Software – Vivian Tero, Chinna Polinati, Madhavi Puvvada, Purushottam Amradkar, Manish Gupta, Brandon Trudel, Guarav Yakhmi, Jesus Antonio CASTRO Cisneros, Viral Shah, ServiceNow Inc
Abstract for “Guided configuration class creation in remote network management platform”
“A system could include a database that is located within a remote network management portal, a server device that is disposed on the platform, and a client. The database could contain representations for configuration items such as software applications and computing devices that are part of the managed network. A graphical user interface may be provided by the server device to the client device, which could include a series of panes. A sequence of panes could include an identifier, identification rules, and reconciliation panes. Each pane could contain data entry fields that can be used to create a new type of configuration item. A server device might receive via the graphical user interface a definition for the new class which uniquely identifies configuration objects of a specific type using at most the attributes. The database may contain the definition of this new class.
Background for “Guided configuration class creation in remote network management platform”
An enterprise could use thousands of computing devices to manage and efficiently facilitate its interrelated operations. Software may be installed on each of these computing devices. Configuration management databases may contain representations of items that are associated with an enterprise. The configuration management database could include representations of computing devices, software applications, relationships, and configurations. These representations could be used by an enterprise for information technology service management and operations management, asset management as well as configuration management and compliance. Inaccuracies in these representations can negatively impact the efficiency with which these operations will be performed.”
“The embodiments described herein include, but aren’t limited to, methods by which an enterprise can facilitate the populating of a database with representations computing devices, software programs, relationships therebetween, configurations thereof, and other information. These devices, programs, relationships are sometimes referred to simply as “configuration items”. An enterprise computing device may be linked to a configuration tool class management tool, which facilitates creation of new classes configuration items. Representations of these configuration items are stored in the configuration management database. The configuration item management tool can guide the creation of new classes of configuration objects so that enterprise configuration items information is consistent and current.
“Accordingly, the first example embodiment could include a system that includes a remote database managed by a platform. A database could contain configuration items that are associated with a managed networking. Configuration items can represent any combination of computing devices or software applications that are disposed within the managed networks. A server device may be included in the system. The server device can be configured to: (i) provide an interface with a sequence panes; (ii), receive from the graphical interface a definition for a new class that uniquely identifies certain configuration items; and (iii). store the definition in the database. A sequence of panes can have an identifier pane. This pane may contain the first data entry fields that allow for the specification of a new class identifier. A sequence of panes’ identification rules pane may contain second data entry fields that allow specification of configuration item attributes that can be used to identify the new class. The sequence of panes could include third data entry fields to specify authoritative devices that have the right to modify configuration item attributes. The reconciliation pane of the sequence may be located before the identification pane.
“In a second embodiment, a method might include providing, by server device disposed within a remote network management platform, to a client device associating with a managed network a graphical user interface that includes a sequence of panels. A sequence of panes can include an identifier pane. This pane may contain first data entry fields that allow for the specification of a new class identifier. A sequence of panes’ identification rules pane may contain second data entry fields that allow specification of configuration item attributes that can be used to identify the new class. The sequence of panes could include third data entry fields to specify authoritative devices that have the right to modify configuration item attributes. The reconciliation pane of the sequence may be located before the identification pane. A server device may also receive, via the graphical user interface a definition for a new type of configuration item that uniquely identifies a specific type of configuration items. The method could also include the storage of the definition of the new type of configuration item in a remote network management platform database that includes representations of configuration items related to the managed network.
“In a third embodiment, an article may contain a non-transitory computer readable medium that contains program instructions. These instructions, when executed by a computing device, will cause it to perform operations according to the first and/or the second examples.
“In a fourth example embodiment, the computing system may contain at least one processor as well as memory, and program instructions. The program instructions can be stored in memory and, upon execution by at least one processor the computing system will perform operations according to the first or second example embodiments.
“In a fifth example embodiment, the system may include multiple means to perform each operation of the first or second example embodiment.”
These and other embodiments, aspects or advantages, as well as the alternatives, will be apparent to ordinary skill in art. Please read the detailed description below, and refer to the accompanying drawings where applicable. This summary, along with other descriptions and figures, is intended to illustrate embodiments only. As such, many variations are possible. You can, for example, combine, distribute, eliminate, or modify structural elements and processes while still staying within the scope of the embodiments.
“Examples of devices, methods, and systems are discussed in this document. The words “example” and “exemplary” should not be confused with the word “example”. The words?example? and?exemplary? are used herein to mean?serving as an example, instance, or illustration. These words are used to indicate?serving an example, instance or illustration? Any embodiment or feature described in this document as an ‘example? Any embodiment or feature described herein as being an?example? If not stated otherwise, it is not to be considered as preferable or advantageous over other embodiments and features. Other embodiments are possible and can be used without departing from this subject matter.
“Accordingly, these examples are not intended to be restrictive. You will quickly see that the elements of the present disclosure as described and illustrated in the figures can be arranged in many different ways. You can, for example, separate features into?client and?server? You might also want to separate features into?client? There may be many possible combinations of components.”
“Further,” unless the context indicates otherwise, features illustrated in the figures can be combined. The figures can be viewed as components of one or more overall embodiments. However, not all features illustrated in the figures are required for every embodiment.
“Additionally, the claims or this specification may contain elements, blocks or steps that are enumerated to clarify things. This enumeration is not meant to be implied or required that elements, blocks, and steps conform to a specific arrangement or are performed in a certain order.
“I. INTRODUCTION”
A large enterprise is complex and has many interrelated operations. These include human resources (HR), supply chains, information technology (IT), finance, and other interrelated operations. Each enterprise has its own operations that offer essential capabilities or create competitive advantages.
Enterprises typically use pre-made software packages, such as human capital management (HCM), and customer relationship management (CRM), to support widely-implemented business operations. They may need to develop custom software applications to address their specific needs. Many large enterprises have hundreds or even thousands of custom software applications. The advantages offered by the embodiments are not restricted to large enterprises. They can be applied to any type of organization or enterprise.
“Many of these software applications are created by different departments within an enterprise. These software applications can be simple spreadsheets or custom-built databases. However, siloed software applications can have many disadvantages. It can negatively impact an enterprise’s ability run and grow their business, innovate and comply with regulatory requirements. It may be difficult for the enterprise to integrate, streamline, and improve its operations because there is no single system that unifies all its subsystems or data.
A remotely hosted application platform is a great way to create custom applications. It eliminates the complexity of development. This platform would reduce repetitive, time-consuming application development tasks, so software engineers and other personnel can concentrate on creating unique, high-value features.
“In order achieve this goal, the Application Platform as a Service concept (aPaaS), was introduced to intelligently automate workflows across the enterprise. The aPaaS platform is located outside the enterprise but can access data, applications and services inside the enterprise via secure connections. An aPaaS can have many advantages and characteristics. These characteristics and advantages may help improve an enterprise’s IT, HR, CRM, customer services, application development, security, and workflow.
“The aPaaS system may support development and execution of model-view-controller (MVC) applications. MVC applications split their functionality into three interconnected components (model, controller, and view). This allows for efficient code reuse and parallel programming. These web-based applications can be created, read, update and delete (CRUD), capabilities. This allows for the creation of new applications on a shared application infrastructure.
“The aPaaS platform may allow for standard application components such as a set of widgets to develop graphical user interfaces (GUI). Applications built with the aPaaS have a common appearance. Standardization may also be applied to other software modules and components. This look and feel may be customized with custom logos or color schemes for an enterprise.
“The aPaaS platform may allow you to set up applications’ behavior using metadata. This allows applications to quickly adapt to specific requirements. This approach increases flexibility and reduces development time. The aPaaS platform may also support GUI tools to facilitate metadata creation and management. This reduces errors in metadata.
“The aPaaS platform may provide interfaces between applications that are clearly defined so that software developers can avoid undesirable inter-application dependencies. The aPaaS may also implement a service layer that stores persistent state information and other data.
The aPaaS platform may have a variety of integration capabilities that allow applications to interact with legacy and third-party apps. The aPaaS may allow for a custom employee onboarding system, which integrates with legacy IT, HR, and accounting systems.
“The aPaaS may provide enterprise-grade security. The aPaaS server may be hosted remotely. Therefore, security protocols should be used when the system interacts with other systems within the enterprise, as well as third-party networks or services hosted outside the enterprise. The aPaaS can be set up to share data with the enterprise and other parties in order to identify and prevent common security threats.
“ApaaS systems may have other features, functionality, or advantages. This description is intended as an example only and is not meant to be exhaustive.
A software developer might be given the task of creating a new application with the aPaaS platform. The developer might first define the data model. This specifies the types and relationships of the data used by the application. The developer then enters the data model via the aPaaS GUI. The aPaaS software automatically creates the relevant database tables, fields and relationships. These can then be accessed via an objectoriented services layer.
“ApaaS can also create a fully functional MVC application with client interfaces and server-side CRM logic. The generated application could be used as a basis for further development by the user. The developer doesn’t have to spend too much time developing the application. The application can also be accessed via the internet, as it is web-based. Alternately, or in addition, you may be able access a local copy of this application, for example, when Internet service is unavailable.
“The aPaaS platform may also allow for the addition of pre-defined functionality to applications. These features include the ability to search, email, templating and workflow design. They also support analytics, reporting, social media, scripting and mobile-friendly output.
“The following embodiments detail the architectural and functional aspects, as well features and benefits of example aPaaS system.”
“II. EXAMPLE COMPUTING DEVICES & CLOUD-BASED COUNTING ENVIRONMENTS
“FIG. “FIG. Computing device 100 can be either a client device (e.g. a device being actively operated by a user), or a server device (e.g. a device that provides computation services to client devices), depending on its purpose. Server devices can sometimes act as clients in order to perform specific operations. Some client devices may also include server features.
“In this example computing device 100 comprises processor 102, memory, 104, network interface (106), and an input/output un 108. All of these components may be connected by a system bus 110, or another similar mechanism. Computing device 100 can include additional components and/or peripherals in some embodiments (e.g. detachable storage devices, printers, etc.).
“Processor102 could be any combination of any type or number of computer processing elements, including a central processing unit, (CPU), co-processor (e.g. a mathematics, graphics or encryption co-processor), digital signal processors (DSP), and/or an integrated circuit or controller that performs processing operations. In some cases processor 102 could be one or more single core processors. Other times, processor 102 could be one or more multicore processors with multiple independent processor units. Register memory may be used to temporarily store instructions and related data. Cache memory is also available for temporarily storing recent-used instructions and data.
Memory 104 can be any type of computer-usable memory. This includes but is not limited to random memory (RAM), read only memory (ROM), and volatile memory (e.g. flash memory, hard drives, solid drive drives, compact discs, digital video discs, DVDs, and/or tape storage). Memory 104 can be thought of as both long-term storage and main memory units. The biological memory is another type of memory.
Memory 104 can store program instructions and/or data that program instructions might operate on. Memory 104, for example, may contain program instructions stored on a nontransitory, computer-readable media. This allows processor 102 access to the instructions in order to execute any of the processes or methods described in this specification.
“As shown at FIG. 1. Memory 104 can include firmware 104A and kernel 104B as well as applications 104C. Firmware 104A could be program code that is used to start or restart any or all of the computing devices 100. Kernel 104B could be an operating system that includes modules for memory management and scheduling, management of processes, input/output and communication. Kernel104B could also contain device drivers, which allow the operating system and the hardware modules (e.g. memory units, networking interfaces. ports, and busses) of computing device 100 to communicate. Applications 104C could be any one or more user space software applications such as email clients or web browsers, and all software libraries that are used by these programs. These and other applications may also use Memory 104 to store data.
“Input/output device 108 may allow user and peripheral device interaction with computing device 100. One or more input/output units 108 could include a keyboard, mouse, touch screen, or other devices. Input/output unit (108) may also include one or several types of output devices such as a monitor, printer, screen, or one or more light emitting Diodes (LEDs). Computing device 100 can communicate with other devices via a universal serial bus, high-definition multimedia interface (HDMI), or port interface.
“In certain embodiments, one or more instances 100 of computing device 100 can be deployed to support an APAAS architecture. Client devices may not be able to determine the exact location of these computing devices, their connectivity and configuration. The computing devices can be called “cloud-based” devices that can be located at remote data centers.”
“FIG. “FIG. FIG. FIG. 2 shows how operations of a computing device (e.g. computing device 100), may be spread between server devices 200, data storage 204 and routers 206, all of which can be connected via local cluster network208. The computing task(s), and/or applications that are assigned to server cluster 200 will affect the number of server devices, data storages, and routers 206 in server cluster 200.
Server devices 202, for example, can be configured to execute different computing tasks on computing device 100. Computing tasks can be divided among several server devices 202. If these computing tasks can be done in parallel, this distribution may reduce the time required to complete them and return a result. Server cluster 200 may be called a “server device” while individual server devices, 202, may be called a “server device”. This nomenclature can be understood to mean that server device operations may involve one or more server devices, data storage devices, cluster routers, or other devices.
“Data storage 204 could be data storage arrays with drive array controllers. These controllers are designed to manage read/write access to groups hard disk drives or solid state drives. Drive array controllers may be used alone or together with server devices 200 to create backups and redundant copies of data stored in data storage204. This is to prevent drive failures and other types of failures from preventing one or more server devices 202 accessing cluster data storage204 units. You may also use other types of memory, apart from drives.
“Routers206 could include networking equipment that provides internal and external communications to server cluster 200. Routers 206 could include packet-switching or routing devices (including switches, gateways, and routers), which can be used to provide network communications (i) between server devices 200 and data storage 204 via cluster networking 208 and/or (ii), between server cluster 200 and other devices via the communication link 210 to network 212.
“Additionally, cluster router configurations 206 can also be influenced by the data communication needs of server devices (202 and 204), the latency and throughputs of the local network 208, the cost of communication link210 and/or any other factors that could contribute to the cost and speed, fault-tolerance and resiliency of the system architecture and/or any other design goals.”
Data storage 204 could include any type of database such as a structured SQL (SQL), database. There are many data structures that can store information in such a database. These include tables, arrays lists trees and tuples. Data storage 204 databases can be either monolithic or spread across multiple physical devices.
“Server devices 200 may be configured for data transmission to and data reception from cluster data storage. These transmissions and retrievals may be performed using SQL queries or other database queries and the output thereof. You may also include additional text, images and/or audio. Server devices 202 can organize the received data into web pages. This representation could be in the form of a markup languages, such as hypertext markup Language (HTML), extensible markup Language (XML), or any other standardized or proprietary format. Server devices 202 might also be capable of executing different types of computerized scripting languages such as Perl, Python and PHP Hypertext Preprocessors (PHP), Active Server Pages, (ASP), JavaScript, etc. These languages can be used to create computer program code that allows clients to access web pages.
“III. “III.
“FIG. “FIG. This architecture consists of three components: managed network 300, remote management platform 320 and third-party network 340. They are all connected via Internet 350.
“Managed network 300” may refer to a network that a business uses for communications and computing tasks as well as data storage. Managed network 300 could include client devices 302, routers 304, routers 306, routers 306, routers 306, proxy servers 312 and virtual machines 308 respectively. Client devices 302 could be represented by computing device 100. Server devices 304 might be represented by computing device 100. Server devices 304 may also be represented by server cluster 200. Routers 306 can be any type switch, router, or gateway.
Firewall 310 could be one or more specialized routers, or server devices that protect managed networks 300 from unauthorized attempts at accessing the devices, apps, or services. Authorized communication is allowed from managed networks 300. Firewall 310 can also offer intrusion detection and web filtering, antivirus scanning, application layer gateways, as well as other services. Some embodiments are not shown in FIG. 3. Managed network 300 may contain one or more virtual private networks (VPN gateways) with which it communicates to remote network management platform (320).
“Managed network 300 could also contain one or more proxy server 312. Proxy servers 312 could be an embodiment of a server device that allows data to flow between managed network 300, remote networks management platform 320 and third-party network 340. Proxy servers 312 might be able establish and maintain secure communication session with one or more instances of remote network manager platform 320. Remote network management platform (320) may be able, through such a session to discover and manage certain aspects of managed network 300’s architecture and components. Remote network management platform 320 might also be able, possibly with the help of proxy servers 312 to find and manage third-party networks 340 which are used by managed network 300.
Firewalls such as firewall 310 typically deny communication sessions that come in via Internet 350 unless the session was initiated from behind the firewall (i.e. from a device on managed networks 300 or the firewall has been specifically configured to support it. Proxy servers 312 can be placed behind firewall 310, e.g. within managed network 300 protected by firewall310. These proxy servers 312 might be able to initiate communication sessions through firewall310. Firewall 310 may not need to be configured specifically to allow incoming sessions via remote network management platform (320), thus avoiding security risks for managed network 300.
“Managed network 300 might only contain a handful of devices and a limited number of networks in some cases. Other deployments may include multiple locations, hundreds of networks, and hundreds of thousands devices. FIG. 3. is capable of scaling up and down by orders of magnitude.”
“Furthermore depending on the size, architecture and connectivity of managed networks 300, a varying amount of proxy servers 312 could be deployed there. Each proxy server 312 could be responsible for communicating with remote platform 320 about a part of managed network 300. Alternately, or in addition, proxy servers can be assigned to a section of managed network 300. This is for load balancing, redundancy and/or high availability.
“Remote Network Management Platform 320” is a hosted environment that offers aPaaS services for users, especially to operators of managed network 300. These services can be provided via web-based portals. A user can access the remote network management platform (320) from client devices 302 or from another client device that is not part of the managed network 300. Users can design, test and deploy applications using the web-based portals. They can also view analytics and generate reports.
“As shown at FIG. Remote network management platform 320 contains four computing instances 322, 324 and 326. Each instance may be a collection of web portals and services that are available to a customer. Sometimes, multiple customers may be able to use the same computational instance. Managed network 300, for example, may be a remote network management platform 320 enterprise customer and may use computational instance 322, 324 and 326. Multiple instances may be provided to one customer because the customer may want to develop, test and deploy its own applications and services. Computing instance 322 could be used to develop applications for managed network 300. Computational instance 324 might be used to test these applications. While computational instance 326 is dedicated to live operation of the tested applications and services, computational instance 326 could be used to do so. You may also refer to a computational instance as a hosted instance or remote instance, or by another designation.
“The multi-instance architecture for remote network management platform320 is different from conventional multi-tenant architectures. Multi-instance architectures offer many advantages. Multi-tenant architectures allow data from multiple customers (e.g. enterprises) to be combined in one database. Although the customers’ data is kept separate, it is maintained by the software that manages the single database. A security breach in the system could result in all customers’ data being affected, increasing risk for entities that are subject to financial, healthcare and governmental regulation. Any database operations that affect one customer are likely to impact all customers who share that database. If a customer experiences an outage because of software or hardware issues, it will affect all customers. The same applies to databases that are being upgraded to meet specific customer needs. All customers will not be able to access the database during the upgrade. Due to the large size of the shared database, these maintenance windows can be quite lengthy.
“In contrast, the multiinstance architecture gives each customer its own database within a dedicated computing instance. This allows for the separation of customer data and allows each instance to be managed independently. If one customer’s instance goes down due to an error or upgrade, the other instances of their computing system are not affected. Because the database only holds one customer’s data, maintenance downtime is minimal. The multi-instance architecture’s simpler design allows redundant copies of each customer instance and database to be deployed in different locations. This allows for high availability and the ability to move the live instance of the customer’s account when there are faults or maintenance.
Remote network management platform (320) may be used to implement multiple instances of computational instances in a cost-effective manner. If the aPaaS is implemented on server cluster 200, for example, it might run a virtual machine that allocates different amounts of computing, storage, communication, and other resources to instances. However, server cluster 200 may not need to be fully virtualized. Other mechanisms can be used to separate the instances. Each instance might have its own account and a database on server cluster 200. Alternativly, computational instance 322 could span multiple physical devices.
“In some cases, one server cluster of remote networking platform 320 can support multiple independent businesses. Remote network management platform 320 can also include multiple clusters of servers located in geographically different data centers to aid load balancing, redundancy and high availability.
“Managed network 300 could use one or more third-party networks, 340 to provide services and applications to its customers and clients. Third-party networks 340, for example, may store music files and offer streaming and web interface. This way, managed network 300’s enterprise does not need to maintain and build its own servers.
Modules that can be integrated with third-party networks 340 may be included in the remote network management platform 320 to allow virtual machines and managed service to be exposed to managed network 300. These modules could allow users to request virtual resources or provide flexible reporting for third party networks 340. To establish this functionality, a user might first create an account with third party networks 340 and request a set or resources. Next, the user can enter account information into appropriate modules of remote networking management platform 320. These modules can then detect manageable resources and provide reports on usage, billing, and performance.
Internet 350 could represent a small portion of the global Internet. Internet 350 could be a part of a different network such as a private wide area or local-area packet switched network.
“FIG. “FIG. FIG. FIG. 4. Computing instance 322 is replicated across 400A and 400B. These data centers could be located in different locations or countries. Each data center has support equipment that allows communication with remote users and managed network 300.
“Network traffic from and to external devices flows through data center 400A either through VPN gateway 412A or firewall 402A. VPN gateway 402A can be peer with VPN gateway 412 on managed network 300 via a security protocol like Internet Protocol Security (IPSEC), or Transport Layer Security(TLS). Firewall 404A can be configured to allow authorized users (user 414, remote user 416), and to block access to unauthorized. These users can access computational instance 322, as well as other computational instances, via firewall 404A. A load balancer 406A can be used to divide traffic among one or more virtual or physical server devices that host computational example 322. The internal configuration of data center 400A (e.g. computational instance 322) can be hidden from clients using load balancer 406A to simplify user access. If computational instance 322 contains multiple computing devices, either physical or virtual, that have access to multiple databases, loadbalancer 406A can distribute network traffic and processing tasks among these computing devices and databases to ensure that no computing device or database is more busy than the other. Some embodiments of computational instance 322 include firewall 404A and VPN gateway 402A.
“Data center 400B could include its own versions the components from data center 400A. VPN gateway 402B and firewall 404B and load balancer 406B could perform similar or identical operations to VPN gateway 402A and firewall 404A and load balancer 406A, respectively. Furthermore, computational instance 322 can exist simultaneously in data centers 400A or 400B by real-time or near to-real-time replication of databases and/or other operations.
“Data centers 400A & 400B, as shown in FIG. 4, may allow for redundancy and high availability. FIG. 4 data center 400A and 400B are active, respectively in FIG. Data center 400A serves all traffic to managed network 300. The version of computational instance 322 located in data center 400B, however, is being continuously updated in near real-time. Other configurations such as one where both data centers are actively functioning may also be possible.”
“Data center 400B is able to take over the role of active data center in case data center 400A fails or becomes unavailable for users. Domain name system (DNS), servers that associate a domain of computational instance 322, with one or several Internet Protocol (IP), addresses of data centre 400A, may re-associate domain names with one or multiple IP addresses from data center 400B. Users can access computational instance 322, via data center 400B, once the re-association is complete. This may take less than a second or several seconds.
“FIG. “FIG.4” also shows a possible configuration for managed network 300. Proxy servers 312 (and user 414) may be able to access computation instance 322 via firewall 310. Proxy servers 312 can also access configuration items 414 FIG. FIG. The term “configuration items” is used to refer to any or all of the following: The term “configuration items” may refer to any physical or virtual device, any application or service remotely discovered or managed by computational example 322, or relationships among discovered devices, apps, and services. A configuration management database (CMDB), of computational instance 322, may contain configuration items.
“As mentioned above, VPN gateway 412 could provide a dedicated VPN for VPN gateway 402A. This VPN can be useful when there is significant traffic between managed network 300/computer instance 322, or when security policies require the use of a VPN. A public IP address is sometimes assigned to any device connected to managed network 300 or computational instance 322. Other devices in managed network 300 and/or computational instance 322 may be assigned private IP addresses (e.g., IP addresses selected from the 10.0.0.0-10.255.255.255 or 192.168.0.0-192.168.255.255 ranges, represented in shorthand as subnets 10.0.0.0/8 and 192.168.0.0/16, respectively).”
“IV. “IV.
Remote network management platform (320) can administer managed network 300’s applications, services, and devices. It will first identify the devices that are in managed network 300. This will include their configurations, operational statuses, and the services and applications they provide. Each device, application, service and relationship can be called a configuration item. Proxy servers 312 may facilitate the process of defining configuration items in managed network 300.
“An?application?” is used in the following embodiments. An?application? may be one or more processes or threads, programs or client modules, or any other type of software that runs on a device, group, or combination thereof. A “service” may be defined as a program that executes on a device or group of devices. A?service? could refer to high-level capabilities provided by multiple applications running on one or more different devices. A high-level web service could include multiple threads of web application servers running on one device, and accessing data from a database application running on another.
“FIG. “FIG. Remote network management platform 320, third party networks 340, Internet 350 and Internet 350 are not shown for simplicity.
“In FIG. “In FIG. The discovery commands from computational instance 322 can be transmitted to proxy servers 312. Proxy servers 312 can transmit probes to different devices, applications and services in managed network300. These applications, devices, and services can send responses to proxy server 312, and proxy server 312 may provide information to CMDB 500 to store the discovered configuration items. Configuration items in CMDB 500 are the environment for managed network 300.
“Task List 502″ is a list of activities proxy servers 312 must perform for computational instance 322. Task list 502 becomes populated as discovery occurs. Proxy servers 312 query task list 502 repeatedly, obtain the next task in therein, then perform this task until task 502 is empty or another condition has been met.”
Proxy servers 312 can be configured to provide information about subnets within managed network 300. This will facilitate discovery. Proxy servers 312 might be assigned the IP address range of 192.168.0/24 to serve as a subnet. This information may be stored in CMDB 500 by computational instance 322. Task list 502 will then be used to discover devices at each address.
“FIG. 5A shows devices, applications and services in managed network 300, as configuration items 504, 506, 508, 508 and 510. These configuration items, which can be described as physical or virtual devices (e.g. client devices, server devices or routers), as well as applications executed thereon (e.g. web servers, email servers or databases), and relationships between them.
“Placing tasks in task list 502 could trigger proxy servers 312 or cause them to start discovery. Alternately, or in addition, discovery can be manually triggered, or automatically triggered, based on triggering events. For example, discovery might automatically start once per day.
“Generally, discovery can be divided into four phases: scanning (or classification), identification (or exploration). Proxy servers 312 transmit various types of probe messages to devices within managed network 300 for each phase of discovery. These probe responses may be processed by proxy servers 312 and sent to CMDB 500. Each phase may result in additional configuration items being found and stored in CMDB500.
Proxy servers 312 can provide further information about classified devices’ operational status during the exploration phase. This phase could be based on the information obtained during the identification phase or the classification phase. Task list 502 may contain a set of tasks that proxy servers 312 can perform. Proxy servers 312 may be able to read additional information from the device such as processor information and memory information. The discovered information could be stored in CMDB 500 as one or more configuration items.
SNMP may be used to run discovery on a network device such as a router. Discovery may be used to determine additional subnets and operational status of router’s network interfaces. This includes queue length, packet drop, active, inactive, queue size, queue length, and other information. Further discovery may be possible if the IP addresses of additional subnets are available. This allows discovery to proceed iteratively, or recursively.
“A snapshot representation of each device, service, and application is made available in CMDB 500 after discovery has been completed. After discovery, information such as operating system version, network configuration details, client device and server device details, as well the applications that were executed thereon may be saved. The collected information can be displayed to the user in a variety of ways. This allows the user to see the hardware composition and operational status for devices as well as the characteristics and services that span multiple applications and devices.
“CMDB 500 can also contain entries about dependencies and relationships among configuration items. CMDB 500 may include entries regarding dependencies and relationships between configuration items. Let’s say, for example, that a database app is running on a server device and that it is being used by both a payroll service and a new employee-onboarding service. If the server device is removed from operation for maintenance, it’s clear that both the employee onboarding and payroll services will be affected. The dependencies and relationships among configuration items could also be used to indicate the services that are affected when a router goes down.
“In general, dependencies between configuration items are displayed on a web interface and presented in a hierarchical manner. This interface allows you to add, change, or remove such dependencies or relationships.
Proxy servers 312, CMDB 500 and/or one or several credential stores can be set up with credentials to allow discovery to occur in the way described above. Credentials can contain any information necessary to gain access to the devices. These could include password pairs, certificates, or userid/password pairs. These credentials can be stored in encrypted fields of CMDB500 in some embodiments. Proxy servers 312 might contain the decryption keys for the credentials, so proxy servers 312 are able to use these credentials to log in to or access devices that have been discovered.”
FIG. 5B shows the discovery process as a flowchart. 5B. Block 520 is where the task list of the computational instance is filled with, for example, a variety of IP addresses. The scanning phase begins at block 522 The scanning phase is carried out by proxy servers. They probe IP addresses of devices that use these IP addresses and attempt to identify the operating systems running on these devices. The classification phase begins at block 524. Proxy servers try to determine the operating system version for the devices. Block 526 is the time for identification. Proxy servers are used to identify the hardware configuration and/or software configurations of the devices. Block 528 is the time for exploration. Proxy servers are used to verify the operation status and the applications running on the devices. Block 530 allows for further editing of configuration items that represent the discovered devices and the applications. This editing can be either automated or manual.
“The blocks shown in FIG. 5B are examples only. The process of discovery can be highly configurable and may have multiple phases. Each phase’s operations may differ. One or more phases can be customized or modified in some cases.
“V. CMDB IDENTIFICATION RULES and RECONCILIATION”
A CMDB (such as CMDB 500) is a repository for configuration items and, when properly provisioned can play a key role within higher-level applications that are deployed within or involving a computing instance. These applications can be used for enterprise IT service management and operations management, asset management as well as configuration management and compliance.
An IT service management application might use information from the CMDB to identify applications and services that could be impacted by a component (e.g. a server device) which has crashed, malfunctioned or is overloaded. An asset management application might also use the CMDB information to identify which hardware and/or other software components are being used for particular enterprise applications. Because of the importance and value of the CMDB it is important that the data stored therein be accurate, consistent, up-to-date, and up-to date.
A CMDB can be populated in many ways. A discovery procedure can automatically store information about configuration items in the CMDB, as we have already discussed. A CMDB can be populated in whole or part by manual entry, configuration files and third-party sources. Multiple data sources can update the CMDB at once, so it is possible for one source to overwrite another. Two data sources could create slightly different entries for the exact same configuration item. This can lead to a CMDB containing duplicate information. These occurrences can lead to a decrease in the utility and health of the CMDB.
These data sources may not be able to write configuration items directly into the CMDB to help mitigate this problem. They may instead write to an identification-and reconciliation programming interface (API). The API might use a set configurable identification rules to uniquely identify the configuration items and determine if and how they are written into the CMDB.
“An identification rule is a list of attributes that can be used to create a unique identification. Priorities may be used to make it easier for higher priority rules to be considered over lower priorities. A rule can also be independent in that it identifies configuration items without regard to other configuration items. The rule could also be dependent in that it first uses a metadata rules to identify a dependent configuration.
Summary for “Guided configuration class creation in remote network management platform”
An enterprise could use thousands of computing devices to manage and efficiently facilitate its interrelated operations. Software may be installed on each of these computing devices. Configuration management databases may contain representations of items that are associated with an enterprise. The configuration management database could include representations of computing devices, software applications, relationships, and configurations. These representations could be used by an enterprise for information technology service management and operations management, asset management as well as configuration management and compliance. Inaccuracies in these representations can negatively impact the efficiency with which these operations will be performed.”
“The embodiments described herein include, but aren’t limited to, methods by which an enterprise can facilitate the populating of a database with representations computing devices, software programs, relationships therebetween, configurations thereof, and other information. These devices, programs, relationships are sometimes referred to simply as “configuration items”. An enterprise computing device may be linked to a configuration tool class management tool, which facilitates creation of new classes configuration items. Representations of these configuration items are stored in the configuration management database. The configuration item management tool can guide the creation of new classes of configuration objects so that enterprise configuration items information is consistent and current.
“Accordingly, the first example embodiment could include a system that includes a remote database managed by a platform. A database could contain configuration items that are associated with a managed networking. Configuration items can represent any combination of computing devices or software applications that are disposed within the managed networks. A server device may be included in the system. The server device can be configured to: (i) provide an interface with a sequence panes; (ii), receive from the graphical interface a definition for a new class that uniquely identifies certain configuration items; and (iii). store the definition in the database. A sequence of panes can have an identifier pane. This pane may contain the first data entry fields that allow for the specification of a new class identifier. A sequence of panes’ identification rules pane may contain second data entry fields that allow specification of configuration item attributes that can be used to identify the new class. The sequence of panes could include third data entry fields to specify authoritative devices that have the right to modify configuration item attributes. The reconciliation pane of the sequence may be located before the identification pane.
“In a second embodiment, a method might include providing, by server device disposed within a remote network management platform, to a client device associating with a managed network a graphical user interface that includes a sequence of panels. A sequence of panes can include an identifier pane. This pane may contain first data entry fields that allow for the specification of a new class identifier. A sequence of panes’ identification rules pane may contain second data entry fields that allow specification of configuration item attributes that can be used to identify the new class. The sequence of panes could include third data entry fields to specify authoritative devices that have the right to modify configuration item attributes. The reconciliation pane of the sequence may be located before the identification pane. A server device may also receive, via the graphical user interface a definition for a new type of configuration item that uniquely identifies a specific type of configuration items. The method could also include the storage of the definition of the new type of configuration item in a remote network management platform database that includes representations of configuration items related to the managed network.
“In a third embodiment, an article may contain a non-transitory computer readable medium that contains program instructions. These instructions, when executed by a computing device, will cause it to perform operations according to the first and/or the second examples.
“In a fourth example embodiment, the computing system may contain at least one processor as well as memory, and program instructions. The program instructions can be stored in memory and, upon execution by at least one processor the computing system will perform operations according to the first or second example embodiments.
“In a fifth example embodiment, the system may include multiple means to perform each operation of the first or second example embodiment.”
These and other embodiments, aspects or advantages, as well as the alternatives, will be apparent to ordinary skill in art. Please read the detailed description below, and refer to the accompanying drawings where applicable. This summary, along with other descriptions and figures, is intended to illustrate embodiments only. As such, many variations are possible. You can, for example, combine, distribute, eliminate, or modify structural elements and processes while still staying within the scope of the embodiments.
“Examples of devices, methods, and systems are discussed in this document. The words “example” and “exemplary” should not be confused with the word “example”. The words?example? and?exemplary? are used herein to mean?serving as an example, instance, or illustration. These words are used to indicate?serving an example, instance or illustration? Any embodiment or feature described in this document as an ‘example? Any embodiment or feature described herein as being an?example? If not stated otherwise, it is not to be considered as preferable or advantageous over other embodiments and features. Other embodiments are possible and can be used without departing from this subject matter.
“Accordingly, these examples are not intended to be restrictive. You will quickly see that the elements of the present disclosure as described and illustrated in the figures can be arranged in many different ways. You can, for example, separate features into?client and?server? You might also want to separate features into?client? There may be many possible combinations of components.”
“Further,” unless the context indicates otherwise, features illustrated in the figures can be combined. The figures can be viewed as components of one or more overall embodiments. However, not all features illustrated in the figures are required for every embodiment.
“Additionally, the claims or this specification may contain elements, blocks or steps that are enumerated to clarify things. This enumeration is not meant to be implied or required that elements, blocks, and steps conform to a specific arrangement or are performed in a certain order.
“I. INTRODUCTION”
A large enterprise is complex and has many interrelated operations. These include human resources (HR), supply chains, information technology (IT), finance, and other interrelated operations. Each enterprise has its own operations that offer essential capabilities or create competitive advantages.
Enterprises typically use pre-made software packages, such as human capital management (HCM), and customer relationship management (CRM), to support widely-implemented business operations. They may need to develop custom software applications to address their specific needs. Many large enterprises have hundreds or even thousands of custom software applications. The advantages offered by the embodiments are not restricted to large enterprises. They can be applied to any type of organization or enterprise.
“Many of these software applications are created by different departments within an enterprise. These software applications can be simple spreadsheets or custom-built databases. However, siloed software applications can have many disadvantages. It can negatively impact an enterprise’s ability run and grow their business, innovate and comply with regulatory requirements. It may be difficult for the enterprise to integrate, streamline, and improve its operations because there is no single system that unifies all its subsystems or data.
A remotely hosted application platform is a great way to create custom applications. It eliminates the complexity of development. This platform would reduce repetitive, time-consuming application development tasks, so software engineers and other personnel can concentrate on creating unique, high-value features.
“In order achieve this goal, the Application Platform as a Service concept (aPaaS), was introduced to intelligently automate workflows across the enterprise. The aPaaS platform is located outside the enterprise but can access data, applications and services inside the enterprise via secure connections. An aPaaS can have many advantages and characteristics. These characteristics and advantages may help improve an enterprise’s IT, HR, CRM, customer services, application development, security, and workflow.
“The aPaaS system may support development and execution of model-view-controller (MVC) applications. MVC applications split their functionality into three interconnected components (model, controller, and view). This allows for efficient code reuse and parallel programming. These web-based applications can be created, read, update and delete (CRUD), capabilities. This allows for the creation of new applications on a shared application infrastructure.
“The aPaaS platform may allow for standard application components such as a set of widgets to develop graphical user interfaces (GUI). Applications built with the aPaaS have a common appearance. Standardization may also be applied to other software modules and components. This look and feel may be customized with custom logos or color schemes for an enterprise.
“The aPaaS platform may allow you to set up applications’ behavior using metadata. This allows applications to quickly adapt to specific requirements. This approach increases flexibility and reduces development time. The aPaaS platform may also support GUI tools to facilitate metadata creation and management. This reduces errors in metadata.
“The aPaaS platform may provide interfaces between applications that are clearly defined so that software developers can avoid undesirable inter-application dependencies. The aPaaS may also implement a service layer that stores persistent state information and other data.
The aPaaS platform may have a variety of integration capabilities that allow applications to interact with legacy and third-party apps. The aPaaS may allow for a custom employee onboarding system, which integrates with legacy IT, HR, and accounting systems.
“The aPaaS may provide enterprise-grade security. The aPaaS server may be hosted remotely. Therefore, security protocols should be used when the system interacts with other systems within the enterprise, as well as third-party networks or services hosted outside the enterprise. The aPaaS can be set up to share data with the enterprise and other parties in order to identify and prevent common security threats.
“ApaaS systems may have other features, functionality, or advantages. This description is intended as an example only and is not meant to be exhaustive.
A software developer might be given the task of creating a new application with the aPaaS platform. The developer might first define the data model. This specifies the types and relationships of the data used by the application. The developer then enters the data model via the aPaaS GUI. The aPaaS software automatically creates the relevant database tables, fields and relationships. These can then be accessed via an objectoriented services layer.
“ApaaS can also create a fully functional MVC application with client interfaces and server-side CRM logic. The generated application could be used as a basis for further development by the user. The developer doesn’t have to spend too much time developing the application. The application can also be accessed via the internet, as it is web-based. Alternately, or in addition, you may be able access a local copy of this application, for example, when Internet service is unavailable.
“The aPaaS platform may also allow for the addition of pre-defined functionality to applications. These features include the ability to search, email, templating and workflow design. They also support analytics, reporting, social media, scripting and mobile-friendly output.
“The following embodiments detail the architectural and functional aspects, as well features and benefits of example aPaaS system.”
“II. EXAMPLE COMPUTING DEVICES & CLOUD-BASED COUNTING ENVIRONMENTS
“FIG. “FIG. Computing device 100 can be either a client device (e.g. a device being actively operated by a user), or a server device (e.g. a device that provides computation services to client devices), depending on its purpose. Server devices can sometimes act as clients in order to perform specific operations. Some client devices may also include server features.
“In this example computing device 100 comprises processor 102, memory, 104, network interface (106), and an input/output un 108. All of these components may be connected by a system bus 110, or another similar mechanism. Computing device 100 can include additional components and/or peripherals in some embodiments (e.g. detachable storage devices, printers, etc.).
“Processor102 could be any combination of any type or number of computer processing elements, including a central processing unit, (CPU), co-processor (e.g. a mathematics, graphics or encryption co-processor), digital signal processors (DSP), and/or an integrated circuit or controller that performs processing operations. In some cases processor 102 could be one or more single core processors. Other times, processor 102 could be one or more multicore processors with multiple independent processor units. Register memory may be used to temporarily store instructions and related data. Cache memory is also available for temporarily storing recent-used instructions and data.
Memory 104 can be any type of computer-usable memory. This includes but is not limited to random memory (RAM), read only memory (ROM), and volatile memory (e.g. flash memory, hard drives, solid drive drives, compact discs, digital video discs, DVDs, and/or tape storage). Memory 104 can be thought of as both long-term storage and main memory units. The biological memory is another type of memory.
Memory 104 can store program instructions and/or data that program instructions might operate on. Memory 104, for example, may contain program instructions stored on a nontransitory, computer-readable media. This allows processor 102 access to the instructions in order to execute any of the processes or methods described in this specification.
“As shown at FIG. 1. Memory 104 can include firmware 104A and kernel 104B as well as applications 104C. Firmware 104A could be program code that is used to start or restart any or all of the computing devices 100. Kernel 104B could be an operating system that includes modules for memory management and scheduling, management of processes, input/output and communication. Kernel104B could also contain device drivers, which allow the operating system and the hardware modules (e.g. memory units, networking interfaces. ports, and busses) of computing device 100 to communicate. Applications 104C could be any one or more user space software applications such as email clients or web browsers, and all software libraries that are used by these programs. These and other applications may also use Memory 104 to store data.
“Input/output device 108 may allow user and peripheral device interaction with computing device 100. One or more input/output units 108 could include a keyboard, mouse, touch screen, or other devices. Input/output unit (108) may also include one or several types of output devices such as a monitor, printer, screen, or one or more light emitting Diodes (LEDs). Computing device 100 can communicate with other devices via a universal serial bus, high-definition multimedia interface (HDMI), or port interface.
“In certain embodiments, one or more instances 100 of computing device 100 can be deployed to support an APAAS architecture. Client devices may not be able to determine the exact location of these computing devices, their connectivity and configuration. The computing devices can be called “cloud-based” devices that can be located at remote data centers.”
“FIG. “FIG. FIG. FIG. 2 shows how operations of a computing device (e.g. computing device 100), may be spread between server devices 200, data storage 204 and routers 206, all of which can be connected via local cluster network208. The computing task(s), and/or applications that are assigned to server cluster 200 will affect the number of server devices, data storages, and routers 206 in server cluster 200.
Server devices 202, for example, can be configured to execute different computing tasks on computing device 100. Computing tasks can be divided among several server devices 202. If these computing tasks can be done in parallel, this distribution may reduce the time required to complete them and return a result. Server cluster 200 may be called a “server device” while individual server devices, 202, may be called a “server device”. This nomenclature can be understood to mean that server device operations may involve one or more server devices, data storage devices, cluster routers, or other devices.
“Data storage 204 could be data storage arrays with drive array controllers. These controllers are designed to manage read/write access to groups hard disk drives or solid state drives. Drive array controllers may be used alone or together with server devices 200 to create backups and redundant copies of data stored in data storage204. This is to prevent drive failures and other types of failures from preventing one or more server devices 202 accessing cluster data storage204 units. You may also use other types of memory, apart from drives.
“Routers206 could include networking equipment that provides internal and external communications to server cluster 200. Routers 206 could include packet-switching or routing devices (including switches, gateways, and routers), which can be used to provide network communications (i) between server devices 200 and data storage 204 via cluster networking 208 and/or (ii), between server cluster 200 and other devices via the communication link 210 to network 212.
“Additionally, cluster router configurations 206 can also be influenced by the data communication needs of server devices (202 and 204), the latency and throughputs of the local network 208, the cost of communication link210 and/or any other factors that could contribute to the cost and speed, fault-tolerance and resiliency of the system architecture and/or any other design goals.”
Data storage 204 could include any type of database such as a structured SQL (SQL), database. There are many data structures that can store information in such a database. These include tables, arrays lists trees and tuples. Data storage 204 databases can be either monolithic or spread across multiple physical devices.
“Server devices 200 may be configured for data transmission to and data reception from cluster data storage. These transmissions and retrievals may be performed using SQL queries or other database queries and the output thereof. You may also include additional text, images and/or audio. Server devices 202 can organize the received data into web pages. This representation could be in the form of a markup languages, such as hypertext markup Language (HTML), extensible markup Language (XML), or any other standardized or proprietary format. Server devices 202 might also be capable of executing different types of computerized scripting languages such as Perl, Python and PHP Hypertext Preprocessors (PHP), Active Server Pages, (ASP), JavaScript, etc. These languages can be used to create computer program code that allows clients to access web pages.
“III. “III.
“FIG. “FIG. This architecture consists of three components: managed network 300, remote management platform 320 and third-party network 340. They are all connected via Internet 350.
“Managed network 300” may refer to a network that a business uses for communications and computing tasks as well as data storage. Managed network 300 could include client devices 302, routers 304, routers 306, routers 306, routers 306, proxy servers 312 and virtual machines 308 respectively. Client devices 302 could be represented by computing device 100. Server devices 304 might be represented by computing device 100. Server devices 304 may also be represented by server cluster 200. Routers 306 can be any type switch, router, or gateway.
Firewall 310 could be one or more specialized routers, or server devices that protect managed networks 300 from unauthorized attempts at accessing the devices, apps, or services. Authorized communication is allowed from managed networks 300. Firewall 310 can also offer intrusion detection and web filtering, antivirus scanning, application layer gateways, as well as other services. Some embodiments are not shown in FIG. 3. Managed network 300 may contain one or more virtual private networks (VPN gateways) with which it communicates to remote network management platform (320).
“Managed network 300 could also contain one or more proxy server 312. Proxy servers 312 could be an embodiment of a server device that allows data to flow between managed network 300, remote networks management platform 320 and third-party network 340. Proxy servers 312 might be able establish and maintain secure communication session with one or more instances of remote network manager platform 320. Remote network management platform (320) may be able, through such a session to discover and manage certain aspects of managed network 300’s architecture and components. Remote network management platform 320 might also be able, possibly with the help of proxy servers 312 to find and manage third-party networks 340 which are used by managed network 300.
Firewalls such as firewall 310 typically deny communication sessions that come in via Internet 350 unless the session was initiated from behind the firewall (i.e. from a device on managed networks 300 or the firewall has been specifically configured to support it. Proxy servers 312 can be placed behind firewall 310, e.g. within managed network 300 protected by firewall310. These proxy servers 312 might be able to initiate communication sessions through firewall310. Firewall 310 may not need to be configured specifically to allow incoming sessions via remote network management platform (320), thus avoiding security risks for managed network 300.
“Managed network 300 might only contain a handful of devices and a limited number of networks in some cases. Other deployments may include multiple locations, hundreds of networks, and hundreds of thousands devices. FIG. 3. is capable of scaling up and down by orders of magnitude.”
“Furthermore depending on the size, architecture and connectivity of managed networks 300, a varying amount of proxy servers 312 could be deployed there. Each proxy server 312 could be responsible for communicating with remote platform 320 about a part of managed network 300. Alternately, or in addition, proxy servers can be assigned to a section of managed network 300. This is for load balancing, redundancy and/or high availability.
“Remote Network Management Platform 320” is a hosted environment that offers aPaaS services for users, especially to operators of managed network 300. These services can be provided via web-based portals. A user can access the remote network management platform (320) from client devices 302 or from another client device that is not part of the managed network 300. Users can design, test and deploy applications using the web-based portals. They can also view analytics and generate reports.
“As shown at FIG. Remote network management platform 320 contains four computing instances 322, 324 and 326. Each instance may be a collection of web portals and services that are available to a customer. Sometimes, multiple customers may be able to use the same computational instance. Managed network 300, for example, may be a remote network management platform 320 enterprise customer and may use computational instance 322, 324 and 326. Multiple instances may be provided to one customer because the customer may want to develop, test and deploy its own applications and services. Computing instance 322 could be used to develop applications for managed network 300. Computational instance 324 might be used to test these applications. While computational instance 326 is dedicated to live operation of the tested applications and services, computational instance 326 could be used to do so. You may also refer to a computational instance as a hosted instance or remote instance, or by another designation.
“The multi-instance architecture for remote network management platform320 is different from conventional multi-tenant architectures. Multi-instance architectures offer many advantages. Multi-tenant architectures allow data from multiple customers (e.g. enterprises) to be combined in one database. Although the customers’ data is kept separate, it is maintained by the software that manages the single database. A security breach in the system could result in all customers’ data being affected, increasing risk for entities that are subject to financial, healthcare and governmental regulation. Any database operations that affect one customer are likely to impact all customers who share that database. If a customer experiences an outage because of software or hardware issues, it will affect all customers. The same applies to databases that are being upgraded to meet specific customer needs. All customers will not be able to access the database during the upgrade. Due to the large size of the shared database, these maintenance windows can be quite lengthy.
“In contrast, the multiinstance architecture gives each customer its own database within a dedicated computing instance. This allows for the separation of customer data and allows each instance to be managed independently. If one customer’s instance goes down due to an error or upgrade, the other instances of their computing system are not affected. Because the database only holds one customer’s data, maintenance downtime is minimal. The multi-instance architecture’s simpler design allows redundant copies of each customer instance and database to be deployed in different locations. This allows for high availability and the ability to move the live instance of the customer’s account when there are faults or maintenance.
Remote network management platform (320) may be used to implement multiple instances of computational instances in a cost-effective manner. If the aPaaS is implemented on server cluster 200, for example, it might run a virtual machine that allocates different amounts of computing, storage, communication, and other resources to instances. However, server cluster 200 may not need to be fully virtualized. Other mechanisms can be used to separate the instances. Each instance might have its own account and a database on server cluster 200. Alternativly, computational instance 322 could span multiple physical devices.
“In some cases, one server cluster of remote networking platform 320 can support multiple independent businesses. Remote network management platform 320 can also include multiple clusters of servers located in geographically different data centers to aid load balancing, redundancy and high availability.
“Managed network 300 could use one or more third-party networks, 340 to provide services and applications to its customers and clients. Third-party networks 340, for example, may store music files and offer streaming and web interface. This way, managed network 300’s enterprise does not need to maintain and build its own servers.
Modules that can be integrated with third-party networks 340 may be included in the remote network management platform 320 to allow virtual machines and managed service to be exposed to managed network 300. These modules could allow users to request virtual resources or provide flexible reporting for third party networks 340. To establish this functionality, a user might first create an account with third party networks 340 and request a set or resources. Next, the user can enter account information into appropriate modules of remote networking management platform 320. These modules can then detect manageable resources and provide reports on usage, billing, and performance.
Internet 350 could represent a small portion of the global Internet. Internet 350 could be a part of a different network such as a private wide area or local-area packet switched network.
“FIG. “FIG. FIG. FIG. 4. Computing instance 322 is replicated across 400A and 400B. These data centers could be located in different locations or countries. Each data center has support equipment that allows communication with remote users and managed network 300.
“Network traffic from and to external devices flows through data center 400A either through VPN gateway 412A or firewall 402A. VPN gateway 402A can be peer with VPN gateway 412 on managed network 300 via a security protocol like Internet Protocol Security (IPSEC), or Transport Layer Security(TLS). Firewall 404A can be configured to allow authorized users (user 414, remote user 416), and to block access to unauthorized. These users can access computational instance 322, as well as other computational instances, via firewall 404A. A load balancer 406A can be used to divide traffic among one or more virtual or physical server devices that host computational example 322. The internal configuration of data center 400A (e.g. computational instance 322) can be hidden from clients using load balancer 406A to simplify user access. If computational instance 322 contains multiple computing devices, either physical or virtual, that have access to multiple databases, loadbalancer 406A can distribute network traffic and processing tasks among these computing devices and databases to ensure that no computing device or database is more busy than the other. Some embodiments of computational instance 322 include firewall 404A and VPN gateway 402A.
“Data center 400B could include its own versions the components from data center 400A. VPN gateway 402B and firewall 404B and load balancer 406B could perform similar or identical operations to VPN gateway 402A and firewall 404A and load balancer 406A, respectively. Furthermore, computational instance 322 can exist simultaneously in data centers 400A or 400B by real-time or near to-real-time replication of databases and/or other operations.
“Data centers 400A & 400B, as shown in FIG. 4, may allow for redundancy and high availability. FIG. 4 data center 400A and 400B are active, respectively in FIG. Data center 400A serves all traffic to managed network 300. The version of computational instance 322 located in data center 400B, however, is being continuously updated in near real-time. Other configurations such as one where both data centers are actively functioning may also be possible.”
“Data center 400B is able to take over the role of active data center in case data center 400A fails or becomes unavailable for users. Domain name system (DNS), servers that associate a domain of computational instance 322, with one or several Internet Protocol (IP), addresses of data centre 400A, may re-associate domain names with one or multiple IP addresses from data center 400B. Users can access computational instance 322, via data center 400B, once the re-association is complete. This may take less than a second or several seconds.
“FIG. “FIG.4” also shows a possible configuration for managed network 300. Proxy servers 312 (and user 414) may be able to access computation instance 322 via firewall 310. Proxy servers 312 can also access configuration items 414 FIG. FIG. The term “configuration items” is used to refer to any or all of the following: The term “configuration items” may refer to any physical or virtual device, any application or service remotely discovered or managed by computational example 322, or relationships among discovered devices, apps, and services. A configuration management database (CMDB), of computational instance 322, may contain configuration items.
“As mentioned above, VPN gateway 412 could provide a dedicated VPN for VPN gateway 402A. This VPN can be useful when there is significant traffic between managed network 300/computer instance 322, or when security policies require the use of a VPN. A public IP address is sometimes assigned to any device connected to managed network 300 or computational instance 322. Other devices in managed network 300 and/or computational instance 322 may be assigned private IP addresses (e.g., IP addresses selected from the 10.0.0.0-10.255.255.255 or 192.168.0.0-192.168.255.255 ranges, represented in shorthand as subnets 10.0.0.0/8 and 192.168.0.0/16, respectively).”
“IV. “IV.
Remote network management platform (320) can administer managed network 300’s applications, services, and devices. It will first identify the devices that are in managed network 300. This will include their configurations, operational statuses, and the services and applications they provide. Each device, application, service and relationship can be called a configuration item. Proxy servers 312 may facilitate the process of defining configuration items in managed network 300.
“An?application?” is used in the following embodiments. An?application? may be one or more processes or threads, programs or client modules, or any other type of software that runs on a device, group, or combination thereof. A “service” may be defined as a program that executes on a device or group of devices. A?service? could refer to high-level capabilities provided by multiple applications running on one or more different devices. A high-level web service could include multiple threads of web application servers running on one device, and accessing data from a database application running on another.
“FIG. “FIG. Remote network management platform 320, third party networks 340, Internet 350 and Internet 350 are not shown for simplicity.
“In FIG. “In FIG. The discovery commands from computational instance 322 can be transmitted to proxy servers 312. Proxy servers 312 can transmit probes to different devices, applications and services in managed network300. These applications, devices, and services can send responses to proxy server 312, and proxy server 312 may provide information to CMDB 500 to store the discovered configuration items. Configuration items in CMDB 500 are the environment for managed network 300.
“Task List 502″ is a list of activities proxy servers 312 must perform for computational instance 322. Task list 502 becomes populated as discovery occurs. Proxy servers 312 query task list 502 repeatedly, obtain the next task in therein, then perform this task until task 502 is empty or another condition has been met.”
Proxy servers 312 can be configured to provide information about subnets within managed network 300. This will facilitate discovery. Proxy servers 312 might be assigned the IP address range of 192.168.0/24 to serve as a subnet. This information may be stored in CMDB 500 by computational instance 322. Task list 502 will then be used to discover devices at each address.
“FIG. 5A shows devices, applications and services in managed network 300, as configuration items 504, 506, 508, 508 and 510. These configuration items, which can be described as physical or virtual devices (e.g. client devices, server devices or routers), as well as applications executed thereon (e.g. web servers, email servers or databases), and relationships between them.
“Placing tasks in task list 502 could trigger proxy servers 312 or cause them to start discovery. Alternately, or in addition, discovery can be manually triggered, or automatically triggered, based on triggering events. For example, discovery might automatically start once per day.
“Generally, discovery can be divided into four phases: scanning (or classification), identification (or exploration). Proxy servers 312 transmit various types of probe messages to devices within managed network 300 for each phase of discovery. These probe responses may be processed by proxy servers 312 and sent to CMDB 500. Each phase may result in additional configuration items being found and stored in CMDB500.
Proxy servers 312 can provide further information about classified devices’ operational status during the exploration phase. This phase could be based on the information obtained during the identification phase or the classification phase. Task list 502 may contain a set of tasks that proxy servers 312 can perform. Proxy servers 312 may be able to read additional information from the device such as processor information and memory information. The discovered information could be stored in CMDB 500 as one or more configuration items.
SNMP may be used to run discovery on a network device such as a router. Discovery may be used to determine additional subnets and operational status of router’s network interfaces. This includes queue length, packet drop, active, inactive, queue size, queue length, and other information. Further discovery may be possible if the IP addresses of additional subnets are available. This allows discovery to proceed iteratively, or recursively.
“A snapshot representation of each device, service, and application is made available in CMDB 500 after discovery has been completed. After discovery, information such as operating system version, network configuration details, client device and server device details, as well the applications that were executed thereon may be saved. The collected information can be displayed to the user in a variety of ways. This allows the user to see the hardware composition and operational status for devices as well as the characteristics and services that span multiple applications and devices.
“CMDB 500 can also contain entries about dependencies and relationships among configuration items. CMDB 500 may include entries regarding dependencies and relationships between configuration items. Let’s say, for example, that a database app is running on a server device and that it is being used by both a payroll service and a new employee-onboarding service. If the server device is removed from operation for maintenance, it’s clear that both the employee onboarding and payroll services will be affected. The dependencies and relationships among configuration items could also be used to indicate the services that are affected when a router goes down.
“In general, dependencies between configuration items are displayed on a web interface and presented in a hierarchical manner. This interface allows you to add, change, or remove such dependencies or relationships.
Proxy servers 312, CMDB 500 and/or one or several credential stores can be set up with credentials to allow discovery to occur in the way described above. Credentials can contain any information necessary to gain access to the devices. These could include password pairs, certificates, or userid/password pairs. These credentials can be stored in encrypted fields of CMDB500 in some embodiments. Proxy servers 312 might contain the decryption keys for the credentials, so proxy servers 312 are able to use these credentials to log in to or access devices that have been discovered.”
FIG. 5B shows the discovery process as a flowchart. 5B. Block 520 is where the task list of the computational instance is filled with, for example, a variety of IP addresses. The scanning phase begins at block 522 The scanning phase is carried out by proxy servers. They probe IP addresses of devices that use these IP addresses and attempt to identify the operating systems running on these devices. The classification phase begins at block 524. Proxy servers try to determine the operating system version for the devices. Block 526 is the time for identification. Proxy servers are used to identify the hardware configuration and/or software configurations of the devices. Block 528 is the time for exploration. Proxy servers are used to verify the operation status and the applications running on the devices. Block 530 allows for further editing of configuration items that represent the discovered devices and the applications. This editing can be either automated or manual.
“The blocks shown in FIG. 5B are examples only. The process of discovery can be highly configurable and may have multiple phases. Each phase’s operations may differ. One or more phases can be customized or modified in some cases.
“V. CMDB IDENTIFICATION RULES and RECONCILIATION”
A CMDB (such as CMDB 500) is a repository for configuration items and, when properly provisioned can play a key role within higher-level applications that are deployed within or involving a computing instance. These applications can be used for enterprise IT service management and operations management, asset management as well as configuration management and compliance.
An IT service management application might use information from the CMDB to identify applications and services that could be impacted by a component (e.g. a server device) which has crashed, malfunctioned or is overloaded. An asset management application might also use the CMDB information to identify which hardware and/or other software components are being used for particular enterprise applications. Because of the importance and value of the CMDB it is important that the data stored therein be accurate, consistent, up-to-date, and up-to date.
A CMDB can be populated in many ways. A discovery procedure can automatically store information about configuration items in the CMDB, as we have already discussed. A CMDB can be populated in whole or part by manual entry, configuration files and third-party sources. Multiple data sources can update the CMDB at once, so it is possible for one source to overwrite another. Two data sources could create slightly different entries for the exact same configuration item. This can lead to a CMDB containing duplicate information. These occurrences can lead to a decrease in the utility and health of the CMDB.
These data sources may not be able to write configuration items directly into the CMDB to help mitigate this problem. They may instead write to an identification-and reconciliation programming interface (API). The API might use a set configurable identification rules to uniquely identify the configuration items and determine if and how they are written into the CMDB.
“An identification rule is a list of attributes that can be used to create a unique identification. Priorities may be used to make it easier for higher priority rules to be considered over lower priorities. A rule can also be independent in that it identifies configuration items without regard to other configuration items. The rule could also be dependent in that it first uses a metadata rules to identify a dependent configuration.
Click here to view the patent on Google Patents.How to Search for Patents
A patent search is the first step to getting your patent. You can do a google patent search or do a USPTO search. Patent-pending is the term for the product that has been covered by the patent application. You can search the public pair to find the patent application. After the patent office approves your application, you will be able to do a patent number look to locate the patent issued. Your product is now patentable. You can also use the USPTO search engine. See below for details. You can get help from a patent lawyer. Patents in the United States are granted by the US trademark and patent office or the United States Patent and Trademark office. This office also reviews trademark applications.
Are you interested in similar patents? These are the steps to follow:
1. Brainstorm terms to describe your invention, based on its purpose, composition, or use.
Write down a brief, but precise description of the invention. Don’t use generic terms such as “device”, “process,” or “system”. Consider synonyms for the terms you chose initially. Next, take note of important technical terms as well as keywords.
Use the questions below to help you identify keywords or concepts.
- What is the purpose of the invention Is it a utilitarian device or an ornamental design?
- Is invention a way to create something or perform a function? Is it a product?
- What is the composition and function of the invention? What is the physical composition of the invention?
- What’s the purpose of the invention
- What are the technical terms and keywords used to describe an invention’s nature? A technical dictionary can help you locate the right terms.
2. These terms will allow you to search for relevant Cooperative Patent Classifications at Classification Search Tool. If you are unable to find the right classification for your invention, scan through the classification’s class Schemas (class schedules) and try again. If you don’t get any results from the Classification Text Search, you might consider substituting your words to describe your invention with synonyms.
3. Check the CPC Classification Definition for confirmation of the CPC classification you found. If the selected classification title has a blue box with a “D” at its left, the hyperlink will take you to a CPC classification description. CPC classification definitions will help you determine the applicable classification’s scope so that you can choose the most relevant. These definitions may also include search tips or other suggestions that could be helpful for further research.
4. The Patents Full-Text Database and the Image Database allow you to retrieve patent documents that include the CPC classification. By focusing on the abstracts and representative drawings, you can narrow down your search for the most relevant patent publications.
5. This selection of patent publications is the best to look at for any similarities to your invention. Pay attention to the claims and specification. Refer to the applicant and patent examiner for additional patents.
6. You can retrieve published patent applications that match the CPC classification you chose in Step 3. You can also use the same search strategy that you used in Step 4 to narrow your search results to only the most relevant patent applications by reviewing the abstracts and representative drawings for each page. Next, examine all published patent applications carefully, paying special attention to the claims, and other drawings.
7. You can search for additional US patent publications by keyword searching in AppFT or PatFT databases, as well as classification searching of patents not from the United States per below. Also, you can use web search engines to search non-patent literature disclosures about inventions. Here are some examples:
- Add keywords to your search. Keyword searches may turn up documents that are not well-categorized or have missed classifications during Step 2. For example, US patent examiners often supplement their classification searches with keyword searches. Think about the use of technical engineering terminology rather than everyday words.
- Search for foreign patents using the CPC classification. Then, re-run the search using international patent office search engines such as Espacenet, the European Patent Office’s worldwide patent publication database of over 130 million patent publications. Other national databases include:
- European Patent Office (EPO) provides esp@cenet to access a network of Europe’s patent databases with access to machine translation of European patents.
- Japan Patent Office (JPO) – with access to machine translations of Japanese patents.
- World Intellectual Property Organization (WIPO) offers PATENTSCOPE with a full-text search of published international patent applications and machine translations for some documents, as well as a list of international patent databases.
- Korean Intellectual Property Rights Information Service (KIPRIS)
- State Intellectual Property Office (SIPO) with machine translation of Chinese patents.
- Other International Intellectual Property Offices with online patent databases include Australia, Canada, Denmark, Finland, France, Germany, Great Britain, India, Israel, Netherlands, Norway, Sweden, Switzerland, and Taiwan.
- Search non-patent literature. Inventions can be made public in many non-patent publications. It is recommended that you search journals, books, websites, technical catalogs, conference proceedings, and other print and electronic publications.
To review your search, you can hire a registered patent attorney to assist. A preliminary search will help one better prepare to talk about their invention and other related inventions with a professional patent attorney. In addition, the attorney will not spend too much time or money on patenting basics.
Download patent guide file – Click here