claim 2 wherein said step of configuring said device to send an event notification comprises configuring said device to send a Java Naming and Directory Interface event notification.
  7. 7. The method as set forth in claim 1 wherein said steps of retrieving a software package and configuring said device with said retrieved software package comprises consulting a license management server to obtain permission to install said software package, and if permission is denied, suppressing configuration of said device with said retrieve software package.
  8. 8. The method as set forth in claim 2 wherein said steps of reevaluating the software package requirements of said device with respect to said modified stored role definition and reconfiguring said device's software packages according to said modified role definition including uninstalling any software packages no longer needed for said modified role further comprise notifying a license manager server of said uninstalled software package such that related licenses may be recovered.
  9. 9. A computer readable medium encoded with software for automatically provisioning a networked device with one or more software programs, said software performing the steps of:
    associating with said user and a networked device at least one computer-readable role definition, said role definition containing at least one software package identifier according to an organizational role to be performed by said user;
    storing said role definition in a medium using a directory service protocol;
    retrieving a software package as identified by said software package identifier; and
    configuring said device with said retrieved software package using said directory service protocol.
  10. 10. The computer readable medium as set forth in claim 9 further software for performing the steps of:
    configuring said device to send an event notification to a configuration management system upon modification of said stored role definition;
    reevaluating the software package requirements of said device with respect to said modified stored role definition; and
    reconfiguring said device's software packages according to said modified role definition including uninstalling any software packages no longer needed for said modified role.
  11. 11. The computer readable medium as set forth in claim 9 further comprising software including a Configuration Management tool configured to perform said steps of storing, retrieving and configuring software packages.
  12. 12. The computer readable medium as set forth in claim 9 further comprising software for providing a directory service protocol selected from the list of X.500, Lightweight Directory Access Protocol, Active Directory, and Network Directory Service.
  13. 13. The computer readable medium as set forth in claim 10 wherein said software for configuring said device to send an event notification comprises software for configuring said device to send a Lightweight Directory Access Protocol event notification.
  14. 14. The computer readable medium as set forth in claim 9 wherein said software for configuring said device to send an event notification comprises software for configuring said device to send a Java Naming and Directory Interface event notification.
  15. 15. The computer readable medium as set forth in claim 9 wherein said software for retrieving a software package and configuring said device with said retrieved software package comprises software for consulting a license management server to obtain permission to install said software package, and if permission is denied, and for suppressing configuration of said device with said retrieve software package.
  16. 16. The computer readable medium as set forth in claim 10 wherein said software for reevaluating the software package requirements of said device with respect to said modified stored role definition and reconfiguring said device's software packages according to said modified role definition including uninstalling any software packages no longer needed for said modified role further comprises software for a notifying license manager server of said uninstalled software package such that related licenses may be recovered.
  17. 17. A system for automatically provisioning a networked computing device with one or more software programs, said system comprising:
    at least one computer-readable role definition associated with said user and a networked device, said role definition containing at least one software package identifier according to an organizational role to be performed by said user, said role definition being stored in a medium using a directory service protocol;
    a software package retriever for retrieving a software package as identified by said software package identifier in said role definition; and
    a system configurator for configuring said networked computing device with said retrieved software package using a directory service protocol.
  18. 18. The system as set forth in claim 17 wherein said system configurator is further adapted to configure said networked computing device to send an event notification to a configuration management system upon modification of said stored role definition; reevaluate the software package requirements of said networked computing device with respect to said modified stored role definition; and reconfigure said device's software packages according to said modified role definition including uninstalling any software packages no longer needed for said modified role.
  19. 19. The system as set forth in claim 17 further comprising a Configuration Management tool adapted perform said steps of storing, retrieving and configuring.
  20. 20. The system as set forth in claim 17 further comprising a directory service protocol selected from the list of X.500, Lightweight Directory Access Protocol, Active Directory, and Network Directory Service.
  21. 21. The system as set forth in claim 18 wherein said configurator is adapted to configure said networked computing device to send a Lightweight Directory Access Protocol event notification.
  22. 22. The system as set forth in claim 18 wherein said configurator is adapted to configure said networked computing device to send a Java Naming and Directory Interface event notification.
  23. 23. The system as set forth in claim 17 further comprising a License Management tool adapted to manage an inventory of software package licenses.
US12146764 2003-12-04 2008-06-26 On-Demand active role-based software provisioning Abandoned US20080263543A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10728162 US7409463B2 (en) 2003-12-04 2003-12-04 On-demand active role-based software provisioning
US12146764 US20080263543A1 (en) 2003-12-04 2008-06-26 On-Demand active role-based software provisioning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12146764 US20080263543A1 (en) 2003-12-04 2008-06-26 On-Demand active role-based software provisioning

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10728162 Continuation US7409463B2 (en) 2003-12-04 2003-12-04 On-demand active role-based software provisioning

Publications (1)

Publication Number Publication Date
US20080263543A1 true true US20080263543A1 (en) 2008-10-23

Family

ID=34633638

Family Applications (2)

Application Number Title Priority Date Filing Date
US10728162 Active - Reinstated 2026-08-28 US7409463B2 (en) 2003-12-04 2003-12-04 On-demand active role-based software provisioning
US12146764 Abandoned US20080263543A1 (en) 2003-12-04 2008-06-26 On-Demand active role-based software provisioning

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10728162 Active - Reinstated 2026-08-28 US7409463B2 (en) 2003-12-04 2003-12-04 On-demand active role-based software provisioning

Country Status (1)

Country Link
US (2) US7409463B2 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080072316A1 (en) * 2006-08-29 2008-03-20 David Yu Chang Dynamically configuring extensible role based manageable resources
US20080141244A1 (en) * 2006-12-12 2008-06-12 Kelley Brian Harold Apparatus and methods for client-driven server-side installation
US20090037931A1 (en) * 2007-07-31 2009-02-05 General Instrument Corporation Method and Apparatus for a Dynamic and Real-Time Configurable Software Architecture for Manufacturing Personalization
US20100083245A1 (en) * 2008-09-26 2010-04-01 Dehaan Michael Paul Methods and systems for managing network connections associated with provisioning objects in a software provisioning environment
US20110023123A1 (en) * 2009-07-24 2011-01-27 Oracle International Corporation Licensed feature enablement manager
US20120036558A1 (en) * 2010-08-06 2012-02-09 Oracle International Corporation Secure access management against volatile identity stores
US20120324440A1 (en) * 2011-06-16 2012-12-20 Microsoft Corporation Cloud based management of an in-store device experience
CN102882947A (en) * 2011-09-14 2013-01-16 微软公司 Automation desktop service supply
CN102929685A (en) * 2011-09-15 2013-02-13 微软公司 Automated infrastructure provisioning
US9100297B2 (en) 2008-08-20 2015-08-04 Red Hat, Inc. Registering new machines in a software provisioning environment
US9558195B2 (en) 2009-02-27 2017-01-31 Red Hat, Inc. Depopulation of user data from network
US9645914B1 (en) * 2013-05-10 2017-05-09 Google Inc. Apps store with integrated test support
US20170322787A1 (en) * 2015-05-29 2017-11-09 Adobe Systems Incorporated Providing enterprise product bundles as a cloud-based service

Families Citing this family (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7409463B2 (en) * 2003-12-04 2008-08-05 International Business Machines Corporation On-demand active role-based software provisioning
US8285578B2 (en) * 2004-01-21 2012-10-09 Hewlett-Packard Development Company, L.P. Managing information technology (IT) infrastructure of an enterprise using a centralized logistics and management (CLAM) tool
CA2463006A1 (en) * 2004-01-27 2005-07-27 Wrapped Apps Corporation On demand provisioning of web applications
US20050246762A1 (en) * 2004-04-29 2005-11-03 International Business Machines Corporation Changing access permission based on usage of a computer resource
US20050262094A1 (en) * 2004-05-20 2005-11-24 Bea Systems, Inc. Systems and methods for enterprise collaboration
US20050262185A1 (en) * 2004-05-20 2005-11-24 Bea Systems, Inc. Systems and methods for a collaboration messaging framework
US20050262093A1 (en) * 2004-05-20 2005-11-24 Bea Systems, Inc. Systems and methods for a collaboration client
US20050278294A1 (en) * 2004-05-20 2005-12-15 Bea Systems, Inc. Systems and methods for a collaboration presence framework
US20050262006A1 (en) * 2004-05-20 2005-11-24 Bea Systems, Inc. Systems and methods for a collaboration server
US20050262007A1 (en) * 2004-05-21 2005-11-24 Bea Systems, Inc. Systems and methods for a collaborative call center
US20050262092A1 (en) * 2004-05-21 2005-11-24 Bea Systems, Inc. Systems and methods for collaboration dynamic pageflows
US20060031497A1 (en) * 2004-05-21 2006-02-09 Bea Systems, Inc. Systems and methods for collaborative content storage
US20060004690A1 (en) * 2004-05-21 2006-01-05 Bea Systems, Inc. Systems and methods for dynamic configuration of a collaboration
US20050262075A1 (en) * 2004-05-21 2005-11-24 Bea Systems, Inc. Systems and methods for collaboration shared state management
US20060031234A1 (en) * 2004-05-21 2006-02-09 Brodi Beartusk Systems and methods for a collaborative group chat
US20060010205A1 (en) * 2004-05-21 2006-01-12 Bea Systems, Inc. Systems and methods for collaboration impersonation
US20050273382A1 (en) * 2004-05-21 2005-12-08 Bea Systems, Inc. Systems and methods for collaborative co-navigation
US20050262095A1 (en) * 2004-05-21 2005-11-24 Bea Systems, Inc. Systems and methods for collaboration interceptors
US20060200419A1 (en) * 2005-02-24 2006-09-07 Cook Johanna M System and method for user role based product license generation
US20060190408A1 (en) * 2005-02-24 2006-08-24 Cook Johanna M System and method for customized bundled license generation
US7793284B2 (en) * 2005-03-25 2010-09-07 Microsoft Corporation Role based server installation and configuration
US9037532B1 (en) * 2005-04-27 2015-05-19 Netapp, Inc. Centralized storage of storage system resource data using a directory server
EP1760989A1 (en) * 2005-08-30 2007-03-07 Alcatel Web Services in a peer to peer network
US7676803B2 (en) * 2005-12-06 2010-03-09 Dell Products L.P. Method of defining packaging applicability
US20080109396A1 (en) * 2006-03-21 2008-05-08 Martin Kacin IT Automation Appliance And User Portal
US8984534B2 (en) * 2006-03-31 2015-03-17 British Telecommunications Public Limited Company Interfacing between a receiving component of a server application and a remote application
WO2007113533A1 (en) * 2006-03-31 2007-10-11 British Telecommunications Public Limited Company Xml-based transfer and a local storage of java objects
US8655712B2 (en) * 2006-04-03 2014-02-18 Ca, Inc. Identity management system and method
US20070233600A1 (en) * 2006-04-03 2007-10-04 Computer Associates Think, Inc. Identity management maturity system and method
US8769604B2 (en) 2006-05-15 2014-07-01 Oracle International Corporation System and method for enforcing role membership removal requirements
US20080005026A1 (en) * 2006-06-30 2008-01-03 Microsoft Corporation Automatic software registration
US8387038B2 (en) * 2006-08-14 2013-02-26 Caterpillar Inc. Method and system for automatic computer and user migration
US8850388B2 (en) * 2006-09-07 2014-09-30 Microsoft Corporation Controlling application features
US20080065551A1 (en) * 2006-09-07 2008-03-13 Cadence Design Systems, Inc. Auto-detecting and downloading licensed computer products
GB0621300D0 (en) * 2006-10-26 2006-12-06 Ibm Configuring a software product
US8255904B2 (en) * 2006-12-08 2012-08-28 Hewlett-Packard Development Company, L.P. System and method for generating a distributable software package
US8136090B2 (en) * 2006-12-21 2012-03-13 International Business Machines Corporation System and methods for applying social computing paradigm to software installation and configuration
US8539473B2 (en) * 2007-01-30 2013-09-17 Microsoft Corporation Techniques for providing information regarding software components for a user-defined context
US8028048B2 (en) * 2007-02-27 2011-09-27 International Business Machines Corporation Method and apparatus for policy-based provisioning in a virtualized service delivery environment
JP4979414B2 (en) 2007-02-28 2012-07-18 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation The management server for provisioning the plurality locales mixed environment, the computer pro Blum and methods
US8719894B2 (en) 2007-03-29 2014-05-06 Apple Inc. Federated role provisioning
US8156516B2 (en) * 2007-03-29 2012-04-10 Emc Corporation Virtualized federated role provisioning
DE102007025892A1 (en) * 2007-06-01 2008-12-11 Phoenix Contact Gmbh & Co. Kg Tool recognition in Profinet
US7958459B1 (en) * 2007-07-27 2011-06-07 Workday, Inc. Preview related action list
GB2488465B (en) 2007-09-07 2013-01-09 Kace Networks Inc Architecture and protocol for extensible and scalable communication
CN101453367B (en) * 2007-11-30 2011-12-28 华为技术有限公司 Software deployment method and system and software deployment server and user server
US8495182B1 (en) * 2008-04-02 2013-07-23 Bank Of America Corporation Scalable systems management abstraction framework
US7506038B1 (en) 2008-05-29 2009-03-17 International Business Machines Corporation Configuration management system and method thereof
US8688845B2 (en) * 2008-06-27 2014-04-01 Microsoft Corporation Remote computing session feature differentiation
US9047479B1 (en) * 2008-09-12 2015-06-02 Salesforce.Com, Inc. System, method and computer program product for providing a team object in association with an object
US9727320B2 (en) * 2009-02-25 2017-08-08 Red Hat, Inc. Configuration of provisioning servers in virtualized systems
JP2010211469A (en) * 2009-03-10 2010-09-24 Canon Inc Information processor, information processing method, and program
JP5368147B2 (en) * 2009-04-02 2013-12-18 フェリカネットワークス株式会社 Communication device, the information processing apparatus, a program and a reader-writer providing system,
US9112928B2 (en) * 2009-05-29 2015-08-18 Nokia Technologies Oy Method and apparatus for automatic loading of applications
US9223946B1 (en) * 2009-10-29 2015-12-29 Hewlett Packard Enterprise Development Lp Specification and configuration of management intent
US20110113474A1 (en) * 2009-11-11 2011-05-12 International Business Machines Corporation Network system security managment
US9317267B2 (en) * 2009-12-15 2016-04-19 International Business Machines Corporation Deployment and deployment planning as a service
US9893955B2 (en) * 2009-12-30 2018-02-13 At&T Intellectual Property I, L.P. Methods, systems and computer program products for identity and access management
US8589864B2 (en) * 2010-01-26 2013-11-19 International Business Machines Corporation Automating the creation of an application provisioning model
US8843904B2 (en) * 2010-01-26 2014-09-23 International Business Machines Corporation Automated building and retargeting of architecture-dependent assets
US8566917B2 (en) * 2010-03-19 2013-10-22 Salesforce.Com, Inc. Efficient single sign-on and identity provider configuration and deployment in a database system
US8631333B2 (en) 2010-06-07 2014-01-14 Microsoft Corporation Feature set differentiation by tenant and user
GB2519790B (en) * 2013-10-30 2017-07-12 1E Ltd Configuration of network devices
US9692748B2 (en) 2014-09-24 2017-06-27 Oracle International Corporation Unified provisioning of applications on devices in an enterprise system
US10083323B1 (en) 2014-12-31 2018-09-25 Wells Fargo Bank, N.A. Strategy based feature disablement
US9973483B2 (en) 2015-09-22 2018-05-15 Microsoft Technology Licensing, Llc Role-based notification service

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6157953A (en) * 1998-07-28 2000-12-05 Sun Microsystems, Inc. Authentication and access control in a management console program for managing services in a computer network
US6418554B1 (en) * 1998-09-21 2002-07-09 Microsoft Corporation Software implementation installer mechanism
US20020129356A1 (en) * 2001-01-05 2002-09-12 International Business Machines Corporation Systems and methods for service and role-based software distribution
US20020147801A1 (en) * 2001-01-29 2002-10-10 Gullotta Tony J. System and method for provisioning resources to users based on policies, roles, organizational information, and attributes
US20020156904A1 (en) * 2001-01-29 2002-10-24 Gullotta Tony J. System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations
US20020194584A1 (en) * 2001-04-30 2002-12-19 Suorsa Raymond E. Automated provisioning of computing networks using a network database model
US20030018964A1 (en) * 2001-07-19 2003-01-23 International Business Machines Corporation Object model and framework for installation of software packages using a distributed directory
US20030037044A1 (en) * 2001-05-29 2003-02-20 David Boreham Enumerated roles in a directory system
US20030115196A1 (en) * 2001-05-29 2003-06-19 David Boreham Method and system for sharing entry attributes in a directory server using class of service
US20030126137A1 (en) * 2001-06-18 2003-07-03 The Procter & Gamble Company Dynamic group generation and management
US6594700B1 (en) * 1999-06-14 2003-07-15 International Business Machines Corporation System and method for implementing a universal service broker interchange mechanism
US20030145317A1 (en) * 1998-09-21 2003-07-31 Microsoft Corporation On demand patching of applications via software implementation installer mechanism
US20030196080A1 (en) * 2002-04-16 2003-10-16 Izecom B.V. Secure communication via the internet
US20050125509A1 (en) * 2003-12-04 2005-06-09 International Business Machines Corporation On-demand active role-based software provisioning
US20050125358A1 (en) * 2003-12-04 2005-06-09 Black Duck Software, Inc. Authenticating licenses for legally-protectable content based on license profiles and content identifiers
US20050207432A1 (en) * 2004-03-19 2005-09-22 Commoca, Inc. Internet protocol (IP) phone with search and advertising capability
US6957186B1 (en) * 1999-05-27 2005-10-18 Accenture Llp System method and article of manufacture for building, managing, and supporting various components of a system
US7103681B2 (en) * 2003-06-19 2006-09-05 Nokia Corporation System for rendering multimedia messages by providing, in a multimedia message, URL for downloadable software to receiving terminal
US7181731B2 (en) * 2000-09-01 2007-02-20 Op40, Inc. Method, system, and structure for distributing and executing software and data on different network and computer devices, platforms, and environments
US20070089174A1 (en) * 2005-10-14 2007-04-19 David M. Bader Content management system and method for DRM enforcement in a client-server system
US7350191B1 (en) * 2003-04-22 2008-03-25 Noetix, Inc. Computer implemented system and method for the generation of data access applications
US20080250510A1 (en) * 2007-04-05 2008-10-09 Jon Stevens Distribution channel loss protection for electronic devices
US7594112B2 (en) * 2003-10-10 2009-09-22 Bea Systems, Inc. Delegated administration for a distributed security system

Patent Citations (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6157953A (en) * 1998-07-28 2000-12-05 Sun Microsystems, Inc. Authentication and access control in a management console program for managing services in a computer network
US6418554B1 (en) * 1998-09-21 2002-07-09 Microsoft Corporation Software implementation installer mechanism
US20030145317A1 (en) * 1998-09-21 2003-07-31 Microsoft Corporation On demand patching of applications via software implementation installer mechanism
US6957186B1 (en) * 1999-05-27 2005-10-18 Accenture Llp System method and article of manufacture for building, managing, and supporting various components of a system
US6594700B1 (en) * 1999-06-14 2003-07-15 International Business Machines Corporation System and method for implementing a universal service broker interchange mechanism
US7181731B2 (en) * 2000-09-01 2007-02-20 Op40, Inc. Method, system, and structure for distributing and executing software and data on different network and computer devices, platforms, and environments
US20020129356A1 (en) * 2001-01-05 2002-09-12 International Business Machines Corporation Systems and methods for service and role-based software distribution
US20020147801A1 (en) * 2001-01-29 2002-10-10 Gullotta Tony J. System and method for provisioning resources to users based on policies, roles, organizational information, and attributes
US20020156904A1 (en) * 2001-01-29 2002-10-24 Gullotta Tony J. System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations
US6947989B2 (en) * 2001-01-29 2005-09-20 International Business Machines Corporation System and method for provisioning resources to users based on policies, roles, organizational information, and attributes
US20020194584A1 (en) * 2001-04-30 2002-12-19 Suorsa Raymond E. Automated provisioning of computing networks using a network database model
US20030115196A1 (en) * 2001-05-29 2003-06-19 David Boreham Method and system for sharing entry attributes in a directory server using class of service
US20030037044A1 (en) * 2001-05-29 2003-02-20 David Boreham Enumerated roles in a directory system
US20030126137A1 (en) * 2001-06-18 2003-07-03 The Procter & Gamble Company Dynamic group generation and management
US20030018964A1 (en) * 2001-07-19 2003-01-23 International Business Machines Corporation Object model and framework for installation of software packages using a distributed directory
US20030196080A1 (en) * 2002-04-16 2003-10-16 Izecom B.V. Secure communication via the internet
US7350191B1 (en) * 2003-04-22 2008-03-25 Noetix, Inc. Computer implemented system and method for the generation of data access applications
US7103681B2 (en) * 2003-06-19 2006-09-05 Nokia Corporation System for rendering multimedia messages by providing, in a multimedia message, URL for downloadable software to receiving terminal
US7594112B2 (en) * 2003-10-10 2009-09-22 Bea Systems, Inc. Delegated administration for a distributed security system
US7409463B2 (en) * 2003-12-04 2008-08-05 International Business Machines Corporation On-demand active role-based software provisioning
US20050125358A1 (en) * 2003-12-04 2005-06-09 Black Duck Software, Inc. Authenticating licenses for legally-protectable content based on license profiles and content identifiers
US20050125509A1 (en) * 2003-12-04 2005-06-09 International Business Machines Corporation On-demand active role-based software provisioning
US20050207432A1 (en) * 2004-03-19 2005-09-22 Commoca, Inc. Internet protocol (IP) phone with search and advertising capability
US20070089174A1 (en) * 2005-10-14 2007-04-19 David M. Bader Content management system and method for DRM enforcement in a client-server system
US20080250510A1 (en) * 2007-04-05 2008-10-09 Jon Stevens Distribution channel loss protection for electronic devices

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080072316A1 (en) * 2006-08-29 2008-03-20 David Yu Chang Dynamically configuring extensible role based manageable resources
US7874008B2 (en) * 2006-08-29 2011-01-18 International Business Machines Corporation Dynamically configuring extensible role based manageable resources
US20080141244A1 (en) * 2006-12-12 2008-06-12 Kelley Brian Harold Apparatus and methods for client-driven server-side installation
US8645948B2 (en) * 2006-12-12 2014-02-04 Qualcomm Incorporated Apparatus and methods for client-driven server-side installation
US20090037931A1 (en) * 2007-07-31 2009-02-05 General Instrument Corporation Method and Apparatus for a Dynamic and Real-Time Configurable Software Architecture for Manufacturing Personalization
US8387011B2 (en) * 2007-07-31 2013-02-26 General Instrument Corporation Method and apparatus for a dynamic and real-time configurable software architecture for manufacturing personalization
US9100297B2 (en) 2008-08-20 2015-08-04 Red Hat, Inc. Registering new machines in a software provisioning environment
US20100083245A1 (en) * 2008-09-26 2010-04-01 Dehaan Michael Paul Methods and systems for managing network connections associated with provisioning objects in a software provisioning environment
US8612968B2 (en) * 2008-09-26 2013-12-17 Red Hat, Inc. Methods and systems for managing network connections associated with provisioning objects in a software provisioning environment
US9558195B2 (en) 2009-02-27 2017-01-31 Red Hat, Inc. Depopulation of user data from network
US20110023123A1 (en) * 2009-07-24 2011-01-27 Oracle International Corporation Licensed feature enablement manager
US8656508B2 (en) * 2009-07-24 2014-02-18 Oracle International Corporation Licensed feature enablement manager
US9218501B2 (en) * 2010-08-06 2015-12-22 Oracle International Corporation Secure access management against volatile identity stores
US20120036558A1 (en) * 2010-08-06 2012-02-09 Oracle International Corporation Secure access management against volatile identity stores
US9171314B2 (en) * 2011-06-16 2015-10-27 Microsoft Technology Licensing, Llc Cloud based management of an in-store device experience
US20120324440A1 (en) * 2011-06-16 2012-12-20 Microsoft Corporation Cloud based management of an in-store device experience
US20130067345A1 (en) * 2011-09-14 2013-03-14 Microsoft Corporation Automated Desktop Services Provisioning
CN102882947A (en) * 2011-09-14 2013-01-16 微软公司 Automation desktop service supply
CN102929685A (en) * 2011-09-15 2013-02-13 微软公司 Automated infrastructure provisioning
US9645914B1 (en) * 2013-05-10 2017-05-09 Google Inc. Apps store with integrated test support
US20170322787A1 (en) * 2015-05-29 2017-11-09 Adobe Systems Incorporated Providing enterprise product bundles as a cloud-based service

Also Published As

Publication number Publication date Type
US7409463B2 (en) 2008-08-05 grant
US20050125509A1 (en) 2005-06-09 application

Similar Documents

Publication Publication Date Title
US6510550B1 (en) Method and apparatus for providing intermittent connectivity support in a computer application
Kapadia et al. PUNCH: An architecture for Web-enabled wide-area network-computing
US5594921A (en) Authentication of users with dynamically configurable protocol stack
US6691117B2 (en) Special purpose operating system for executing a database server
US6847970B2 (en) Methods and apparatus for managing dependencies in distributed systems
US6415284B1 (en) Intelligent forms for improved automated workflow processing
US6735691B1 (en) System and method for the automated migration of configuration information
US7213231B1 (en) Cross-spectrum application model for dynamic computing environments in software lifecycle
US7149789B2 (en) Distributing software via distribution files
US7080372B1 (en) System and method for managing system configuration across a network
US7131123B2 (en) Automated provisioning of computing networks using a network database model
US7552265B2 (en) System and method for providing context information
US20020194045A1 (en) System and method for automatically allocating and de-allocating resources and services
US20040073903A1 (en) Providing access to software over a network via keys
US20050015491A1 (en) Systems, methods, and articles of manufacture for dynamically providing web services
US20030074418A1 (en) Method, apparatus and system for a mobile web client
US6345386B1 (en) Method and system for advertising applications
US20030009752A1 (en) Automated content and software distribution system
US20060253849A1 (en) Method and apparatus for enhancing manageability of software catalog, abstracting software configuration, and desired state management
US7536686B2 (en) Techniques for automatically installing and configuring database applications
US7210143B2 (en) Deployment of applications in a multitier compute infrastructure
US20020046260A1 (en) Managing networked directory services with auto field population
US20030159137A1 (en) Remote validation of installation input data
US20100058328A1 (en) Systems and methods for differential software provisioning on virtual machines having different configurations
US7529767B2 (en) System for development, management and operation of distributed clients and servers

Legal Events

Date Code Title Description
AS Assignment

Owner name: DROPBOX, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:043938/0489

Effective date: 20160629