| Title of Invention | INTEGRATING DESIGN, DEPLOYMENT, AND MANAGEMENT PHASES FOR SYSTEMS |
|---|---|
| Abstract | Integrating design, deployment, and management phases for a system in accordance with certain aspects includes using a system definition model to design a system. The system defmition model is subsequently used to deploy the system on one or more computing devices and, after deployment of the system, the system defmition model is used to manage the system deployed on the one or more computing devices. |
| Full Text | FORM 2 THE PATENTS ACT 1970 [39 OF 1970] COMPLETE SPECIFICATION [See Section 10; rule 13] "INTEGRATING DESIGN, DEPLOYMENT, AND MANAGEMENT PHASES FOR SYSTEMS" MICROSOFT CORPORATION, a Corporation of the State of Washington having a place of business at One Microsoft Way, Redmond, Washington 98052-6399, United States of America, The following specifïcation particularly describes the nature of the invention and the marmer in which it is to be performed:- RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Application No. 60/452,736, filed March 6, 2003, entitled "Architecture for Distributed Computing System and Automated Design, Deployment, and Management of Distributed Applications", which is hereby incorporated herein by reference. This application is related to the following US patent applications (all of which are incorporated by reference herein): US Patent Application Serial No. 10/382,942, filed on March 6, 2003, titled "Virtual Network Topology Generation", which is hereby incorporated herein by reference. US Patent Application Serial No. 09/695,812, filed on October 24, 2000, titled "System and Method for Distributed Management of Sbared Computers", which is hereby incorporated herein by reference. US Patent Application Serial No. 09/695,813, filed on October 24, 2000, titled "System and Method for Logical Modeling of Distributed Computer Systems", which is hereby incorporated herein by reference. US Patent Application Serial No. 09/695,820, filed on October 24, 2000, titled "System and Method for Restricting Data Transfers and Managing Software Components of Distributed Computers", which is hereby incorporated herein by reference. US Patent Application Serial No. 09/695,821, filed on October 24, 2000, titled "Using Packet Filters and Network Virtualization to Restrict Network Communications", which is hereby incorporated herein by reference. US Patent Application Serial No. 097696,707, filed on October 24, 2000, titled "System and Method for Designing a Logical Model of Distributed i l Computer System and Deploying Physical Resources According to the Logical Model", which is hereby incorporated herehi by reference. US Patent Application Serial No. 09/696,752, filed on October 24, 2000, titled "System and Method Providing Automatic Policy Enforcement in a Multi- Computer Service Application", which is hereby incorporated herein by reference. TECHNICAL FIELD The invention relates to an architecture for a distributed computing system. BACKGROUND Internet usage has exploded over the past several years and continues to grow. People have become very comfortable with many services offered on the World Wide Web (or simply "Web"), such as electronic mail, online shopping, garthering news and information, listening to music, viewing video clips, looking for jobs, and so forth. To keep pace with the growing demand for Internet-based services, there has been tremendous growth in the computer systems dedicated to hosting Websites, providing backend services for those sites, and storing data associated with the sites. One type of distributed computer system is a data center (such as an Internet data center (IDC) or an Enterprise Data Center (EDC)), which is a specifïcally designed complex that houses many computers for hosting network- based services. Data centers, which may also go by the names of "Webfarms'1 or "server farms", typically house hundreds to thousands of computers in climate- controlled, physically secure buildings. Data centers typically provide reliable Internet access, reliable power supplies, and a secure operating environment. 2 Today, large data centers are complex and often called upon to host Multiple applications. For instance, some websites may operate several thousand computers, and host many distributed applications. These distributed applications often have complex netwerking requirements that require operators to physically connect computers to certain network switches, as well as manually arrange the wiring configurations within the data center to support the complex applications. As a result, this task of building physical network topologies to conform to the application requirements can be a cumbersome, time consuming process that is prone to human error. Accordingly, there is a need for improved techniques for designing and deploying distributed applications onto the physical computing system. SUMMARY Integrating design, deployment, and management phases for systems is described herein. In accordance with certain aspects, a system defnition model is used to design a system. The system defmition model is subsequently used to deploy the system on one or more computing devices. After deployment of the system, the system defmition model is used to manage the system deployed on the one or more computing devices. BRIEF DESCRIPTION OF THE DRAWINGS The same numbers are used throughout the drawings to reference like features. Fig. l illustrates an example network setting. 3 Fig. 2 is a block diagram illustrating an example architecture using the SDM definition model Fig. 3 illustrates an example layered setting. Fig. 4 is a flowchart illustrating an example process for using the system definition model (SDM) across the entire lifecycle of a system, Fig. 5 illustrates an example architecture using an SDM runtime. Fig. 6 illustrates an example SDM document. Fig. 7 illustrates an base definition and members. Fig. 8 illustrates an example member. Fig. 9 illustrates example setting values and value lists. Fig. 10 illustrates an example lifecycle of an SDM application in accordance with certain embodiments. Fig. 11 shows an example mapping of a web application to a web server host. Fig. 12 illustrates an example built-in datatype hierarchy. Fig. 13 illustrates an example of implicit extension of an abstract object definition. Fig. 14 illustrates an example of implicit extension of an abstract relationships. Fig. 15 illustrates an example of a change request. Fig. 16 illustrates an example process of loading new defmitions into the runtime. Fig. 17 illustrates an example of carrying out change requests. Fig. 18 illustrates examples of connected members. Fig. 19 illustrates example structures with regard to connections. 4 Fig. 20 illustrates an example UML diagram that provides an overview of the instance space. Fig. 21 illustrates a general computer environment which can be used to implement the techniques described herein. DETAILED DESCRIPTION The following disclosure describes a number of aspects pertaining to an architecture for designing and implementing a distributed computing system with large-scale application services. The disclosure includes discussion of a system defmition model (SDM), which may also be referred to as a service definition model (SDM), and an SDM runtime environment. The SDM provides tools and a context for an application architect to design distributed computer applications and data centers in an abstract marmer. The model defines a set of elements that represent functional units of the applications that will eventually be implemented by physical computer resources and software. Associated with the model elements is a schema that dictates how functional operations represented by the components are to be specified. As used herein, the term "wire" may also be referred to as "connections", "communication", or "communication relationship". Also, the term "system" may be referred to as "module" and the term "resource space" may be referred to as "resources". Additionally, the term "application space" may also be referred to as "applications", and the term "instance space" may also be referred to as "instances". Further, the term "class" may also be referred to as "abstract defmition", the term "port" may also be referred to as "endpoint", and the term "type" may also be referred to as "defmition". 5 Fig. l illustrates an example network 100. In setting 100, multiple (x) - computing devices 102(1), 102(2), . . ., 102(x) are coupled to a network 106. Network 106 is intended to represent any of a variety of conventional network topologies and types (including wire and/or wireless networks), employing any of a variety of conventional network protocols (including public and/or proprietary protocols). Network 106 may include, for example, a local area network (LAN), a wide area network (WAN), portions of the Internet, and so forth. Setting 100 represents any of a wide variety of settings, including, for example, data centers (e.g., Internet data centers (IDCs)), office or business settings, home settings, educational or research facilities, retail or sales settings, data storage settings, and so forth. Computing devices 102 can be any of a variety of conventional computing devices, including desktop PCs, werkstations, mainframe computers, server computers, Internet appliances, gaming consoles, handheld computers, cellular telephones, personal digital assistants (PDAs), etc. One or more of devices 102 can be the same types of devices, or alternatively different types of devices. Additionally, even if multiple devices are the same types of devices, the multiple devices may still be confïgured differently (e.g., two devices 102 may be server computers, but may have different hardware confïgurations, such as different processors, different amounts of RAM, different sizes of hard disk drives, and so forth). One or more computing devices 102 may also be re-configured after being added to setting 100. For example, a particular computing device 102 may operate for a period of time (e.g., on the order of minutes, hours, days, months, etc.) performing one function, and then an administrator may decide that a different 6 fiunction is desirable (e.g., change from being a server computer to a workstation computer, from a web server to a local file server, etc.). Fig. 2 is a block diagram illustrating an example architecture 200 using the system defïnition model. The SDM is designed to be used across the entire lifecycle of a system. A system is a set of related software and/or hardware resources that can work together to accomplish a common function. One example of such a system is an application, which refers to a set of instructions that can be run or executed by a computing device to perform various functionality. Examples of applications include entertainment applications such as games, productivity applications such as word processors, reference applications such as electronic encyclopedias, distributed applications such as may be used for web services or fmancial analysis, and so forth. Another example of such a system is an environment on which an application (or another environment) can be deployed. An environment refers to the software and/or hardware resources on which an application (or another environment) is deployed. Such environments can be layered, as discussed in more detail below. The lifecycle of a system typically includes three primary phases (also referred to as stages): a design or development phase, followed by a deployment or installation phase, followed by an operations or management phase. As the model applies to all three phases of the lifecycle of a system, the model can thus be seen as an integration point for the various phases in the lifecycle of a system, and facilitates each of these phases. Additionally, by using the model knowledge can be transferred between these phases, such as: knowledge regarding management of the system (e.g., being fed back to the design and development team, allowing the design and development team to modify the system, such as for 7 future verslons or to improve the performance of the current version); knowledge of the structure, deployment requirements and operational behavior of the system; knowledge of the operational environment from the desktop to the data center; knowledge of the service level as observed by the end user; and so forth. Generally, during the design phase, development tools leveragirtg the SDM are used to defme a system comprised of communicating software and hardware components. A system definition conrains all information necessary to deploy and operate a distributed system, including required resources, confïguration, operational features, policies, etc. During the deployment phase, the system definition is used to automatically deploy the system and dynamically allocate and configure the software and hardware (e.g., server, storage and networking) resources required. The same system definition can be used for deployments to different host environments and to different scales. During the management phase, an SDM Service in the operating system provides a system-level view for managing the system. This enables new management tools to drive resource allocation, confïguration management, upgrades, and process automation from the perspective of a system. The architecture 200 employs the SDM definition model as well as a schema that defines functional operations within the SDM definition model. The definition model includes various different kinds of data structures which are collectively referred to as "definitions". Functionaliry of the SDM is exposed through one or more platform services, such as application program interfaces (APIs). During the design phase for a system, a development system 202 generates a document that contains the system definition, such as an SDM document 204. 8 Development system 202 can be any of a variety of development systems, such as the Visual Studio® development system available from Microsoft® Corporation of Redmond, Washington. SDM document 204 defmes all Information (also referred to herein as knowledge) related to the deployment and management of the system. Any knowledge necessary for or used when deploying the system or managing the system is included in SDM document 204. Although described herein as a single document, it is to be appreciated that the knowledge could aïternatively be spread out and maintained in multiple documents. A system definition defmes a system in terms of one or more of resources, endpoints, relationships and sub-systems. A system defmition is declared in an SDM document (e.g., an XML document). Resources may be hardware resources or software resources. Endpoints represent Communications across systems. Relationships defme associations between systems, resources and endpoints. Sub- systems can be treated as complete systems and are typically part of a larger system. A system defmition captures the basic structure of a dynamic system. It can be viewed as the skeleton on which all other information is added. This structure is typically specified during the development process, by architects and developers, and typically does not change frequently. In addition to the structure, the SDM can contain deployment information, installation processes, schemas for configuration, events and instrumentation, automation tasks, health models, operational policies, etc. Other information can be added by the operations staff, by vendors, and/or by management systems across the lifetime of a distributed system. 9 SDM document 204 includes one or more constraints (also referred to as requirements) of the system that an environment in which the system is to be deployed and/or run must satisfy. The environment itself is also described using an SDM document. Such environments can be single computing devices, or alternatively collections of computing devices (e.g., data centers), application hosts, etc. Different systems can be installed to different environments. For example, a data center may include fifty computing devices, and one system may be deployed to five of those computing devices, while another system may be deployed to thirty five of those computing devices. These requirements can take a variety of forms, such as: hardware requirements regarding the computing device(s) on which the system is to be deployed (e.g., a minimum processor speed, a minimum amount of memory, a minimum amount of free hard drive space, a minimum amount of network bandwidth available, particular securiry mechanisms available, and so forth), software requirements regarding the computing device(s) on which the system is to be deployed (e.g., a particular operating system, one or more other applications that also must be installed, specifications regarding how a particular system and/or the operating system is to be confïgured, a particular type of security or encryption in use, and so forth), other requirements regarding the computing device(s) on which the system is to be deployed (e.g., particular security keys available, data center policies that must be enforced, authentication that is used, environment topology, etc.). Requirements can also go in the other direction - that is, the environment can have constraints or requirements on the configuration of the system that is to be installed (e.g., to implement the standards or policies of the environment). These can be "explicit" requirements that are created by the operator of the 10 environment, such as particular settings or configurations the system must have, particular functionality the system must provide or support, particular security mechanisms the system must support, and so forth. These can also be "implicit" requirements that that arise because of a particular configuration of the environment. For example, if a host computing device in the environment is using a particular type of file system then it may not be possible for some actions to be performed using that file system (although it may be possible for those same actions to be performed using another file system). During the design and development phase of the system, SDM document 204 can be used to validate the system for one or more particular environment(s). This is a two-way validation: the system is validated for the environment and the environment is validated for the system, The environment can be validated for the system by comparing the requirements identifïed in the SDM document 204 with the environment and determining whether all of the requirements are satisfied by the environment. The system can be validated for the environment by comparing the requirements identifïed in an SDM document for the environment with the system and determining whether all of the requirements are satisfied by the system. If all of the requirements are satisfied by the environment and the system, then the designer or developer knows that the system can be deployed in and with run in the environment. However, if all of the requirements are not satisfied by the environment and/or the system, then the designer or developer is optionally informed of the requirements that were not satisfied, thereby informing the designer or developer of what changes should be made to the SDM document 204 (and correspondingly to the system) and/or to the environment in order for the system to be deployed and run in that environment. 11 The knowledge regarding deployment of the systern that is included in the SDM document 204 describes how the system is to be deployed in one or more environments. The SOM document 204 is made available to a controller 206, which includes a deployment module 208 and a management module 210. In certain embodiment, the SDM document 204 as well as all of the files of the system (e.g., binaries, data, libraries, etc.) needed to install the system are packaged together into a single container (e.g., a single fïle) referred to as an SDU (System Defmition Unit). Controller 206 can be one or more of computing devices 102 of Fig. 1. For example, a single device 102 of Fig. l may be the controller for a particular data center, or alternatively the controller responsibilities may be distributed across multiple devices 102. Deployment module 208 includes services that are used to deploy the system in the environment(s). In Fig. 2, the environment in which the system is deployed is (or is deployed on) one or more target devices 212. Systems may also be deployed to controller 206. These services of deployment module 208 include one or more functions that can be called or invoked to install or deploy one or more systems in the environment. Different knowledge for deployment in different environments may be included in the SDM document 204. This deployment knowledge describes any changes that need to be made to the in the environment (e.g., changes to a system registry; folders, directories, or files that need to be created; other setting or configuration parameters of the computing device that need to be set to particular values; and so forth), as well as what files (e.g., program and/or data files) that need to be copied to the computing device(s) in the environment and any operations that need to be performed on those files (e.g., some files may need to be 12 decompressed and/or decrypted). In many implementations, the deployment knowledge in the SDM document 204 includes, for example, information analogous to that presently found in typical setup or installation programs for systerns. During the deployment process, controller 206 generates a record or store of the software and hardware resources involved in the deployment as well as the relationships between them. This record or store can subsequently be used by controller 206 during the management phase. Management module 210 includes services that are used to manage the system once it is installed in the environment(s). These services of management module 210 include one or more functions that can be called or invoked to manage the systems in the environment. The knowledge regarding management of the system that is included in the SDM document 204 describes how the system is to be managed in one or more environments. Different knowledge for managing a system in different environments may be included in the SDM document 204. The management knowledge includes any knowledge used in the management or operation of the system. Management involves, for example, configuration (and optionally subsequent reconfiguration), patching and upgrading, maintenance tasks (e.g., backup), health or performance monitoring, and so forth. Changes to deployed systems are made through management module 210. The services of management module 210 include one or more functions that can be called or invoked to make changes to one or more systems deployed in the environment. By making such changes through the management module 210, several benefits can be realized. One such benefit is that controller 206 can 13 maintain a record of the changes that have been made. Controller 206 may miaintain a copy of the SDM document 204 for the system and record in the SDM document 204 any changes that are made to the system. Alternatively, controller 206 may maintain a separate record of the changes made to the system. This record of changes maintained by controller 206 can simplify subsequent operations, such as solving problems with the system and/or environment, or when having to reinstall the system due to a hardware failure (allowing the system to be reinstalled and returned to running with the same parameters/settings as it had at the time of failure). By having such changes made through controller 206 and by having controller 206 maintain the record, some human error can be removed from the environment (e.g., if the administrator making the change is supposed to log the change in a book but forgets to do so there would be no record of the change - this problem is solved by having controller 206 maintain the record). Furthermore, by making changes to systems through controller 206, as well as deploying systems through controller 206, controller 206 can serve as the repository of knowledge about the environment, the systems deployed in the environment, and interactions between them. Knowledge regarding the environment and/or systems deployed in the environment can be readily obtained from controller 206. This knowledge can be used to ensure the consistency of the controlled environment by validating that the controlled devices in the environment reflect the state stored in the central controller 206. It should be noted that in some situations changes may be made to a system and/or environment but are not made through controller 206. For example, a computing device may be accidentaliy turned off or may fail. In these situations, 14 attempts are made to reflect such changes in controller 206. These changes may be reflected in controller 206 automatically (e.g., a system may run that attempts to detect device failures and use the services of management module 210 to notify controller 206 of such failures) or may be reflected in controller 206 manually (e.g., an administrator may use the services of management module 210 to notify controller 206 of such changes). Altematively, the changes that were made could be reversed to bring the system and/or portion of the environment back into line with the desired state of the system as recorded by controller 206. The SDM document 204 can thus be viewed as a "live" document - it can be constantly changing based on changes to the environment and/or changes to the system throughout the lifecycle of the system. The SDM enables the functional composition of systems across a horizontal and vertical axis. Composition along the horizontal axis is done with systems and subsystems. Composition along the vertical axis is done with "layers". Applications, services, network topologies, and hardware fulfill a role in a distributed system, but are typically defined independently and owned by different teams or organizations. Layering is accomplished by components defïning a set of constraints on a host and vice versa. Fig. 3 illustrates an example layered setting. Four layers are illustrated in Fig. 3: layer 302, layer 304, layer 306, and layer 308. Although four layers are shown in Fig. 3, the actual number of layers can vary, and can be greater or less than four. Additionally, the content of different layers can vary in different embodiments. As can be seen in Fig. 3, the different layers are situated above and/or below other layers (e.g., layer 306 is above layer 304 but below layer 308). 15 Different systems and subsystems within a layer can interact with one another, and also can interact with systems and subsystems of different layers. For example, a subsystem 310 in layer 308 can interact with a subsystem 312 in layer 308, as well. as a subsystem 314 in layer 306. Additionally, each layer can be viewed as the environment for the next higher layer. For example layer 306 is the environment for systems and subsystems in layer 308, while layer 304 is the environment for systems and subsystems in layer 306. Each layer 302, 304, 306, and 308 has its own associated SDM document. The different layers 302, 304, 306, and 306 can represent different content. In certain embodiments, layer 302 is a hardware layer, layer 304, is a netwerk topology and operating systems layer, layer 306 is an application hosts layer, and layer 308 is an applications layer. The hardware layer represents the physical devices (e.g., computing devices) on which the layered system is built (e.g., devices 102 of Fig. 1). The network topology and operating systems layer represents the network topology of the computing devices (e.g., network setting 100 of Fig. 1) as well as the operating systems installed on those computing devices. The application hosts layer represents applications installed on the computing devices that can host other applications (e.g., SQL Server, IIS, and so forth). The application layer represents applications that are installed on the computing devices that do not host other applications (e.g., entertainment applications such as games, productivity applications such as word processors, reference applications such as electronic encyclopedias, distributed applications such as may be used for web services or fmancial analysis, and so forth). 16 Fig, 4 is a flowchart illustrating an example process 400 for using the across the entire lifecycle of a system. The various acts of process 400 of Fig. 4 can be implemented in software, firmware, hardware, or combinations thereof. Initially, the system is designed based on the SDM (act 402). The system is designed to incïude requirements that an environment(s) must satisfy in order for the system to be deployed and run in the environment, as well as additional knowledge that is used for the deployment and management of the system. This knowledge is included in an SDM document associated with the system. Once designed, the system can optionally be validated using the SDM (act 404). This validation allows the designer or developer to verify that the system will be able to be deployed and run in the environment being validated against. As discussed above, not only is the system validated against the environment in which it is to be deployed, but that environment is also validated against the system. If the validation fails for a particular environment, then additional design steps can be taken to alter the system so that the system can be run in that environment (or alternatively steps can be taken to alter the environment). Once validated, the system can be deployed using the SDM (act 406). When deploying the system in an environment, the system is installed in that environment so that it can be subsequently run in the environment. The knowledge used to install the system is included in the SDM document associated with the system. Once deployed, the system is monitored and/or managed using the SDM (act 408). Knowledge in the SDM document associated with the system identifies how the system is to be monitored and/or managed, and the system is monitored and/or managed within the environment in accordance with this knowledge. 17 Process 400 of Fig. 4 can be used with systems that are applications as well as systems that are environments. For example, an application can be validated against the SDM of its environment (e.g., an application in layer 308 of Fig. 3 is validated against the environment of layer 306 of Fig. 3). By way of another example, an operator or system architect can design environments (e.g., layer 306 or layer 304 of Fig. 3) and validate those environments against the environments they are to be deployed in (e,g., layers 304 and 302, respectively). The constraints on a system and/or the environment can also be used during runtime (while the system is being monitored and/or managed) to validate changes to the system and/or the environment during runtime. Such runtime validation allows, for example, an operator of an environment to determine how changes to the environment may affect a running system, or a system designer to determine how changes to the system may affect its running in the environment. In the discussions to follow, reference is made to flow and setting flow with respect to the runtime. Flow is used to pass configuration information between parts of a distributed system (e.g., allowing a developer to specify the configuration information in one place or allowing an operator to only provide a single entry). Flow is also used to determine the impact of changes to configuration by following the flow of setting data between parts of the system. Fig. 5 illustrates an example architecture 500 using an SDM runtime. Architecture 500 is an example of architecture 200 of Fig. 2 using an SDM runtime 510 as well as the example implementation of the SDM discussed below in the section "Example SDM Implementation". The SDM runtime 510 contains a set of components and processes for accepting and validating SDM files, loading SDUs (System Definition Units - which are packages of one or more SDM files 18 and their related files), creating and executing SDM Change Requests and deploying SDM based systems into target environments. The runtime functionality allows systems described using the SDM to be defmed and validated, deployed to a set of computing devices, and managed. The SDM, which is discussed in more detail below in the section "Example SDM Implementation" is designed to support description of the configuration, interaction and changes to the components in a distributed system (the modeled system). SDM is based on an object-relational model. "Definitions" describe entities that exist in a system and "relationships" identify the links between the various entities. Definitions and relationships are further defmed to capture semantic information relevant to the SDM. In particular, defmitions are divided into components, endpoints and resources. Relationships are divided into the following: connections (also referred to as communication), containment, hosting, delegation and reference. Further details regarding defmitions and relationships are provided below. The SDM includes "abstract defïnitions" that provide a common categorization of system parts, provide tooi support for a wide range of systems and provide the basis for defmition checking at design time. A set of abstract defmitions provide a comprehensive basis for service design. "Concrete defmitions" represent parts of an actual system or data center design. A concrete defmition is generated by selecting an abstract defmition and providing an implementation that defmes the concrete defmition's members and setting values for its properties. Distributed applications are generated using collections of these concrete defïnitions. 19 The SDM also includes "constraints" that model restrictions based on the allowed set of relationships in which an instance of a relationship can participate. Constraints are useful in describing requirements that depend on the confïguration of objects involved in a reïationship. For example, a constraint may be used to determine whether participants on each end of a communication protocol are using compatible security settings. In order to effect change on a target system, SDM uses a declarative description of the required changes called a "change request" or CR. SDM defines the process that is used to expand, validate and execute a change request as part of the "SDM execution model". The "instance space" captures both the desired and current state of the managed application. Changes in the instance space are tracked and associated with the change request that initiated the change. The instance space is stored in an SDM runtime and reflects the current state of the modeled system, The runtime contains a complete record of the instances that have been created and the relationships between these instances. Each instance has an associated version history where each version is linked to a change request. The process of creating new instances is initiated by a change request. The change request defïnes a set of create, update and delete requests for defmitions and relationships associated with specific members of an existing instance. The following is a brief, functional discussion of how the components in Fig. 5 work together. An operator or administrator is able to describe an environment into which applications can be deployed, such as the topology of a data center. The operator or administrator produces an SDM file describing the environment, the file being referred to as the "logical infrastructure" (LIM) 502, or 20 as a data center description or data center model. This SDM file can be generaled using any of a variety of development systems, such as the Visual Studio® development system available from Microsoft® Corporation of Redmond, Washington. Additionally, an application developer is able to design and develop their application using any of a variety of development systems, such as the Visual Studio® development system. As the developer defïnes components of the application and how these components relate to one another, the developer is able to validate the application description against the datacenter description 502. This is also referred to as "Design Time Validation". Once the application is complete, the developer saves the description in an SDM and requests that the application be packaged for deployment as an SDU 504. The SDU includes the application SDM as well as the application binaries and other referenced files used to install the application. The LIM 502 and SDU 504 are fed to deployment tooi 506 of a controller device 520 for deployment. Deployment tooi 506 includes a user interface (UI) to enable an operator to load the desired SDU 504. Deployment tooi 506 works with create CR module 530 to install the application associated with the SDU 504 in accordance with the information in the SDM within SDU 504. Additionally, SDM defmitions and instances from SDU 504 are populated in a store 508 of the SDM runtime 510. SDUs are managed in SDM runtime 510 by SDU management module 540, which makes the appropriate portions of the SDUs available to other components of runtime 510 and target(s) 522. The operator can also specify what actions hè or she wants to take on the targets 522 (e.g., target computing devices) on which the application is being 21 deployed. The operator can do this via a deployment file, which is also referred to herein as a Change Request (CR). The CR is run through one or more engines 512, 514, 516, and 518. Generally, expand CR engine 512 expands the CR to identify all associated components as well as their connections and actions, flow values engine 514 flows values for the components (such as connection strings), check constraints engine 516 checks constraints between the environment and the application, and order actions engine 518 specifies the order for all of the necessary actions for the CR. To initiate change to the system (including deploying an application) or validation of a model, an operator or process submits a CR. The CR contains a set of actions that the operator wants performed over the instances in the runtime 510. These actions can be, for example, create actions, update actions, and/or delete actions. In addition to user or operator initiated change requests, there may also be expansion/automatically generaled change requests that are generated as part of the expansion process, discussed in more detail below. Regardless of their source, the change requests, once fully expanded and checked, are executed by sending actions to the targets 522, such as; discover, install, uninstall and change a target instance. The CR is treated as an atomic set of actions that complete or fail as a group. This allows, for example, the constraint checking engine 516 to consider all actions when testing validity. In design time validation, the CR will be created by the SDM Compiler 528 and will contain one or the minimum of each SDM component in the SDM file. This CR of create instance commands will flow through the expansion engine 512, 22 the flow values engine 514, and the constraint checking engine 516. Errors found in these three phases wil! be returned to the user via the development system hè or she is using. In deployment, the operator wil! create a CR with the UI presented by deployment tooi 506. The CR will flow through all the engiries 512, 514, 516, and 518 in the SDM runtime 510, and the appropriate actions and information will be sent by CR module 532 to the appropriate target(s) 522, where the request is executed (e.g., the application is installed). The appropriate target(s) 522 for a particular installation are typically those target(s) on which the application is to be installed. When beginning to process a CR, in a defmition resolution phase, create CR module 530 resolves all defmitions and members that are referenced in the change request. The change request will assume that these are already loaded by the runtime 510; create CR module 530 initiates a load/compile action if they do not exist. Create CR module 530 also implements a path resolution phase where references to existing instances and instances defmed by create actions within the change request are resolved. The expansion performed by expansion engine 512 is a process where, given a change request, all the remaining actions required to execute the request are populated. In general, these actions are construction and destruction actions for defmition and relationship instances. The operator could optionally provide details for all the actions required to construct or destroy an instance, or alternatively portions of the process can be automated: e.g., the operator provides key information about the changes he or she wants by identifying actions on members (e.g., byReference members), and the remainder of the actions are filled 23 in on nested members (e.g., byReference and byValue members) and relationships. By way of another example, automated expansion can also refer to external resource managers that may make deployment decisions based on choosing devices with available resources, locating the application close to the data it requires, and so forth. Expansion engine 512 also performs "auto writing". During auto writing, engine 512 analyzes the scale invariant grouping of components and compound components specified in the SDM and determines how the components should be grouped and interconnected when scaled to the requested level. Expansion engine 512 also performs value member expansion, reference member expansion, and relationship expansion. Value member expansion refers to identification of all of the non-reference definition members. The cardinality of these members are noted and, since all the required parameters are known, for each member create requests are added to the change request for those members whose parent is being created. If the change request contains destruction operations, then destruction operations are added for all their contained instances. Reference member expansion refers to reference members (as opposed to non-reference defmition members). The cardinality of reference members is often undefined and they can have deployment time settings that require values in order for the instance to be constructed. So the process of expanding a reference member (e.g., a byReference member) can require more information about the instance than the runtime is in a position to provide. Related to reference member expansion is a process referred to as discovery, which is a process used to find instances that have already been 24 deployed. Discovery is an action typically initiated by an operator of the environment, For example, during an install request, expansion engine 512 determines if the instance already exists, if so determines what exists and if not then creates it. An instance manager (IM) 534 on the controller 520 communicates with the instance managers 526 on the target device 522 to initiate a discovery process'. The discovery process returns data regarding the instance from the target device 522 to the controller 520. The process of discovery populates reference defmition members as part of a construction or update action. Typically, only reference members with object managers (instance managers that also do discovery) that support discovery participate in this process. When a new instance is discovered a check is made that the instance does not already exist in the SDM database using instance specific key values. Once it is known that it is a new instance, the instance is classified according to the definitions of the members being discovered. If the instance does not match a member or there is an ambiguous match then the member reference is left blank and the instance is marked as offline and incomplete. Relationship expansion refers to, once all the defmition instances that will be constructed are known, creating relationship instances that bind the defmition instances together. If defmition instances are being destroyed, all relationship instances that reference the defmition instances are removed. To create the relationships the member space is used to identify the configurations of the relationships that should exist between the instances. Where the defmition members have cardinality greater than one the topology of the relationships is inferred from the base relationship defmition. For example, for 25 communication relationship an "auto wiring" can be done, and for host -relationships a host is picked based on the algorithm associated with the hosting relationship. During a flow stage, flow values engine 514 evaluates flow across all the relationship instances. Flow values engine 514 may add update requests to the change request for instances that were affected by any altered parameter flow. Engine 514 evaluates flow by determining the set of instances that have updated settings as a result of the change request. For each of these, any outgoing settings flows that depend on the rnodified settings are evaluated and the target nodes added to the set of changed instances. The process continues until the set is empty or the set contains a cycle. After the flow stage, a process of duplicate detection is performed, The duplicate detection may be performed by one of the engines illustrated in Fig. 5 (e.g., flow values engine 514 or check constraints engine 516), or alternatively by another engine not shown in Fig. 5 (e.g. a duplicate detection engine may be included in SDM runtime 510). The process of duplicate detection matches expanded instances against instances that already exist in the SDM data store, For example, the process detects if another application has installed a shared file. When an instance that already exists is detected, one of several actions can be taken depending on the version of the existing instance; the install can be failed; the instance can be reference counted; the instance can be upgraded; or the installation can be performed side-by-side. Check constraints engine 516 implements a constraint evaluation phase in which all the constraints in the model are checked to see if they will still be valid after the change request has been processed. 26 After check constraints engine 516 finishes the constraint evaluation phase, a complete list of actions is available. So, order actions engine 518 can use the relationships between components to determine a valid change ordering. Any of a variety of algorithms can be used to make this determination. Once order actions engine 518 is finished determining the ordering, deployment can be carried out by distributing subsets of the ordered set of actions that are machine specific. Once the actions have been ordered and grouped by machine, the actions as well as a copy of the necessary portion of the SDM runtime store 508 with instance information are sent to a target computing device 522. The SDM can be stored temporarily at the target device in a store cache 538. The target computing device includes a target portion 536 of the SDM runtime that communicates with SDM runtime 510. The target computing device 522 also includes an agent that contains an execution engine 524 and can communicate with the appropriate instance managers (IMs) 526 on the target device to make changes on the target, such as create, update, and delete actions. Each action is sent as an atomic call to the instance manager 526 and the instance manager 526 returns a status message and for some actions, also returns data (e.g., for discovery). Once all the actions are completed on target 522, the target's agent returns any errors and status to the controller 520. The controller 510 then uses this information to update the SDM .runtime store 508. As discussed above, change is carried out by breaking the change requests down into disrributable parts based on the relationships that are affected. Once all the parts are completed (or after one or more has failed) the results are collated in the runtime 510 and a summary retumed to the operator. In the event of a failure, 27 all the actions can be "rolled back" and the system returned to the state it was in before the change was initiated. In certain embodiments, during design time validation discussed above, an SDM Compiler 528 receives an SDM file,, creates a test CR, runs the test CR through the expand, flow values and check constraints engines of the SDM runtime, and returns any errors to the development system. This process provides SDM validation for deployment during design time for the developer. The public interface to SDM runtime 510 and/or controller 520 is through an object model (APIs) library. The library is a managed code object model and allows the following to be performed: • Manage the SDMs in the runtime - SDM files can be loaded into the runtime, SDMs are immutable and are loaded one at a time (i.e., an SDM file can be loaded rather than only parts of the file (e.g., individual ones of the individual definitions, classes or mappings from the SDM file)). SDMs can be deleted from the runtime and an XML document for an SDM in the runtime can be produced. • Manage the SDU known by the runtime, • Manage SDM defmitions - fmd and reflect on SDM elements (from an SDM loaded in the runtime). There is no public API provided for authoring a new SDM (i.e., this is a read only. .object model over the immutable elements of the SDM). This includes SDMs, SDUs, identities, versions, classes, defmitions, binding/mappings and versioning policy. • Manage SDM instances - fmd and reflect on instances of components, endpoints, resources and relationships. In the instance space each 28 instance can be identified by a GUID, a stable path or an array based path. The paths are strings and can be relative. These identifiers, including relative paths allows instances to be foimd and referenced in documents such as the change request document. Manipulate instances - make changes to SDM instances, including creating, changing topology, upgrading, changing settings and deleting. Instance changes are made within the bounds of a change request which provides an atomic unit of update so that any errors or constraint violations will result in the entire request failing. Instance requests also allow for instances to exist temporarily without a binding to a host, as an instance must have a host when the request is committed. It also allows for many operations that will affect a single component's installation or settings to be performed and have the installation or settings update deferred until cornmit so that a single update occurs on the component. The SDM model checking is performed prior to or at change request cornmit time and the commit will fail on any model or constraint violations. Load a change request - a change request is a document, for example an XML file, that represents a set of instance space operations. This document can take advantage of relative paths to be a reusable 'script' for creating or deleting application instances. Find and reflect on change requests - including getting the installation/update tasks and all error information, and retrying the installation/update of components affected by the request. 29 • Generale a change request document from a change request in the database. Such documents are somewhat portable. • Subscribe to events on change request tasks, such as progress, log or status updated, .The lifetime of these event subscriptions limited by the lifetime of the process that loaded the cliënt library (i.e. these are regular CLR events). The SDM runtime engine performs the reasoning on the SDM model and the functions surfaced by the APIs. The library communicates to the runtime engine as a web service with fairly coarse calls such as load SDM, create component instance and get entire SDM (for reflecting on SDM entities). The format of many of the parameters for this web service is XML with the same schema for SDM files. The engine may also perforrn checks on permissions. The controller 520 can make use of Instance Managers (IMs), which can be associated with any definition or relationship in the model. IMs may perform one or more of the following roles: • Support deployment of the instance. • Support validation of the instance once it has been deployed (auditing). • Support discovery of already deployed instances that were not deployed through the runtime. • Support flow of setting values. • Support evaluation of constraints. • Support expansion of a change request. • Support presentation of the instance to a user as a CLR class through the API. 30 For deployment, an instance manager (IM) plug-in on controller 520 is Associated with a class host relation and is separate from the plug-in used in the development system that provides the design experience for the classes and produces the associated binaries in the SDU 504 and the settings schema. Instance managers are supplied to the SDM runtime 510 as CLR classes (e.g., in a dll assembly) that implement an instance manager interface or inherit from abstract class. An SDM Instance Manager, also referred to as an Instance Manager (IM) plug-in, provides the following functions to the controller 520: • Generales the files and commands (tasks) to install, uninstall or reinstall component instances on their hosts - When a change request results in a new component instance, removal of a component instance or a change to a component that requires an uninstall and reinstall, it is the instance manager that takes the settings for the instance, the host instance, the defmitions associated with the component and the binaries associated with those defmitions in the SDU 204 and produces the files and commands needed to perform the install or uninstall on a target server ready for either manual execution or dispatch via the deployment engine. • Generales the files and commands (e.g., tasks) to update a component instance when its settings change or when the view from one of its endpoints changes (e.g., due to communication relationship topology changes or a visible endpoint has settings change) • Maps the endpoint instances visible on a component instance's endpoints to settings on component instance - In the SDM a component instance has endpoint instances that, as a result of some communication 31 relationship topology, can see other endpoint instances, The details of the other endpoint instances are mapped to settings that the component instance can fetch at runtime, usually so that it can bind to it. For example, a web site may have a database cliënt endpoint instance so a communication relationship can be established with a database. When correctly established its database cliënt endpoint is able to see a single database server endpoint instance and the settings on that server endpoint, This information is used by the instance manager to place a connection string for the server in a configuration file under the name of the cliënt endpoint. The end result is that code simply reads the connection string for the database from its configuration settings. • Generales the files and commands (tasks) to audit a component instance - Auditing confirms existence, correct settings. This may apply to host instance settings also. • For any task will report status - The IM will translate the output captured, either partial or complete, and provide the status of the task as success, failure or incomplete and optionally offer progress on incomplete (% or last response), details on failure (error message) and a human readable log on any status. By going back to the instance manager to interpret the output of a task, the instance manager is free to have its tasks log structured information (for example, as XML or even SOAP) rather than trying to have to produce sufficient logging for diagnosis while keeping it human readable. 32 • The instance managers may also provide code that does the constraint checking between hosts and their guests. Installers may use a common constraint language, for example based on XML, XPath and XQuery. 33 Example SDM Implementation The following discussion describes an embodiment of the schema that defines the elements of the SDM. 1 Definitions Term Definition Change Request A declarative document that describes a set of changes to a modeled system Fully qualified A change request that has passed through the model evaluation stages and is now ready cnange request to be executed against the target system Abstract type A type that is used to define the settings required to act on a modeled system object Concrete type A reusable definition of a modeled system object that contains definitions for member types and relationships. Relationship An sdm object that is used to describe the interaction between modeled system elements System Definition An xml document that contains definitions for abstract objects, concrete types and Model (SDM) relationships Document Software The combination of a set of SDM documents and the associated binary information (files) Distribution Unit required to deploy those types to an SDM managed system (SDU) SDM Layer A layer is a set of abstract objects that are specific to the objects modeled in that layer. For example the application layer types may tnclude Web applicaöon and Database, while the operating system tayer may include types for file systems and network devices. Some types wil! not be assigned to layers and witl instead be usabie across a range of layers. SDM Instance ' A set of concrete type and relationship instances that represent the modeled system space 34 2 Architectural Overview The System Deftnition Mode! (SDM) is designed is to support description of the configuration, interaction and changes to the components in a distributed system (the mode/ed system). SDM is based on an object-relational model. We use objects to describe entities thai exist in the system and relationships to identify the links between them. The SDM further refines objects and relationships to capture semantics that are important to the SDM. In particular, we divide objects into systems, endpoints and resources and we divide relationships into communication, containment. hosting, delegation, and reference. We use abstract definitions to provide a common categorization of system parts allowing tooi support for a wide range of apptications and providing the basis for type checking at design time. We expect the set of abstract definitions to provide a comprehensive basis for system design and we expect that they will change slowly over time. We build concrete object definitions that represent parts of an actual appiication or datacenter design. We take an abstract object definition and provide an implementation that defines the concrete type's members and setting values for its properties. We then build systems from colSections of these definitions. Constraints are used to model restrictions over the allowed set of relationships that an instance can participate in. We use constraints to capture fine grained requirements that depend on the configuration of objects involved in a relationship. For example, a constraint may be used to validate that participants on each end of a communication protocol are using compatible security settings. !n order to effect change on the target system, SDM uses a declarative description of the required changes called a change request. SDM defines the process that is used to expand, validate and execute a change request as part of the SDM execution model. The instance space captures both the desired and current state of the managed appiication. We track changes in the instance space and associate them with the change request that initiated the change. The following umi diagrams capture the broad interactions between the objects in the sdm model. For simplicity some of these interactions have been defined between base types where the actual interaction exists between derived types and as a result is more specialized. For example, communication relationships may only reference abstract endpoint definitions. An Sdrn document contains information that describes the document, managers for the definitions in the document, import statements that reference other documents and a set of definitions. Fig. 6 illustrates an example document. AlI sdm definititions derive from a common base definition and may contain members as shown in Fig. 7. The relationship between definitions and members can be more complex than is shown on the foliowing diagrams. 35 Members are divided by the kind of definition that they reference as shown in Fig. 8. Setting declarations reference a setting definition. Setting values and value lists provide values for settings as shown in Fig. 9. 2.1 THE LIFECYCLE OF AN SDM APPLICATION An example lifecycle of an SDM application in accordance with certain embodiments is shown in Fig. 10. The application is designed and implemented within the visual studio environment (biock 1002). Developers implement components and then combine them within compound components. The application is described within an SDM file. In order to verify that their appltcation will deploy within a particular datacenter a developer will bind their application to a representation of the datacenter also described in an SDM file (block 1004). This representation will include definitions for the hosts of their application components and constraints on the configuration of their application. If the binding fails, then the developer can revise their application design. Once a developer is happy with their application, they can sign and publish the application so that there is nowa strong name and version associated with the application (block 1006). The published form of an application is called a Software distribution Unit (SDU). The operator takes the SDU from the developer and loads the application into the SDM runtime (block 1008). In the process of loading the application, the operator chooses the model of the datacenter to which they want to bind the application. When the operator chooses to deploy an application they supply deployment time parameters to the application and they determine the scale of the application (block 1010). This is done using a change request. Once an application is deployed, the operator can interact with the runtime tö determine the configuration of the application and the setting for each part of the application (block 1012). The runtime can also verify that the actual configuration of the application matches the desired configuration as recorded in the runtime. The operator can remove a deployed application by submitting a change request (block 1014). The operator can also rollback individual changes made to the running application such as removing a service pack. In block 1016, the configuration of a running application can be changed by adding or removing parts of the deployed application such as to web frontends. The application can also be upgraded by installing newer versions of one or more of the application components. Z2 ABSTRACT OBJECT AND RELAT1ONSHIP DEFINITIONS Abstract object definitions defme the building blocks that we need in order to check application configuration at design time and then to deploy and manage an application at run time. These building blocks represent entrties that exist in the modeled system. For example, we use abstract object definitions to model files and directories, the configuration inside a web server or the databases inside a sql server. 36 We use abstract relationship definitions to model the interactions that can occur between abstract object definitions. Relationships are binary and directed, identifying the object definition that defines the instances that participate in manifestations of the relationship. Relationships provide a way of tying objects together so that we can model containment, construction and communication links between objects. Constraints are then used by objects to constrain the relationships they participate in and by relationships to constrain the objects that can be linked. These constraints can target both the definition and the settings of participants in a relationship. This allows a constraint to narrow the participants in a relationship to instance that are derived from a particular definition and to require that the instance have setting values that fa!l in a particular range. We divide Object definitions into three categories: systems, endpoints and resources. Abstract system definitions are used to describe self-contained independently deployable parts of an application. These definitions represent parts of an application that interact through well defined communication channels that can cross process and machine boundaries. Abstract endpoint definitions are used to describe the communication endpoints that a system may exposé. These are used to model afl forms of communication that the system should be aware of in order to verify system connectivity at design time and to enable connections at runtime. Abstract resource definitions describe behavior that is contained within a system. Resource definitions may have strong dependencies on other resource definitions. These dependencies can include requiring a specific instaliation order and initiating runtime interaction through undocumented communication mechanisms. All abstract object definitions share the ability to exposé settings. These settings are simple name-value pairs that use xml schema to define the type of the setting. Settings can be dynamic or static, if they are static then they can only be set during the deployment process, if they are dynamic, then they can be changed after deployment. The code responsible for applying settings values to the running system is hosted in the SOM runtime. The SDM supports inheritance over abstract object definitions. A derived definitions can extend the properties exposed by its parent and can set values for its parents properties. A derived definition can participate in any of the relationships that identify its parent as a participant. Relationship definitions are divided in five categories: communication, .containment, delegation, hosting, and reference. Communication relationships are used to capture potenttal communication interactions between abstract endpoint definitions. The existence of a communication relationship indicates that it may be possible for systems that exposé endpoints of the identified definition to communicate. The actual establishment of the link is subject to constraints on the endpoints and the exposure of the endpoints. Containment relationships describe that ability for an abstract object definition to contain members of another abstract object definition. More specrfically, a containment relationship between two abstract object definitions A and B allows a concrete object definition that implements A to contain a mernber of a concrete object definition that implements B. 37 We use containment to model the natural nesting structures that occurwhen developers build applications. By containing a member object, the parent is able to control the lifetime and vtsibility of the contained object. All object instances in the run time space exist as rnembers of other object instances, forming a completely connected set of instances. Thus, the set of containment relationship describes the atlowed containment pattems that occur in the instance space. Delegation relationships are used to selectively exposé contained object members; in particular, we use delegation to exposé endpoint rnembers from system definitions. By delegating a endpoint from a subsystem, the outer system exposes the ability to communicate on a particular protocol without exposing the implementation behind the protocol. Hosting and reference relationships are two forms of dependency relationship. A hosting relationship describes a primary dependency between abstract objects that should exist before an insiance of a concrete object can be created. Every instance should participate as a guest in exactly one hosting relationship, resulting in the hosting relationships also forming a completely connected tree over the instance space. Reference relationships capture additiona! dependencies that can be used for parameter flow and for construction ordering. 2.3 CONCRETE OBJECT AND RELATIONSHIP DEFINITIONS We build concrete object definitions from abstract object definitions and concrete relationship definitions from abstract relationship definitions, The combination of abstract object definitions and abstract relationship definitions defines a schema for modeling the target system. The role of a concrete object definition is to use a subset of the abstract definition space to create a reusable conftguration based on one or more abstract definitions. As a simple analogy, the abstract definition space can be compared to the schema for database; the concrete object definition would then represent a reusable template for a set of rows in the database. The rows are ónly created in the database when an instance of the concrete object is created. To perform design time validation we can vaiidate a concrete object definition against the abstract definition space in the same way that we would vatidate the rows in the database against the constraints of the schema (for example foreign keys, etc). Each concrete object definition provides an implementation for a specific abstract object definition. The implementation includes extensions to the settings schema, values for settings and declarations for object member, relationship members and constraint members and flow members. The behavior of the concrete object follows the definition of the abstract object: abstract system definition become concrete system definitions, abstract endpoint definitions become concrete endpoint definitions and abstract resource definitions become concrete resource definitions. Each concrete relationship definition provides an implementation for a specific abstract relationship definition. The implementation can include settings declarations and values, nested members of the same relationship category (hosting, containment, cornmunication etc), and constraints on the types that can participate in the relationship. 38 Concrete hosting relationships are used to define a mapping of the members of one concrete object onto another concrete object. For example, a concrete hosting relationship can be used to identify the bindings between a web application and the I(S host that it will be deployed to. More than one concrete hosting relationship can exist for a given type allowing the developer to define different deployment configurations for specific topologies 2A MEMBERS A concrete type can declare members of other concrete or abstract objects - we call these object members. These members are then referenced trom relationship members that define the relationships between the object members. Object members are used to create instances of a particuiar object definition. Settings flow can be used to provide values for the object. When dedaring an object memoer, the user can decide whether the object member is created at the same time the outer system is created (value semantics) or is created by an explicit new operation that occurs at some later time (reference semantics). Relationship members define the relationships that object members wil! participate in when they are created. If an object member is contained by its parent, then a containment relationship member will be declared between the type member and the outer type. If the object member is delegated, then a delegation relationship member would be defined between the object member and a nested object member. Communication relationship members can be dedared between endpoints on object members and dependency relationship members (reference and hosting) can be declared between object members or nested object members. Relationship constraints are used to narrow the set of relationships that a particuiar object is willing to participate in. They identify constraints on a particuiar relationship and on the participants at the other end of the relationship. Z5 INSTANCE SPACE The instance space stored in the SDM runtime reflects the current state of the modeled system. The runtime contains a complete record of the instances that have been created and the relationships between these instances. Each instance has an associated version history where each version is linked to a change request. The process of creating new instances is initiated by a change request. The change request defines a set of create, update and delete requests for types and relationships associated with specific members of an existing instance; the root is a special case. The change request is expanded by the runtime, verified against aft constraints, and then constructed. The expansion process identifies object and relationship instances that are constructed implicitly as part of the construction request of the containing object and then settings flow is then evaluated across all relationships. The verification step checks that al! required relationships exist and that the relationships fulfill all constraints. Finally, the construction process determines an apprapriate ordering over the deployment, update or removal of each instance and then in the correct sequence passes each instance to an instance manager to perform the appropriate action. 39 2.6 LAYERING The goal of the SDM model is to allow a separation of concerns between the developers of applications, the designers of the software infrastructure and the architects of the datacenter. Each of these groups focuses on particular services and has a differing set of dependencies. For example, developers mainly care about the confïguration and connectivtty between the hosts that they depend on such as SQL, IIS and the CLR. Designers of the host configuration care about the network tcpology and the OS configuration, while the architects developing the network topology, OS configuration and storage mapping need to know about the hardware that exists in the datacenter. To support this separation of concerns, SDM exposes a concept of layering. Layering is the use of hosting relationships to bind an application to the services that it depends on without decfaring those services as part of the containment structure of the application, We identify four layers as part of the SDM mode!... Application layer • The application layer supports the construction of applications in a constrained context. The context is defined by the configuration of the hosts identified in the host layer • Examples of system definitions in the application layer include web services, databases and biztalk schedules. Host Layer • Build datacenters out of software components. Configure the connections between components. Some of these components act as hosts for the appiication layer. • Examples of system definitions in this layer- I!S, SQL, AD, EXCHANGE, DNS and Biztalk. Network / OS / Storage layer • Build data center networks and platforms. Configure the network security model and the operating system platform configuration. Add storage to operating system configurations. • Examples of system definitions in this layer - VLAN, Windows, Filter, Storage. Hardware layer The hardware layer identifies the types of machines that exist in the datacenter and the physical connections that exist between these machines. Fig. 11 shows the example mapping of a layer 4 web application to a layer 3 web server host. The outer box at each tayer represents a system, the boxes on the boundary represent endpoints and the boxes on the inside represent resources. We map each of these elements via a hosting relationship to a host at the layer below. in order to satisfy the relationships required of a system we bind that system to a host system that has matching capabilities. We cal! this process placement. At design time, we construct a concrete hosting relationship that represents a possible placement. At deployment time, we instantiate an instance of the concrete hosting relationship to bind the guest system instance to the host system instance. 40 2.7 MODEL EVALUAT1ON Associated with the SDM model is well-defined process for managing change to a distributed system. Each change is driven by a declarative change request that passes through several processing steps before the actions in the request are distributed and then executed against target systems. 3 Impleméntation Details 3.1 NAMING There are a number of places in the SDM where we need a strong naming system for identifying objects. The following naming system allows the creator of a type to sign the definition in such a way that that the user of the definition can be sure that it is the same as the one that developer originally published. The following header is an exampie of an identifier for an sdm namespace: publicKeyToken="AAAABBBBCCCCDDDD" cutture="neulral" platform="neutral" publicKey="aLongKey" stgnature=TheHashOfTheFileContents'> To reference a type in another namespace you need to import the namespace: «import alias ="FileSystern" name="FileSystem" version="0.1.0,0" publicKeyToken="AAAABBBBCCCCDDDD7> Then you can use the alias to refer to types within the namespace; File System file 3.1.1 Identity SDM names are scoped by the namespace in which they are defined. A namespace is identified by a name, version, language and a public key token and is contained within a single file. The base form of identity includes name, version, culture, platform and a public key token. 'xs:attributeGroup> 41 Attribute / element Description name The name of the sdm file is a friendly name that a developer can use to reference the contente of the file. The name in combination with the public key token provides a strong name for the file. version Version is used to identify The version of the contents of the file. All elements of the file adopl the same version number publicKeyToken Public key token is a short name for the public key associated with the file. culture The culture of the binaries. Defaults to neutra! platform The supported platform for the binaries. The base tdentity can be used to reference an existing identity or in conjunctton with a signature and a public key, to create a new strong identity. The document wil! be signed using the private key, aKowing the user of the document to verify its contents using the public key. >cs:simpleType> 42 3.1.2 Version A file version is defined by a four part number of the form N.N.N.N where O convention the numbers referto Major.Minor.Build.Revision. . 3.1.3 Simpler.ames Simple names are made up of alpha-numeric characters and limited punctuation. The name should start with a non-numeric character. We plan to conform to the C# definition for ïdentifiers; the appropriate section (2.4.2) has been inserted below. The spec can be found at: hUp://devdiv/SDecTool/Docüments/WhidbevA/CShan3/Formal%20Lanquaqe%20Specification/CSharD %20LanguaQe%20SDecification.doc Note we will not support "@" prefixed names in the sdm model. The rules for identifiers given in this section correspond exactly to those recomrnended by the Unicode Standard Annex 15, except that underscore is allowed as an inttial character (as is traditional in the C programming language), Unicode escape sequences are permitted in identifiers, and the "@" character is allowed as a prefix to enable keywords to be used as identifiers. identifier: avaÜable-identifier & identifier-or-keyword ava ilable-identifier: An identifier-or-keyword that is not a keyword identifier-or-keyword: identifier-start-character identifier-part-charactersop{ identifier-start-character: letter-character _ (the underscore character U+005F) identifier-part-characters: 43 identifier-part-character identifier-part-characters identifier-part-character l"entifier-part-character: letter-character decimal-digit-chara eter connecting-character combining-character formatting-character ' vt'fer-cfiaracfer. • A Unicode character of classes Lu, LI, Lt, Lm, Lo, or NI A unicode-escape-sequence representing a character of classes Lu, LI, Lt, Lm, LO or NI combining-character A Unicode character of classes Mn or Mc A unicode-escape-sequence representing a character of classes Mn or Mc decimal-digit-character; A Unicode character of the class Nd A unicode-escape-sequence representing a character of the class Nd connecting-character: A Unicode character of the class Pc A unicode-escape-sequence representing a character of the class Pc formatting-character: A Unicode character of the class Cf A unicode-escape-sequence representtng a character of the class Cf for information on the Unicode character dasses mentioned above, see The Unicode standard, Version 3.0, section 4.5. "rïte example: d^ss @dass publïc static voïd @static(boo1 @bool) { if (@bool) System.Console.WriteLine("tnje"); else System.Console.WrileLinerïatee"); 44 ) class Classl { static void M() { Cl\u0061ss.st\u0061tic(true); > } definesaclassnamed"c1ass" with a staticmethod named "static" thattakesa .. parameter named "boo")". Note that since Unicode escapes are not permitted in keywords, the token "cl \u0061ss" is an identifter, and is the same identifier as "@class". Two identifiers are considered the same if they are identical after the folfowing transfoimations are applied, in order: • The prefix "@", if used, is removed. • Each unicode-escape-sequence is transformed into its corresponding Unicode character. • Myformatting-characters are removed. Identifiers containing two consecutive underscore characters (U+005F) are reserved for use by the impiementation. For example, an implementation might provide extended keywords that begin with two underscores. 3.1.4 Reserved names The following is a list of reserved names that we will prevent users from using wrien creating names for objects in an SDM model. Within certain contexts certain names will be reserved Context Name Abstract and concrete definitions thïs Abstract and concrete hosting guest, host Relationship definitions Abstract and concrete containmerrt parent, member relationship definitions Abstract and concrete cliënt, server communication relationship definitions Abstract and concrete reference source, dependent relationship definitions 45 3.1.5 References to other namespaces We allow namespaces to reference other namespaces by importing them into the current namespace and then associating an alias with the namespace. The imported namespace is referenced by name, version and public key loken. Versioning wift be described in section 3.A6. Attribute / element Description alias The alias used to reference the extemal sdm file within the scope of the current sdm file. 3.1.6 Qualified Paths Qualifted paths are then either names that refer to definitions or managers defined in the current namespace or in an aliased namespace. [ The alias is defined in an import statement. The foliowing simple names identify a type or in the case of a path, a nested type. 3.1.7 Definition and Member Paths A path is a sequence of names that identifies a member or setting. A path should begin with a well- known name or member name that is defined by the object or relationship associated with the path. 3.1.8 Instance Paths Paths in the instaace space are based on xpaths where the element names in the xpath correspond to member names and attributes in the xpath correspond to settings. 47 3.1.9 Name Resolution Names that do nol begin with an afias are not fully qualifïed. This means that the scope in which they are evaluated can change the resutting binding. An example of thts is nested definitions. When resolving a nested definition name, definitions in local scope hide definitions in a broader scope. 3.2 SETTINGS Alt definitions can exposé settings declarations. These settings are used to describe the values that can' be provided when a concrete definition is created from an abstract definition, or when a definition is references from a member within another definition. To define a setting you first need to define the definition of the setting using xsd. You can then declare a setting that uses the definition and includes a set of attributes to define the behavior of the setting. Once you have a setting dedaration you can provide a value for the setting. 3.2.1 Setting Definitions We use XSD schemas to define the setting definitions used by setting declarations. We support the use of simple and complex types from a schema though otner schema elements may exist to support the definition of those types. The settings definition section should contain a complete xml schema induding namespace declaration and namespace imports. We will check that the imports in the xsd schema match the imports in the sdm file with the exception of the xsd schema namespace. This means that all referenced types should be defined in another sdm file; the schema cannot reference types that are defined in arbitrary xsd files. 48 Attribute / element Description xs:scbema A schema in the http://www.w3.org/2001 /XMLSchmg namespace. manager The dr assembly that contains helper classes for this schema clrNamespace The dr namespace in which these dasses are defined. All setting type will rescbve to a ór baseö or> Ihei? rr&ppng Sbroupb CLR serialization. Settings should be resolvable from three separate namespaces: a) The sdm namespace - when we refer to setting types within system, resource, endpoint, relationship, constraint or fiow types. b) The dr namespace - when we refer to settings using strongly typed classes within the dr and when setting types are built on other setting types. c) The XSD namespace - when setting types are built using other setting types. For this to work, we should place a number of restrictions on the way we dedare settings: a) All settings should be in the same groupings within each of the dr, sdm and xsd namespaces. That is, if two settings are together in one namespace, they should be together in all three namespaces. b) Imported namespaces within an xsd schema definttion should match the imported namespaces in an SDM file and the imported namespaces in the associated helper assembly. c) Wfth the exception of the xsd namespace, al! imported namespaces in an xsd schema should be defined within an sdm file. XSD types from imported SDM documents are accessible using QNames: Hence, for example, if Foo.sdm imports Bar.sdm, the setting types of Bar.sdm may be referenced in the settingTypes element of Foo.sdm as this example illustrates: «import a!ïas="bar" !ocation="Bar.s 49 |
|---|
| Patent Number | 258821 | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Indian Patent Application Number | 216/MUM/2004 | ||||||||||||||||||
| PG Journal Number | 07/2014 | ||||||||||||||||||
| Publication Date | 14-Feb-2014 | ||||||||||||||||||
| Grant Date | 10-Feb-2014 | ||||||||||||||||||
| Date of Filing | 23-Feb-2004 | ||||||||||||||||||
| Name of Patentee | MICROSOFT CORPORATION | ||||||||||||||||||
| Applicant Address | ONE MICROSOFT WAY, REDMOND, WASHINGTON 98052-6399 | ||||||||||||||||||
Inventors:
|
|||||||||||||||||||
| PCT International Classification Number | G06F15/177 | ||||||||||||||||||
| PCT International Application Number | N/A | ||||||||||||||||||
| PCT International Filing date | |||||||||||||||||||
PCT Conventions:
|
|||||||||||||||||||