Results-Oriented Automation Platform

A GUI-based automation application simplifies the management of computing resources by allowing users to define and achieve target states, addressing the complexity of resource changes on a computing cloud.

JP2026521105APending Publication Date: 2026-06-26SERVICENOW INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
SERVICENOW INC
Filing Date
2024-02-01
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Changing computing resources on a computing cloud is difficult for users lacking extensive experience due to the complexity of understanding and managing systems, instructions, and functions.

Method used

A results-oriented automation application with a graphical user interface (GUI) facilitates visualization and modification of computing resources, allowing users to define target states and execute actions to reach those states, with the GUI displaying intermediate and final states, and compensating for deviations with alternative actions if necessary.

Benefits of technology

Enables users to efficiently manage and modify computing resources by providing a clear visualization and execution path, ensuring target states are achieved through intelligent automation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026521105000001_ABST
    Figure 2026521105000001_ABST
Patent Text Reader

Abstract

The method includes generating a graphical representation of the existing state of multiple computing resources, visually representing the multiple computing resources and one or more relationships between them, for display by a graphical user interface (GUI). The method also includes determining a target state for the multiple computing resources based on user modifications to the graphical representation of the existing state. User modifications may be obtained through the GUI. The method also includes determining one or more actions configured to modify the multiple computing resources to reach the target state from the existing state, based on the difference between the target state and the existing state. The method further includes performing one or more actions.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] Cross - reference to Related Applications This application claims the priority of U.S. Patent Application No. 18 / 302,746, filed on April 18, 2023, and incorporates all of its contents herein by reference.

Background Art

[0002] On a computing cloud, computing resources can be deployed. The computing resources can include hardware and / or software configured to execute various operations. Since the type and / or amount of operations change over time, it is considered desirable to change the deployed computing resources based on the changes in operations. However, changing the deployed computing resources can depend on the understanding and / or comprehension of various systems, instructions, and / or functions for managing the computing resources. For this reason, changing the computing resources can be difficult and / or inaccessible to users who do not have extensive experience with various systems, instructions, and / or functions.

Summary of the Invention

[0003] The deployment of computing resources on a computing cloud, such as a remote network management platform, is a result - oriented automation application ( outcome-oriented automation applicationThis can be facilitated by: ) A results-oriented automation application may be configured to provide a graphical user interface (GUI) that facilitates the visualization and / or modification of various states of multiple computing resources deployed on a computing cloud. Specifically, the GUI may enable the display of existing states of multiple computing resources and the definition of target states of multiple computing resources by modifying the existing states. The target states may be defined by the user, who generates a graphical representation of the target states by adding, deleting, moving, copying, and / or otherwise modifying computing resources through interaction with the graphical components of the GUI. For example, the user may define a graphical representation of the target states by modifying the graphical representations of existing states.

[0004] Furthermore, a results-oriented automation application may be configured to determine and execute actions that modify computing resources to reach a target state from an existing state. The actions may be determined based on the difference between the existing state and the target state. The order in which the actions are executed may be based on the dependencies between computing resources. The actions may be selected from predefined automations for the computing cloud being modified.

[0005] The GUI may include a first button configured to generate an action and a second button configured to execute the action. In some embodiments, the GUI may also allow the display of intermediate states that are expected to be reached between the existing state and the target state as a result of the execution of the action. For example, by associating each action with a corresponding intermediate state, the user can consider, confirm, and / or modify the changes that are expected to be achieved by the action prior to execution.

[0006] Furthermore, the GUI may enable the display of the final state of the computational resources after the execution of an action. This allows the GUI to indicate whether the target state was reached as a result of the execution of the action, or whether the final state differs from the target state due to one or more of the actions. In some embodiments, if the final state differs from the target state, the results-oriented automation application may be configured to determine an alternative action (e.g., one that is entirely different from the original action) that further modifies the computational resources to reach the target state from the final state. Thus, if the target state is not reached as planned, the GUI may compensate for any shortcomings of the original action by including an alternative action to reach the target state in a different way.

[0007] Therefore, the first exemplary embodiment may include generating a graphical representation of the existing state of a plurality of computational resources, visually representing the plurality of computational resources and one or more relationships between them, for display by a graphical user interface (GUI). The first exemplary embodiment may also include determining a target state for the plurality of computational resources based on user modifications of the graphical representation of the existing state. The user modifications may be obtained through the GUI. The first exemplary embodiment may also include determining one or more actions configured to modify the plurality of computational resources to reach the target state from the existing state, based on the difference between the target state and the existing state. The first exemplary embodiment may further include performing one or more actions.

[0008] A second exemplary embodiment may include a non-temporary computer-readable medium containing program instructions that, when executed by a computer system, cause the computer system to perform the operations described in the first exemplary embodiment.

[0009] In a third exemplary embodiment, the computer system may include memory and program instructions in addition to at least one processor. The program instructions may be stored in memory and, when executed by at least one processor, cause the computer system to perform the operations described in the first exemplary embodiment.

[0010] In a fourth exemplary embodiment, the system may include various means for performing each of the operations of the first exemplary embodiment.

[0011] Those skilled in the art will find the above and other embodiments, aspects, advantages, and alternatives apparent by reading the following detailed description, with reference to the accompanying drawings as necessary. Furthermore, since this abstract and other descriptions and drawings contained herein are intended to illustrate embodiments only as examples, many modifications are possible. For example, structural elements and process steps can be rearranged, combined, distributed, removed, or modified while remaining within the scope of embodiments such as those claimed. [Brief explanation of the drawing]

[0012] [Figure 1] This is a schematic diagram of computer equipment according to an exemplary embodiment. [Figure 2] This is a schematic diagram of a server equipment cluster according to an exemplary embodiment. [Figure 3] This diagram shows a remote network management architecture according to an exemplary embodiment. [Figure 4] This diagram shows a communication environment including a remote network management architecture according to an exemplary embodiment. [Figure 5] This diagram shows another communication environment, including a remote network management architecture, according to an exemplary embodiment. [Figure 6] This figure shows a software application according to an exemplary embodiment. [Figure 7A]This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7B] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7C] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7D] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7E] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7F] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7G] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7H] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7I] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 7J] This figure shows an exemplary graphical user interface according to an exemplary embodiment. [Figure 8] This is a flowchart according to an exemplary embodiment. [Modes for carrying out the invention]

[0013] This specification describes exemplary methods, devices, and systems. In this specification, the words "example" and "exemplary" are understood to be used to mean "functioning as an instance, case, or illustration." Any embodiment or feature described in this specification as "exemplary" or an "example" is not necessarily to be construed as preferred or advantageous over other embodiments or features, unless otherwise stated. Thus, other embodiments can be utilized and other changes can be made without departing from the scope of the subject matter presented herein.

[0014] Therefore, the exemplary embodiments described in this specification are not meant to be limiting in any way. It is readily understood that the aspects of the disclosure as described throughout this specification and shown in the drawings can be arranged, substituted, combined, separated, and designed in a wide variety of different configurations. For example, the separation of functions to "client" and "server" components can be implemented in many ways.

[0015] Furthermore, unless otherwise suggested by the context, the features shown in each of the drawings can be used in combination with one another. For this reason, the drawings should generally be regarded as showing aspects of the components of one or more overall embodiments, and it is understood that not all of the features shown are necessary for each embodiment.

[0016] Also, any enumeration of elements, blocks, or steps in this specification or the claims is for purposes of clarity. Thus, such enumeration should not be construed as requiring or implying compliance with a particular arrangement of these elements, blocks, or steps or performance in a particular order.

[0017] I. Introduction Large corporations are complex entities with many interrelated operations. These include areas such as human resources (HR), supply chain, information technology (IT), and finance, which are found throughout the company. However, each corporation also has its own unique operations that contribute to providing essential capabilities and / or building a competitive advantage.

[0018] To support a wide range of business operations, companies typically use off-the-shelf software applications, such as customer relationship management (CRM) and human resource management (HCM) packages. However, custom software applications may also be required to meet the unique requirements of the company itself. Large enterprises often have dozens or even hundreds of these custom software applications. In contrast, the benefits provided by the embodiments described herein are not limited to large enterprises and are considered applicable to companies of all sizes or other types of organizations.

[0019] Many of these software applications are developed by individual departments within a company. These range from simple spreadsheets to custom software tools and databases. However, the proliferation of custom software applications without collaboration with other departments has many drawbacks. This negatively impacts a company's ability to operate and grow, innovate, and meet regulatory requirements. Companies may find it difficult to integrate, streamline, and enhance their operations due to the lack of a single system to integrate their subsystems and data.

[0020] To efficiently generate custom applications, businesses will benefit from remote-hosted application platforms that eliminate unnecessary development complexities. The goal of such platforms is to reduce time-consuming, iterative application development tasks, allowing software engineers and other individuals to focus on developing high-value, unique features.

[0021] To achieve this goal, the concept of aPaaS (Application Platform as a Service) is introduced to intelligently automate enterprise-wide workflows. While the aPaaS system is hosted remotely from the enterprise, it provides secure connectivity to enterprise data, applications, and services. Such aPaaS system offers numerous advantages and characteristics. These advantages and characteristics are expected to improve enterprise operations and workflows in IT, HR, CRM, customer service, application development, and security. However, the embodiments described herein are not limited to enterprise use or environments and are more broadly applicable.

[0022] aPaaS systems can support the development and execution of Model-View-Controller (MVC) applications. MVC applications enable efficient code reuse and parallel development by separating the representation of information from how it is presented to the user, by dividing each function into three interconnected parts (model, view, and controller). These applications can be web-based and provide create, read, update, and delete (CRUD) functionality. This allows new applications to be built on a common application infrastructure. In some cases, applications with structures different from MVC, such as those using unidirectional data flow, may be adopted.

[0023] an aPaaS system can support standardized application components, such as a standardized set of widgets for graphical user interface (GUI) development. Thus, applications built using an aPaaS system will have a common look and feel. Other software components and modules may also be standardized. In some cases, this look and feel can be branded or skinned with a company's custom logo and / or color scheme.

[0024] aPaaS systems can support the ability to configure application behavior using metadata. This allows for quick adaptation of application behavior to meet specific needs. This approach reduces development time and increases flexibility. Furthermore, aPaaS systems can support GUI tools that simplify metadata creation and management, thereby reducing metadata errors.

[0025] Because aPaaS systems can support clearly defined interfaces between applications, software developers can avoid unnecessary inter-application dependencies. Therefore, aPaaS systems can implement a service layer where persistent state information and other data are stored.

[0026] Because aPaaS systems can support a rich set of integration capabilities, applications on the system can interact with legacy and third-party applications. For example, an aPaaS system could support a custom employee training system that integrates with legacy HR, IT, and accounting systems.

[0027] aPaaS systems can support enterprise-level security. Furthermore, because aPaaS systems can be hosted remotely, security procedures should also be utilized when interacting with enterprise systems or third-party networks and services hosted outside the enterprise. For example, aPaaS systems may be configured to detect and identify common security threats by sharing data among parties such as enterprises.

[0028] Furthermore, other features, functions, and advantages of aPaaS systems may exist. This description is illustrative and not intended to be limiting in any way.

[0029] As an example of the aPaaS development process, a software developer might be instructed to create a new application using an aPaaS system. The developer might first define a data model specifying the types of data the application will use and the relationships between them. The developer then inputs (for example, uploads) the data model through the aPaaS system's GUI. The aPaaS system automatically creates all the corresponding database tables, fields, and relationships, which are accessible via an object-oriented service layer.

[0030] Furthermore, aPaaS systems enable the creation of fully functional applications with client-side interfaces and server-side CRUD logic. These generated applications can serve as a foundation for further user development. This is convenient for developers as they do not need to spend much time on the application's basic functionality. Additionally, since the application can be web-based, it is accessible from any internet-enabled client device. Alternatively or additionally, access to a local copy of the application may be provided, for example, when internet services are unavailable.

[0031] Furthermore, aPaaS systems can support a rich set of predetermined functions that can be added to applications. These functions include support for search, email, templates, workflow design, reporting, analytics, social media, scripting, mobile output, and customizable GUIs.

[0032] Such aPaaS system can represent a GUI in various ways. For example, the server equipment of the aPaaS system may generate a representation of the GUI using a combination of hypertext markup language (HTML) and JAVASCRIPT®. JAVASCRIPT® may include client-side executable code, server-side executable code, or both. The server equipment may transmit or provide this representation to the client equipment so that the client equipment displays it on its screen according to a locally defined appearance and feel. Alternatively, the representation of the GUI may take other forms, such as an intermediate form (e.g., JAVA® bytecode) that the client equipment can use to directly generate graphic output. Other possibilities exist as well.

[0033] Furthermore, user interactions with GUI elements such as buttons, menus, tabs, sliders, checkboxes, and toggles may also be referred to as "selection," "activation," or "operation," respectively. These terms can be used regardless of whether the interaction with the GUI element is via keyboard, pointing device, touchscreen, or other mechanism.

[0034] The aPaaS architecture is particularly effective when integrated with an enterprise network and used for managing such networks. The following embodiments describe exemplary aPaaS system architectures and functional aspects, as well as their respective features and advantages.

[0035] II. Exemplary Computer Equipment and Cloud-Based Computing Environments Figure 1 is a simplified block diagram illustrating computer equipment 100, showing some of the components included in the computer equipment and configured to operate according to the embodiments herein. Computer equipment 100 can be a client device (for example, a device actively operated by a user), a server device (for example, a device that provides computing services to client devices), or any other type of computing platform. Some server devices may occasionally operate as client devices to perform specific operations, and some client devices may have server functionality built in.

[0036] In this example, the computer device 100 comprises a processor 102, memory 104, a network interface 106, and an input / output unit 108, all of which may be coupled by a system bus 110 or a similar mechanism. In some embodiments, the computer device 100 may also comprise other components and / or peripherals (e.g., removable storage, printer, etc.).

[0037] The processor 102 may be one or more of any type of computer processing element, such as a central processing unit (CPU), a coprocessor (e.g., a mathematical, graphics, or cryptographic coprocessor), a digital signal processor (DSP), a network processor, and / or an integrated circuit or controller that performs processor operations. In some cases, the processor 102 may be one or more single-core processors. In other cases, the processor 102 may be one or more multi-core processors with multiple independent processing units. The processor 102 may also include register memory for temporarily storing instructions to be executed and associated data, as well as cache memory for temporarily storing recently used instructions and data.

[0038] Memory 104 may be any form of computer-usable memory, including but not limited to random access memory (RAM), read-only memory (ROM), and non-volatile memory (e.g., flash memory, hard disk drives, semiconductor drives, compact discs (CDs), digital video discs (DVDs), and / or tape storage). Therefore, memory 104 represents both the main memory unit and long-term storage. Other types of memory include biological memory.

[0039] Memory 104 may store program instructions and / or data on which the program instructions can be executed. For example, memory 104 may store these program instructions in a non-temporary computer-readable medium so that they can be executed by the processor 102 to perform any of the methods, processes, or operations disclosed herein or in the accompanying drawings.

[0040] As shown in Figure 1, memory 104 may include firmware 104A, kernel 104B, and / or application 104C. Firmware 104A may be program code used to start or begin some or all of the computer equipment 100. Kernel 104B may be an operating system including modules for memory management, processor scheduling and management, input / output, and communication. Kernel 104B may also include device drivers that enable the operating system to communicate with hardware modules of the computer equipment 100 (e.g., memory units, network interfaces, ports, and buses). Application 104C may be one or more user-space software programs such as a web browser or email client, as well as any software libraries used by these programs. Memory 104 may also store data used by the above and other programs and applications.

[0041] The network interface 106 may be in the form of one or more wired interfaces, such as Ethernet (e.g., Fast Ethernet, Gigabit Ethernet). The network interface 106 may also support communication over one or more non-Ethernet media, such as coaxial cable or power lines, or wide-area media, such as Synchronous Optical Networking (SONET) or Digital Subscriber Line (DSL) technology. Furthermore, the network interface 106 may be in the form of one or more wireless interfaces, such as IEEE 802.11 (Wi-Fi), Bluetooth®, Global Positioning System (GPS), or wide-area wireless interfaces. However, other forms of physical layer interfaces and other types of standard or proprietary communication protocols may be used via the network interface 106. In addition, the network interface 106 may include multiple physical interfaces. For example, some embodiments of the computer device 100 may include Ethernet, Bluetooth®, and Wi-Fi interfaces.

[0042] The input / output unit 108 can facilitate interaction between the user and peripheral devices with the computer equipment 100. The input / output unit 108 may include one or more types of input devices (keyboard, mouse, touchscreen, etc.). Similarly, the input / output unit 108 may include one or more types of output devices (screen, monitor, printer, and / or one or more light-emitting diodes (LEDs), etc.). As an addition or alternative, the computer equipment 100 can communicate with other devices, for example, by using a Universal Serial Bus (USB) or High Definition Multimedia Interface (HDMI) port interface.

[0043] In some embodiments, the aPaaS architecture may be supported by the deployment of one or more computer devices, such as computer device 100. The exact physical location, connectivity, and configuration of these computer devices may be known and / or irrelevant to the client devices. Thus, the computer devices may be referred to as “cloud-based” devices that can be housed in various remote data center locations.

[0044] Figure 2 shows a cloud-based server cluster 200 according to an exemplary embodiment. In Figure 2, the operation of computer equipment (e.g., computer equipment 100) may be distributed among server equipment 202, data storage 204, and router 206, all of which may be connected by a local cluster network 208. The number of server equipment 202, data storage 204, and router 206 in the server cluster 200 may depend on the computing tasks and / or applications assigned to the server cluster 200.

[0045] For example, server device 202 can be configured to perform various computational tasks of computer device 100. Therefore, computational tasks can be distributed among one or more server devices 202. Such task distribution can reduce the total time required to complete these tasks and return results, as long as these tasks can be executed in parallel. For simplicity, both the server cluster 200 and individual server devices 202 may be referred to as "server devices." This naming is understood to imply that one or more different server devices, data storage devices, and cluster routers may be involved in the operation of the server devices.

[0046] The data storage 204 may be a data storage array including a drive array controller configured to manage read / write access to multiple groups of hard disk drives and / or semiconductor drives. The drive array controller may also be configured, either alone or in conjunction with the server equipment 202, to manage backups or redundant copies of the data stored in the data storage 204, as protection against drive failures or other types of failures that would prevent one or more server equipment 202 from accessing the data storage 204 units. Other types of memory besides drives may be used.

[0047] Router 206 may include network equipment configured to provide internal and external communications to the server cluster 200. For example, Router 206 may include one or more packet switching and / or routing devices (including switches and / or gateways) configured to provide (i) network communications between server equipment 202 and data storage 204 via the local cluster network 208, and / or (ii) network communications between the server cluster 200 and other equipment via a communication link 210 to network 212.

[0048] Furthermore, the configuration of router 206 may be based at least in part on the data communication requirements of server equipment 202 and data storage 204, the latency and throughput of local cluster network 208, the latency, throughput, and cost of communication link 210, and / or other factors that may contribute to the cost, speed, fault tolerance, resilience, efficiency, and / or other design objectives of the system architecture.

[0049] One possible example is that data storage 204 may include any form of database, such as a Structured Query Language (SQL) database. In such a database, various types of data structures can store information, including, but not limited to, tables, arrays, lists, trees, and tuples. Furthermore, any database in data storage 204 may be monolithic or distributed across multiple physical devices.

[0050] The server device 202 may be configured to send data to and / or receive data from the data storage 204. This transmission and retrieval may be in the form of SQL queries or other types of database queries, or the output of such queries. Similarly, text, images, videos, and / or audio may be additionally included. Furthermore, the server device 202 may organize the received data as a representation of a web page or web application. Such a representation may be in the form of HTML, an extended markup language such as XML, or any other standardized or proprietary format. Furthermore, the server device 202 may be capable of executing various types of computerized scripting languages, including but not limited to Perl, Python, PHP Hypertext Preprocessor (PHP), Active Server Pages (ASP), and JAVASCRIPT®. Computer program code written in these languages ​​can provide web pages to client devices and facilitate interaction with web pages on client devices. As an alternative or addition, Java® may be used to facilitate the generation of web pages and / or to provide web application functionality.

[0051] III. Exemplary Remote Network Management Architecture Figure 3 shows a remote network management architecture according to an exemplary embodiment. This architecture includes three main components: a managed network 300, a remote network management platform 320, and a public cloud network 340, all connected by the Internet 350.

[0052] A. Managed Network The managed network 300 may be an enterprise network used by entities for data storage, as well as for computing and communication tasks. For this purpose, the managed network 300 may comprise client devices 302, server devices 304, a router 306, a virtual machine 308, a firewall 310, and / or a proxy server 312. The client devices 302 may be embodied by computer devices 100, the server devices 304 may be embodied by computer devices 100 or a server cluster 200, and the router 306 may be any type of router, switch, or gateway.

[0053] A virtual machine 308 may be embodied by one or more of the computer equipment 100 and the server cluster 200. Generally, a virtual machine is an emulation of a computer system that mimics the functions of a physical computer (e.g., processor, memory, and communication resources). A single physical computer system, such as a server cluster 200, can support up to several thousand individual virtual machines. In some embodiments, the virtual machine 308 may be managed by a centralized server equipment or application that facilitates performance and error reporting, in addition to allocating physical computing resources to individual virtual machines. Enterprises often adopt virtual machines to efficiently allocate computing resources as needed. Providers of virtualized computer systems include VMware® and Microsoft®.

[0054] The firewall 310 may be one or more dedicated routers or server devices that protect the managed network 300 from unauthorized access attempts to internal devices, applications, and services while allowing legitimate communications originating from the managed network 300. The firewall 310 may also provide intrusion detection, web filtering, virus scanning, application layer gateways, and other applications or services. In some embodiments not shown in Figure 3, the managed network 300 may include one or more virtual private network (VPN) gateways for communicating with a remote network management platform 320 (see below).

[0055] Furthermore, the managed network 300 may comprise one or more proxy servers 312. One embodiment of the proxy server 312 may be a server application that facilitates the communication and movement of data between the managed network 300, the remote network management platform 320, and the public cloud network 340. In particular, the proxy server 312 may be capable of establishing and maintaining a secure communication session with one or more compute instances of the remote network management platform 320. Such a session may enable the remote network management platform 320 to discover and manage the architecture and configuration of the managed network 300 and its components.

[0056] In some cases, with the assistance of the proxy server 312, the remote network management platform 320 may also be able to detect and manage the configuration of the public cloud network 340 used by the managed network 300. Although not shown in Figure 3, this detection and management may be facilitated by deploying one or more proxy servers 312 in any of the public cloud networks 340.

[0057] Firewalls such as firewall 310 typically reject all incoming communication sessions via the Internet 350 unless the session ultimately originates behind the firewall (i.e., on a device on the managed network 300) and the firewall is explicitly configured to support the session. By placing the proxy server 312 behind firewall 310 (for example, by placing it within the managed network 300 and protecting it with firewall 310), the proxy server 312 may be able to initiate these communication sessions through firewall 310. This may eliminate the need for firewall 310 to be specially configured to support incoming sessions from the remote network management platform 320, thus avoiding a potential security risk to the managed network 300.

[0058] In some cases, the managed network 300 may consist of a small number of devices and networks. In other deployments, the managed network 300 may extend to multiple physical locations and include hundreds of networks and hundreds of thousands of devices. Therefore, the architecture shown in Figure 3 can be scaled up or down by orders of magnitude.

[0059] Furthermore, the number of proxy servers 312 deployed internally can be varied depending on the size, architecture, and connectivity of the managed network 300. For example, each proxy server 312 may be responsible for communication with the remote network management platform 320 for a portion of the managed network 300. Alternatively or additionally, load balancing, redundancy, and / or availability can be improved by assigning multiple sets of two or more proxy servers to such portions of the managed network 300.

[0060] B. Remote Network Management Platform The remote network management platform 320 is a hosted environment that provides aPaaS services to users, particularly operators of the managed network 300. These services may take the form of a web-based portal using, for example, the web-based technologies described above. This allows users to securely access the remote network management platform 320 from, for example, client equipment 302 or potentially client equipment outside the managed network 300. The web-based portal enables users to design, test, and deploy applications, generate reports, review analyses, and perform other tasks. The remote network management platform 320 may also be referred to as a multi-application platform.

[0061] As shown in Figure 3, the remote network management platform 320 includes four compute instances 322, 324, 326, and 328. Each of these compute instances may represent one or more nodes and / or one or more database nodes operating a dedicated copy of the aPaaS software. On physical server equipment and / or virtual machines, the servers and databases can be flexibly positioned and may be modified based on the enterprise's needs. In combination, these nodes can provide a set of web portals, services, and applications (e.g., a fully functional aPaaS system) available to a particular enterprise. In some cases, a single enterprise may use multiple compute instances.

[0062] For example, the managed network 300 may be an enterprise customer of the remote network management platform 320, and may also use compute instances 322, 324, and 326. One reason for providing multiple compute instances to a single customer is that the customer may want independent development, testing, and deployment of their applications and services. For this reason, compute instance 322 may be dedicated to application development associated with the managed network 300, compute instance 324 may be dedicated to testing these applications, and compute instance 326 may be dedicated to the live operation of the tested applications and services. Compute instances may also be referred to as hosted instances, remote instances, customer instances, or any other designation. Any application deployed on a compute instance is considered a scoped application in that access to the database within the compute instance may be restricted to certain internal elements (e.g., one or more specific database tables or specific rows within one or more database tables).

[0063] For simplicity, in this disclosure, the configuration of application nodes, database nodes, aPaaS software running on them, and the underlying hardware is referred to as a “computation instance.” Users may colloquially refer to the graphical user interface provided thereunder as an “instance.” Unless otherwise defined herein, a “computation instance” is a computer system located within the remote network management platform 320.

[0064] The multi-instance architecture of the Remote Network Management Platform 320 offers several advantages in contrast to traditional multi-tenant architectures. In a multi-tenant architecture, data from different customers (e.g., corporations) is mixed in a single database. While these customer data are isolated from each other, this isolation is enforced by the software operating the single database. As a result, a security breach in this system affects all customer data, posing an additional risk, especially for entities subject to government, healthcare, and / or financial regulations. Furthermore, any database operation affecting one customer can potentially affect all customers sharing that database. Therefore, in the event of an outage due to a hardware or software error, this outage will affect all such customers. Similarly, if the database is upgraded to meet the needs of one customer, all customers will be unavailable during the upgrade process. Such maintenance timeframes are often lengthy due to the size of the shared database.

[0065] In contrast, the multi-instance architecture provides each customer with its own database on a dedicated compute instance. This prevents the mixing of customer data and allows for independent management of each instance. For example, if one customer's instance goes down due to an error or upgrade, other compute instances remain unaffected. Because each database contains data for only one customer, maintenance downtime is limited. Furthermore, the simpler design of the multi-instance architecture allows redundant copies of each customer's database and instance to be deployed geographically diversified. This promotes high availability and allows for the migration of a live version of a customer's instance when failure detection or maintenance is performed.

[0066] In some embodiments, the remote network management platform 320 may include one or more central instances controlled by the entity operating the platform. Similar to compute instances, the central instances may include several application and database nodes deployed on several physical server devices or virtual machines. Such a central instance may function as a repository for a specific configuration of data that may be shared by compute instances, as well as at least some of them. For example, a central instance may contain definitions of common security threats that may occur on compute instances, software packages commonly found on compute instances, and / or an application store for applications deployable to compute instances. Compute instances may communicate with the central instance through a clearly defined interface to obtain this data.

[0067] To efficiently support multiple computing instances, the remote network management platform 320 may configure multiple such instances to run on a single hardware platform. For example, if the aPaaS system is running on a server cluster such as server cluster 200, it may run virtual machines that allocate varying amounts of computing, storage, and communication resources to instances. However, full virtualization of server cluster 200 is not required, and instances may be isolated by other mechanisms. In some examples, each instance may have a dedicated account and one or more dedicated databases on server cluster 200. Alternatively, computing instances such as computing instance 322 may span multiple physical devices.

[0068] In some cases, a single server cluster of the remote network management platform 320 may support multiple independent enterprises. Furthermore, as described below, the remote network management platform 320 may comprise multiple server clusters deployed in geographically diverse data centers to facilitate load balancing, redundancy, and / or high availability.

[0069] C. Public Cloud Network The public cloud network 340 may be remote server equipment (e.g., multiple server clusters such as server cluster 200) available for outsourced computing, data storage, communications, and service hosting operations. These servers may be virtualized (i.e., virtual machines). Examples of the public cloud network 340 include Amazon AWS Cloud, Microsoft Azure Cloud (Azure), Google Cloud Platform (GCP), and IBM Cloud Platform. Similar to the remote network management platform 320, multiple server clusters supporting the public cloud network 340 may be deployed in geographically diverse locations for load balancing, redundancy, and / or high availability.

[0070] The managed network 300 may use one or more public cloud networks 340 to deploy applications and services to its clients and customers. For example, if the managed network 300 provides an online music streaming service, the public cloud network 340 may store the music files and provide a web interface and streaming functionality. In this way, the company in the managed network 300 does not need to build and maintain its own servers for these operations.

[0071] The remote network management platform 320 may include modules that, through integration with the public cloud network 340, expose its internal virtual machines and managed services to the managed network 300. These modules may enable users to request virtual resources, discover allocated resources, and report flexibly to the public cloud network 340. To establish this functionality, users of the managed network 300 may first create an account in the public cloud network 340 and request a set of relevant resources. The user may then enter their account information into an appropriate module of the remote network management platform 320. These modules may then automatically discover the manageable resources for the account and provide usage, performance, and billing-related reports.

[0072] D. Communications support and other operations Internet 350 may represent a portion of the global internet. However, Internet 350 may also represent different types of networks, such as private wide-area or local area packet-switched networks.

[0073] Figure 4 further illustrates the communication environment between the managed network 300 and the compute instance 322, and introduces additional features and alternative embodiments. In Figure 4, all or part of the compute instance 322 is replicated in both data centers 400A and 400B. These data centers may be geographically separated from each other, possibly in different cities or countries. Each data center is equipped with the managed network 300 as well as support facilities to facilitate communication with remote users.

[0074] In data center 400A, network traffic to external devices flows through VPN gateway 402A or firewall 404A. VPN gateway 402A may peer with VPN gateway 412 of managed network 300 using a security protocol such as Internet Protocol Security (IPSEC) or Transport Layer Security (TLS). Firewall 404A may be configured to allow access from legitimate users such as user 414 and remote user 416, and to deny access from unauthorized users. Firewall 404A allows these users to access compute instance 322 and optionally other compute instances. Load balancer 406A may be used to distribute traffic among one or more physical or virtual server devices hosting compute instance 322. Load balancer 406A can simplify user access by hiding the internal configuration of data center 400A (e.g., compute instance 322) from client devices. For example, if the compute instance 322 includes multiple physical or virtual computer devices that share access to multiple databases, the load balancer 406A may distribute network traffic and processing tasks among these computer devices and databases so that no computer device or database is significantly busier than others. In some embodiments, the compute instance 322 may include a VPN gateway 402A, a firewall 404A, and a load balancer 406A.

[0075] Data center 400B may have its own version of the components of data center 400A. Therefore, VPN gateway 402B, firewall 404B, and load balancer 406B may perform the same or similar operations as VPN gateway 402A, firewall 404A, and load balancer 406A, respectively. Furthermore, computing instances 322 may exist simultaneously in data centers 400A and 400B through real-time or near-real-time database replication and / or other operations.

[0076] As shown in Figure 4, data centers 400A and 400B can facilitate redundancy and high availability. In the configuration of Figure 4, data center 400A is active and data center 400B is passive. Therefore, data center 400A serves all traffic to managed network 300, while the version of compute instance 322 in data center 400B is updated in near real-time. Other configurations, such as a configuration in which both data centers are active, may be supported.

[0077] If data center 400A experiences any failure or becomes unavailable to users, data center 400B can take over as the active data center. For example, a Domain Name System (DNS) server that associates the domain name of compute instance 322 with one or more Internet Protocol (IP) addresses of data center 400A may reassociate the domain name with one or more IP addresses of data center 400B. After this reassociation is complete (which is thought to take less than a second or a few seconds), users can access compute instance 322 through data center 400B.

[0078] Figure 4 also shows a possible configuration of the managed network 300. As described above, the proxy server 312 and user 414 can access the compute instance 322 through the firewall 310. The proxy server 312 can also access the configuration item 410. In Figure 4, the configuration item 410 may represent any or all of the client device 302, server device 304, router 306, and virtual machine 308, any of their components, any application or service running thereon, as well as the relationships between devices, components, applications, and services. Therefore, the term "configuration item" may be an abbreviation for any physical or virtual device, any application or service that can be remotely discovered or managed by the compute instance 322, or some or all of the relationships between discovered devices, applications, and services. The configuration item may be represented in the configuration management database (CMDB) of the compute instance 322.

[0079] When stored or transmitted, a configuration item may be a list of attributes that characterize the hardware or software represented by that configuration item. These attributes may include manufacturer, vendor, location, owner, unique identifier, description, network address, operating status, serial number, last modified time, etc. The class of a configuration item may determine the subset of attributes that exist for that configuration item (for example, software and hardware configuration items may have different list of attributes).

[0080] As described above, VPN gateway 412 may provide a dedicated VPN to VPN gateway 402A. Such a VPN may be useful when there is a large amount of traffic between managed network 300 and compute instance 322, or when security policies suggest or require the use of a VPN between these sites. In some embodiments, any equipment in managed network 300 and / or compute instance 322 that communicates directly over the VPN is assigned a public IP address. Other equipment in managed network 300 and / or compute instance 322 may be assigned a private IP address (for example, an IP address selected from the ranges 10.0.0.0 to 10.255.255.255 or 192.168.0.0 to 192.168.255.255, respectively, abbreviated as subnets 10.0.0.0 / 8 and 192.168.0.0 / 16). In various alternatives, devices in the managed network 300, such as the proxy server 312, may communicate directly with one or more data centers using a secure protocol (e.g., TLS).

[0081] IV. Exemplary Detection The remote network management platform 320 may first determine the devices present in the managed network 300, their configurations, components, and operating states, as well as the applications and services they provide, in order to manage the devices, applications, and services of the managed network 300. The remote network management platform 320 may also determine the relationships between discovered devices, their respective components, applications, and services. Each representation of a device, component, application, and service may be referred to as a configuration item. The process of determining the configuration items and relationships within the managed network 300 is referred to as discovery, which can be at least partially facilitated by the proxy server 312. The representations of configuration items and relationships are stored in the CMDB.

[0082] This section describes the discovery performed on the managed network 300, but the same or similar discovery procedures may be used on the public cloud network 340 as well. Therefore, in some environments, "discovery" may refer to the discovery of configuration items and relationships on the managed network and / or one or more public cloud networks.

[0083] For the purposes of this specification, “Application” may represent one or more processes, threads, programs, client software modules, server software modules, or any other software running on a device or group of devices. “Service” may represent an advanced function provided by one or more applications running on one or more devices that interact with each other. For example, a web service may include multiple web application server threads running on one device that access information from a database application running on another device.

[0084] Figure 5 is a logical depiction of how configuration items and relationships can be detected, as well as how related information can be stored. For simplicity, the remote network management platform 320, the public cloud network 340, and the internet 350 are not shown.

[0085] In Figure 5, the deployment and / or operation of the CMDB 500, task list 502, and identification and arbitration engine (IRE) 514 takes place within the compute instance 322. The task list 502 represents the connection point between the compute instance 322 and the proxy server 312. The task list 502 may also be referred to as a queue, or more specifically, an external communication channel (ECC) queue. The task list 502 may represent not only the queue itself, but also any related processes such as adding, deleting, and / or manipulating information in the queue.

[0086] Once detection occurs, the compute instance 322 may store the detection tasks (jobs) that the proxy server 312 should perform in the task list 502 until the proxy server 312 requests these tasks in one or more batches. Placing tasks in the task list 502 can trigger or initiate the proxy server 312 to start its respective detection operation. For example, the proxy server 312 may periodically or as needed poll the task list 502, or be notified of the detection commands in the task list 502 in some other way. Alternatively or additionally, detection may be triggered manually or automatically based on a trigger event (for example, detection may start automatically once a day at a specific time).

[0087] Nevertheless, the computing instance 322 may, upon request, send these discovery commands to the proxy server 312. For example, the proxy server 312 may repeatedly query the task list 502 to retrieve the next task and execute this task until the task list 502 is empty or another termination condition is met. In response to receiving discovery commands, the proxy server 312 may query various devices, components, applications, and / or services in the managed network 300 (represented in Figure 5 as devices 504, 506, 508, 510, and 512 for simplicity). These devices, components, applications, and / or services may provide the proxy server 312 with responses regarding their respective configurations, operations, and / or states. The proxy server 312 may then provide this discovery information to the task list 502 (i.e., the task list 502 may have a send queue for holding discovery commands until requested by the proxy server 312 and a receive queue for holding discovery information until read).

[0088] IRE514 may be a software module that retrieves discovery information from task list 502 and organizes this discovery information as configuration items and the relationships between them (for example, representing devices, components, applications, and / or services discovered on managed network 300). IRE514 may then provide these configuration items and relationships to CMDB500 for storage. The operation of IRE514 is described in more detail below.

[0089] Thus, the configuration items stored in CMDB500 represent the environment of the managed network 300. For example, these configuration items may represent a set of physical and / or virtual devices (e.g., client devices, server devices, routers, or virtual machines), applications running on them (e.g., web servers, email servers, databases, or storage arrays), or services containing multiple individual configuration items. Relationships may also be defined as pair definitions of placement or dependencies between configuration items.

[0090] To enable the detection described above, the proxy server 312, CMDB 500, and / or one or more authentication information stores may be configured with authentication information for the device to be detected. The authentication information may include any type of information necessary to access the device. This may include user ID / password pairs, certificates, etc. In some embodiments, this authentication information may be stored in an encrypted field of CMDB 500. The proxy server 312 may include a decryption key for this authentication information so that logon to or access to the device to be detected using the authentication information is possible.

[0091] There are two common types of detection: horizontal and vertical (top-down). Each is discussed below.

[0092] A. Horizontal detection Horizontal discovery is used to scan the managed network 300 to discover devices, components, and / or applications, and then input configuration items representing these devices, components, and / or applications into the CMDB 500. Horizontal discovery also generates relationships between configuration items. For example, an "execution" relationship is possible between a configuration item representing a software application and a configuration item representing the server device on which it runs. Typically, horizontal discovery is not service-aware and does not generate relationships between configuration items based on running services.

[0093] There are two versions of horizontal detection. One relies on probes and sensors, while the other also employs patterns. The probes and sensors may be scripts (for example, written in JAVASCRIPT®) that collect and process detection information on the device and then update the CMDB500 accordingly. More specifically, the probes explore or investigate devices on the managed network 300, and the sensors analyze the detection information returned from the probes.

[0094] Patterns are also scripts that collect and process data from one or more devices to update the CMDB. Patterns differ from probes and sensors in that they are written in a specific detection programming language and are used to perform detailed detection procedures on specific devices, components, and / or applications where reliable detection is often impossible (or impossible) with more general probes and sensors. In particular, patterns can specify a set of actions that define how to detect devices, components, and / or applications in a particular deployment, the authentication information to be used, and the CMDB table into which the resulting configuration items will be entered.

[0095] All versions can follow four logical stages: scanning, classification, identification, and discovery. Additionally, all versions may require specifying one or more ranges of IP addresses on the managed network 300 where discovery is taking place. Each stage may include communication between devices on the managed network 300 and the proxy server 312, as well as between the proxy server 312 and the task list 502. Some or some auxiliary configuration items may be stored in the CMDB 500 at certain stages, which can be updated at later stages.

[0096] During the scanning phase, the proxy server 312 may determine the general type of device and its operating system by probing each IP address within a specified range of IP addresses for open Transmission Control Protocol (TCP) and / or User Datagram Protocol (UDP) ports. The presence of such open ports on an IP address indicates that a particular application is running on the device to which that IP address is assigned, thereby allowing identification of the operating system used by that device. For example, if TCP port 135 is open, the device is likely running the WINDOWS® operating system. Similarly, if TCP port 22 is open, the device is likely running a UNIX® operating system such as LINUX®. If UDP port 161 is open, the device may be identifiable separately through Simple Network Management Protocol (SNMP). Other possibilities exist.

[0097] During the classification stage, the proxy server 312 may further probe each detected device to determine its operating system type. The probes used for a particular device are based on the information collected about that device during the scanning stage. For example, if a device with TCP port 22 open is found, a set of UNIX®-specific probes may be used. Similarly, if a device with TCP port 135 open is found, a set of WINDOWS®-specific probes may be used. In either case, a suitable set of tasks may be placed in the task list 502 for the proxy server 312 to execute. These tasks enable the proxy server 312 to log on to or access information from a particular device. For example, if TCP port 22 is open, the proxy server 312 may be instructed to initiate a Secure Shell (SSH) connection to the particular device and retrieve information about a specific type of operating system on the device from a specific location in the file system. Based on this information, the operating system may be determined. For example, UNIX® devices with TCP port 22 open are classified as AIX®, HPUX, LINUX®, MACOS®, or SOLARIS®. This classification information may be stored in CMDB500 as one or more configuration items.

[0098] During the identification stage, the proxy server 312 may determine specific details about the classified device. The probes used in this stage may be based on information collected about the specific device during the classification stage. For example, if the device is classified as LINUX®, a set of LINUX®-specific probes may be used. Similarly, if the device is classified as WINDOWS® 10, a set of WINDOWS® 10-specific probes may be used. As in the classification stage, a suitable set of tasks may be placed in the task list 502 for the proxy server 312 to execute. These tasks enable the proxy server 312 to read information from the specific device, such as basic input / output system (BIOS) information, serial number, network interface information, media access control addresses assigned to these network interfaces, and IP addresses used by the specific device. This identification information may be stored in the CMDB 500 as one or more configuration items, along with any related relationships between them. In this case, identification information may be passed through IRE514 to avoid the generation of duplicate configuration items for the purpose of resolving ambiguity and / or to determine which table in CMDB500 should be written to the detection information.

[0099] During the discovery phase, the proxy server 312 may determine additional details regarding the operating status of the classified devices. The probes used in this phase may be based on information collected about specific devices during the classification and / or identification phases. In this case as well, a suitable set of tasks may be placed in the task list 502 for the proxy server 312 to execute. These tasks enable the proxy server 312 to read additional information from the specific device, such as processor information, memory information, and a list of running processes (software applications). Again, the discovery information may be stored in the CMDB 500 as one or more configuration items and relationships.

[0100] When performing lateral discovery on specific devices such as switches and routers, SNMP may be used. As an alternative to or addition to determining a list of running processes or other application-related information, discovery may involve the router determining known additional subnets and the operational status of the router's network interfaces (e.g., active, inactive, queue length, number of dropped packets, etc.). The IP addresses of the additional subnets may be candidates for other discovery procedures. For this reason, lateral discovery may proceed iteratively or recursively.

[0101] Patterns are used only during the identification and search phases. In pattern-based detection, the scanning and classification phases operate as they would when probes and sensors are used. After the classification phase is complete, a pattern probe is designated as the probe to be used for identification. Subsequently, the pattern probe and the pattern it designates are activated.

[0102] Patterns, through detection programming languages, support many features that are unavailable or difficult to achieve with detection using probes and sensors. For example, pattern-based detection makes it much easier to discover devices, components, and / or applications in public cloud networks, as well as to track configuration files. Furthermore, these patterns are more easily customizable by users than probes and sensors. Also, because patterns are more focused on specific devices, components, and / or applications, they can be executed faster than the more general methods used by probes and sensors.

[0103] Once horizontal detection is complete, the configuration item representations for each detected device, component, and / or application become available in CMDB500. For example, after detection, the operating system versions, hardware configurations, and network configuration details of client devices, server devices, and routers in the managed network 300, as well as the applications running on them, may be stored as configuration items. This collected information can be presented to the user in various ways, allowing the user to verify the hardware configuration and operating status of the devices.

[0104] Furthermore, CMDB500 may include entries relating to the relationships between configuration items. More specifically, suppose the server equipment includes many hardware components (e.g., processor, memory, network interface, storage, and file system) on which multiple software applications are installed or run. The relationships between the components and the server equipment (e.g., "inclusion" relationships) and the relationships between the software applications and the server equipment (e.g., "execution" relationships) may be represented in CMDB500 as such.

[0105] More generally, the relationships between hardware configuration items and software configuration items that are installed or executed can take various forms, such as hosting, execution, or dependency. For example, a database application installed on a server device may indicate that it is hosted on the server device by having a "hosting" relationship with it. In some embodiments, a server device may indicate that it is used by a database application by having a "use" relationship with it. These relationships may be automatically discovered using the detection procedures described above, but they can also be configured manually.

[0106] In this way, the remote network management platform 320 can discover and list the hardware and software deployed and provided on the managed network 300.

[0107] B. Vertical detection Vertical discovery is a technique used to explore and map configuration items that are part of an overall service, such as a web service. For example, vertical discovery can map a web service by showing the relationships between a web server application, a LINUX® server device, and a database that stores data for the web service. Typically, horizontal discovery is performed first to find configuration items and the basic relationships between them, and then vertical discovery is performed to establish the relationships between the configuration items that make up the service.

[0108] The use of patterns allows for the detection of specific types of services. These patterns are programmable to search for specific hardware and software configurations that match descriptions of how the services are deployed. Alternatively or in addition, traffic analysis (e.g., examining network traffic between devices) can also facilitate vertical discovery. In some cases, service parameters can be manually configured to aid in vertical discovery.

[0109] Generally, vertical discovery attempts to find certain types of relationships between devices, components, and / or applications. Some of these relationships can be inferred from configuration files. For example, the configuration file of a web server application might represent the IP address and port number of the database it relies on. Vertical discovery patterns can be programmed to search for such references and infer relationships from them. Relationships can also be inferred from traffic between devices. For example, if there is a large amount of web traffic (e.g., TCP port 80 or 8080) going back and forth between a load balancer and a device hosting a web server, it can be inferred that the load balancer and the web server have some kind of relationship.

[0110] The relationships discovered through vertical discovery can take various forms. For example, an email service may include email server software configuration items and database application software configuration items, each installed in different hardware device configuration items. The email service may have a “dependence” relationship with both of these software configuration items, while the software configuration items have a “usage” relationship with the email service. Since such services may not be fully determined by horizontal discovery procedures, reliance may instead be placed on vertical discovery and, if applicable, some degree of manual configuration.

[0111] C. Advantages of detection Discovery information, regardless of how it is obtained, can be beneficial to the operation of managed networks. In particular, IT personnel can quickly determine where a specific software application is deployed and the configuration items that make up the service. This allows them to quickly pinpoint the root cause of service outages or degradation. For example, if two different services are slow to respond, a query to the CMDB (among many possible actions) can determine that the root cause is high processor utilization of the database applications used by both services. This allows IT personnel to address the database application without wasting time examining the health and performance of other configuration items that make up the service.

[0112] In another example, a database application runs on a server machine, and this database application is used for both employee training services and payroll services. Therefore, if the server machine is shut down for maintenance, the employee training services and payroll services will clearly be affected. Similarly, dependencies and relationships between configuration items can represent services that would be affected if a particular piece of hardware fails.

[0113] Generally, configuration items and / or relationships between configuration items can be displayed in a web-based interface and represented hierarchically. This interface allows for modification of such configuration items and / or relationships in the CMDB.

[0114] Furthermore, users of Managed Network 300 can develop workflows that enable the execution of specific coordinated actions across multiple detected devices. For example, an IT workflow could allow a user to change the common administrator password for all detected LINUX® devices in a single operation.

[0115] V.CMDB Identification Rules and Arbitration CMDBs such as CMDB500 provide a repository of configuration items and relationships. When properly defined, they can play a critical role in higher-level applications deployed within compute instances or in higher-level applications that include compute instances. These applications may relate to an enterprise's IT service management, operations management, asset management, configuration management, and regulatory compliance.

[0116] For example, an IT service management application may use information from the CMDB to determine which applications and services may be affected by a malfunctioning, out-of-service, or overloaded component (e.g., server equipment). Similarly, an asset management application may use information from the CMDB to determine which hardware and / or software components are used to support a particular enterprise application. As a result of the importance of the CMDB, the information stored therein should be accurate, consistent, and up-to-date.

[0117] Input to the CMDB can be performed in various ways. As mentioned above, the detection procedure may be configured to automatically store information, including configuration items and relationships, in the CMDB. However, all or part of the input to the CMDB can also be done manually, through configuration files, and through third-party data sources. Given that multiple data sources can update the CMDB at any time, one data source may overwrite entries from another. Also, two data sources may each generate slightly different entries for the same configuration item, resulting in the CMDB containing duplicate data. If any of these occur, the health and usefulness of the CMDB may be reduced.

[0118] To mitigate this situation, these data sources may not directly write configuration items to the CMDB. Instead, they may write to the IRE514's Identification and Arbitration Application Programming Interface (API). The IRE514 can then use a set of configurable identification rules to uniquely identify the configuration items and determine whether and how to write them to the CMDB.

[0119] Generally, an identification rule specifies a set of configuration attribute attributes that can be used for this unique identification. Identification rules may also have a priority order, with higher-priority rules being considered before lower-priority rules. Furthermore, rules can be considered independent in that they identify configuration items independently of other configuration items. Alternatively, rules can be considered dependent in that metadata rules are initially used to identify the configuration items they depend on.

[0120] Metadata rules describe other configuration items included in a particular configuration item, or the hosts to which a particular configuration item is deployed. For example, a network directory service configuration item may include a domain controller configuration item, while a web server application configuration item may be hosted in a server equipment configuration item.

[0121] The goal of each identification rule is to use a combination of attributes that clearly distinguish a configuration item from all other configuration items and that are not expected to change during the lifespan of the configuration item. Possible attributes for an example server device include serial number, location, operating system, operating system version, and memory capacity. If a rule specifies attributes that do not uniquely identify a configuration item, multiple components may be represented as the same configuration item in the CMDB. Also, if a rule specifies attributes that change for a particular configuration item, duplicate configuration items may be generated.

[0122] Therefore, when a data source provides IRE514 with information about a configuration item, IRE514 may attempt to match this information against one or more rules. If a match is found, the configuration item is written to the CMDB or updated if it already exists in the CMDB. If no match is found, the configuration item may be retained for further analysis.

[0123] Configuration item arbitration procedures may be used to ensure that only authorized data sources are allowed to overwrite configuration item data in the CMDB. This arbitration may also be rule-based. For example, arbitration rules may specify that a particular data source has authority over a specific configuration item type and a set of attributes. IRE514 may then allow only this authorized data source to write to that particular configuration item, thus preventing writes by unauthorized data sources. In this way, legitimate data sources become the sole source of truth regarding a particular configuration item. In some cases, an unauthorized data source may be allowed to write to a configuration item if it is generating the item or if the attribute being written is empty.

[0124] Furthermore, multiple data sources may have permissions to the same configuration item or its attributes. For clarity, these data sources may be assigned priority levels to be considered when writing to the configuration item. For example, a data source with second-highest privileges may be able to write to the attribute of the configuration item until the data source with first-highest privileges has written to it. After that, further writes to the attribute by the data source with second-highest privileges may be prevented.

[0125] In some cases, duplicate configuration items can be automatically detected by IRE514 or by other means. These configuration items may be deleted for manual deduplication or flagged.

[0126] VI. Exemplary Results-Oriented Software Applications Figure 6 shows an exemplary software application 600 that may be configured to facilitate the deployment and modification of computing resources on the cloud computing system 602. Specifically, the software application 600 may provide a GUI that can modify the configuration of the cloud computing system 602 and may be configured to determine actions to realize the changes specified by the GUI. The software application 600 may also be referred to as a results-oriented automation software application and / or a state-oriented software application, among many other possibilities. The cloud computing system 602 may also be referred to as a computing cloud. The remote network management platform 320 may provide an example of the cloud computing system 602.

[0127] The cloud computing system 602 may comprise deployed computing resources 604, a predetermined automation 606, and available computing resources 608. The deployed computing resources 604 may include hardware and / or software currently deployed (e.g., available for use) on the cloud computing system 602, and may change over time in response to changes in the deployment of these computing resources. The cloud computing system 602 may be configured to maintain a representation of the deployed computing resources 604. For example, the cloud computing system 602 may store CIs representing the deployed computing resources 604 in the CMDB.

[0128] The available computing resources 608 may represent computing resources that can be deployed on the cloud computing system 602. For example, the available computing resources 608 may represent (i) multiple types of computing resources, (ii) multiple types of relationships between multiple types of computing resources, and / or (iii) a quantitative measure of how much of each type of computing resource and / or each type of relationship is available for deployment.

[0129] A predetermined automation 606 may include operations configured to control the deployment of computing resources on the cloud computing system 602. For example, a predetermined automation 606 may be configured to change the configuration of deployed computing resources 604 and / or deploy available computing resources 608. Each predetermined automation of the predetermined automation 606 may include one or more corresponding operations configured to control at least one configuration of the deployment of corresponding computing resources on the cloud computing system 602. For example, a predetermined automation 606 may be configured to deploy new computing resources, deploy copies of existing computing resources, restart existing computing resources, discard existing computing resources, move existing computing resources, change the attributes of existing computing resources, and / or restore past computing resources, among many other possibilities.

[0130] A given automation 606 may be specific to the cloud computing system 602. Therefore, manual control of the deployment of computing resources on the cloud computing system 602 may depend on familiarity with and / or experience with the given automation 606. That is, in order to effectively control the configuration of the cloud computing system 602, users may need to understand the changes made by at least a portion of the given automation 606. Consequently, many potential users may not be able to make changes to the cloud computing system 602 and instead may rely on more experienced users for control of the cloud computing system 602. For example, if a given automation 606 includes hundreds of different automations, some of which are interdependent and each may be associated with extensive text documentation detailing their correct use, then effective use of the given automation 606 by an inexperienced user may become impractical.

[0131] According to the software application 600, a user may be able to modify the cloud computing system 602 via a GUI rather than by manually selecting and executing a predetermined automation 606. The software application 600 may be configured to use a predetermined automation 606 to make the changes specified by the GUI. However, the use of the GUI may be independent of the user's familiarity with and / or experience with the predetermined automation 606. Thus, according to the software application 600, a user can modify the cloud computing system 602 more easily and / or quickly.

[0132] The software application 600 may include a state generator 610, a GUI engine 614, a difference calculator 618, an action selector 624, and a state transition model 630. In some embodiments, the software application 600 may be implemented as part of a cloud computing system 602. For example, the software application may be hosted on the cloud computing system 602. In other embodiments, the software application 600 may be implemented by a third-party system different from the cloud computing system 602, and may be connected to the cloud computing system 602.

[0133] The state generator 610 may be configured to determine the existing state 612 of the deployed computing resources 604. The existing state 612 may represent the computing resources currently deployed on the cloud computing system 602, the relationships between these computing resources, and / or the attributes of these computing resources. In some embodiments, the relationships between two computing resources may be considered attributes of each of the two or more computing resources. The state generator 610 may be configured to retrieve a CI (including any attributes tracked by the cloud computing system 602) representing the deployed computing resources 604 from the cloud computing system 602.

[0134] The GUI engine 614 may be configured to generate a graphical representation of the existing state 612, which may include graphical GUI components representing the expanded computed resources 604. Therefore, instead of representing the expanded computed resources 604 using strings and / or structures containing alphanumeric values, as CI may do, the graphical representation of the existing state 612 may utilize graphical components (e.g., icons, lines, panes, visual tree structures, etc.) to represent the expanded computed resources 604, the relationships between them, and / or their respective attributes. Figures 7A and 7B provide examples of graphical representations of the existing state.

[0135] Furthermore, the GUI engine 614 may be configured to generate a target state 616 based on GUI changes 620 made by one or more users to the graphical representation of the existing state 612. GUI changes 620 may include adding, deleting, copying, moving, and / or other modifications to graphic icons representing target changes to the number and / or placement of deployed computing resources 604. GUI changes 620 may also include changing the values ​​of one or more variables associated with graphic icons representing target changes to the attributes of the deployed computing resources 604. Thus, the target state 616 may indicate the computing resources, their respective placements, and / or their respective attributes that one or more users want to deploy on the cloud computing system 602. Since the target state 616 can be generated based on changes to the graphical representation of the existing state 612, it may differ from the existing state 612. Figure 7C provides an exemplary graphical representation of the target state.

[0136] The difference calculator 618 may be configured to determine a state difference 622 based on the existing state 612 and the target state 616. The state difference 622 may represent the computational resources that have changed between the existing state 612 and the target state 616, the relationships between them, and / or their respective attributes. The GUI engine 614 may be configured to generate a graphical representation of the state difference 622. Figure 7D provides an exemplary graphical representation of the state difference.

[0137] The state difference 622 can provide a programmatic representation of a target change made via the GUI to reach the target state 616 from the existing state 612. The existing state 612, the target state 616, and / or the state difference may be represented using, for example, HASHICORP® setting language (HCL), JSON (JAVASCRIPT® Object Notation), and / or another programming language and / or data exchange format configured to represent computational resources. The difference calculator 618 may be configured to determine the state difference 622 by determining the text difference between a first source code file representing the existing state 612 and a second source code file representing the target state 616.

[0138] The action selector 624 may be configured to determine the action 626 based on the state difference 622. In one example, the state difference 622 and / or the action 626 may be determined based on and / or in accordance with the selection of a planning generation GUI component provided as part of the GUI. For example, the state difference 622 and / or the action 626 may be determined when the user indicates completion of defining the target state 616 by selecting a planning generation GUI component. In another example, the state difference 622 and / or the action 626 may be determined automatically when the user makes a change to an existing state 612. For example, each GUI change 620 may determine an updated version of the target state 616, an updated version of the state difference 622, and an updated version of the action 626. For example, the state difference 622 and / or the action 626 may be determined simultaneously with the user defining the target state 616.

[0139] Operation 626 may include one or more operations configured to modify the deployed computing resources 604 to reach a target state 616 from an existing state 612. Therefore, when operation 626 is executed, the deployed computing resources 604 may change by a state difference 622. Operation 626 may include a predetermined automation 606 and / or a part thereof.

[0140] The action selector 624 may be configured to determine action 626 by determining a corresponding action configured to perform each change in the state difference 622. Thus, action 626 may include corresponding actions to modify each computational resource, relationship, and / or attribute indicated by the state difference 622. The action selector 624 may also include a mapping between a predetermined automation 606 and a possible change, which may be used to select a predetermined automation corresponding to the change indicated by the state difference 622. For example, the mapping may indicate the changes that are expected to be achieved by each predetermined automation of the predetermined automation 606, and its use may allow for the selection of a predetermined automation corresponding to each change indicated by the state difference 622.

[0141] The operations 626 may be ordered based on arbitrary dependencies between different types of computing resources. For example, since a software application may depend on a server node, the server node may be deployed prior to the deployment of the software application. Therefore, the operation selector 624 may include representations of computing resources, the relationships between them, and / or potential dependencies between their attributes. For example, potential dependencies may be represented by a dependency graph that can represent how the cloud computing system 602 structures its computing resources. For this reason, the operation selector 624 may be configured to order the operations 626 based on the dependency graph prior to an attempt to deploy a given computing resource, such that any preconditions for the deployment of a given computing resource are met.

[0142] The operation 626 may be provided to a GUI engine 614 which can be configured to generate a graphical representation of the operation 626. In some embodiments, the operation 626 may be modified by the GUI. For example, the initial set of operations 626 may be modified based on an operation change 632 made by the user via the GUI, and the updated set of operations 626 may be determined by the operation selector 624 based on the operation change 632. Thus, in some cases the user may execute the operation 626 generated by the operation selector 624, while in other cases the operation 626 may be modified prior to execution.

[0143] The state transition model 630 may be configured to determine intermediate states 628 based on operations 626. For example, the state transition model 630 may be configured to determine a corresponding intermediate state for each operation of operation 626, indicating the expected state of the deployed computing resources 604 after the execution of each operation. The intermediate states 628 may be provided to a GUI engine 614, which can be configured to generate a graphical representation thereof. Thus, the intermediate states 628 can provide a graphical representation of the expected impact of operation 626 on the state of the deployed computing resources 604 of the cloud computing system 602 when visualized by the GUI. Furthermore, the intermediate states 628 allow the user to visually preview the changes expected by operation 626 and take them into consideration when specifying operation changes 632. Figures 7E, 7F, and 7G provide exemplary graphical representations of intermediate states.

[0144] After the execution of operation 626, the software application 600 may be configured to determine the final state of the deployed computing resources 604 as a result of the execution of operation 626 and to generate a visual representation of the final state. The final state may be based on a check of the actual state of the deployed computing resources 604 and / or the return value of operation 626. For example, the final state may be determined by a state generator 610 based on updated CIs obtained from the cloud computing system 602 after the execution of operation 626. As an addition or alternative, the final state may be determined by a state generator 610 based on the return value of operation 626, which may indicate whether the execution of operation 626 (and the changes expected therefrom) was successful. Specifically, the changes expected to be implemented by each operation of operation 626 may be determined to have been successfully implemented if the return value of that operation indicates the success of the execution of that operation, and to have not been implemented if the return value of that operation indicates the failure of the execution of that operation. Figures 7H and 7I provide exemplary graphic representations of the final state.

[0145] VII. Exemplary GUI Figures 7A, 7B, 7C, 7D, 7E, 7F, 7G, 7H, 7I, and 7J show exemplary GUIs that can be generated by a software application 600 to facilitate the deployment of computing resources on a cloud computing system 602. Specifically, Figure 7A shows a GUI 700 that can be generated by a GUI engine 614. The GUI 700 may include a computing resources pane 702, a relationships pane 704, a settings pane 706, and an attributes pane 708, each of which may include interactive GUI components.

[0146] The Computation Resources pane 702 may include a visual representation of the types of computing resources available on the cloud computing system 602. Among many possibilities, the Computation Resources pane 702 may include, for example, a server icon 712 (representing server hardware and / or software), a database ("DB") icon 714 (representing database hardware and / or software), an application ("App") icon 716 (representing a software application), and an instance icon 718 (representing a computing instance). The Relationships pane 704 may include a visual representation of the relationship types between the various computing resource types available on the cloud computing system 602. Among many possibilities, the Relationships pane 704 may include, for example, an application-database connector icon 720, a replication connector icon 722, and an instance connector icon 724.

[0147] The configuration pane 706 may include a visual representation of one or more states (e.g., existing, intermediate, target, final, etc.) of the computing resources of the cloud computing system 602. For example, the configuration pane 706 shown in Figure 7A provides a visual representation of the existing state 780, which includes instance 726, application server 728 running application 729, application server 730 running application 731, and DB server 732 providing DB 733, where servers 728, 730, and 732 constitute part of instance 726, and applications 729 and 731 utilize DB 733. The existing state 780 may also represent the state of deployed computing resources 604 at a first time point.

[0148] The attributes pane 708 may include representations of the attributes (e.g., characteristics, parameters, etc.) of the compute resource selected by the configuration pane 706. For example, if app 731 is selected by the configuration pane 706, as shown by the hatching pattern in Figure 7A, the attributes pane 708 may display one or more attributes of app 731. App 731 may be associated with attributes 734, 736, 738, and 740-742 (i.e., attributes 734-742), each having values ​​735, 737, 739, and 741-743 (i.e., values ​​735-743). Attributes 734-742 and values ​​735-743 may represent any user-modifiable aspects of app 731 (e.g., including, among many possibilities, error logging characteristics, caching characteristics, security characteristics, and / or request processing characteristics). Furthermore, for any other computational resources displayed in the settings pane 706, the corresponding set of resource-specific attributes and their values ​​can be modified via the attributes pane 708.

[0149] Figure 7B shows a GUI 700 displaying another visual representation of another existing state of computing resources in the cloud computing system 602. Specifically, the configuration pane 706 shown in Figure 7B provides a visual representation of an existing state 782, which includes instance 726, application server 728 running application 729, application server 730 running application 731, DB server 732 providing DB 733, and DB server 744 providing DB 745, where servers 728, 730, 732, and 744 constitute part of instance 726, applications 729 and 731 utilize DB 733, and DB 733 is replicated to DB 745. Thus, existing state 782 differs from existing state 780 only in the presence of DB server 744, DB 745, and the replication connection between DB 745 and DB 733. Existing state 782 may also represent the state of deployed computing resources 604 at a second time point, different from the first time point. Existing states 780 and 782 may be examples of existing state 612.

[0150] Since the computation resource pane 702, the relationship pane 704, and the attribute pane 708 can each be independently collapsed (i.e., hidden) as shown in Figure 7B, the settings pane 706 can occupy a larger portion of the GUI 700.

[0151] According to GUI700, the user may define a target state by editing the existing state. The target state can be defined, among many possibilities, by adding computational resources to the existing state from the computational resources pane 702, adding relationships to the existing state from the relationships pane 704, deleting computational resources and / or relationships from the existing state, rearranging computational resources and / or relationships in the existing state, and / or changing the attribute values ​​of one or more of the computational resources in the existing state. Such changes to the existing state 782 may be performed, among many possibilities, by a combination of clicking, dragging, and / or entering / editing alphanumeric values.

[0152] For example, as shown in Figure 7C, the target state 784 may be defined by a change in the existing state 782. The target state 784 may differ from the existing state 782 by only a state difference 786, as shown in Figure 7D. Specifically, the target state 784 is defined by (i) adding an application server 746 that runs application 747 to instance 726 of the existing state 782, and (ii) adding instance 748, an application server 750 that runs application 751, an application server 752 that runs application 753, and a DB server 754 that provides DB 755 to the existing state 782, with servers 750, 752, and 754 constituting part of instance 748, and applications 751 and 753 utilizing DB 755. Alternatively, a different target state may be reached by other changes to the existing state 782. The target state 784 may be an example of the target state 616, and the state difference 786 may be an example of the state difference 622.

[0153] In some embodiments, the target state 784 may be defined by selecting it from a group of candidate states stored by the software application 600. In one example, the target state 784 may represent a preceding state of the deployed computing resource 604 that exists in the corresponding preceding time, and the selection of the target state 784 may act as a restoration of the deployed computing resource 604 to a preceding state. In another example, the target state 784 may represent one of a group of predetermined states (e.g., user-defined states) that have been approved and / or verified for deployment on the cloud computing system 602.

[0154] Among its many visual characteristics, the state difference 786 can visually represent the differences and / or similarities between the existing state 782 and the target state 784, particularly through the use of various line thicknesses, line patterns, and / or colors. For example, as shown in Figure 7D, the state difference 786 visually represents the differences between the existing state 782 and the target state 784 using thick lines, while the similarities between the existing state 782 and the target state 784 are visually represented by thin lines. Alternatively, the state difference 786 can visually represent the differences between the existing state 782 and the target state 784 by displaying only the differences and hiding the similarities.

[0155] GUI 700 may include a state difference GUI component 788 configured to allow the user to switch between displaying the target state 784 and the state difference 786. Specifically, the state difference GUI component 788 may be configured to cause GUI 700 to display the state difference 786 when selected while the target state 784 is displayed (as shown in Figure 7C). The state difference GUI component 788 may be configured to cause GUI 700 to display the target state 784 when selected while the state difference 786 is displayed (as shown in Figure 7D). In this way, the state difference GUI component 788 allows the user to visualize the changes made to the existing state 782.

[0156] The GUI 700 may also include a planning generation GUI component 756 configured to cause the software application 600 to generate one or more actions to reach a target state 784 from an existing state 782 (i.e., to generate a state difference 786). For example, the selection of the planning generation GUI component 756 may configure the GUI 700 to display a planning pane 710 including (i) representations of actions 758, 759, 760, 761, and 762-763 (i.e., actions 758-763), and (ii) an execution GUI component 764, as shown in Figure 7E. Actions 758-763 may be examples of action 626. The execution GUI component 764 may be configured to trigger the execution of actions 758-763.

[0157] Depending on the selection of each operation 758-763, the GUI 700 may be able to display a visual representation of the intermediate state that is expected to be reached after the execution of that operation. For example, Figure 7E shows the selection of operation 763 from the planning pane 710. Operation 763 is expected to establish connections between DB 755 and applications 751 and 753, respectively. Since operation 763 is the last operation of operations 758-763, after the execution of operation 763 (and all other preceding operations), the deployed computing resources 604 are expected to reach the target state 784. Therefore, the configuration pane 706 can display a visual representation of the target state 784 based on the selection of operation 763, and the connections between DB 755 and applications 751 and 753, respectively, are thickened to indicate that they were established by the execution of operation 763.

[0158] Figure 7F shows the selection of action 758 from the planning pane 710. Action 758 is expected to result in intermediate state 790, which is the deployment of application server 746 onto instance 726. Intermediate state 790 may correspond to the existing state 782, which is the addition of application server 746 to instance 726. Therefore, the configuration pane 706 can display a visual representation of intermediate state 790 based on the selection of action 758, with application server 746 being bolded to indicate that this has been deployed by the execution of action 758.

[0159] Figure 7G shows the selection of action 762 from the planning pane 710. Action 759 is expected to deploy app 747 on app server 746, action 760 is expected to deploy instance 748, action 761 is expected to deploy app servers 750 and 752 on instance 748, and action 762 is expected to deploy DB server 754 on instance 748. Therefore, as a result of executing actions 758-762, it is expected that the intermediate state 792 will be reached. Accordingly, the configuration pane 706 can display a visual representation of the intermediate state 792 based on the selection of action 762, and DB server 754 is thickened to indicate that it was deployed by the execution of action 758.

[0160] The GUI 700 can also display visual representations of the corresponding intermediate states reached after the execution of other actions among actions 758-763. By enabling the display of visual representations of the corresponding intermediate states reached after the execution of each action proposed to reach the target state, the GUI 700 allows the user to visually confirm the intended effects and / or the expected arrival of the target state through the proposed actions. Specifically, such confirmation can be performed by the user regardless of their understanding and / or familiarity with the proposed actions, as a visual examination of the intermediate states is considered sufficient to confirm whether the target state is reached from the existing state through a series of intermediate states. In this way, when defining the target state, the user can confirm that the proposed actions are expected to work as intended by the user.

[0161] In some embodiments, the planning pane 710 may allow user modification of actions 758-763. For example, a single click on action 758 may display a visual representation of the intermediate state 790. Alternatively, by double-clicking (or right-clicking) action 758, it may be possible to manually replace action 758 with an alternative action. For example, the planning pane 710 may be configured to display a filterable list of all available actions and allow selection of an alternative action from this list. Thus, a user with at least some familiarity with the actions may be able to customize the proposed actions (e.g., actions 758-763) to reach the target state 784, for example, through a series of alternative actions.

[0162] Figure 7H shows an exemplary view of GUI 700 when the target state 784 has been reached as a result of the execution of operations 758-763 (for example, based on and / or depending on the selection of the execution GUI component 764). That is, the final state 794 as a result of the execution of operations 758-763 is considered to be equal to the target state 784. Therefore, the settings pane 706 may be configured to display a message 766 indicating that the target state has been successfully reached.

[0163] Figure 7I shows an exemplary view of the GUI 700 when the target state 784 has not been reached as a result of executing operations 758-763. That is, the final state 796 resulting from the execution of operations 758-763 is likely to be different from the target state 784. For example, as shown in Figure 7I, the final state 796 may be a loss of connections between DB server 754, DB 755, and DB 755 and applications 751 and 753. Therefore, the configuration pane 706 may be configured to display (i) a message 768 indicating that the target state has not been successfully reached, and (ii) an alternative plan generation GUI component 770.

[0164] The final state 796 may differ from the target state 784 due to the failure of one or more of the operations 758-763. Each operation may fail for several reasons, including, among many others, errors in the input to that operation (e.g., incorrect credentials, missing input, etc.), missing and / or incorrect permissions, the inability of the cloud computing system 602 to deploy the requested computing resources due to lack of availability, the cloud computing system 602 limiting the number of operations that can be executed per unit time, failures of other operations on which that operation depends (e.g., failure to deploy the supplement server on which the application runs), and / or bugs present in that operation or other related instructions.

[0165] The alternative plan generation GUI component 770 may be configured to trigger the determination of alternative actions to reach the target state 784 from the final state 796. For example, as shown in Figure 7J, alternative actions 771 and 772-773 (i.e., alternative actions 771-773) may be determined for the deployment of DB server 754 on instance 748, the deployment of DB 755 on DB server 754, and the establishment of connections between DB 755 and applications 751 and 753, respectively.

[0166] Alternative actions 771-773 may differ from the subset of actions 758-763 in which this deployment was initially expected to be performed. That is, instead of attempting to re-execute the subset of actions 758-763 in their original form, alternative actions 771-773 may instead include entirely new actions and / or modified versions of the subset of actions. Thus, GUI 700 may enable automatic correction (or at least attempts at correction) of various errors in the execution of the actions selected to reach the target state.

[0167] Alternative actions 771-773 may be displayed as part of the planning pane 710 in conjunction with the alternative execution GUI component 774. The alternative execution GUI component 774 may be configured to trigger the execution of alternative actions 771-773. Thus, the alternative plan generation GUI component 770 may behave similarly to the plan generation GUI component 756, and the alternative execution GUI component 774 may behave similarly to the execution GUI component 764. The GUI 700 may be configured to display an alternative final state (not shown) as a result of the execution of alternative actions 771-773.

[0168] VIII. Exemplary Operations Figure 8 is a flowchart illustrating an exemplary embodiment. The process shown in Figure 8 may be executed by computer equipment such as computer equipment 100 and / or a cluster of computer equipment such as a server cluster 200. However, this process can also be executed by other types of equipment or equipment subsystems. For example, this process can also be executed by a remote network management platform or a computing instance of a portable computer such as a laptop or tablet device. The process shown in Figure 8 may represent the operation of a software application 600.

[0169] The embodiments shown in Figure 8 can be simplified by removing one or more of the features shown therein. Furthermore, these embodiments may be combined with any of the features described herein or with any of the features, aspects, and / or embodiments described herein.

[0170] Block 800 may include the processor generating a graphical representation of the existing state of multiple computing resources, visually representing multiple computing resources and one or more relationships between them, for display via a GUI.

[0171] Block 802 may include the processor determining the target state of multiple computing resources based on user modifications to the graphical representation of the existing state. User modifications may be obtained via a GUI.

[0172] Block 804 may include the processor determining one or more actions configured to modify multiple computing resources to reach the target state from the existing state, based on the difference between the target state and the existing state.

[0173] Block 806 may include performing one or more operations.

[0174] In some examples, for GUI display purposes, an updated graphical representation of the final state of multiple computational resources modified after the execution of one or more operations may be generated.

[0175] In some examples, the final state may differ from the target state. Furthermore, one or more alternative actions may be determined based on the difference between the target state and the final state. One or more alternative actions may be configured to further modify multiple computational resources so that the changes bring the final state up to the target state. Then, one or more alternative actions may be executed. Additionally, for GUI display purposes, an additional updated graphical representation of the final state, showing the additionally modified computational resources after the execution of one or more alternative actions, may be generated.

[0176] In some examples, one or more alternative actions may be different from each of the other actions.

[0177] In some examples, the final state may be equal to the target state. The updated graphical representation of the final state may include an indicator that the target state has been reached.

[0178] In some examples, generating an updated graphical representation of the final state may include determining the corresponding return value for each of one or more operations. The corresponding return value may indicate whether the modification of a corresponding computational resource among multiple computational resources was successful and completed by each operation. The final state may be determined based on (i) the existing state and (ii) the corresponding return value for each of one or more operations.

[0179] In some examples, for GUI display, one or more actions and an executable GUI component may be provided. The executable GUI component may be configured to trigger the execution of one or more actions when selected. The selection of the executable GUI component may also be accepted. The one or more actions may be executed based on the acceptance of the selection of the executable GUI component.

[0180] In some examples, one or more actions may be provided for GUI display. Furthermore, the selection of a specific action from among one or more actions may be accepted. Based on the acceptance of the selection of a specific action, a graphical representation of the intermediate states of multiple computational resources that are expected to be reached after the execution of the specific action may be generated for GUI display.

[0181] In some examples, a plan generation GUI component may be provided for GUI display. The plan generation GUI component may be configured to trigger the determination of one or more actions when selected. The selection of the plan generation GUI component may also be accepted. One or more actions may be determined based on the acceptance of the selection of the plan generation GUI component.

[0182] In some examples, determining one or more actions may involve selecting one or more automations from a set of predetermined automations based on the difference between a target state and an existing state. Each of the set of predetermined automations may include one or more corresponding actions configured to control the deployment of a corresponding computing resource from a set of available computing resources.

[0183] In some examples, determining one or more actions may involve determining two or more computational resources from among several computational resources based on the difference between the target state and the existing state. Each of the two or more computational resources may differ (for example, in at least one attribute) between the target state and the existing state. Furthermore, for each of the two or more computational resources, one or more corresponding actions may be determined to modify each computational resource. For example, the one or more corresponding actions may be configured to modify at least one attribute of each computational resource. Furthermore, the order in which the two or more computational resources are modified may be determined. The one or more corresponding actions for each of the two or more computational resources may be executed in accordance with the order in which the two or more computational resources are modified.

[0184] In some examples, determining the order may involve determining one or more dependencies between two or more computational resources. One or more dependencies may indicate that the deployment of a first computational resource among the two or more computational resources depends on the preceding deployment of a second computational resource among the two or more computational resources. Alternatively, the order may be determined based on one or more dependencies.

[0185] In some examples, one or more actions may be determined independently of manual user input specifying those actions.

[0186] In some examples, the GUI may include a Computation Resources pane configured to allow additions to the existing state of each Computation Resource type, each of which is a Computation Resource type available on the remote network management platform, and to include a corresponding resource icon graphically representing each Computation Resource type. The GUI may also include a Relationships pane configured to allow additions to the existing state of each of which is a Relationship icon graphically representing each of which is a Relationship type, each of which is a Relationship type available on the remote network management platform, and to include a Relationships pane configured to allow additions to the existing state of each Relationship type. The GUI may further include a Settings pane configured to display and provide user modifications to the graphical representation of the existing state.

[0187] In some examples, multiple computing resources may be deployed on a remote network management platform instead of a managed network. The existing state may be determined by retrieving multiple configuration items (CIs) representing the attributes of the multiple computing resources from the remote network management platform. User changes to the graphical representation of the existing state may represent changes to the values ​​of one or more of the multiple CIs.

[0188] In some examples, multiple computing resources may include two or more of the following: (i) computing instances, (ii) server nodes, (iii) software applications, or (iv) database nodes.

[0189] In some examples, one or more actions may be configured to result in one or more of the following: (i) deployment of a new computing resource, (ii) deployment of a copy of an existing computing resource, (iii) restart of an existing computing resource, (iv) destruction of an existing computing resource, (v) movement of an existing computing resource, (vi) modification of the attributes of an existing computing resource, or (vii) restoration of a past computing resource.

[0190] IX. Conclusion This disclosure is not limited in terms of the specific embodiments described herein, which are intended to illustrate various aspects. As will be apparent to those skilled in the art, many improvements and modifications are possible without departing from its scope. From the foregoing description, functionally equivalent methods and apparatus within the scope of this disclosure, in addition to those described herein, will be apparent to those skilled in the art. Such improvements and modifications will also be included in the appended claims.

[0191] The above detailed description, with reference to the accompanying drawings, describes various features and operations of the disclosed systems, equipment, and methods. The exemplary embodiments described herein and in the drawings are not limiting in any way. Other embodiments are available and other modifications can be made without departing from the scope of the subject matter presented herein. It will be readily apparent that the aspects of this disclosure described throughout this specification and shown in the drawings can be arranged, substituted, combined, separated, and designed in a wide variety of different configurations.

[0192] With respect to any or all of the message flow diagrams, scenarios, and flowcharts in the figures, as discussed herein, each step, block, and / or communication may represent the processing and / or transmission of information in an exemplary embodiment. The scope of these exemplary embodiments includes alternative embodiments. In these alternative embodiments, for example, actions described as steps, blocks, transmissions, communications, requests, responses, and / or messages may be performed out of the order shown or described (including substantially concurrently or in reverse order), depending on the function involved. Furthermore, in any of the message flow diagrams, scenarios, and flowcharts discussed herein, the number of blocks and / or actions used may be increased or decreased, and some or all of these message flow diagrams, scenarios, and flowcharts can be combined with one another.

[0193] Steps or blocks representing the processing of information can correspond to circuits that can be configured to perform specific logical functions of the method or technique described herein. Alternatively or in addition, steps or blocks representing the processing of information can correspond to modules, segments, or portions of program code (including associated data). The program code may include one or more instructions that can be executed by a processor to perform specific logical operations or actions in the method or technique described above. The program code and / or associated data can be stored in any type of computer-readable medium, such as a memory device including RAM, disk drives, semiconductor drives, or other storage media.

[0194] Furthermore, computer-readable media may include non-temporary computer-readable media such as register memory and processor cache, which store data for short periods. Non-temporary computer-readable media may further include non-temporary computer-readable media that store program code and / or data for long periods. Therefore, non-temporary computer-readable media may include secondary or persistent long-term storage such as ROM, optical or magnetic disks, semiconductor drives, or compact disk read-only memory (CD-ROM). Other volatile or non-volatile storage systems are also possible as non-temporary computer-readable media. Non-temporary computer-readable media can be thought of as, for example, computer-readable storage media or tangible storage devices.

[0195] Furthermore, a step or block representing one or more information transmissions may correspond to information transmissions between software and / or hardware modules within the same physical device. However, other information transmissions are also possible between software and / or hardware modules in different physical devices.

[0196] The specific arrangement shown in the drawings should not be considered limiting in any way. It should be understood that in other embodiments, the number of each element shown in the drawings may be increased or decreased. Furthermore, some of the illustrated elements may be combined or omitted. Moreover, an exemplary embodiment may include elements not shown in the drawings.

[0197] While various aspects and embodiments are disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for illustrative purposes only and are not intended to limit in any way; the true scope is given by the following claims.

Claims

1. The processor generates a graphical representation of the existing state of multiple computing resources, visually representing the multiple computing resources and one or more relationships between them, for display via a graphical user interface (GUI). The processor determines the target state of the plurality of computing resources based on the user's modification of the existing state of the graphic representation, and the user's modification is determined by the GUI. The processor determines one or more operations configured to modify the plurality of computing resources to reach the target state from the existing state, based on the difference between the target state and the existing state. To perform the aforementioned one set of operations, Methods that include...

2. The computer execution method according to claim 1, further comprising generating an updated graphical representation of the final state of the plurality of computing resources that have been modified after the execution of one or more operations, for display by the GUI.

3. The aforementioned final state differs from the aforementioned target state. The method described above is Based on the difference between the target state and the final state, one or more alternative actions are determined, which are configured to further modify the plurality of computing resources so that the changes reach the target state from the final state. Performing the aforementioned one or more alternative operations, For display by the GUI, an additional updated graphic representation of the additional final state of the plurality of computing resources that have been further modified after the execution of one or more alternative operations is generated, The method according to claim 2, further comprising:

4. The method according to claim 3, wherein the one or more alternative operations are different from each of the one or more operations.

5. The method according to claim 2, wherein the final state is equal to the target state, and the updated graphic representation of the final state includes an indicator that the target state has been reached.

6. To generate the updated graphic representation of the final state, The process involves determining the corresponding return value for each of the one or more operations, wherein the corresponding return value indicates whether the modification of the corresponding computational resource among the multiple computational resources was successful and completed by each of the operations. (i) determining the final state based on the existing state and (ii) the corresponding return value of each of the one or more operations, The method according to claim 2, including the method described in claim 2.

7. To provide the GUI for display, the system provides one or more actions and an execution GUI component configured to trigger the execution of one or more actions when selected. The acceptance of the selection of the execution GUI component, and the one or more operations being executed based on the acceptance of the selection of the execution GUI component, The method according to claim 1, further comprising:

8. To provide the one or more operations for display by the GUI, Accepting the selection of a specific action from the one or more actions mentioned above, Based on the acceptance of the selection of the specific operation, a graphical representation of the intermediate state of the plurality of computing resources that is expected to be reached after the execution of the specific operation is generated for display by the GUI, The method according to claim 1, further comprising:

9. To provide a plan generation GUI component configured to trigger the determination of one or more of the aforementioned actions when selected for display by the GUI, Accepting the selection of the aforementioned plan generation GUI component, wherein one or more of the aforementioned actions are determined based on the acceptance of the selection of the aforementioned plan generation GUI component. The method according to claim 1, further comprising:

10. The method according to claim 1, wherein determining the one or more operations involves selecting one or more automations from a plurality of predetermined automations based on the difference between the target state and the existing state, and each of the plurality of predetermined automations includes one or more corresponding operations configured to control the deployment of a corresponding computing resource from a plurality of available computing resources.

11. Determining one or more of the above actions Based on the difference between the target state and the existing state, two or more computing resources are determined from among the plurality of computing resources, and each of the two or more computing resources is determined to be different between the target state and the existing state. For each of the two or more computing resources, determine one or more corresponding actions to modify each of the computing resources. Determining the order in which to change the two or more computing resources, In accordance with the order in which the two or more computing resources are modified, one or more corresponding operations are performed for each of the two or more computing resources. The method according to claim 1, including the method described in claim 1.

12. Determining the aforementioned order The means to determine one or more dependencies between the two or more computing resources, and to determine that the deployment of the first computing resource among the two or more computing resources depends on the prior deployment of the second computing resource among the two or more computing resources. The order is determined based on the one or more dependencies described above, The method according to claim 11, including the method described in claim 11.

13. The method according to claim 1, wherein the one or more operations are determined independently of manual user input specifying the one or more operations.

14. The method according to claim 1, wherein the GUI includes (i) a compute resource pane configured to include a corresponding resource icon graphically representing each of a plurality of compute resource types available on the remote network management platform, and to allow each of the compute resource types to be added to the existing state; (ii) a relationship pane configured to include a corresponding relationship icon graphically representing each of a plurality of possible relationship types between the plurality of compute resource types available on the remote network management platform, and to allow each of the relationship types to be added to the existing state; and (iii) a settings pane configured to display and provide the user changes to the graphical representation of the existing state.

15. The aforementioned multiple computing resources are deployed on a remote network management platform. The method according to claim 1, further comprising determining the existing state by obtaining a plurality of configuration items (CIs) representing the attributes of the plurality of computing resources from the remote network management platform, and determining that a user change of the graphical representation of the existing state represents a change in the value of one or more of the plurality of CIs.

16. The method according to claim 1, wherein the plurality of computing resources include two or more of the following: (i) computing instances, (ii) server nodes, (iii) software applications, or (iv) database nodes.

17. The method according to claim 1, wherein one or more of the operations are configured to cause one or more of the following: (i) deployment of a new computing resource, (ii) deployment of a copy of an existing computing resource, (iii) restart of the existing computing resource, (iv) destruction of the existing computing resource, (v) movement of the existing computing resource, (vi) modification of the attributes of the existing computing resource, or (vii) restoration of a past computing resource.

18. Execution by a computer system, For display via a graphical user interface (GUI), a graphical representation of the existing state of multiple computing resources is generated, visually representing multiple computing resources and one or more relationships between them. The process involves determining the target state of the multiple computing resources based on user modifications to the existing graphical representation, wherein the user modifications are determined by the GUI. Based on the difference between the target state and the existing state, one or more actions are determined that are configured to modify the plurality of computing resources to reach the target state from the existing state. To perform the aforementioned one set of operations, A non-temporary computer-readable medium containing program instructions that cause the computer system to perform an operation including the above.

19. The non-temporary computer-readable medium according to claim 18, further comprising generating an updated graphical representation of the final state of the plurality of computing resources modified after the execution of the one or more operations for display by the GUI.

20. It is a system, One or more processors, Execution by the one or more processors described above, For display via a graphical user interface (GUI), a graphical representation of the existing state of multiple computing resources is generated, visually representing multiple computing resources and one or more relationships between them. The process involves determining the target state of the multiple computing resources based on user modifications to the existing graphical representation, wherein the user modifications are determined by the GUI. Based on the difference between the target state and the existing state, one or more actions are determined that are configured to modify the plurality of computing resources to reach the target state from the existing state. To perform the aforementioned one set of operations, A memory containing program instructions that cause the system to perform an operation including the following: A system equipped with these features.