Model-Based system management

Info

Publication number: 20060025985
Type: Application
Filed: Jun 29, 2005
Publication Date: Feb 2, 2006
Applicant: Microsoft Corporation (Redmond, WA)
Inventors: Anders Vinberg (Kirkland, WA), Bruce Copeland (Redmond, WA), Robert Fries (Redmond, WA), Kevin Grealish (Seattle, WA), Jonathan Hardwick (Kirkland, WA), Michael Healy (Redmond, WA), Galen Hunt (Bellevue, WA), Aamer Hydrie (Seattle, WA), David James (Bothell, WA), Anand Lakshminarayanan (Redmond, WA), Rob Mensching (Redmond, WA), Rajagopalan Narayanan (Redmond, WA), Geoffrey Outhred (Seattle, WA), Ken Pan (Redmond, WA), Efstathios Papaefstathion (Redmond, WA), John Parchem (Seattle, WA), Vij Rajarajan (Issaquah, WA), Ashvinkumar Sanghvi (Sammamish, WA), Bassam Tabbara (Seattle, WA), Rene Vega (Kirkland, WA), Vitaly Voloshin (Issaquah, WA), Robert Welland (Seattle, WA), Eric Winner (Woodinville, WA), Jeffrey Woolsey (Redmond, WA)
Application Number: 11/170,700

Abstract

A model of a system is generated and used as a basis for managing the system. As the system is managed, the system model can be updated to reflect changes to the system. Managing of the system can include one or more of provisioning applications in the system, provisioning applications in virtual systems, provisioning test environments, monitoring the configuration of the system, monitoring the system including the health of the system, performing capacity planning for the system, and propagating attributes to different components in the system.

Description

Description

RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent application Ser. No. 10/693,838, filed Oct. 24, 2003, entitled “Integrating Design, Deployment, and Management Phases for Systems”, which is hereby incorporated by reference herein. U.S. patent application Ser. No. 10/693,838 claims the benefit of U.S. Provisional Application No. 60/452,736, filed Mar. 6, 2003, entitled “Architecture for Distributed Computing System and Automated Design, Deployment, and Management of Distributed Applications”, which is hereby incorporated herein by reference.

This application is related to the following applications, each of which is hereby incorporated by reference herein:

- U.S. patent application Ser. No. 11/077,265, filed Mar. 10, 2005, entitled “Model-Based System Provisioning”;
- U.S. patent application Ser. No. ______, Attorney Docket No. MS1-2356US, filed concurrently herewith, entitled “Model-Based Virtual System Provisioning”;
- U.S. patent application Ser. No. ______, Attorney Docket No. MS1-2357US, filed concurrently herewith, entitled “Model-Based Provisioning of Test Environments”;
- U.S. patent application Ser. No. ______, Attorney Docket No. MS1-2358US, filed concurrently herewith, entitled “Model-Based Configuration Management”;
- U.S. patent application Ser. No. 11/107,419, filed Apr. 15, 2005, entitled “Model-Based System Monitoring”;
- U.S. patent application Ser. No. 11/107,418, filed Apr. 15, 2005, entitled “Model-Based Capacity Planning”; and
- U.S. patent application Ser. No. ______, Attorney Docket No. MS1-2361US, filed concurrently herewith, entitled “Model-Based Propagation of Attributes”.

BACKGROUND

Computers have become increasingly commonplace in our world and offer a variety of different functionality. Some computers are designed primarily for individual use, while others are designed primarily to be accessed by multiple users and/or multiple other computers concurrently. These different functionalities are realized by the use of different hardware components as well as different software applications that are installed on the computers.

Although the variety of available computer functionality and software applications is a tremendous benefit to the end users of the computers, such a wide variety can be problematic for the developers of the software applications as well as system administrators that are tasked with keeping computers running. Such problems can arise, for example, because of differences in configurations or settings that are required by different software applications that a user may try to install on the same computer. Situations can arise where the settings required by one software application cause another software application to malfunction. By way of another example, situations can arise where two software applications have conflicting requirements on how the operating system on the computer should be configured. Such situations can cause one or both of the software applications, and possibly additional applications, to operate incorrectly if both are installed concurrently.

Additionally, many computing systems contain a large number of different components that must work together and function properly for the entire computing system to operate properly. If a component fails to function properly, one or more other components that rely on the failed component may likewise function improperly. A component may fail to function properly due to a software failure and/or a hardware failure. These component failures result in the improper operation of the associated computing system.

Accordingly, there is a need for an improved way to manage software applications on computers.

SUMMARY

This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.

Model-based system management with several management disciplines guided by a common model is discussed herein. In accordance with certain aspects, a model of a system is generated and used as a basis for managing the system. As the system is managed, the system model can be updated to reflect changes to the system. Management of the system can include one or more of provisioning applications in the system, provisioning applications in virtual systems, provisioning test environments, monitoring the configuration of the system, monitoring the system including the health of the system, performing capacity planning for the system, and propagating attributes to different components in the system.

BRIEF DESCRIPTION OF THE DRAWINGS

The same numbers are used throughout the drawings to reference like features.

FIG. 1 illustrates an example system definition model (SDM) that can be used with the model-based system provisioning described herein.

FIG. 2 illustrates an example use of types, configurations, and instances.

FIG. 3 is a flowchart illustrating an example process for model-based system management.

FIG. 4 is a flowchart illustrating an example process for provisioning a system.

FIG. 5 illustrates an example application installation specification in additional detail.

FIG. 6 is a flowchart illustrating an example of the generation of an application installation specification for physical deployment in additional detail.

FIG. 7 is a flowchart illustrating an example process for provisioning a virtual system.

FIG. 8 illustrates an example workload installation specification in additional detail.

FIG. 9 is a flowchart illustrating an example of the generation of a workload installation specification for physical deployment in additional detail.

FIG. 10 is a flowchart illustrating an example process for provisioning a test environment.

FIG. 11 illustrates an example application installation specification in additional detail.

FIG. 12 is a flowchart illustrating an example of the generation of an application installation specification for physical deployment in additional detail.

FIG. 13 is a flowchart illustrating an example process for managing and monitoring the configuration of a system.

FIG. 14 is a flowchart illustrating an example process for creating a configuration policy associated with the system.

FIG. 15 is a flowchart illustrating an example process for monitoring a system.

FIG. 16 illustrates an example health model.

FIG. 17 illustrates multiple components that process data in a sequential manner.

FIG. 18 is a flowchart illustrating an example process for capacity planning.

FIG. 19 illustrates example transactions that are performed by a planned system.

FIG. 20 is a flowchart illustrating an example process for propagating attributes throughout a system model.

FIG. 21 illustrates an example attribute propagation module that receives a system model and various attributes, and propagates attributes throughout the model.

FIG. 22 illustrates an example general computer environment, which can be used to implement the techniques described herein.

DETAILED DESCRIPTION

As used herein, an application refers to a collection of instructions that can be executed by a processor, such as a central processing unit (CPU) of a computing device. An application can be any of a variety of different types of software or firmware, or portions thereof. Examples of applications include programs that run on an operating system, the operating system, operating system components, services, infrastructure, middleware, portions of any of these, and so forth.

A system definition model (SDM) describes a system that can be managed. Management of a system can include, for example, installing software on the system, monitoring the performance of the system, maintaining configuration information about the system, verifying that constraints within the system are satisfied, combinations thereof, and so forth. A system can be, for example, an application, a single computing device, multiple computing devices networked together (e.g., via a private or personal network such as a local area network (LAN) or via a larger network such as the Internet), and so forth.

The systems discussed herein can be virtual systems that include one or more virtual machines. A virtual machine can be thought of as a computing device implemented in software. A virtual machine emulates a computing device, including all of the hardware components of a computing device (except for possibly the processor(s)). A virtual machine runs on a computing device in its own isolated and self-contained environment, having its own operating system and optionally other software installed on it. Multiple virtual machines can be run on the same computing device, each of the multiple virtual machines having its own isolated environment and its own operating system installed thereon. A virtual system includes one or more computing devices that run a virtual machine. A virtual system can include one or more computing devices that already run a virtual machine and/or one or more computing devices that are to have a virtual machine provisioned thereon. A virtual machine can be provisioned on a computing device as part of the virtual system provisioning described herein.

In addition to conventional virtual machines, other forms of containers for workloads are being contemplated or implemented in the industry, such as “sandboxes” that allow a workload to run within an operating system that is shared with other workloads but which nonetheless provide the workloads more isolation than if the workloads were running directly in the operating system. These different containers can be viewed as “lightweight” virtual machines, in the sense that they provide many of the same benefits as traditional virtual machines with less cost or operational overhead. The techniques described herein can be used for such containers as well as traditional virtual systems, and references to virtual machines herein include such other forms of containers.

FIG. 1 illustrates an example SDM 100 that can be used with the model-based virtual system provisioning described herein. SDM 100 includes a component corresponding to each of one or more software and/or hardware components being managed in a virtual system. These software and/or hardware components being managed refer to those software and/or hardware components that the author of SDM 100 and/or designers of the system desires to include in SDM 100. Examples of hardware and/or software components that could be in a system include an application (such as a database application, email application, file server application, game, productivity application, operating system, and so forth), particular hardware on a computer (such as a network card, a hard disk drive, one of multiple processors, and so forth), a virtual machine, a computer, a group of multiple computers, and so on. A system refers to a collection of one or more hardware and/or software components.

SDM 100 represents a system including component 102, component 104, component 106, component 108, component 110, component 112, and component 114. Although the example SDM 100 includes seven components, in practice a system, and thus the SDM, can include any number of components.

For example, component 106 could represent a particular computer, while component 104 represents an operating system running on that particular computer. By way of another example, component 106 could represent an operating system, while component 104 represents a database application running on the operating system. By way of yet another example, component 114 could represent a particular computer, while component 112 represents an operating system installed on that particular computer, component 110 represents a virtual machine running on the operating system, and component 108 represents an operating system running on the virtual machine. Note that the operating systems associated with component 112 and component 108 could be the same or alternatively two different operating systems.

The SDM is intended to be a comprehensive knowledge store, containing all information used in managing the system. This information includes information regarding the particular components in the system, as well as relationships among the various components in the system. Despite this intent, it is to be appreciated that the SDM may contain only some of the information used in managing the system rather than all of the information.

Relationships can exist between different components in a system, and these relationships are typically illustrated in SDM diagrams with lines connecting the related components. Examples of relationships that can exist between components include containment relationships, hosting relationships, and communication relationships. Containment relationships identify one component as being contained by another component—data and definitions of the component being contained are incorporated into the containing component. When a component is installed on a system, any components contained in that component are also typically installed on the system. In FIG. 1, containment relationships are illustrated by the diagonal lines connecting component 102 and component 104, and connecting component 102 and component 108.

Hosting relationships identify dependencies among components. In a hosting relationship, the hosting component typically must be present in order for the guest component to be included in the system. In FIG. 1, hosting relationships are illustrated by the vertical lines connecting component 104 and component 106, connecting component 108 and component 110, connecting component 110 and 112, and connecting component 112 and 114.

Communication relationships identify components that can communicate with one another. Communication relationships may or may not imply that a dependency exists between the components. In FIG. 1, communication relationships are illustrated by the horizontal line connecting component 104 and component 108.

Associated with each component in SDM 100 is one or more information (info) pages. Information pages 122 are associated with component 102, information pages 124 are associated with component 104, information pages 126 are associated with component 106, information pages 128 are associated with component 108, information pages 130 are associated with component 110, information pages 132 are associated with component 112, and information pages 134 are associated with component 114. Each information page contains information about the associated component. Different types of information can be maintained for different components. One or more information pages can be associated with each component in SDM 100, and the particular information that is included in a particular information page can vary in different implementations. All the information can be included on a single information page, or alternatively different pieces of information can be grouped together in any desired manner and included on different pages. In certain embodiments, different pages contain different types of information, such as one page containing installation information and another page containing constraint information. Alternatively, different types of information may be included on the same page, such as installation information and constraint information being included on the same page.

Examples of types of information pages include installation pages, constraint pages, monitoring pages, service level agreement pages, description pages, and so forth. Installation pages include information describing how to install the associated component onto another component (e.g., install an application onto a computer), such as what files to copy onto a hard drive, what system settings need to be added or changed (such as data to include in an operating system registry), what configuration programs to run after files are copied onto the hard drive, sequencing specifications that identify that a particular installation or configuration step of one component should be completed before an installation or configuration step of another component, and so forth.

Constraint pages include information describing constraints for the associated component, including constraints to be imposed on the associated component, as well as constraints to be imposed on the system in which the associated component is being used (or is to be used). Constraints imposed on the associated component are settings that the component should have (or alternatively should not have) when the component is installed into a system. Constraints imposed on the system are settings (or other configuration items, such as the existence of another application or a piece of hardware) that the system should have (or alternatively should not have) in order for the associated component to be used in that particular system.

It should also be noted that constraints can flow across relationships. For example, constraints can identify settings that any component that is contained by the component, or that any component that contains the component, should have (or alternatively should not have). By way of another example, constraints can identify settings that any component that is hosted by the component, or that any component that hosts the component, should have (or alternatively should not have). By way of yet another example, constraints can identify settings that any component that communicates with the component should have (or alternatively should not have).

In addition, constraint pages may also include a description of how particular settings (or components) are to be discovered. For example, if a constraint indicates that an application should not co-exist with Microsoft® SQL Server, then the constraint page could also include a description of how to discover whether Microsoft® SQL Server is installed in the system. By way of another example, if a constraint indicates that available physical memory should exceed a certain threshold, then the constraint page could also include a description of how to discover the amount of available physical memory in the system. By way of still another example, if a constraint indicates that a security setting for Microsoft® SQL Server should have a particular value, then the constraint page could also include a description of how to discover the value of that security setting for Microsoft® SQL Server.

Constraint pages may also include a description of how particular settings are to be modified if they are discovered to not be in compliance with the constraints. Alternatively, the constraint pages could include specifications of some other action(s) to take if particular settings are discovered to not be in compliance with the constraints, such as sending an event into the system's event log, alerting an operator, starting a software application to take some corrective action, and so forth. Alternatively, the constraint pages could include a policy that describes what action to take under various circumstances, such as depending on the time of day, depending on the location of the system.

Constraint pages may also optionally include default values for at least some of these settings, identifying a default value to use within a range of values that satisfy the constraint. These default values can be used to assist in installation of an application, as discussed in more detail below.

Monitoring pages include information related to monitoring the performance and/or health of the associated component. This information can include rules describing how the associated component is to be monitored (e.g., what events or other criteria to look for when monitoring the component), as well as what actions to take when a particular rule is satisfied (e.g., record certain settings or what events occurred, sound an alarm, etc.).

Service level agreement pages include information describing agreements between two or more parties regarding the associated component (e.g., between the purchaser of the associated component and the seller from which the associated component was purchased). These can be accessed during operation of the system to determine, for example, whether the agreement reached between the two or more parties is being met by the parties.

Description pages include information describing the associated component, such as various settings for the component, or other characteristics of the component. These settings or characteristics can include a name or other identifier of the component, the manufacturer of the component, when the component was installed or manufactured, performance characteristics of the component, and so forth. For example, a description page associated with a component that represents a computing device may include information about the amount of memory installed in the computing device, a description page associated with a component that represents a processor may include information about the speed of the processor, a description page associated with a component that represents a hard drive may include information about the storage capacity of the hard drive and the speed of the hard drive, and so forth.

As can be seen in FIG. 1, an SDM maintains various information (e.g., installation, constraints, monitoring, etc.) regarding each component in the system. Despite the varied nature of these information pages, they are maintained together in the SDM and thus can all be readily accessed by various utilities or other applications involved in the management of the system.

An SDM can be generated and stored in any of a variety of different ways and using any of a variety of different data structures. For example, the SDM may be stored in a database. By way of another example, the SDM may be stored in a file or set of multiple files, the files being encoded in XML (Extensible Markup Language) or alternatively some other form. By way of yet another example, the SDM may not be explicitly stored, but constructed each time it is needed. The SDM could be constructed as needed from information existing in other forms, such as installation specifications.

In certain embodiments, the SDM is based on a data structure format including types, instances, and optionally configurations. Each component in the SDM corresponds to or is associated with a type, an instance, and possibly one or more configurations. Additionally, each type, instance, and configuration corresponding to a particular component can have its own information page(s). A type refers to a general template having corresponding information pages that describe the component generally. Typically, each different version of a component will correspond to its own type (e.g., version 1.0 of a software component would correspond to one type, while version 1.1 of that software component would correspond to another type). A configuration refers to a more specific template that can include more specific information for a particular class of the type. An instance refers to a specific occurrence of a type or configuration, and corresponds to an actual physical component (software, hardware, firmware, etc.).

For types, configurations, and instances associated with a component, information contained in information pages associated with an instance can be more specific or restrictive than, but generally cannot contradict or be broader than, the information contained in information pages associated with the type or the configuration. Similarly, information contained in information pages associated with a configuration can be more specific or restrictive than, but cannot contradict or be broader than, the information contained in information pages associated with the type. For example, if a constraint page associated with a type defines a range of values for a buffer size, the constraint page associated with the configuration or the instance could define a smaller range of values within that range of values, but could not define a range that exceeds that range of values.

It should be noted, however, that in certain circumstances a model of an existing system as deployed (that is, a particular instance of a system) may violate the information contained in information pages associated with the type for that existing system. This situation can arise, for example, where the system was deployed prior to an SDM for the system being created, or where a user (such as a system administrator) may have intentionally deployed the system in noncompliance with the information contained in information pages associated with the type for that existing system.

The use of types, configurations, and instances is illustrated in FIG. 2. In FIG. 2, a type 202 corresponds to a particular component. Three different instances 204, 206, and 208 of that particular component exist and are based on type 202. Additionally, a configuration (config) 210 exists which includes additional information for a particular class of the particular component, and two instances 212 and 214 of that particular class of the particular component.

For example, assume that a particular component is a database application. A type 202 corresponding to the database application is created, having an associated constraint information page. The constraint information page includes various general constraints for the database application. For example, one of the constraints may be a range of values that a particular buffer size should be within for the database application. Type 202 corresponds to the database application in general.

Each of the instances 204, 206, and 208 corresponds to a different example of the database application. Each of the instances 204, 206, and 208 is an actual database application, and can have its own associated information pages. For example, each instance could have its own associated description information page that could include a unique identifier of the particular associated database application. By way of another example, the constraint information page associated with each instance could include a smaller range of values for the buffer size than is indicated in the constraint information page associated with type 202.

The information pages corresponding to the instances in FIG. 2 can be in addition to, or alternatively in place of, the information pages corresponding to the type. For example, two constraint information pages may be associated with each instance 204, 206, and 208, the first constraint information page being a copy of the constraint information page associated with type 202 and the second constraint information page being the constraint information page associated with the particular instance and including constraints for just that instance. Alternatively, a single constraint information page may be associated with each instance 204, 206, and 208, the single constraint information page including the information from the constraint information page associated with type 202 as well as information specific to the particular instance. For example, the range of values that the particular buffer size should be within for the database application would be copied from the constraint information page associated with type 202 to the constraint information page associated with each instance. However, if the constraint information page for the instance indicated a different range of values for that particular buffer size, then that different range of values would remain in the constraint information page associated with the instance rather than copying the range of values from the constraint information page associated with type 202.

Following this example of a database application, configuration 210 corresponds to a particular class of the database application. For example, different classes of the database application may be defined based on the type of hardware the application is to be installed on, such as different settings based on whether the computer on which the database application is to be installed is publicly accessible (e.g., accessible via the Internet), or based on whether an operating system is already installed on the server. These different settings are included in the constraint information page associated with configuration 210.

Each of the instances 212 and 214 corresponds to a different example of the database application. Similar to instances 204, 206, and 208, each of instances 212 and 214 is an actual database application, and can have its own information page(s). However, unlike instances 204, 206, and 208, the constraint information pages associated with instances 212 and 214 each include the constraints that are in the constraint information page associated with configuration 210 as well as the constraints in the constraint information page associated with type 202.

It should be noted that, although the information pages are discussed as being separate from the components in the SDM, the data structure(s) implementing the SDM could alternatively include the information discussed as being included in the various information pages. Thus, the component data structures themselves could include the information discussed as being included in the various information pages rather than having separate information pages.

The installation page associated with a component can be used as a basis for provisioning a system. Provisioning a system refers to installing an application(s) on the system, as well as making any necessary changes to the system in order for the application(s) to be installed. Such necessary changes can include, for example, installing an operating system, installing one or more other applications, setting configuration values for the application or operating system, and so forth.

The installation page associated with a component can also be used as a basis for provisioning a virtual system. Provisioning a virtual system refers to installing a workload on the virtual system, as well as making any necessary changes to the virtual system in order for the workload to be installed. Such necessary changes typically include creating a new virtual machine, and can also include other actions, such as installing an operating system on the computing device on which the new virtual machine runs or installing an operating system on the newly created virtual machine, setting configuration values for the operating system, installing one or more other applications, and so forth. In certain implementations, the workload is installed by creating a new virtual machine on a computing device and copying an image file to the storage device of the computing device. This image file includes an application(s) to be run to perform the computing of the workload, and also typically includes the operating system on which the application(s) is to be run.

In the discussions herein, reference is made to different classes of computing devices. Each of these different classes of computing devices refers to computing devices having particular common characteristics, so they are grouped together and viewed as a class of devices. Examples of different classes of devices include IIS (Internet Information Services) servers that are accessible to the Internet, IIS servers that are accessible only on an internal intranet, database servers, email servers, order processing servers, desktop computers, and so forth. Typically, each different class of computing device corresponds to one of the configurations in the system model.

These different classes of computing devices can be different classes of physical devices, as well as different classes of virtual machines. The classes may distinguish between virtual machine classes and physical device classes. For example, one class may be database virtual machines, another class may be database physical servers (not running the database on a virtual machine), another class may be an order processing virtual machine, another class may be an order processing physical server (not running the order processing application(s) on a virtual machine), and so forth. Alternatively, the classes may not distinguish between virtual machine classes and physical device classes. For example, a single database server class may be used for database servers regardless of whether the database application(s) are run on a virtual machine or a computing device without a virtual machine(s).

FIG. 3 is a flowchart illustrating an example process 300 for model-based system management. Portions of process 300 can be implemented in software, firmware, and/or hardware.

Initially, an application model(s) and/or a system model is accessed (act 302). One or both of these models may be created by the same user as is initiating access to the model(s), or alternatively one or more of these models may be created by another user. Each accessed model is an SDM model analogous to model 100 of FIG. 1, and includes one or more components. Each accessed model includes types and instances, and optionally configurations and relationships. As the system is managed, these models can be updated to reflect any changes to the system. Typically, a different application model can be accessed for each application in a system (or to be added to a system). However, once the application is installed in the system, the application model becomes part of the system model.

One or more actions can then be taken to manage the system based on one or both of the application model(s) and the system model. These same models are the basis for all of the actions, and these models can be continuously updated and changed by these actions. These various management actions refer to actions for different management disciplines, such as provisioning systems, health monitoring, predicting system capacity, and so forth. Each of these management actions can be performed with the aid of a model(s), but the value is greater when a plurality of management actions are based on the same set of models. For example, the cost of creating the models is depreciated over several tasks rather than each task having to bear the complete cost of the model generation. By way of another example, management cost is reduced and management effectiveness is increased by the consistency that comes from using the same model (e.g., because a health and performance monitoring system will base its decisions on the same model that the provisioning system deployed).

One action that can be taken is to provision systems based on one or both of the application model(s) and the system model (act 304). Examples of such provisioning of systems are discussed in more detail below in the System Provisioning section.

Another action that can be taken is to provision virtual systems based on one or both of the application model and the system model (act 306). Examples of such provisioning of virtual systems are discussed in more detail below in the Virtual System Provisioning section.

Another action that can be taken is to provision test environments based on one or both of the application model and the system model (act 308). Examples of such provisioning of test environments are discussed in more detail below in the Test Environment Provisioning section.

Another action that can be taken is to update one or both of the application model and the system model based on deployments that are made (act 310). When an application is installed it the system, the system model is updated to incorporate the application model. Examples of such updating are discussed in more detail below in the System Provisioning, Virtual System Provisioning, and Test Environment Provisioning sections.

Another action that can be taken is to predict system capacity based on one or both of the application model and the system model (act 312). Examples of such predicting are discussed in more detail below in the Capacity Planning section.

Another action that can be taken is to monitor the health of the system based on one or both of the application model and the system model (act 314). Examples of such monitoring are discussed in more detail below in the System Monitoring section.

Another action that can be taken is to manage configurations of the system based on one or both of the application model and the system model (act 316). Examples of such configuration management are discussed in more detail below in the Configuration Monitoring section.

Another action that can be taken is to update one or both of the application model and the system model by propagating attributes (act 318). Examples of such attribute propagation are discussed in more detail below in the Attribute Propagation section.

System Provisioning

FIG. 4 is a flowchart illustrating an example process 400 for provisioning a system. Portions of process 400 can be implemented in software, firmware, and/or hardware.

Initially, a model of the application to be installed on a system is built (act 402). This building process in act 402 is typically performed by the developer of the application, although could alternatively be performed by others. This model is an SDM model of the application, analogous to model 100 of FIG. 1, and includes one or more components. The model of the application includes types and optionally configurations. As part of the building process in act 402, zero or more information pages are associated with each component in the model. Typically, at least a constraint information page is associated with each component in the model.

As part of the building process in act 402, types and optionally configurations are defined, along with associated information page(s). The types and configurations can be standard types or configurations that are copied or modified in act 402, or alternatively can be newly created in act 402. As discussed above, different constraints can be included in the configuration information page associated with the type and the configuration information page associated with the configuration.

The constraints included on a constraint information page can take a variety of forms, such as: hardware requirements regarding the computing device(s) or other hardware on which the application is to be installed (e.g., a minimum processor speed, a minimum amount of memory, a minimum amount of free hard drive space, a minimum amount of network bandwidth available, particular security mechanisms available, and so forth), software requirements regarding the computing device(s) or other hardware or software on which the application is to be installed (e.g., a particular operating system that should already be installed on the computing device(s), one or more other applications that should already be installed on the computing device(s), specifications regarding how particular hardware and/or the operating system is to be configured such as particular settings for the operating system that should already be made, a particular type of security or encryption that should be in use, and so forth), other requirements regarding the computing device(s) on which the application is to be installed (e.g., particular security keys available, data center policies that should be enforced, authentication that is used, system topology, etc.), and so on.

Constraints can be positive requirements specifying that something should be present (e.g., the processor should have at least a minimum processor speed, or the Windows® XP operating system should already be installed on the computing device). Constraints can also be negative requirements specifying that something should not be present (e.g., one or more particular applications should not already be installed on the computing device, or particular operating system settings should not be present).

Additionally, a model of the system where the application is to be installed is built (act 404). This building process in act 404 is typically performed by an administrator of the system where the application is to be installed, although could alternatively be performed by others. This model is an SDM model of the system analogous to model 100 of FIG. 1, and includes one or more components. The model of the system includes types and instances, and optionally configurations. The system in act 404 could be a single computing device, or alternatively multiple computing devices. For example, if the application will be installed on one computing device in a data center having a thousand computing devices, then the model of the system where the application is to be installed may include all or some of those thousand computing devices. By way of another example, if the application will be installed on a home computer that is not coupled to any other computers, then the model of the system where the application is to be installed will include just that home computer.

Oftentimes, the model of the system built in act 404 will be generated by the system administrator prior to the application being designed and the model of the application being built in act 402. In such situations, the previously generated model can be accessed and need not be re-built in act 404.

Components in the model of the system built in act 404 will include constraint information pages. These constraint information pages include constraints for each component in the system. Such constraint information pages can identify constraints for the corresponding component, and optionally constraints that should be satisfied by any application to be installed on the corresponding component.

Based on the models built in acts 402 and 404, a logical deployment evaluation is performed (act 406). The logical deployment evaluation involves comparing the model of the application (from act 402) to the model of the system (from act 404) to determine whether the application could be installed in the system. Typically, the application designer or system administrator will identify a particular class (or classes) of computing device on which he or she desires to install the application. Alternatively, the application may be compared to all classes of computing devices in the system.

The constraints and/or description information for the application are compared to the constraints for that class of computing device to determine whether the application satisfies the constraints of the class of computing device, and the constraints and/or description information for the class of computing device are compared to the constraints for the application to determine whether the class of computing device satisfies the constraints of the application. The constraints and description information for all components of the class of computing device, including applications that are hosted by the class of computing device (e.g., an operating system as well as possibly other applications) are also accessed as part of the logical deployment evaluation. These constraints used in the logical deployment evaluation can include constraints that are flowed across relationships, as discussed above. Accessing the constraints for the operating system and other applications allows verification that, if installed on a device of the class of computing device, settings made on the computing device for the application would not conflict with current settings for other applications installed on the computing device.

By way of example, a particular constraint on the application may indicate that the computing device should have a minimum processor speed. A description page associated with the class of computing device (or the processor of the class of computing device) would be accessed to verify that the speed of the processor is at least the minimum processor speed. By way of another example, a particular constraint on the class of computing device may indicate that a software firewall should always be running on the class of computing device. A description page associated with the application would be accessed to verify that the application does not require a software firewall to be deactivated. By way of yet another example, another application already installed on the class of computing device may indicate that memory in the computing device should be configured or accessed in a particular manner. A description page associated with the application would be accessed to verify that the application does not require configuration or access to the memory that is inconsistent with that particular manner.

The results of the evaluation in act 406 can be returned to the application designer and/or system administrator. An indication of success (if all of the constraints are satisfied) or failure (if all of the constraints are not satisfied) can be returned. In addition, if one or more of the constraints are not satisfied, then an indication of which constraint was not satisfied can be returned, as well as optionally an indication of which component caused the constraint to not be satisfied. Returning such information can assist the application developer in modifying the application so that it can be installed in the system.

Process 400 then proceeds based on the results of the evaluation in act 406. If the evaluation indicates that the application can be installed in the system, then process 400 can proceed to act 408. However, if the evaluation indicates that the application cannot be installed in the system, then the evaluation of act 406 can be repeated for a different class of computing device in the system, or alternatively the application may be modified in order to overcome the problem(s) identified in the evaluation of act 406, and process 400 can return to act 402 to build a model of the modified application.

In act 408, physical deployment of the application is determined. Determining physical deployment of the application refers to identifying which particular computing device(s) the application will be installed on. As part of act 408, a determination is made as to whether installation of the application on a particular computing device is permissible in light of constraints on the number of instances of the application that are to be installed. In act 406 it was verified that it was permissible to install the application on a particular type or configuration (e.g., a particular class of computing device), but there may still be constraints on how many instances of the application can be installed on particular computing devices (e.g., particular instances of that class of computing device). A particular computing device may have constraints allowing any number of instances of an application to be installed, constraints indicating at least a minimum number of instances of an application should be installed, and/or constraints indicating that no more than a maximum number of instances of an application should be installed. As part of act 408, verification that the number of instances of the application to be installed on the computing device do not violate the constraints regarding the number of instances of the application that can be installed on the computing device is performed.

A particular one or more of the computing devices on which the application could be installed is identified in act 408. The particular computing device(s) on which the application is to be installed can be identified in different manners. One way in which the particular computing device(s) on which the application is to be installed can be identified is manually, such as by a system administrator or other party manually selecting a particular computing device(s). This manually selected computing device(s) could be a computing device(s) already in the system, or alternatively a new computing device(s) that needs to be purchased or a computing device(s) that needs to be removed from storage and added to the system (e.g., coupled to the network that the other computing devices in the system are coupled to).

Alternatively, the particular computing device(s) on which the application is to be installed can be identified automatically. An application running in the system can identify various characteristics of the computing devices on which the application could possibly be installed (e.g., the computing devices of the particular class of computing device on which the application is to be installed), such as load characteristics of each computing device. The load characteristics could identify, for example, the average or maximum amount of processor usage, the average amount of memory usage, the amount of available network bandwidth being used, the amount of hard disk drive space being used, and so forth. Based on these load characteristics, the computing device(s) most likely to be able to support the application would be identified as the computing device(s) on which the application is to be installed (e.g., the application having the lightest load, such as the lowest average processor usage, the smallest amount of available network bandwidth being used, the most hard disk drive space available, and so forth).

Alternatively, the particular computing device(s) on which the application is to be installed can be identified in a semi-automatic manner. An application running in the system can identify various characteristics of the computing devices on which the computer could possibly be installed analogous to the automatic manner, and then present those results to a user (such as the system administrator) for manual selection of one or more of the computing devices. One or more of the computing devices may optionally be recommended to the user as the best candidate(s) for selection, but the ultimate selection would remain at the user's discretion.

An application installation specification for physical deployment of the application is then generated (act 410). The application installation specification can be saved as an installation page associated with the component representing the application in the application model. The application installation specification includes an identification, for each class of device in the system on which the application may be installed, of how to install the application. As each of these identifications indicates how to install the application on a particular class of devices, these identifications can also be referred to as device class installation specifications. The device class installation specifications can also identify which particular computing device(s) of that class the application is to be installed on (the computing device(s) determined in act 408). This identification of how to install the application includes, for example, all of the settings of the computing device that should be made or changed, an identification of all of the files that need to be copied to the computing device and where those files should be copied, an order in which files should be copied and/or settings made or changed, any initialization programs that need to be run after the files have been copied and/or settings made or changed, and so forth. This identification may also include installing an operating system and/or one or more additional applications. For example, one class of computing device may be a bare computing device with no operating system installed on it. In such situations, the installation specification for that class of computing device would include initially installing the appropriate operating system on the computing device.

At least a portion of each device class installation specification can be generated automatically based on the information contained in the information pages associated with the software application to be installed. As discussed above, the constraint information page can include various default values. These default values can be used during act 410 to identify the settings or configuration values that should be set when installing the application, and thus which should be included in the device class installation specification. For example, a particular default value may be included in the configuration information page for a buffer size. This default value would be included in the device class installation specification so that when the application is installed on a particular computing device, the computing device settings (such as in an operating system registry) can be modified to include this default value for the buffer size (possibly replacing another value for the buffer size previously stored in the computing device settings).

In addition to default values, other constraint information included in the constraint information page can be used in act 410 to identify the settings or configuration values that should be set when installing the application. If a range of values for a particular setting were included in the constraint information page, then a setting to be used when installing the application can be derived from that range. For example, the lowest value in the range could be selected, the highest value in the range could be selected, the average of the highest and lowest values in the range could be computed and selected, a value in the range could be selected randomly, and so forth.

Furthermore, in addition to information contained in the information pages associated with the application, information contained in the information pages associated with the system (such as the computing device on which the application is to be installed) can be used as a basis for automatically generating at least a portion of each device class installation specification. Default values and/or ranges of values can be used to automatically generate values for the device class installation specification in the same manner as discussed above.

It should also be noted that different components can have different constraints and different default values for the same settings or configuration values. In such situations, even though there is overlap of the constraints so that the different components can all be installed on a system, one or more of the default values may violate the constraints of another component. Thus, a suitable value that is compliant with the constraints of all of the components is determined. This suitable value can be determined in different manners, including manually, automatically, and semi-automatically. A suitable value can be determined manually by a user (such as the system administrator) inputting a suitable value for the setting or configuration value.

A suitable value can be determined automatically by evaluating the various constraints and selecting a value that satisfies all the constraints. This selected value is then used as the suitable value. For example, if each constraint lists a range of acceptable values, then a value that falls within each range of acceptable values can be automatically identified and used as the suitable value.

A suitable value can be determined semi-automatically by evaluating the various constraints and selecting a value that satisfies all the constraints analogous to the automatic manner. However, rather than automatically using the selected value as the suitable value, the selected value can be presented to a user (such as the system administrator) for approval. The user can accept this selected value, or alternatively input a different value. Alternatively, rather than presenting a single selected value to the user, the range of possible values (or portion of the range of possible values) that satisfies the constraints of the different components may be presented to the user.

It should further be noted that at least a portion of a device class installation specification may be generated manually rather than automatically. This manual generation refers to user inputs (such as by the application developer or system administrator) rather than automatic generation by some component or module (e.g., development module 500 discussed below). For example, the particular files to be identified in the device class installation specification may be identified manually rather than automatically.

Additionally, an assignment record is generated in act 410 that maintains a record of which device class installation specifications are to be used for which device classes. This record can be, for example, a mapping of device class to device class installation specification. Thus, given the application installation specification including multiple device class installation specifications, a determination as to which particular device class installation specification to use can be made based on the class of the device on which the application is to be installed. The assignment record generated can also be stored as part of the application installation specification.

Alternatively, rather than having a separate assignment record, an identification of which device class installation specification is associated with which particular class of device may be maintained in other manners. For example, the indication may be inherent in the naming convention used for the device class installation specification (e.g., each device class installation specification may be a separate file having a file name that identifies the particular class of device), or each device class installation specification may include an indication of the associated class of device.

The application installation specification is generated after the logical deployment evaluation in act 406. Thus, the application installation specification is generated only after it is verified that the application can be installed in the system. Additionally, the constraint information (such as default values) associated with the application can be used to determine settings to be included in the application installation specification. Thus, it can be seen that the application installation specification generated in act 410 is derived at least in part from the model of the application as well as the model of the system.

After the application installation specification is created, physical deployment of the application is performed (act 412). This physical deployment includes making the application installation specification available to a deployment system and having the deployment system install the application on the particular device identified in act 408. Once it is given the application installation specification, the deployment system operates in a conventional manner to install the application. Any of a variety of deployment systems could be used in act 412, such as the Windows® Installer service or Microsoft® Systems Management Server, both available from Microsoft Corporation of Redmond, Wash.

Once the application is installed in the system, the application becomes part of the system and thus the application model is incorporated into the system model. Thus, after installation of the application, the SDM for the system includes the SDM of the application.

Alternatively, the evaluation in act 406 may be for a particular computing device rather than for a class of computing device. In this alternative, the evaluation in act 406 is the same as discussed above, except that constraint and description information for a particular instance of a computing device are used rather than constraint and description information for a class of computing device. In such situations, the identification of the particular computing device is made in, or prior to, act 406 rather than in act 408, and can be made in the same manner as discussed in act 408.

It should also be noted that a particular device class installation specification may indicate to install the application on multiple different computing devices within the system. For example, the application developer or system administrator may desire to install the application on all of the computing devices of a particular class. In such a situation, an indication is included in the device class installation specification for that particular device class that the application is to be installed on all of the computing devices of that particular class, or alternatively may identify the particular computing devices (e.g., by name or other unique identifier) on which the application is to be installed. The deployment system used to install the application receives this indication and installs the application on the appropriate computing devices.

FIG. 5 illustrates an example application installation specification in additional detail. An installation specification development module 500 generates an application installation specification 502. Installation specification module 500 can be implemented in software, firmware, hardware, or combinations thereof, and can perform act 410 of FIG. 4, and optionally additional acts of FIG. 4 (such as act 406 and/or act 408). Application installation specification 502 includes multiple (x) device class installation specifications 504(1), 504(2), . . . 504(x). Each of the device class installation specifications 504 identifies how the application is to be installed on a particular class of computing device. Application installation specification 502 also includes specification assignment record 506 to identify which specification 504 corresponds to which class of computing device.

Application installation specification 502 is input to a deployment system 508 along with any necessary installation file(s) 510. Installation file(s) 510 include the file(s) that are to be installed on the computing device in order to install the application, such as one or more files of executable code, one or more files of data, and so forth. Alternatively, although illustrated separately, application installation specification 502 and installation file(s) 510 may be stored together in a single package (e.g., a compressed file).

FIG. 6 is a flowchart illustrating the generation of an application installation specification for physical deployment of act 410 of FIG. 4 in additional detail. FIG. 6 can be implemented in software, firmware, and/or hardware.

Initially, a device class on which the application could be installed is selected (act 602). In certain embodiments the system administrator and/or application developer (or alternatively some other party) may desire that the application be installed only on certain classes of devices, in which case the devices on which the application could be installed is less than all of the devices in the system. Alternatively, the application may be able to be installed on any device in the system.

A device class installation specification for the selected device class is then generated, identifying how to install the application on the selected device class (act 604). As discussed above, this generation can include using default values included in an information page associated with the application in the application model for setting values to include in the installation specification being generated.

In some situations, the device class installation specification is generated in a format that is expected and understood by a deployment system that will be installing the application. The device class installation specification may be generated in this format in act 604, or alternatively may be subsequently translated into this format (e.g., by a translation component of the distribution system).

It should be noted that different device installation specifications may be generated for computing devices that will have the same functionality but are currently configured differently, such as computing devices that do not yet have an operating system installed and computing devices that already have an operating system installed. Alternatively, such computing devices may be considered to be part of the same device class, but the device class installation specification would include a conditional portion to be used based on the configuration of the particular instance of the computing device on which the application is being installed (e.g., the conditional portion may be bypassed if the computing device already has an installed operating system, or used to install an operating system on the computing device if an operating system is not already installed on the computing device).

A check is then made as to whether there are any additional device class(es) in the system for which no device class installation specification has been generated (act 606). If there are any such additional device class(es), then one such additional device class is selected (act 608) and the process returns to act 604 to generate a device class installation specification for the selected device class.

Returning to act 606, if device class installation specifications have been generated for all of the device class(es), then a specification assignment record is generated associating particular installation specifications with particular device classes (act 610). Alternatively, the specification assignment record may be generated in act 604 as the device class installation specifications are being generated, and an indication of which device class is associated with which device class installation specification added to the specification assignment record as the device class installation specification is generated.

The device class installation specifications generated in act 604 and the assignment record generated in act 610 are then combined into an application installation specification for the application (act 612).

Virtual System Provisioning

Provisioning of virtual systems is based in part on workloads. Generally, a workload is some computing that is to be performed. A workload typically includes an application to be executed to perform the computing, and can also include the operating system on which the application is to be installed. Various configuration information describing how the application and/or operating system is to be configured, as well as data to be used by the application and/or operating system when executing, can also be included in the workload. A model of the workload includes the application, operating system, configuration information, and/or data, as well as constraints of the workload such as resources and/or other capabilities that the virtual machine(s) on which the workload is to be installed must have. Examples of these constraints are discussed below.

FIG. 7 is a flowchart illustrating an example process 700 for provisioning a virtual system. Portions of process 700 can be implemented in software, firmware, and/or hardware.

Initially, a model of a workload is built (act 702). As discussed above, the workload typically includes the application to be installed on a virtual system, and can also include the operating system, configuration information, and/or data. Alternatively, the workload may not include an application, but may include an operating system (or components of an operating system), configuration information, and/or data. The model of the workload can also include one or more constraints.

This building process in act 702 is typically performed by the developer of the workload, although could alternatively be performed by others. This model is an SDM model of the workload, analogous to model 100 of FIG. 1, and includes one or more components. The model of the workload includes types and optionally configurations. As part of the building process in act 702, zero or more information pages are associated with each component in the model. Typically, at least a constraint information page is associated with each component in the model.

As part of the building process in act 702, types and optionally configurations are defined, along with associated information page(s). The types and configurations can be standard types or configurations that are copied or modified in act 702, or alternatively can be newly created in act 702. As discussed above, different constraints can be included in the configuration information page associated with the type and the configuration information page associated with the configuration. The specific constraints included in the configuration information page for a particular workload can vary based on the particular computing to be performed and/or the desires of the designer of the workload.

The constraints included on a constraint information page can take a variety of forms, such as: hardware requirements regarding the computing device(s) or other hardware on which the application is to be installed (e.g., a minimum processor speed, a minimum amount of memory, a minimum amount of free hard drive space, a minimum amount of network bandwidth available, particular security mechanisms available, and so forth), software requirements regarding the computing device(s) or other hardware or software on which the workload is to be installed (e.g., a particular operating system that should already be installed on the computing device(s), one or more other applications that should already be installed on the computing device(s), specifications regarding how particular hardware and/or the operating system is to be configured such as particular settings for the operating system that should already be made, a particular type of security or encryption that should be in use, and so forth), requirements regarding a virtual machine that should be created on a computing device as well as requirements regarding an operating system that should be installed on the virtual machine before the application can be installed thereon, other requirements regarding the computing device(s) on which the workload is to be installed (e.g., particular security keys available, data center policies that should be enforced, authentication that is used, system topology, etc.), and so on.

Constraints can be positive requirements specifying that something should be present (e.g., the processor should have at least a minimum processor speed, or the Windows® XP operating system should already be installed on the computing device). Constraints can also be negative requirements specifying that something should not be present (e.g., one or more particular applications should not already be installed on the computing device, or particular operating system settings should not be present).

One example constraint of the workload is a number and/or size of CPUs that the system on which the workload is to be installed must have. This constraint can identify a specific number of CPUs that the system must have (e.g., 1 CPU, 2 CPUs, 4 CPUs, etc.), or a range of CPUs that the system must have (e.g., 2 to 4 CPUs). The constraint can also specify the size of the CPUs that are needed, referring to the fraction of a CPU that is needed (e.g., a workload may require 100% of 1 CPU, or 50% of each of 2 CPUs). Both requirements and recommendations can be specified (e.g., a minimum of 2 CPUs is required, but 4 or more CPUs should be used if possible).

Another example constraint of the workload is an amount of memory (e.g., RAM). This constraint typically identifies a minimum amount of memory that the system on which the workload is to be installed must have. Both requirements and recommendations can be specified (e.g., a minimum of 2 GB of memory is required, but 4 GB or more of memory should be used if possible).

Another example constraint of the workload is an amount of storage space (e.g., hard disk space, optical disk space, etc.). This constraint typically identifies a minimum amount of storage space that the system on which the workload is to be installed must have. Both requirements and recommendations can be specified (e.g., a minimum of 10 GB of storage space is required, but 15 GB or more of storage space should be used if possible).

Another example constraint of the workload is the hardware type or architecture. For example, particular types of CPUs, particular bus or memory speeds, particular co-processors, and so forth may be required and/or recommended.

Another example constraint of the workload is the type of storage available to the system. This constraint can specify performance and reliability characteristics of the storage (e.g., RAID 1 or RAID 5 is required). This constraint can also specify that access to particular systems or databases is required. Both requirements and recommendations can be specified (e.g., RAID 1 or RAID 5 is required, but RAID 5 should be used if possible).

Another example constraint of the workload is the schedule for the workload, referring to when the computing that is to be performed should be started and/or ended. Both requirements and recommendations can be specified (e.g., the computing must end by 6:00 am, but should end by 5:00 am if possible).

Another example constraint is the events that should trigger the deployment of the workload, referring to when the computing that is to be performed should be started and/or ended. For example, when the same workload is operating on several computing devices with tasks assigned to the individual devices and/or virtual machines by a load balancing device, a monitoring system may determine that the number of incoming requests is exceeding the aggregate capacity of the devices and/or virtual machines, and may send an event indicating that another instance of that workload should be deployed to help carry the load. By way of another example, when a running workload fails because of a software or hardware problem, a monitoring system may send an event that indicates that a replacement copy of that workload should be deployed.

The constraints may also include a combination of events and schedules. For example, a workload may be started by a schedule, and the constraints specify that the workload should be ended and removed from the computing device when processing is finished, as indicated by an event; however, if the processing is not completed when the “batch window closes” at 6:00 am, the workload should be paused and removed from the computing device, and restarted to continue processing when the next “batch window” opens at the following midnight.

These constraints of the workload can refer to constraints on the physical hardware of the virtual system and/or constraints on the virtual hardware of a virtual machine of the virtual system. The model of the workload identifies whether the constraints refer to physical hardware or virtual hardware. Typically, the constraints of the workload identify constraints of the virtual hardware, and these constraints can be compared to the constraints of the system to verify that a virtual machine having virtual hardware satisfying these constraints of the workload can be created. Alternatively, the constraints of the workload can be compared to the constraints of currently running virtual machines to verify that a virtual machine having virtual hardware satisfying these constraints of the workload exists. In another alternative, the constraints of the workload identify constraints of the physical hardware, and these constraints can be compared to the constraints of the system to verify that a computing device satisfying these constraints exists.

Additionally, the workload may have different constraints that apply for different types of deployment. For example, if the workload is deployed and started from a state where it is not previously running, a certain set of constraints apply, but if the workload is started after having been previously executing, paused and saved in a virtual machine image file, another set of constraints apply, and if the workload is to be moved from one computing device to another through a migration process, yet another set of constraints apply.

Additionally, a model of the system where the application is to be installed is built (act 704). This building process in act 704 is typically performed by an administrator of the system where the application is to be installed, although could alternatively be performed by others. This model is an SDM model of the system analogous to model 100 of FIG. 1, and includes one or more components. The model of the virtual system includes types and instances, and optionally configurations.

The system in act 704 can be referred to as a virtual system, although the virtual machine(s) onto which the application and the operating system of the workload are to be installed may not yet be created. As such, the system in act 704 describes the physical computing devices on which virtual machines may be created, and describes virtual machines that have already been created, but does not describe virtual machines that have not yet been created.

The system in act 704 could be a single computing device, or alternatively multiple computing devices. For example, if the application will be installed on a virtual machine of a computing device in a data center having a thousand computing devices, then the model of the system where the application is to be installed will include those thousand computing devices. By way of another example, if the application will be installed on a virtual machine of a home computer that is not coupled to any other computers, then the model of the system where the application is to be installed will include just that home computer.

It should also be noted that the exact nature of a computing device can vary, and that any of a wide variety of computing devices can be a system in act 704. For example, “hierarchical” computers can exist, such as a rack that can contain multiple chassis, each chassis can contain multiple blades, each blade can contain multiple motherboards, each motherboard can contain multiple processors, and each processor can contain multiple cores. Any of these components of such a hierarchical computer can be viewed as a computing device (e.g., the rack can be a computing device, each chassis can be a computing device, each blade can be a computing device, each motherboard can be a computing device, each processor can be a computing device, and/or each core can be a computing device).

The characteristics of each computing device in the hierarchy, and the characteristics of the containment, hosting and communications relationships among them, are typically significant for the placement of virtual machines on those computing devices. For example, the speed of the connection may determine how a workload can be deployed, and therefore a constraint in the workload model indicates that the workload cannot be deployed across several computing devices at a level in the hierarchy where the connection speed is too slow. By way of another example, while it may be possible to deploy a workload down to the level of a single core, it may not be desirable to do so because of unpredictable performance interactions between workloads on the cores within one processor, and in this case the workload model has constraints that the workload should not be deployed on a computing device below the level of a processor in the hierarchy, or below a level where certain performance guarantees can be met, which would be described in the model of the computing device. By way of yet another example, a particular constraint on the workload may specify the software licensing requirements for various types of deployment, where operating systems and applications would have different rules about the licenses required when deploying the workload on a processor, or on a blade with many processors, or across several blades. Under these types of constraints, a particular computing device may not have enough licenses to allow the workload to be deployed, even though it may have enough processing power, memory and storage.

Oftentimes, the model of the system built in act 704 will be generated by the system administrator prior to the workload being designed and the model of the workload being built in act 702. In such situations, the previously generated model can be accessed and need not be re-built in act 704.

Components in the model of the system built in act 704 will include constraint information pages. These constraint information pages include constraints for each component in the virtual system. Such constraint information pages can identify constraints for the corresponding component, and optionally constraints that should be satisfied by any application to be installed on the corresponding component. Both the constraints on the workload and the characteristics of the system may be time-series data, in addition to the possibly time-based nature of the deployment schedule. For example, if once started the workload requires only 1 CPU for half an hour, and then needs 4 CPUs for half an hour, this sequence of values can be represented in the constraints. Similarly, if a computing device has 8 CPUs, but 2 of them are assigned to a workload for 1 hour, and 4 of them are assigned to a workload for 3 hours, and after that no more work is assigned to the computing device, the number of available CPUs can be calculated as 2 CPUs for 1 hour, 4 CPUs for 2 hours after that, and 8 CPUs after that. This time series of available CPUs can be recorded in the characteristics page of the system model

Based on the models built in acts 702 and 704, a logical deployment evaluation is performed (act 706). The logical deployment evaluation involves comparing the model of the workload (from act 702) to the model of the system (from act 704) to determine whether the application could be installed in the system. Typically, the application designer or system administrator will identify a particular class (or classes) of computing device on which he or she desires to install the application. Alternatively, the application may be compared to all classes of computing devices in the system.

The constraints and/or description information for the workload are compared to the constraints for that class of computing device to determine whether the workload satisfies the constraints of the class of computing device, and the constraints and/or description information for the class of computing device are compared to the constraints for the workload to determine whether the class of computing device satisfies the constraints of the workload. The constraints and description information for all components of the class of computing device, including any applications that are hosted by the class of computing device (e.g., an operating system as well as possibly other applications) are also accessed as part of the logical deployment evaluation. These constraints used in the logical deployment evaluation can include constraints that are flowed across relationships, as discussed above. These constraints used in the logical deployment evaluation can also include time-series based constraints, as discussed above. Accessing the constraints for the operating system and other applications allows verification that, if installed on a device of the class of computing device, settings made on the computing device for the workload would not conflict with current settings for other applications installed on the computing device. The verification can use the scheduled start time of the workload, and the time-series of constraints and system characteristics, and can verify that the time profile of resources available on the system satisfies the time profile of requirements of the workload. In embodiments in which a virtual machine is being installed onto which the application will be installed, the evaluation in act 706 includes evaluating that any constraints of the virtual machine are satisfied by the class of computing device in order to verify that the virtual machine can be installed on the class of computing device.

By way of example, a particular constraint on the class of computing device may indicate that a software firewall should always be running on the class of computing device. A description page associated with the workload would be accessed to verify that the workload does not require a software firewall to be deactivated.

By way of another example, a particular constraint on the workload may indicate that the computing device should have a minimum processor speed. A description page associated with the class of computing device (or the processor of the class of computing device) would be accessed to verify that the speed of the processor is at least the minimum processor speed. As discussed above, this processor speed could refer to the speed of the virtual processor of the virtual machine on which the workload would be installed, or the speed of the physical processor of the class of computing device on which the virtual machine is installed. Furthermore, the fractional parts of the physical processor may be allocated to each virtual machine, and each such fractional part serves as the virtual processor for the virtual machine to which the part is allocated. As a fractional part of the physical processor could not be allocated as a virtual processor with a faster speed than the physical processor, a check would be made to ensure that the speed of the physical processor satisfies the constraint. Furthermore, a check would also be made that the fractional part of the physical processor can be allocated to the virtual machine to create a virtual processor that satisfies the constraint. This check can be performed by checking a description page associated with the system, or by communicating a request or query to a virtual system management component as to whether it would be able to create such a virtual machine having a virtual processor satisfying the constraint. It is to be appreciated that such speeds of virtual processors can vary depending on the number of other virtual machines that are already running on the computing device, as the presence of such other virtual machines will affect the fractional part of the physical processor that can be allocated to the virtual machine.

By way of yet another example, a particular constraint on the workload may indicate that the computing of the workload should be performed between midnight and 4:00 am. A description page associated with the class of computing device would be accessed to verify that the computing device has sufficient processing capacity (in light of other workloads already scheduled to be performed between midnight and 4:00 am) to have a new virtual machine (or alternatively an existing virtual machine) perform the computing of the workload.

It should be noted that, depending on the manner in which virtual machines are created and managed, it may be possible for a class of computing device to “overcommit” its resources. For example, three different virtual machines may each require 4 GB of memory, but a particular class of computing device may only have 8 GB of memory. In such situations, all three virtual machines could be run on that class of computing device by running only two of the three virtual machines concurrently, or all three virtual machines could be run simultaneously (on the assumption that the workloads will on the average share some memory pages that are used for read-only access). By way of another example, two different virtual machines may each require 100 GB of storage space, but a particular class of computing device may only have 160 GB of storage space. In such situations, both virtual machines could be run on that class of computing device by running the two virtual machines at separate times, or both virtual machines could be run simultaneously (on the assumption that they will not both make full demands on the storage space at the same time). The models of the workloads indicate whether such overcommitment is possible and whether it is desirable.

It should also be noted that whatever components are referenced by constraints in the SDM are evaluated in act 706, regardless of what those components are. Typically, constraints of the class of computing device are evaluated in act 706 down to the layer that is hosting the workload being installed, but may extend to other layers if referenced in the SDM. By way of example, assume that a virtual machine is being provisioned on a computing device, and a workload is being provisioned on the virtual machine. Typically, constraints of the virtual machine would be evaluated against the computing device and the operating system running on the computing device, while constraints of the workload would be evaluated against the virtual machine. However, if the workload had a constraint referencing the computing device itself (e.g., regarding physical protection of the computing device on which the workload is deployed), then that constraint of the workload would be evaluated against the computing device.

The results of the evaluation in act 706 can be returned to the workload designer and/or system administrator. An indication of success (if all of the constraints are satisfied) or failure (if all of the constraints are not satisfied) can be returned. In addition, if one or more of the constraints are not satisfied, then an indication of which constraint was not satisfied can be returned, as well as optionally an indication of which component caused the constraint to not be satisfied. Optionally, the evaluation can indicate whether the constraints that were not satisfied were mandatory or recommended constraints. Returning such information can assist the workload developer in modifying the workload so that it can be installed in the system, and in choosing which of the available systems would be most suited for the workload.

Process 700 then proceeds based on the results of the evaluation in act 706. If the evaluation indicates that the workload can be installed in the system, then process 700 can proceed to act 708. Act 706 may also optionally be repeated for a different class of computing device in the system. However, if the evaluation indicates that the workload cannot be installed in the system, then the evaluation of act 706 can be repeated for a different class of computing device in the virtual system, or alternatively the workload may be modified in order to overcome the problem(s) identified in the evaluation of act 706, and process 700 can return to act 702 to build a model of the modified workload. If time-series based constraints are not met by the system, and if the scheduled start time is specified as a recommended rather than required start time, the verification can evaluate whether the constraints can be met by a later or earlier start time and can return a list of possible classes of computing devices with the possible start time for each one.

In act 708, physical deployment of the workload is determined. Determining physical deployment of the workload refers to identifying which particular computing device(s) will perform the computing of the workload (and optionally have a new virtual machine created thereon to perform the computing of the workload). The particular computing device(s) which will perform the computing of the workload can be identified in different manners. One way in which the particular computing device(s) will perform the computing of the workload can be identified is manually, such as by a system administrator or other party manually selecting a particular computing device(s). This manually selected computing device(s) could be a computing device already(s) in the system, or alternatively a new computing device(s) that needs to be purchased or a computing device(s) that needs to be removed from storage and added to the system (e.g., coupled to the network that the other computing devices in the system are coupled to).

Alternatively, the particular computing device(s) which will perform the computing of the workload can be identified automatically. An application running in the system can identify various characteristics of the computing devices on which a virtual machine could be created and the workload installed thereon (e.g., the computing devices of the particular class of computing device on which the application is to be installed), such as load characteristics of each computing device. The load characteristics could identify, for example, the average or maximum amount of processor usage, the average amount of memory usage, the amount of available network bandwidth being used, the amount of hard disk drive space being used, and so forth. Based on these load characteristics, the computing device(s) most likely to be able to support the new virtual machine and the workload would be identified as the computing device(s) on which the computing of the workload is to be performed (e.g., the computing device having the lightest load, such as the lowest average processor usage, the smallest amount of available network bandwidth being used, the most hard disk drive space available, and so forth). If no computing device can meet the recommended schedule, but several can meet the required schedule, the computing device that comes closest to meeting the recommended schedule could be identified.

It should be noted that typically a new virtual machine is created as part of installing the workload. Thus, the characteristics of the computing devices are evaluated for purposes of determining which computing device(s) will have the new virtual machine created thereon and will perform the computing of the workload. Alternatively, a new virtual machine may not be created, and the workload may be installed on an already running virtual machine. In such situations, the characteristics of the currently running virtual machines are evaluated for purposes of determining which virtual machine(s) will perform the computing of the workload.

Alternatively, the particular computing device(s) which will perform the computing of the workload can be identified in a semi-automatic manner. An application running in the system can identify various characteristics of the computing devices on which the virtual machine could possibly be created and the computing of the workload could possibly be performed (or characteristics of the virtual machines on which the workload could possibly be performed) analogous to the automatic manner, and then present those results to a user (such as the system administrator) for manual selection of one or more of the computing devices (or virtual machines). One or more of the computing devices may optionally be recommended to the user as the best candidate(s) for selection, but the ultimate selection would remain at the user's discretion.

Additionally, priorities of different workloads may be used as part of the physical deployment determining of act 708. Workloads can optionally be assigned priorities, allowing the importance of the workloads relative to one another to be identified. These priorities are typically included in the model of the workload or the workload itself, but alternatively may be maintained elsewhere. Higher priority workloads can be given access to resources of the virtual system before lower priority workloads. This can result in situations where, for example, higher priority workloads can be performed by a computing device(s), but there are insufficient resources for lower priority workloads to be performed. This can also result in situations where, for example, higher priority workloads are given the resources recommended by the constraints of the workload, whereas lower priority workloads are given only the resources required by the constraints of the workload.

In addition, selection of different sources of data and/or other systems to which access is needed may be performed as part of the physical deployment determining of act 708. For example, multiple sources may exist from which data identified as being required in the model of the workload can be obtained, or multiple replicated file servers may exist that can be a file server identified as being required in the model of the workload. Particular sources of data and/or other systems to which access is needed may be selected in act 708 based on various factors, such as the load on the various sources and/or other systems, the bandwidth of the connection to those sources and/or systems, and so forth. Alternatively, rather than being performed as part of act 708, selection of such sources of data and/or other systems to which access is needed may be performed as part of the physical deployment in act 712 discussed below.

It should be noted that one additional factor that can be optionally taken into account when identifying the characteristics of the various computing devices is that virtual machines can be rearranged to run on different computing devices. For example, a virtual machine running on one computing device could be moved to another computing device, thereby freeing up capacity on the original computing device. Such a process of moving or rearranging virtual machines is also referred to as migration of the virtual machines. Virtual machines can be migrated in any of a variety of manners, such as with the assistance of the Virtual Server Migration Toolkit (VSMT) available from Microsoft Corporation of Redmond, Wash.

Accounting for the possibility of migrating virtual machines allows the load characteristics of the computing devices to be changed by migrating the virtual machines. For example, the situation may arise where none of the computing devices have the desired spare capacity to create a virtual machine on which the application could be installed, but that capacity of one of the computing devices could be released by moving a virtual machine from that one computing device to another of the computing devices. After the virtual machine is moved, however, the released capacity results in that one computing device having sufficient capacity so that the new virtual machine on which the application is to be installed can be created and the application installed on that new virtual machine.

This identification of which computing device should perform the computing of the workload, and optionally which virtual machines should be migrated to different computing devices, is performed as part of the physical deployment determining of act 708.

A workload installation specification for physical deployment of the workload is then generated (act 710). The workload installation specification can be saved as an installation page associated with the component representing the workload in the workload model. The workload installation specification includes an identification, for each class of device in the virtual system on which the workload may be installed, of how to install the workload. As each of these identifications indicates how to install the workload on a particular class of devices, these identifications can also be referred to as device class installation specifications. The device class installation specifications can also identify which particular computing device(s) of that class the workload is to be installed on (the computing device(s) determined in act 708).

This identification of how to install the workload includes, for example, all of the settings for the virtual machine to be created on the device, the operating system to install on the virtual machine (including all of the settings of the operating system and the identification of all of the files that need to be copied to the virtual machine to install the operating system), all of the settings of the computing device that should be made or changed, an identification of all of the files that need to be copied to the computing device and where those files should be copied, an order in which files should be copied and/or settings made or changed, any initialization programs that need to be run after the files have been copied and/or settings made or changed, and so forth. This identification may also include installing an operating system and/or one or more additional applications on the computing device prior to creating the virtual machine on the device. For example, one class of computing device may be a bare computing device with no operating system installed on it. In such situations, the installation specification for that class of computing device would include initially installing the appropriate operating system on the computing device, followed by creating the virtual machine on the computing device, then installing an operating system on the virtual machine, and then installing the application on that operating system of the virtual machine.

In certain implementations, this identification of how to install the workload identifies a particular image file that is the image to be run to perform the computing of the workload. The image file can be created as part of the process of building the model of the workload in act 702, or alternatively can be created at other times (e.g., after the logical deployment evaluation has been performed in act 706). The image file includes the application files and data, and optionally the files and data for the operating system on which the application will be executed, for the workload. The image file can be copied to a disk drive or other storage device and executed by a virtual machine to perform the computing of the workload—no additional installation or configuration of the operating system or the application of the workload is typically required. The image file can be generated in any of a variety of conventional manners, such as by installing the application and operating system onto a virtual machine and generating a file that includes all the folders and files installed onto that virtual machine, by a user (e.g., the designer of the workload) manually identifying the folders and files to be included in the image file, and so forth. The image file can then be simply copied to the computing device(s) as part of the physical deployment in act 712 discussed below.

Additionally, if any migration of virtual machines is to be performed for a particular class of device, as identified in act 708, then the device class installation specification for that class of device includes an indication of the migration that is to be performed and the constraints that must be met for that type of migration.

At least a portion of each device class installation specification can be generated automatically based on the information contained in the information pages associated with the workload to be installed. As discussed above, the constraint information page can include various default values. These default values can be used during act 710 to identify the settings or configuration values that should be set when installing the workload, and thus which should be included in the device class installation specification. For example, a particular default value may be included in the configuration information page for a buffer size. This default value would be included in the device class installation specification so that when the workload is installed on a particular computing device, the computing device settings (such as in an operating system registry) can be modified to include this default value for the buffer size (possibly replacing another value for the buffer size previously stored in the computing device settings).

In addition to default values, other constraint information included in the constraint information page can be used in act 710 to identify the settings or configuration values that should be set when installing the workload. If a range of values for a particular setting were included in the constraint information page, then a setting to be used when installing the application can be derived from that range. For example, the lowest value in the range could be selected, the highest value in the range could be selected, the average of the highest and lowest values in the range could be computed and selected, a value in the range could be selected randomly, and so forth.

Furthermore, in addition to information contained in the information pages associated with the workload, information contained in the information pages associated with the virtual system (such as the computing device on which the application is to be installed) can be used as a basis for automatically generating at least a portion of each device class installation specification. Default values and/or ranges of values can be used to automatically generate values for the device class installation specification in the same manner as discussed above.

It should also be noted that different components can have different constraints and different default values for the same settings or configuration values. In such situations, even though there is overlap of the constraints so that the different components can all be installed on a computing device, one or more of the default values may violate the constraints of another component. Thus, a suitable value that is compliant with the constraints of all of the components is determined. This suitable value can be determined in different manners, including manually, automatically, and semi-automatically. A suitable value can be determined manually by a user (such as the system administrator) inputting a suitable value for the setting or configuration value.

A suitable value can be determined automatically by evaluating the various constraints and selecting a value that satisfies all the constraints. This selected value is then used as the suitable value. For example, if each constraint lists a range of acceptable values, then a value that falls within each range of acceptable values can be automatically identified and used as the suitable value.

A suitable value can be determined semi-automatically by evaluating the various constraints and selecting a value that satisfies all the constraints analogous to the automatic manner. However, rather than automatically using the selected value as the suitable value, the selected value can be presented to a user (such as the system administrator) for approval. The user can accept this selected value, or alternatively input a different value. Alternatively, rather than presenting a single selected value to the user, the range of possible values (or portion of the range of possible values) that satisfies the constraints of the different components may be presented to the user.

It should further be noted that at least a portion of a device class installation specification may be generated manually rather than automatically. This manual generation refers to user inputs (such as by the application developer or system administrator) rather than automatic generation by some component or module (e.g., development module 800 discussed below). For example, the particular files to be identified in the device class installation specification may be identified manually rather than automatically.

Additionally, an assignment record is generated in act 710 that maintains a record of which device class installation specifications are to be used for which device classes. This record can be, for example, a mapping of device class to device class installation specification. Thus, given the workload installation specification including multiple device class installation specifications, a determination as to which particular device class installation specification to use can be made based on the class of the device on which the workload is to be installed. The assignment record generated can also be stored as part of the workload installation specification.

Alternatively, rather than having a separate assignment record, an identification of which device class installation specification is associated with which particular class of device may be maintained in other manners. For example, the indication may be inherent in the naming convention used for the device class installation specification (e.g., each device class installation specification may be a separate file having a file name that identifies the particular class of device), or each device class installation specification may include an indication of the associated class of device.

The workload installation specification is generated after the logical deployment evaluation in act 706. Thus, the application installation specification is generated only after it is verified that the workload can be installed in the system. Additionally, the constraint information (such as default values) associated with the workload can be used to determine settings to be included in the workload installation specification. Thus, it can be seen that the workload installation specification generated in act 710 is derived at least in part from the model of the workload as well as the model of the system.

After the workload installation specification is created, physical deployment of the workload is performed (act 712). The timing of the physical deployment can vary. Deployment may be triggered manually, such as by a user (such as the system administrator) specifying that deployment should begin “now” or at a particular time in the future. Deployment may also be triggered based on other events and/or schedules identified in the workload as discussed above.

In certain implementations, this physical deployment includes making the workload installation specification available to a deployment system and having the deployment system create a new virtual machine on the particular device identified in act 708, and also copy the image file identified by the workload on the particular device identified in act 708 for execution by the newly created virtual machine. In other implementations, this physical deployment includes making the workload installation specification available to a deployment system and having the deployment system create a new virtual machine on the particular device identified in act 708 and install the application on that new virtual machine following the installation instructions in the workload installation specification.

Once the deployment system is given the workload installation specification, the deployment system operates in a conventional manner to install the workload. If the application installation specification indicates that migration of any virtual machines is to be performed, then this migration can also be carried out by the deployment system (optionally with the assistance of another component, such as the Virtual Server Migration Toolkit discussed above). Any of a variety of deployment systems could be used in act 712, such as the Windows® Installer service or Microsoft® Systems Management Server, both available from Microsoft Corporation of Redmond, Wash.

Once the workload is installed on a computing device, the new virtual machine and the application installed thereon becomes part of the system and thus the workload model is incorporated into the system model and a component for the new virtual machine (as well as the operating system for the new virtual machine, and any other components running on the virtual machine) is added to the system model. Thus, after installation of the application, the SDM for the system includes the SDM of the workload. This includes modifying characteristics of the system such as available number of CPUs, which might be time-series based to reflect the allocation of CPUs to scheduled workloads and the time-series based requirements of CPUs of those workloads.

Alternatively, the evaluation in act 706 may be for a particular computing device or virtual machine rather than for a class of computing device. In this alternative, the evaluation in act 706 is the same as discussed above, except that constraint and description information for a particular instance of a computing device are used rather than constraint and description information for a class of computing device. In such situations, the identification of the particular computing device is made in, or prior to, act 706 rather than in act 708, and can be made in the same manner as discussed in act 708.

It should also be noted that a particular device class installation specification may indicate to install the whole workload or individual components of the workload on multiple different computing devices within the system. For example, the workload developer or system administrator may desire to install the workload on all of the computing devices of a particular class. By way of another example, the workload developer or system administrator may desire to install each part of the workload on a computing device of a specific class. In such a situation, an indication is included in the device class installation specification for that particular device class that the workload is to be installed on all of the computing devices of that particular class, or alternatively may identify the particular computing devices (e.g., by name or other unique identifier) on which the workload is to be installed. The installation instructions may also identify the sequence in which the parts of the workload are to be installed on each system, and how to coordinate the installation steps by waiting for the completion of one step before proceeding with the next, using conventional orchestration technologies. The deployment system used to install the workload receives this indication and installs the workload on the appropriate computing devices.

FIG. 8 illustrates an example workload installation specification in additional detail. An installation specification development module 800 generates a workload installation specification 802. Installation specification module 800 can be implemented in software, firmware, hardware, or combinations thereof, and can perform act 710 of FIG. 7, and optionally additional acts of FIG. 7 (such as act 706 and/or act 708). Workload installation specification 802 includes multiple (x) device class installation specifications 804(1), 804(2), . . . 804(x). Each of the device class installation specifications 804 identifies how the workload is to be installed on a particular class of computing device. Workload installation specification 802 also includes specification assignment record 806 to identify which specification 804 corresponds to which class of computing device.

Workload installation specification 802 is input to a deployment system 808 along with any necessary installation file(s) 810. Installation file(s) 810 include the file(s) that are to be installed on the computing device in order to install the application, such as one or more files of executable code, one or more files of data, an image file, and so forth. Alternatively, although illustrated separately, workload installation specification 802 and installation file(s) 810 may be stored together in a single package (e.g., a compressed file).

FIG. 9 is a flowchart illustrating the generation of a workload installation specification for physical deployment of act 710 of FIG. 7 in additional detail. FIG. 9 can be implemented in software, firmware, and/or hardware.

Initially, a device class on which the workload could be installed is selected (act 902). In certain embodiments the system administrator and/or workload developer (or alternatively some other party) may desire that the workload be installed only on certain classes of devices, in which case the devices on which the workload could be installed is less than all of the devices in the system. Alternatively, the workload may be able to be installed on any device in the system.

A device class installation specification for the selected device class is then generated, identifying how to install the workload and virtual machine on the selected device class (act 904). As discussed above, this generation can include using default values included in an information page associated with the workload in the workload model for setting values to include in the installation specification being generated.

In some situations, the device class installation specification is generated in a format that is expected and understood by a deployment system that will be installing the workload and the virtual machine. The device class installation specification may be generated in this format in act 904, or alternatively may be subsequently translated into this format (e.g., by a translation component of the distribution system).

It should be noted that different device installation specifications may be generated for computing devices that will have the same functionality but are currently configured differently, such as computing devices that do not yet have an operating system installed and computing devices that already have an operating system installed. Alternatively, such computing devices may be considered to be part of the same device class, but the device class installation specification would include a conditional portion to be used based on the configuration of the particular instance of the computing device on which the application is being installed (e.g., the conditional portion may be bypassed if the computing device already has an installed operating system, or used to install an operating system on the computing device if an operating system is not already installed on the computing device).

A check is then made as to whether there are any additional device class(es) in the virtual system for which no device class installation specification has been generated (act 906). If there are any such additional device class(es), then one such additional device class is selected (act 908) and the process returns to act 904 to generate a device class installation specification for the selected device class.

Returning to act 906, if device class installation specifications have been generated for all of the device class(es), then a specification assignment record is generated associating particular installation specifications with particular device classes (act 910). Alternatively, the specification assignment record may be generated in act 904 as the device class installation specifications are being generated, and an indication of which device class is associated with which device class installation specification added to the specification assignment record as the device class installation specification is generated.

The device class installation specifications generated in act 904 and the assignment record generated in act 910 are then combined into a workload installation specification for the application (act 912).

Test Environment Provisioning

FIG. 10 is a flowchart illustrating an example process 1000 for provisioning a test environment. Portions of process 1000 can be implemented in software, firmware, and/or hardware.

Initially, a model of the application to be installed on a system is built (act 1002). This building process in act 1002 is typically performed by the developer of the application, although could alternatively be performed by others. This model is an SDM model of the application, analogous to model 100 of FIG. 1, and includes one or more components. The model of the application includes types and optionally configurations. As part of the building process in act 1002, zero or more information pages are associated with each component in the model. Typically, at least a constraint information page is associated with each component in the model.

As part of the building process in act 1002, types and optionally configurations are defined, along with associated information page(s). The types and configurations can be standard types or configurations that are copied or modified in act 1002, or alternatively can be newly created in act 1002. As discussed above, different constraints can be included in the configuration information page associated with the type and the configuration information page associated with the configuration.

The constraints included on a constraint information page can take a variety of forms, such as: hardware requirements regarding the computing device(s) or other hardware on which the application is to be installed (e.g., a minimum processor speed, a minimum amount of memory, a minimum amount of free hard drive space, a minimum amount of network bandwidth available, particular security mechanisms available, and so forth), software requirements regarding the computing device(s) or other hardware or software on which the application is to be installed (e.g., a particular operating system that should already be installed on the computing device(s), one or more other applications that should already be installed on the computing device(s), specifications regarding how particular hardware and/or the operating system is to be configured such as particular settings for the operating system that should already be made, a particular type of security or encryption that should be in use, and so forth), requirements regarding a virtual machine that should be created on a computing device as well as requirements regarding an operating system that should be installed on the virtual machine before the application can be installed thereon, other requirements regarding the computing device(s) on which the application is to be installed (e.g., particular security keys available, data center policies that should be enforced, authentication that is used, system topology, etc.), and so on.

Constraints can be positive requirements specifying that something should be present (e.g., the processor should have at least a minimum processor speed, or the Windows® XP operating system should already be installed on the computing device). Constraints can also be negative requirements specifying that something should not be present (e.g., one or more particular applications should not already be installed on the computing device, or particular operating system settings should not be present).

Additionally, a model of the system where the application is to be installed is built (act 1004). This building process in act 1004 is typically performed by an administrator of the system where the application is to be installed, although could alternatively be performed by others. This model is an SDM model of the system analogous to model 100 of FIG. 1, and includes one or more components. The model of the system includes types and instances, and optionally configurations. As discussed in more detail below, for virtual systems a new virtual machine may be created onto which the application will be installed. As such, no instance for the virtual machine exists yet in the model of the system. However, the computing device on which the virtual machine will run may already exist, in which case an instance of that computing device is in the model of the system.

The system in act 1004 could be a single computing device, or alternatively multiple computing devices. For example, if the application will be installed on a computing device in a data center having a thousand computing devices, then the model of the system where the application is to be installed may include all or some of those thousand computing devices. By way of another example, if the application will be installed on a home computer that is not coupled to any other computers, then the model of the virtual system where the application is to be installed will include just that home computer.

It should also be noted that the exact nature of a computing device can vary, and that any of a wide variety of computing devices can be a system in act 1004. For example, “hierarchical” computers can exist, such as a rack that can contain multiple chassis, each chassis can contain multiple blades, each blade can contain multiple motherboards, each motherboard can contain multiple processors, and each processor can contain multiple cores. Any of these components of such a hierarchical computer can be viewed as a computing device (e.g., the rack can be a computing device, each chassis can be a computing device, each blade can be a computing device, each motherboard can be a computing device, each processor can be a computing device, and/or each core can be a computing device).

Oftentimes, the model of the system built in act 1004 will be generated by the system administrator prior to the application being designed and the model of the application being built in act 1002. In such situations, the previously generated model can be accessed and need not be re-built in act 1004.

Components in the model of the system built in act 1004 will include constraint information pages. These constraint information pages include constraints for each component in the system. Such constraint information pages can identify constraints for the corresponding component, and optionally constraints that should be satisfied by any application to be installed on the corresponding component.

Based on the models built in acts 1002 and 1004, a logical deployment evaluation is performed (act 1006). The logical deployment evaluation involves comparing the model of the application (from act 1002) to the model of the system (from act 1004) to determine whether the application could be installed in the system. Typically, the application designer or system administrator will identify a particular class (or classes) of computing device on which he or she desires to install the application. Alternatively, the application may be compared to all classes of computing devices in the system.

The constraints and/or description information for the application are compared to the constraints for that class of computing device to determine whether the application satisfies the constraints of the class of computing device, and the constraints and/or description information for the class of computing device are compared to the constraints for the application to determine whether the class of computing device satisfies the constraints of the application. The constraints and description information for all components of the class of computing device, including applications that are hosted by the class of computing device (e.g., an operating system as well as possibly other applications) are also accessed as part of the logical deployment evaluation. These constraints used in the logical deployment evaluation can include constraints that are flowed across relationships, as discussed above. Accessing the constraints for the operating system and other applications allows verification that, if installed on a device of the class of computing device, settings made on the computing device for the application would not conflict with current settings for other applications installed on the computing device, and that the computing device has the characteristics, capabilities and resources required by the application.

By way of example, a particular constraint on the class of computing device may indicate that a software firewall should always be running on the class of computing device. A description page associated with the application would be accessed to verify that the application does not require a software firewall to be deactivated. By way of another example, another application already installed on the class of computing device may indicate that memory in the computing device should be configured or accessed in a particular manner. A description page associated with the application would be accessed to verify that the application does not require configuration or access to the memory that is inconsistent with that particular manner.

By way of yet another example, a particular constraint on the application may indicate that the computing device should have a minimum processor speed. A description page associated with the class of computing device (or the processor of the class of computing device) would be accessed to verify that the speed of the processor is at least the minimum processor speed. In the case of a virtual machine, this processor speed could refer to the speed of the virtual processor of the virtual machine on which the application would be installed, or the speed of the physical processor of the class of computing device on which the virtual machine is installed. Furthermore, the fractional parts of the physical processor may be allocated to each virtual machine, and each such fractional part serves as the virtual processor for the virtual machine to which the part is allocated. As a fractional part of the physical processor could not be allocated as a virtual processor with a faster speed than the physical processor, a check would be made to ensure that the speed of the physical processor satisfies the constraint. Furthermore, a check would also be made that the fractional part of the physical processor can be allocated to the virtual machine to create a virtual processor that satisfies the constraint. This check can be performed by checking a description page associated with the virtual system, or by communicating a request or query to a virtual system management component as to whether it would be able to create such a virtual machine having a virtual processor satisfying the constraint. It is to be appreciated that such speeds of virtual processors can vary depending on the number of other virtual machines that are already running on the computing device, as the presence of such other virtual machines will affect the fractional part of the physical processor that can be allocated to the virtual machine.

By way of yet another example, a particular constraint on a workload may indicate that the computing of the workload should be performed between midnight and 4:00 am. A description page associated with the class of computing device would be accessed to verify that the computing device has sufficient processing capacity (in light of other workloads already scheduled to be performed between midnight and 4:00 am) to have a new virtual machine (or alternatively an existing virtual machine) perform the computing of the workload.

It should be noted that whatever components are referenced by constraints in the SDM are evaluated in act 1006, regardless of what those components are. Typically, constraints of the class of computing device are evaluated in act 1006 down to the layer that is hosting the application being installed, but may extend to other layers if referenced in the SDM. By way of example, assume that a virtual machine is being provisioned on a computing device, and an application is being provisioned on the virtual machine. Typically, constraints of the virtual machine would be evaluated against the computing device and the operating system running on the computing device, while constraints of the application would be evaluated against the virtual machine (and any operating system running on the virtual machine). However, if the application had a constraint referencing the computing device itself (e.g., regarding physical protection of the computing device on which the application is deployed), then that constraint of the application would be evaluated against the computing device.

The results of the evaluation in act 1006 can be returned to the application designer and/or system administrator. An indication of success (if all of the constraints are satisfied) or failure (if all of the constraints are not satisfied) can be returned. In addition, if one or more of the constraints are not satisfied, then an indication of which constraint was not satisfied can be returned, as well as optionally an indication of which component caused the constraint to not be satisfied. Returning such information can assist the application developer in modifying the application so that it can be installed in the system, or identifying another system that may be better capable of supporting the test deployment of the application.

Process 1000 then proceeds based on the results of the evaluation in act 1006. If the evaluation indicates that the application can be installed in the system, then process 1000 can proceed to act 1008. Act 1006 may also optionally be repeated for a different class of computing device in the system. However, if the evaluation indicates that the application cannot be installed in the system, then the evaluation of act 1006 can be repeated for a different class of computing device in the system, or alternatively the application may be modified in order to overcome the problem(s) identified in the evaluation of act 1006, and process 1000 can return to act 1002 to build a model of the modified application.

A model(s) of one or more test environments is also built (act 1008). The test environment includes at least some of the components (and optionally all of the components) in the system for which the system model is built in act 1004. This building process in act 1008 is typically performed by an administrator of the system where the application is to be tested, although could alternatively be performed by others. The system where the application is to be tested can be the same as the system where the application is to be installed and used by one or more end users, although typically it is a different system. Each of these models is an SDM model of a test environment analogous to model 100 of FIG. 1, and includes one or more components. Each model of a test environment includes types and instances, and optionally configurations.

A test environment is a system, and the model of a test environment is similar to the model of a system discussed above in act 1004. However, a test environment is typically expected to have a shorter lifespan than other systems. The test environment is created for the purpose of testing an application(s), and then the machines in the test environment are typically re-provisioned for other uses.

Different test environments can be created for an application in order to test different characteristics and/or functionality of an application. For example, one test environment may have a single computing device on which the application is to be installed in order to test the functionality of the computing device. By way of another example, another test environment may have 20 or 30 computing devices on which the application is to be installed in order to test the performance or scalability of the application.

The model for the application to be tested can include constraints that specify a range of values that should be used during testing. For example, the memory for the application could be specified as ranging from 512 MB to 4096 MB in increments of 512 MB. Acts 1010 through 1016 of process 1000 are then repeated for each such configuration. If sufficient computer resources are available, several test systems can be provisioned at the same time and several tests executed in parallel. If sufficient resources are not available for such a parallel test, the various configurations are queued and provisioned sequentially. Combinations of parallel and sequential provisioning are also possible.

The model for the application to be tested can also include specifications that certain values should be randomized. For example, the size of data files that are to be used when testing a backup utility can be set to a random set of values and the tests executed ten times with the different values. This can be useful because, for example, it eliminates systematic bias in the testing, helping ensure that a truly representative set of tests are run.

In order to reduce the cost of provisioning the test environment, such as the network bandwidth required to send applications and operating systems to the computer systems employed in the test environment, process 1000 can take into account the amount of change required to transition from one test environment to another and sequentially provision the test environments in a way that reduces that cost. The same technique can be applied when provisioning a single test environment, or the first test environment in a sequence, by evaluating existing environments that have been used for other purposes and identifying which one would require the least amount of provisioning work. This analysis of the amount of change required is based on simple comparisons of the attributes of the systems in the model, both the application model and the test environment model.

A test environment can optionally be a virtual system. In the case of a virtual system, the test environment can describe one or more new virtual machines onto which the application is to be installed. As such, no instance for the virtual machines exist yet in the model of the test environment. However, the computing device on which the virtual machine will run may already exist, in which case an instance of that computing device is in the model of the test environment.

In act 1010, physical deployment of the application to one of the test environment(s) is determined. Determining physical deployment of the application to the test environment refers to identifying which particular computing device(s) in the test environment will have the application installed thereon (and optionally also have a new virtual machine created thereon). This physical deployment can also take into account the amount of change required to transition from one test environment to another as discussed above. As part of act 1010, which computing device(s) in the system are to have the test environment created thereon can also be identified. Such computing device(s) can be identified in the same manner as the particular computing device on which the application is to be installed is determined as discussed below (such as manually, automatically, semi-automatically).

The particular computing device(s) on which the application is to be installed can be identified in different manners. One way in which the particular computing device(s) on which the application is to be installed can be identified is manually, such as by a system administrator or other party manually selecting a particular computing device(s). This manually selected computing device(s) could be a computing device(s) already in the system, or alternatively a new computing device(s) that needs to be purchased or a computing device(s) that needs to be removed from storage and added to the system (e.g., coupled to the network that the other computing devices in the system are coupled to).

Alternatively, the particular computing device(s) on which the application is to be installed can be identified automatically. An application running in the system can identify various characteristics of the computing devices on which the computer could possibly be installed (e.g., the computing devices of the particular class of computing device on which the application is to be installed), such as load characteristics of each computing device. The load characteristics could identify, for example, the average or maximum amount of processor usage, the average amount of memory usage, the amount of available network bandwidth being used, the amount of hard disk drive space being used, and so forth. Based on these load characteristics, the computing device(s) most likely to be able to support the application would be identified as the computing device(s) on which the application is to be installed (e.g., the application having the lightest load, such as the lowest average processor usage, the smallest amount of available network bandwidth being used, the most hard disk drive space available, and so forth).

In situations where the application is installed on a virtual machine, typically a new virtual machine is created on which the application will be installed. Thus, the characteristics of the computing devices are evaluated for purposes of determining which computing device will have the new virtual machine installed. Alternatively, a new virtual machine may not be created, and the application may be installed on an already running virtual machine. In such situations, the characteristics of the currently running virtual machines are evaluated for purposes of determining which virtual machine will have the new application installed on it.

Alternatively, the particular computing device(s) on which the application is to be installed can be identified in a semi-automatic manner. An application running in the system can identify various characteristics of the computing devices on which the application could possibly be installed (or characteristics of the virtual machines on which the application could possibly be installed) analogous to the automatic manner, and then present those results to a user (such as the system administrator) for manual selection of one or more of the computing devices (or virtual machines). One or more of the computing devices may optionally be recommended to the user as the best candidate(s) for selection, but the ultimate selection would remain at the user's discretion.

In addition, selection of different sources of data and/or other systems to which access is needed may be performed as part of the physical deployment determining of act 1010. For example, multiple sources may exist from which data identified as being required in the model of the application can be obtained, or multiple replicated file servers may exist that can be a file server identified as being required in the model of the application. Particular sources of data and/or other systems to which access is needed may be selected in act 1010 based on various factors, such as the load on the various sources and/or other systems, the bandwidth of the connection to those sources and/or systems, and so forth. Alternatively, rather than being performed as part of act 1010, selection of such sources of data and/or other systems to which access is needed may be performed as part of the physical deployment in act 1014 discussed below.

It should be noted that one additional factor that can be optionally taken into account when identifying the characteristics of the various computing devices is that virtual machines can be rearranged to run on different computing devices. For example, a virtual machine running on one computing device could be moved to another computing device, thereby freeing up capacity on the original computing device. Such a process of moving or rearranging virtual machines is also referred to as migration of the virtual machines. Virtual machines can be migrated in any of a variety of manners, such as with the assistance of the Virtual Server Migration Toolkit (VSMT) available from Microsoft Corporation of Redmond, Wash.

Accounting for the possibility of migrating virtual machines allows the load characteristics of the computing devices to be changed by migrating the virtual machines. For example, the situation may arise where none of the computing devices have the desired spare capacity to create a virtual machine on which the application could be installed, but that capacity of one of the computing devices could be released by moving a virtual machine from that one computing device to another of the computing devices. After the virtual machine is moved, however, the released capacity results in that one computing device having sufficient capacity so that the new virtual machine on which the application is to be installed can be created and the application installed on that new virtual machine.

When creating new virtual machines, this identification of which computing device should have a virtual machine created thereon, and optionally which virtual machines should be migrated to different computing devices, is performed as part of the physical deployment determining of act 1010.

An application installation specification for physical deployment of the application to the test environment is then generated (act 1012). The application installation specification can be saved as an installation page associated with the component representing the application in the application model. The application installation specification includes an identification, for each class of device in the test environment on which the application may be installed, of how to install the application. As each of these identifications indicates how to install the application on a particular class of devices, these identifications can also be referred to as device class installation specifications. The device class installation specifications can also identify which particular computing device(s) of that class the application is to be installed on (the computing device(s) determined in act 1010).

This identification of how to install the application includes, for example, all of the settings for a virtual machine to be created on the device, the operating system to install on the virtual machine (including all of the settings of the operating system and the identification of all of the files that need to be copied to the virtual machine to install the operating system), all of the settings of the computing device that should be made or changed, an identification of all of the files that need to be copied to the computing device and where those files should be copied, an order in which files should be copied and/or settings made or changed, any initialization programs that need to be run after the files have been copied and/or settings made or changed, and so forth. This identification may also include installing an operating system and/or one or more additional applications on the computing device prior to creating a virtual machine on the device. For example, one class of computing device may be a bare computing device with no operating system installed on it. In such situations, the installation specification for that class of computing device would include initially installing the appropriate operating system on the computing device, followed by creating the virtual machine on the computing device, then installing an operating system on the virtual machine, and then installing the application on that operating system of the virtual machine.

It should be noted that this identification of how to install the application can include how to install the appropriate operating system, virtual machine, and/or other applications on the computing device(s) in a system in order to create the desired test environment. Once the test environment is created, the application can then be installed to computing device(s) and optionally virtual machine(s) in the test environment.

In situations where workloads are used, this identification of how to install the application identifies a particular image file that is the image to be run to perform the computing of the workload. The image file can be created as part of the process of building the model of the application in act 1002, or alternatively can be created at other times (e.g., after the logical deployment evaluation has been performed in act 1006). The image file includes the application files and data, and optionally the files and data for the operating system on which the application will be executed, for the workload. The image file can be copied to a disk drive or other storage device and executed by a virtual machine to perform the computing of the workload—no additional installation or configuration of the operating system or the application of the workload is typically required. The image file can be generated in any of a variety of conventional manners, such as by installing the application and operating system onto a virtual machine and generating a file that includes all the folders and files installed onto that virtual machine, by a user (e.g., the designer of the workload) manually identifying the folders and files to be included in the image file, and so forth. The image file can then be simply copied to the computing device(s) as part of the physical deployment in act 1014 discussed below.

Additionally, if any migration of virtual machines is to be performed for a particular class of device, as identified in act 1010, then the device class installation specification for that class of device includes an indication of the migration that is to be performed.

At least a portion of each device class installation specification can be generated automatically based on the information contained in the information pages associated with the software application to be installed. As discussed above, the constraint information page can include various default values. These default values can be used during act 1012 to identify the settings or configuration values that should be set when installing the application, and thus which should be included in the device class installation specification. For example, a particular default value may be included in the configuration information page for a buffer size. This default value would be included in the device class installation specification so that when the application is installed on a particular computing device, the computing device settings (such as in an operating system registry) can be modified to include this default value for the buffer size (possibly replacing another value for the buffer size previously stored in the computing device settings).

In addition to default values, other constraint information included in the constraint information page can be used in act 1012 to identify the settings or configuration values that should be set when installing the application. If a range of values for a particular setting were included in the constraint information page, then a setting to be used when installing the application can be derived from that range. For example, the lowest value in the range could be selected, the highest value in the range could be selected, the average of the highest and lowest values in the range could be computed and selected, a value in the range could be selected randomly, and so forth.

Furthermore, in addition to information contained in the information pages associated with the application, information contained in the information pages associated with the system (such as the computing device on which the application is to be installed) can be used as a basis for automatically generating at least a portion of each device class installation specification. Default values and/or ranges of values can be used to automatically generate values for the device class installation specification in the same manner as discussed above.

Additionally, information contained in the information pages associated with the test environment can be used as a basis for automatically generating at least a portion of each device class installation specification. Default values and/or ranges of values can be used to automatically generate values for the device class installation specification in the same manner as discussed above. Furthermore, information pages such as description pages can include identifications of particular operating systems and/or other applications that are to be part of the test environment. Each device class installation specification can then have automatically added thereto identifications of the appropriate files for the operating systems and/or other applications, as well as the proper settings for the operating systems and/or other applications.

It should also be noted that different components can have different constraints and different default values for the same settings or configuration values. In such situations, even though there is overlap of the constraints so that the different components can all be installed on a system, one or more of the default values may violate the constraints of another component. Thus, a suitable value that is compliant with the constraints of all of the components is determined. This suitable value can be determined in different manners, including manually, automatically, and semi-automatically. A suitable value can be determined manually by a user (such as the system administrator) inputting a suitable value for the setting or configuration value.

A suitable value can be determined automatically by evaluating the various constraints and selecting a value that satisfies all the constraints. This selected value is then used as the suitable value. For example, if each constraint lists a range of acceptable values, then a value that falls within each range of acceptable values can be automatically identified and used as the suitable value.

A suitable value can be determined semi-automatically by evaluating the various constraints and selecting a value that satisfies all the constraints analogous to the automatic manner. However, rather than automatically using the selected value as the suitable value, the selected value can be presented to a user (such as the system administrator) for approval. The user can accept this selected value, or alternatively input a different value. Alternatively, rather than presenting a single selected value to the user, the range of possible values (or portion of the range of possible values) that satisfies the constraints of the different components may be presented to the user.

It should further be noted that at least a portion of a device class installation specification may be generated manually rather than automatically. This manual generation refers to user inputs (such as by the application developer or system administrator) rather than automatic generation by some component or module (e.g., development module 1100 discussed below). For example, the particular files to be identified in the device class installation specification may be identified manually rather than automatically.

Additionally, an assignment record is generated in act 1012 that maintains a record of which device class installation specifications are to be used for which device classes. This record can be, for example, a mapping of device class to device class installation specification. Thus, given the application installation specification including multiple device class installation specifications, a determination as to which particular device class installation specification to use can be made based on the class of the device on which the application is to be installed. The assignment record generated can also be stored as part of the application installation specification.

Alternatively, rather than having a separate assignment record, an identification of which device class installation specification is associated with which particular class of device may be maintained in other manners. For example, the indication may be inherent in the naming convention used for the device class installation specification (e.g., each device class installation specification may be a separate file having a file name that identifies the particular class of device), or each device class installation specification may include an indication of the associated class of device.

The application installation specification is generated after the logical deployment evaluation in act 1006. Thus, the application installation specification is generated only after it is verified that the application can be installed in the system. Additionally, the constraint information (such as default values) associated with the application, as well as information associated with the system and the test environment, can be used to determine settings to be included in the application installation specification. Furthermore, the application installation specification is generated for particular device class(es) that are present in the test environment and identified in the test environment model. Thus, it can be seen that the application installation specification generated in act 1012 is derived at least in part from the model of the application as well as the model of the system and the model of the test environment.

After the application installation specification is created, physical deployment of the application to the test environment is performed (act 1014). This physical deployment includes making the application installation specification available to a deployment system and having the deployment system install the application on the particular device(s) identified in act 1010, including installing any necessary operating systems and/or other applications for the test environment, and optionally creating a new virtual machine(s) on the particular device(s). If the application installation specification indicates that migration of any virtual machines is to be performed, then this migration can also be carried out by the deployment system (optionally with the assistance of another component, such as the Virtual Server Migration Toolkit discussed above). Once it is given the application installation specification, the deployment system operates in a conventional manner to install the application. Any of a variety of deployment systems could be used in act 1014, such as the Windows® Installer service or Microsoft® Systems Management Server, both available from Microsoft Corporation of Redmond, Wash.

Once the application is installed the application (and any newly created virtual machine) becomes part of the system and part of the test environment and thus the application model is incorporated into the system model and a component for any new virtual machine (as well as the operating system for the new virtual machine, and any other components running on the virtual machine) is added to the system model. Similarly, the application model is incorporated into the test environment model and a component for any new virtual machine (as well as the operating system for the new virtual machine, and any other components running on the virtual machine) is added to the test environment model. Thus, after installation of the application, the SDM for the system includes the SDM of the application as well as a component(s) for any newly created virtual machine, and the SDM for the test environment includes the SDM of the application as well as a component(s) for any newly created virtual machine.

Once the application is installed one or more tests are run on the application in the test environment (act 1016). The exact nature of these tests can vary by application and based on the desires of the application developer. The tests can include fully automated tests, where one or more test programs provide input to the application and monitor the performance of and/or outputs of the application. Additionally, the tests can include manual tests, where a system administrator or other user provides input to the application and/or monitors outputs of the application.

Process 1000 continues based on the results of the tests that are run in act 1016. In some instances, the tests may indicate that changes to the application need to be made. These changes may be minor in nature and not result in a change to the model of the application. However, if the changes result in a change to the model of the application, then process 1000 returns to act 1002 for a new model of the application to be built. Alternatively, additional tests in additional test environments may be run before the changes to the application are made, thus delaying the return to act 1002. It should be noted that, if only the application is changed, then the model of the system need not be rebuilt in act 1004 and the model of the test environment(s) need not be rebuilt in act 1008; rather, the previously built system model and test environment model(s) can be used.

If process 1000 does not return to act 1002 after act 1016, then a check is made as to whether there are any additional test environments in which one or more tests are to be run (act 1018). If there are any such test environments, then process 1000 returns to act 1010 to determine physical deployment to one of the test environments. However, if there are no such test environments, then the testing process is complete (act 1020).

Alternatively, the evaluation in act 1006 may be for a particular computing device or virtual machine rather than for a class of computing device. In this alternative, the evaluation in act 1006 is the same as discussed above, except that constraint and description information for a particular instance of a computing device are used rather than constraint and description information for a class of computing device. In such situations, the identification of the particular computing device is made in, or prior to, act 1006 rather than in act 1010, and can be made in the same manner as discussed in act 1010.

It should also be noted that a particular device class installation specification may indicate to install the application on multiple different computing devices within the test environment. For example, the application developer or system administrator may desire to install the application on all of the computing devices of a particular class. In such a situation, an indication is included in the device class installation specification for that particular device class that the application is to be installed on all of the computing devices of that particular class, or alternatively may identify the particular computing devices (e.g., by name or other unique identifier) on which the application is to be installed. The deployment system used to install the application receives this indication and installs the application on the appropriate computing devices.

FIG. 11 illustrates an example application installation specification in additional detail. An installation specification development module 1100 generates an application installation specification 1102. Installation specification module 1100 can be implemented in software, firmware, hardware, or combinations thereof, and can perform act 1012 of FIG. 10, and optionally additional acts of FIG. 10 (such as act 1006, 1008 and/or act 1010). Application installation specification 1102 includes multiple (x) device class installation specifications 1104(1), 1104(2), . . . 1104(x). Each of the device class installation specifications 1104 identifies how the application is to be installed on a particular class of computing device. Application installation specification 1102 also includes specification assignment record 1106 to identify which specification 1104 corresponds to which class of computing device.

Application installation specification 1102 is input to a deployment system 1108 along with any necessary installation file(s) 1110. Installation file(s) 1110 include the file(s) that are to be installed on the computing device in order to install the application, such as one or more files of executable code, one or more files of data, and so forth. Alternatively, although illustrated separately, application installation specification 1102 and installation file(s) 1110 may be stored together in a single package (e.g., a compressed file).

FIG. 12 is a flowchart illustrating the generation of an application installation specification for physical deployment to a test environment of act 1012 of FIG. 10 in additional detail. FIG. 12 can be implemented in software, firmware, and/or hardware.

Initially, a device class in the test environment on which the application could be installed is selected (act 1202). In certain embodiments the system administrator and/or application developer (or alternatively some other party) may desire that the application be installed only on certain classes of devices, in which case the devices on which the application could be installed is less than all of the devices in the system. Alternatively, the application may be able to be installed on any device in the system.

A device class installation specification for the selected device class is then generated, identifying how to install the application (and optionally a virtual machine) on the selected device class, as well as how to install any operating system and/or other applications needed for the test environment (act 1204). As discussed above, this generation can include using default values included in an information page associated with the application in the application model for setting values to include in the installation specification being generated.

In some situations, the device class installation specification is generated in a format that is expected and understood by a deployment system that will be installing the application. The device class installation specification may be generated in this format in act 1204, or alternatively may be subsequently translated into this format (e.g., by a translation component of the distribution system).

It should be noted that different device installation specifications may be generated for computing devices that will have the same functionality but are currently configured differently, such as computing devices that do not yet have an operating system installed and computing devices that already have an operating system installed. Alternatively, such computing devices may be considered to be part of the same device class, but the device class installation specification would include a conditional portion to be used based on the configuration of the particular instance of the computing device on which the application is being installed (e.g., the conditional portion may be bypassed if the computing device already has an installed operating system, or used to install an operating system on the computing device if an operating system is not already installed on the computing device).

A check is then made as to whether there are any additional device class(es) in the test environment for which no device class installation specification has been generated (act 1206). If there are any such additional device class(es), then one such additional device class is selected (act 1208) and the process returns to act 1204 to generate a device class installation specification for the selected device class.

Returning to act 1206, if device class installation specifications have been generated for all of the device class(es), then a specification assignment record is generated associating particular installation specifications with particular device classes (act 1210). Alternatively, the specification assignment record may be generated in act 1204 as the device class installation specifications are being generated, and an indication of which device class is associated with which device class installation specification added to the specification assignment record as the device class installation specification is generated.

The device class installation specifications generated in act 1204 and the assignment record generated in act 1210 are then combined into an application installation specification for the application (act 1212).

Configuration Monitoring

Configuration policies are defined in terms of a model (e.g., a system definition model as discussed herein) that represents the structure and topology of the entire system. Defining configuration policies in terms of a model allows the configuration policies to easily adapt to changes in the system configuration. Additionally, systems and methods discussed herein can represent the hosting relationship between, for example, a SQL Server and the Windows® operating system, and then specify a constraint that flows across that relationship. This relationship allows the system to determine and maintain applicability and handle conflicts. However, the configuration policy for the SQL Server does not refer to internal details of the Windows® operating system. Thus, the relationship reduces the impact on the SQL Server policies when the Windows® operating system is modified. Systems and methods discussed herein can further provide for the reconciliation of multiple conflicting policies. For example, the SQL Server and other applications may have different policies on how the Windows® operating system should be configured. The described systems and methods resolve any differences in these policies when it is possible to do so by finding compromise settings that are compliant with all the policies. When such a resolution is not possible, the unresolvable conflict is identified and brought to the attention of a user, such as an administrator, who can handle the problem on a higher level, for example by deploying the applications on other computer systems where there is no conflict.

The SDM contains static information (e.g., the topology of software services within an application) and dynamic information (e.g., the control flow of a particular transaction). This information is used to describe components, system architecture, and transaction flows (e.g., a series of steps that perform a function).

Configuration management is important to allow an administrator to monitor configuration settings and identify potential problems with various configuration changes. Systems and methods discussed herein can validate the compliance of systems (and components) with a prescribed configuration and report any violations of this prescribed configuration. The prescribed configuration may represent a secure configuration, thereby minimizing vulnerability to attack, or it may represent a configuration desired by an IT (Information Technology) department to maintain consistency and reduce support costs. Information contained in the SDM is used to provide a context for the configuration settings, such as the components or applications with which the settings are associated and the relationships between the components and applications in the system.

The systems and methods described herein inspect the configuration of one or more components or systems, and compare the configuration(s) with the prescribed configuration policy. Different configuration policies can be associated with different components or systems based on, for example, organizational groups or departments, geography, type of component or system, and the like.

FIG. 13 is a flowchart illustrating an example process 1300 for managing and monitoring the configuration of a system. Process 1300 can be implemented in software, firmware, and/or hardware. Initially, process 1300 identifies models associated with one or more applications (act 1302). An application model can identify any number of configuration settings or constraints associated with the application. In one embodiment, the configuration settings or constraints are defined by a developer of the application. Example configuration settings include buffer sizes, acceptable data formats, acceptable application or operating system versions, and a setting indicating whether a firewall is activated. Constraint information can be contained in, for example, a constraint page of the type discussed above with respect to the SDM. Process 1300 continues by identifying a model associated with the system (act 1304). In one embodiment, this model is an SDM model of the type discussed above with respect to FIGS. 1 and 2.

After identifying one or more application models and a system model, the process deploys the logical and physical portions of the system (act 1306). This deployment of the system “activates” the system and defines interrelationships between the various components and applications in the system. Although it is common that the process includes deployment of the system based on the model, in certain embodiments the system may be deployed in other ways, with or without reference to the model. Such deployment may have occurred well before the model-based configuration management process is started, and before the model was created. In these embodiments, act 1306 may be omitted from the process.

The process continues by creating a configuration policy associated with the system (act 1308). In a particular embodiment, the configuration policy is created automatically based on the system model and the configuration settings associated with the components and the applications. A system may have configuration constraints or dependencies on related systems. For example, if a particular application is installed in the system, it may have a dependency on another system and may require a specific configuration setting on that other system. A “dependency” is also referred to as a “relationship.”

In one embodiment, the process extracts the desired information from the system model and discards the remaining information contained in the system model. The system model structure is then flattened to create configuration settings for each component in the system. These configuration settings are then saved in a simplified schema that is consistent with the full system model.

The process continues by monitoring the configuration of the components and applications in the system for compliance with the configuration policy (act 1310). An administrator or other user typically defines the frequency with which the components and applications are checked for compliance. This compliance checking may occur at any interval, such as every 10 minutes, every hour, every day, or every week. In particular embodiments, different components or applications are checked for compliance at different intervals. For example, critical components or applications are checked once every 10 minutes while less critical components or applications are checked once every two hours.

If any component or application is not in compliance with the configuration policy, the process generates an alert or a report identifying the non-compliance (act 1312). The alert or report may be, for example, an email message, a pager message, a cell phone message, an audible alarm, or a pop-up message on a computer monitor. Additionally, information regarding the alert or report may be recorded in a daily log with other alerts and activities.

Based on information contained in alerts or reports, various types of corrective actions can be taken. For example, a management system operating on the managed computer system can immediately correct a configuration setting when it detects the configuration setting is out of compliance with an associated configuration policy. In another example, a central management system can respond to an alert by starting a process to bring the system into compliance. Additionally, a central management system can add the system that is found to be out of compliance to a list of systems that is later used as a target for various management systems. In any of these examples, the corrective action can use techniques such as changing a configuration setting, installing a software system, removing a software system, or running a program that performs an operation such as moving information off a storage device.

A management system can also enforce a configuration policy by preventing changes from being made that would result in a configuration that is out of compliance. The intended setting is compared with the configuration policy, and if it would result in a compliance violation, the change is rejected and an error message is returned. To reliably enforce a change, the management system intercepts the change before it is applied to the system. Additionally, the management system can operate in an advisory mode, where an application can choose to consult the management system. For example, the application may ask if the intended change would be in compliance with the configuration policies. If the intended change would not be in compliance with the configuration policies, the application can choose not to make the change.

FIG. 14 is a flowchart illustrating an example process 1400 for creating a configuration policy associated with the system. Initially, process 1400 identifies application configuration settings (act 1402). For example, a particular application may have a dependency on another system and may require a specific configuration setting to properly interact with the other system. The process continues by identifying configuration settings associated with all component classes (act 1404). Component classes may include classes of machines, groups of machines, and the like. A particular component class may contain any number of component instances.

Next, process 1400 identifies a response action associated with each configuration setting (act 1406). The response action identifies an action to take in response to identifying a violation of a configuration constraint. Example response actions include generating a report, activating an alarm, sending an alert message to an administrator, logging a violation in a daily log, halting operation of a component or application, resetting a component, or restarting an application. A configuration constraint defines the allowable value(s) or a range of values that are permitted for a particular configuration setting. The process continues by identifying all component and application instances in the system (act 1408). In one embodiment, component and application instances are identified from the system model.

Process 1400 then identifies targeting information associated with one or more configuration settings (act 1410). Targeting information identifies particular components or particular applications, or may identify groups of components and/or groups of applications. For example, a group of components may include all components of a particular type, all components in a particular geographic region, or all components in a particular department of an organization. The process continues by identifying scheduling information associated with one or more configuration settings (act 1412). Scheduling information determines the frequency with which certain configuration settings are checked for compliance with their associated constraints. As discussed above, some configuration settings may be checked for compliance more frequently than others.

Finally, process 1400 generates and stores a configuration policy associated with the system (act 1414). This configuration policy includes constraints associated with all components and applications in the system as well as information regarding response actions, targeting information, and scheduling information associated with the system. In certain implementations, an administrator or other user can modify the configuration policy to meet their desires or operating requirements. The configuration policy can specify, for each constraint, what the corrective action should be (if any), or specify that only a report or alert should be created.

In one embodiment, the identification of components and applications is 11 performed automatically based on information contained in the system model. However, the identification of target information and the identification of scheduling information is determined by an administrator or other user.

System Monitoring

Systems and methods described herein are capable of detecting the health of a managed system (e.g., good, fair, or poor) and can detect problems and potential problems. By monitoring all components in the managed system, the overall health and performance of the managed system can be determined. Systems and methods described herein automate much of the performance and health monitoring tasks using the model discussed below.

In a particular implementation, the SDM is created, for example, by a developer having knowledge of the various components, relationships, and other aspects of the system being defined. In this implementation, the developer has intimate knowledge of the various components in the system and how they interact with one another. This knowledge is useful in defining the manner in which the various components are monitored or otherwise managed.

FIG. 15 is a flowchart illustrating an example process 1500 for monitoring a system. Process 1500 can be implemented in software, firmware, and/or hardware. Initially, a service is identified, including the parts of the service and the interrelationship between the parts (act 1502). The process the identifies health aspects associated with each part of the service (act 1504) and defines a health model for each aspect (act 1506). Each health model includes multiple states and transitions between those states. Each state may represent, for example, a health condition or a performance status that is associated with the particular component being monitored.

The process continues by defining rules that detect transitions between states and by defining knowledge for the states (act 1508). The various definitions are combined into a package (also referred to as a “Management Package”) and one or more policies are defined that modify the behavior of the package (act 1510). Systems and methods described herein combine the various models and policies associated with a system into a management package that is portable. This portable management package can be sold or deployed.

The monitoring policy defines the manner in which the managed system is monitored. In a particular embodiment, the monitoring policy contains information regarding all instances or components to be monitored. For example, the monitoring policy may define the states, severities, and transitions for one or more components. The monitoring policy may also define information regarding different aspects of a particular component. For example, the monitoring policy can monitor server performance, average response time for web page requests, database performance, percentage of requests that timeout, or the number of component failures. When monitoring the performance of a component or system, one or more health-related alerts or messages may be generated. For example, when monitoring the average response time for web page requests, if the average response time increases significantly, an alert or other message may be generated indicating a problem or potential problem with the handling of web page requests.

The monitoring policy is also capable of monitoring service-level compliance (e.g., system compliance with one or more service agreements) of the system. Service level agreements may define, for example, a maximum number of page requests that fail during a particular time period, or a minimum number of minutes that a particular resource or component is active each month. As discussed herein, the monitoring policy may also identify problems, potential problems, or other situations that may cause the system to operate improperly.

Authors and administrators typically like policies to have modified behavior when encountering different environments. These different behaviors are described in one or more policies which are associated with dynamically discovered instances of the policy type.

The process then deploys the package to a management system which discovers instances of components and services in a system (act 1512). The management system provides the apparatus or platform to run the models and monitoring policies discussed herein. The monitoring policies include rules to discover real instances of components, systems, and relationships between components and/or systems. The management system discovers these things and builds a model representing the system or environment being managed.

The management system then deploys the rules to monitor the components and services in the system (act 1514). The management system modifies the rules, as necessary, based on the administrative policies that apply to the discovered instances. Conflicts may occur between multiple administrative policies. When a conflict occurs, the management system resolves the conflict to generate a resulting administrative policy that appropriately modifies the monitoring rules.

Next, the management system creates a model of the system and tracks the health of the components in the system (act 1516). This monitoring of the system is ongoing and monitors the system components for failures, poor performance, erroneous performance, and the like. The management system then rolls up the health of the components to one or more aggregation services (act 1518). A managed entity that groups or contains other entities can express its health in terms of the health of the child entities—this is commonly referred to as “roll-up”. Roll-up is used to draw attention to a problem in a contained entity, in a scaleable fashion or to report on aggregate metrics.

Finally, the management system detects a root cause of a problem or error when one or more components are detected as bad (act 1520).

The above approach simplifies the management of the components (and aspects of the components) in a system by providing smaller, manageable units. For example, instead of pre-determining all possible transitions between states in a system, each aspect (such as virtual CPU performance) is defined along with its possible states. Each aspect is orthogonal to other aspects such that the state of each aspect has little or nothing to do with the state of other aspects. Monitoring of an additional aspect is accomplished by defining the new aspect and its possible states.

As discussed above, one or more monitoring pages contained in the SDM include information related to monitoring the performance and/or health of the associated component. This information can include rules describing how the associated component is to be monitored (e.g., what events or other criteria to look for when monitoring the component), as well as what actions to take when a particular rule is satisfied (e.g., record certain settings or what events occurred, generate an alert, etc.).

Additionally, one or more service level agreement pages include information describing service level agreements between two or more parties regarding the associated component (e.g., between the purchaser of the associated component and the seller from which the associated component was purchased). These pages can be accessed during operation of the system to determine, for example, whether the agreement reached between the two or more parties is being met by the parties. In one embodiment, accessing of monitoring pages and service level agreement pages is defined by the monitoring policy.

Each aspect of each component in a system has an associated monitor, which tracks the health and/or performance of the associated component. The severity of the state of each aspect is “rolled-up” to compute the severity of the component. If a component is composed of one or more components, the state gets rolled-up based on a choice of aggregation algorithms. For example, a domain controller that cannot accept one or more requests is put into a critical state, while delays in servicing those requests are marked as being in a warning state. In one embodiment, monitors have a hierarchical structure similar to the structure shown in FIG. 1, which allows the monitors to “roll up” health and performance information to other monitors. In particular, the hierarchy “rolls up” based on the SDM model. The hierarchy and “roll up” described herein represents one type of structure that can be used with the described model-based system monitoring. Alternate embodiments can propagate information through relationships in the model based on propagation algorithms associated with each kind of relationship. For example, “roll up” can be performed in a containment hierarchy based on a worst-case-among-the-children algorithm.

The health of a particular component can be determined based on various factors, such as the availability of the component, available capacity, configuration, security policy compliance, etc. A health model is a framework for describing a managed components' potential operational, degradation and failure states.

In particular embodiments, a management system may use information from multiple sources. For example, a management system may receive an SDM from one source, another SDM from a second source, and a set of monitoring policies from a third source. A management system can receive information from any number of different sources. The management system identifies and handles the various relationships between objects in different models and/or received from different sources. Thus, the management system pulls together the information from various sources and uses all of the information in managing a particular system or environment.

Additionally, the same management system and the same information can be used by different administrators in different disciplines to display alerts or data of interest to that administrator or discipline. For example, the management system may display application security compliance to an administrator responsible for overseeing such security compliance. The same management system (using the same information) may display information regarding available storage resources to an administrator responsible for handling or monitoring those storage resources. Thus, the management system uses filters or otherwise manages data to display the appropriate data (e.g., requested data) to various administrators or disciplines.

FIG. 16 illustrates an example health model 1600. In this example, health model 1600 defines the updating of a security credentials monitor. During normal operation, health model 1600 is in a valid state 1602. At periodic intervals, the security credentials need to be refreshed. Such a request causes the model to transition to a refresh state 1604. If the security credentials are properly refreshed, the model transitions back to valid state 1602. If the security credentials are not properly refreshed, the model transitions to state 1606, where another attempt is made to refresh the security credentials. If the second attempt is successful, the model transitions back to valid state 1602. Otherwise, the security refresh has failed and the model transitions to state 1608, which generates an alert. Thus, the health of model 1600 can be determined by evaluating the current state of the model. This information is useful in detecting, verifying, diagnosing and resolving problems with the system as well as particular components in the system.

Typical health models include one or more states that help detect, verify, diagnose, and resolve a problem state. For example, a problem (or potential problem) can be detected by interpretation of data that indicates a transition to a particular state in the health model. Diagnostic information includes actions necessary to understand the nature of the detected problem. The actions include, for example, automated tasks or examining supporting data (e.g., event data and performance data). Resolution information includes the operations necessary to resolve the problem.

In a particular embodiment, a monitor is configured via rules to declaratively express conditions when state transitions should occur. The rules include various modules, which are precompiled functions that can deliver reusable functionality for event sourcing, probing, interpreting the collected data by checking for conditions or performing a correlation and taking action. A rule configuration defines the interaction among the various modules. These same modules can also used to create one or more tasks. Tasks are actions such as diagnostic functions or problem recovery actions.

For example, a rule may monitor various data sources or components that generate events, alerts, and other notices. If a particular event or alert is detected, the rule modifies the state of the health model based on the transition associated with the event or alert. The rule then identifies an appropriate response, such as taking a corrective action, generating an alert, sending an email message to an administrator, or paging an administrator.

Certain human-readable information may be associated with a health model. This information is provided as knowledge along with the monitor. The information can be supplied by the product vendor or by the user of the product. The information may include embedded links to views and tasks necessary to diagnose and fix a problem. Example information provides a summary of the problem, one or more steps to diagnose the problem, and one or more steps to resolve the problem based on the results of performing the diagnosis steps.

Various relationships can be defined between different managed entities (or components). Example relationships include:

- a containment relationship (a particular application contains a database),
- a hosting relationship (a web site is hosted on IIS),
- a communication relationship (an application is an SQL client of a database server),
- a reference relationship (a loose relationship between applications, components, etc.),
- grouping information (such as static and dynamic computer groups. Groups can be nested or overlapping), and
- “caused by” information (any of the above relationships can be used to define a dependency. For example, “an underperforming host can cause a guest to under perform.”)

A component that groups or contains other components can express its health or performance in terms of the health or performance of the child components—this is commonly referred to as “roll-up”. Roll-up is useful in identifying a problem in a contained component in a scaleable manner. Roll-up is also useful in reporting on aggregate metrics. Roll-up is performed using aggregation algorithms for expressing the state, performance, and events of a container in terms of contained or grouped objects. For example, referring back to FIG. 1, component 110 can express its health or performance in terms of the health or performance of component 112 and component 114. In one embodiment, a user can define the roll-up policy based on the SDM topology.

In addition to monitoring the health or performance of particular components, administrators are interested in identifying causes of failures or other improper operation. For example, a component may fail or operate improperly based on a problem with that particular component. Alternatively, a component may fail or operate improperly due to a problem with another component. For example, if a SQL server fails, applications attempting to access the failed SQL server will likely generate error notices.

Analyzing a failure of one component to see if another component is actually responsible for the failure is referred to as “probable cause” analysis or “root cause” analysis. For example, a failed web service (first component) may trace its probable cause to a database (second component), which traces its probable cause to a failed SQL server (third component) that hosts the database, which traces its probable cause to a backup of disk input/output operations (fourth component) in the underlying server.

In certain situations, it is desirable to suppress certain alerts and other notices. For example, if a SQL server fails, applications attempting to access the failed SQL server will generate alerts. Since the SQL server failure is already known, generation of additional alerts by the applications is unnecessary. These additional alerts would likely be a distraction to the administrator attempting to correct the SQL server failure.

In other situations, administrators may want to know the impact of a change or failure on other components. For example, referring again to FIG. 1, an administrator may want to know the impact on the health or performance of component 112 if a change is made to the state of component 110. This “impact analysis” allows an administrator to predict the impact on the system caused by a particular change before implementing the change. For example, impact analysis can predict changes in system performance, changes in system health, whether or not system level agreements will continue to be satisfied, and the like. Impact analysis uses information available through the SDM to determine the impact of one or more changes to one or more components in the system. Additionally, impact analysis can determine the impact on the overall performance and/or health of the system caused by one or more changes. This impact analysis can be performed using the SDM information without actually implementing the changes. Thus, an administrator can perform various “what if” analyses without affecting the normal operation of the system. Rules, discussed herein, use relationships to dynamically and declaratively express logic for roll-up, aggregation, root cause analysis, and impact analysis.

As mentioned above, one or more service level agreement pages of the SDM include information describing service level agreements between two or more parties regarding the associated component. Service level agreements are generally set based on the service as experienced by the users. “Users” may include human users, software systems, hardware systems, and the like. Administrators can define their level of service as a component of the SDM. This component aggregates pre-discovered and predefined components and rolls-up their health and performance according to one or more service level agreements. To enable self-managing service structures, the grouping of components can be dynamic. For example, if a service level agreement calls for 99% availability for all print servers in Redmond, Wash., the service will add and remove print servers automatically as they are deployed and retired. Remote monitoring services may be used to observe real or representative clients.

When monitoring a system, the monitoring policy performs end-to-end analysis of the system. End-to-end analysis of the system includes monitoring the performance of the entire system and monitoring the performance of a group of components that handle data, requests, or other information in a sequential manner.

For example, FIG. 17 illustrates multiple components that process data in a sequential manner. The data being processed can be any type of data received from any data source. Initially, a component 1702 receives the data to be processed, followed by components 1704 and 1706. After component 1706 has processed the data, any number of other intermediate components (not shown) may process the data, after which the data is provided to a component 1708. Each component 1702-1708 shown in FIG. 17 has an associated percentage (e.g., component 1702 has an associated percentage of 99.0 and component 1704 has an associated percentage of 98.5). These percentages indicate, for example, the current efficiency associated with the component or the current delay imposed by the component in processing data. When viewing each component individually, the associated percentage is within a reasonable range. For example, the lowest percentage in FIG. 17 is 98.5%. If a service level agreement calls for a minimum component performance of at least 98%, all components shown in FIG. 17 satisfy the service level agreement.

However, when performing an end-to-end analysis of the components, the end-to-end performance may be unacceptable. For example, if the percentages represent delays in processing data, the multiple delays are cumulative. If data is processed sequentially by fifteen different components, each of which introduces an average of 1.2% delay, the cumulative end-to-end delay in processing the data is 18%. Thus, although each component is individually within an acceptable operating range, the end-to-end analysis indicates significantly lower performance.

The systems and methods described herein can use the SDM to perform end-to-end analysis. This end-to-end analysis can identify potential points of failure or identify areas that are reducing the overall system performance. Although a failure may not yet have occurred, the results of the end-to-end analysis are helpful in avoiding failures and maintaining the system at a high level of performance.

Capacity Planning

Systems and methods described herein are capable of estimating the performance and capability of a managed system. These estimations are useful in determining current and future system requirements to meet the requirements of certain types and quantities of transactions handled by the system. This capacity planning simplifies the selection of components (and component capacities) for the system and allows the various components to be tested in an expected operating environment prior to actually implementing the system. Systems and methods described herein also permit various capacity planning activities using different system architectures defined by one or more system models.

Capacity planning allows users to manage future software and hardware requirements proactively instead of reactively. Capacity planning is part of a performance modeling process that guides a user's decision-making process before application deployment, and continues to assist them after deployment in predicting the application's behavior under changing loads, identifying future bottlenecks, and experimenting with other “what if” scenarios. Example “what if” scenarios include anticipated company growth, increased network traffic, increased database access requests, and new applications or features provided by the system. Accurate and simple capacity planning is useful in server consolidation and virtualization scenarios. Proper capacity planning can avoid the over-provisioning of resources to ensure correct operation. Instead, proper capacity planning can identify the appropriate resources to correctly perform the desired operations.

Capacity planning uses the data contained in the SDM discussed herein. One or more SDMs may define multiple architectures that are accessed by the capacity planning system and methods. Each architecture definition includes information regarding various options and constraints associated with the architecture. The SDM may also contain information collected from one or more live systems, such as performance data and configuration information for the various components in the system.

The SDM contains static information (e.g., the topology of software services within an application) and dynamic information (e.g., the control flow of a particular transaction). This information is used to describe components, system architecture, and transaction flows (e.g., a series of steps that perform a function).

FIG. 18 is a flowchart illustrating an example process 1800 for capacity planning. Process 1800 can be implemented in software, firmware, and/or hardware. A “planned system” may be an existing system, proposed modifications to an existing system, or a new system not yet implemented.

Initially, process 1800 retrieves a model associated with a system having multiple components (act 1802). In one embodiment, this model is an SDM model of the type discussed above with respect to FIGS. 1 and 2. A planned system can be defined as a hypothetical system that might be implemented depending on the results of the capacity planning process. Alternatively, a planned system may include at least a portion of an existing system (e.g., an expansion or modification of an existing system). In this situation, certain data (such as performance data) associated with the existing system may be used in modeling the planned system.

The procedure continues by identifying a quantity of each type of component in a planned system (act 1804). In a particular embodiment, the SDM is scale invariant. For example, the SDM may contain information about different types of components, but does not necessarily indicate the number (or quantity) of each type of component in a specific system. To properly identify the characteristics and requirements of a specific system, it is important to know the number of components involved in the system and their expected (or actual) interactions with one another. Procedure 1800 identifies transaction steps and transaction flows in the planned system (act 1806). These transaction steps and transaction flows are useful in determining resources (e.g., storage capacities, communication bandwidth, etc.) in the planned system.

Procedure 1800 continues by determining a cost associated with each transaction step in each of the transaction flows (act 1808). A “cost” can vary depending on the transaction and/or the step being discussed. For example, a cost can be time, bandwidth, storage capacity, processing capacity, and the like. This cost information can be stored in the SDM using one or more information pages associated with one or more components. Alternatively, the cost information can be stored separately from the SDM. A particular transaction may include multiple different steps. In this situation, a cost is associated with each of the multiple steps and a cost is associated with the various transitions between the multiple steps.

Next, the procedure executes a capacity planning algorithm (act 1810). The capacity planning algorithm simulates the actions taken by an application as it runs on a distributed system. The simulated application, users, hardware, and workload can be modified to see the likely effects of the modification on the throughput, latency, etc. of the application, and the utilization of the hardware. This simulation eliminates the need to build and test a real system in a test lab or similar setting. Various types of capacity planning approaches include simulation, statistical analysis (e.g., trending), operational research analytics, queuing theory, or a hybrid approach (e.g., a combination of any two or more approaches).

If the capacity planning algorithm returns satisfactory results (act 1812), the results of the capacity planning algorithm are stored (act 1814) along with information about the planned system. If the capacity planning algorithm does not return satisfactory results, one or more aspects of the planned system are changed (act 1816). Satisfactory results include, for example, worst-case time to process a transaction, maximum wait time for a response, average wait time for a response, maximum number of concurrent requests, and the like. Changes to a planned system may include increasing storage capacity, increasing processing resources, increasing communication bandwidth between certain components, adding components, removing components, etc.

When performing the capacity planning process, different system architectures may be considered. Other variables may include different numbers of servers or other components, different component sizes and component configurations, different storage capacities, and different types and quantities of transactions. These different architectures and/or variables allow a wide range of differences among various planned systems to see which system is best suited for the anticipated transactions.

In a particular embodiment, a planned system is defined by an SDM as well as additional information regarding the various transactions to be executed, including the cost of each step in each transaction. In other embodiments, all information about the planned system is contained in an SDM.

FIG. 19 illustrates example transactions that are performed by a planned system. In this example, two separate transactions are launched in response to a particular request. For example, a customer may place an order for a particular product. In other implementations, each transaction may be executed independently of the other transaction. A first transaction (Transaction 1) performs an inventory check to determine whether the requested product is available and, if not available, determine a reasonable time required to obtain and deliver the product to the customer. A second transaction (Transaction 2) performs a credit check to be sure the customer is authorized to purchase the requested product.

For example, Step 1 and Step 2 of Transaction 1 represent steps necessary to perform an inventory check, such as looking up a product identification code, querying one or more warehouse databases to see if the product is in stock, etc. Step 3 and Step 4 of Transaction 2 represent steps necessary to perform a credit check, such as verifying past account payments, verifying credit card information, and the like.

When evaluating a planned system, an estimation is performed to determine an approximate number of transactions performed in a given time period. For example, if an average of ten separate inventory queries are performed for each order that is placed, and the system is expecting 5000 orders per day, then there are 50,000 expected inventory queries per day. Additionally, the planned system may be expected to maintain 25,000 different product identifiers in a product database. These parameters, along with various system model information from the SDM and other information regarding the planned system are used by a capacity planning algorithm to estimate the performance of the planned system. If the performance of the system is not satisfactory, changes are made to the planned system and the capacity planning algorithm is run again to identify the results of the changes.

In one example, a first planned system has a bottleneck created by a hard disk drive. The speed and the capacity of the hard disk drive is upgraded to create a second planned system. This second planned system encounters a bottleneck caused by lack of processor resources to handle all of the necessary operations. Thus, an additional processor or a faster processor is added to the second planned system to create a third planned system. This process continues until all a planned system is defined that is estimated to produce satisfactory results based on the capacity planning algorithm.

Referring to the example of FIG. 19, each step (Step 1, Step 2, Step 3, Step 4) has an associated cost, which is measured in time required to perform the step as well as storage capacity and processor capacity required to perform the step. Transitions between steps may also have associated costs, such as time required to transition from one step to the next and bandwidth required to communicate data from one step to the next or to communicate data between different components in the planned system. These costs may be estimated based on an administrator's knowledge of similar systems or past experience with similar systems. Alternatively, one or more of these costs can be determined based on actual results from an existing system. For example, if the planned system is a modification of an existing system, performance data from the existing system may be used to estimate similar performance data in the modified system.

Attribute Propagation

A constraint can “flow” over a relationship between two systems or components, such as a constraint on an application that makes a statement on how the operating system on which the application is hosted should be configured. Additionally, attributes can propagate over one or more relationships to provide a more meaningful policy, as discussed in greater detail below. Although particular constraints, policies, and attributes are discussed herein, alternate embodiments may include additional constraints, policies, or attributes, or may omit certain constraints, policies, or attributes discussed herein. Although a particular model is described herein, alternate embodiments may use any type of model having any type of structure for defining components in a system.

The SDM contains static information (e.g., the topology of software services within an application) and dynamic information (e.g., the control flow of a particular transaction). This information is used to describe components, system architecture, and transaction flows (e.g., a series of steps that perform a function).

FIG. 20 is a flowchart illustrating an example process 2000 for propagating attributes throughout a system model. Process 2000 can be implemented in software, firmware, and/or hardware. Initially, process 2000 retrieves a model associated with a system having multiple components (act 2002). In one embodiment, this model is an SDM model of the type discussed above with respect to FIGS. 1 and 2. A particular model may contain any number of objects to define the associated system.

Process 2000 continues by defining (or identifying) various attributes, policies, constraints, dependencies, and other information associated with the system and/or particular components of the system. This information can be defined by a system administrator, a system manager, or other person responsible for managing the system. Alternatively, this information may be retrieved (or received) from one or more data sources. In particular, process 2000 defines policies associated with the system and specific components of the system (act 2004). These policies may include, for example, business policies such as data backup frequency, licensing information, and whether the system is permitted to export certain data.

The process further defines constraints associated with the components of the system (act 2006) and defines relationships between the various components of the system (act 2008). Constraints can be defined, for example, in one or more constraint pages (discussed above), which are examples of information pages contained in SDM 100. Certain constraints may be specified as part of another model (such as an SDM model of a SQL Server database), yet those constraints also become part of this SDM model when the other model is included. A constraint can flow over a relationship. For example, if an application A has a relationship with a SQL Server S, a constraint defined for application A can reference an attribute of server S. A constraint on application A may state that application A must store its data on a RAID device. Thus, even though the SQL Server S does not itself have this RAID constraint, the constraint flows from application A to SQL Server S due to the relationship between the two items.

Dependencies include, for example, dependencies between two or more components in the system. A dependency definition may (or may not) include a reason why a particular component depends on another component. A particular dependency definition may simply identify the dependency such that if one component fails, the system can determine what other components depend on the failed component. Dependencies may also be referred to as “relationships.”

Next, process 2000 defines attributes and other information associated with the system and/or particular components of the system (act 2010). In one example, a system may have attributes such as business-importance, with possible values of 4 representing customer-facing-mission-critical, 3 for internal-mission-critical, 2 for internal-standard, 1 for test, and 0 for retired. The process then defines how the various attributes are to be propagated throughout the model based on one or more propagation rules (act 2012). For example, if an application has a dependency on a database, a health attribute is propagated from the database to the application. If the database fails, the system can determine that the application fails as well. Business-importance is propagated in the opposite direction. For example, if the application has a business-importance rating of 3, the database gets the same rating, unless it already has a higher rating.

In another implementation, an attribute propagation rule for a containment relationship may specify how a health attribute is to be propagated from the contained systems (the children) to the container (the parent). In many cases, the health monitoring systems give the parent the worst-case health value of the children. Thus, if any single child has a “red” health status, the parent gets that same health status. In some situations, when the container represents a system with a redundant architecture, health monitoring systems may implement an aggressive algorithm that recognizes the redundancy. For example, the parent only gets the “red” status if at least all three children have “red” status. The attribute propagation systems and methods discussed herein allow more flexible algorithms. For example, the systems and methods can weigh the health value of the children using the business-importance rating, or traffic volume, size, or cost of each child system when calculating the aggregate health value for the parent. In one such model, there may be a system representing all the printers in an office. When calculating the aggregate health state of printing, a large invoicing printer is more important and is given greater weight than small inkjet printers on most users' desks. The systems and methods can determine the business-importance rating, or traffic volume, size, or cost of each child by propagating attributes to other related systems, including lower-level children.

Finally, after the models, policies, constraints, attributes, and propagation rules have been defined, the process propagates the attributes throughout the model based on information contained in the model associated with the system (act 2014). The process then interprets the policies during continual management of the systems (act 2016). For example, information contained in SDM 100, discussed above, describes relationships and other data regarding components in the system that is useful in propagating the attributes to the appropriate objects in the system model. With this knowledge of the system architecture, the attributes are propagated throughout the model.

As mentioned above, attributes can propagate over relationships. For example, an administrator may specify that a business-importance attribute should propagate over the application-to-database communications relationship. In this example, if application A has a high business-importance rating, when application A and SQL Server S are connected with such a relationship, SQL Server S gets the same business-importance rating. Using this technique for propagating attributes, the administrator or other user can define a more meaningful policy for the database storage. Namely, SQL Server S receives a policy that indicates “if my business-importance rating is 4, then I must use a RAID device to host the data.” This expresses the desired policy, but keeps the internal details of the SQL Server out of the policies associated with the application.

FIG. 21 illustrates an example attribute propagation module 2102 that receives a system model and various attributes, and propagates attributes throughout the model. Attribute propagation module 2102 receives system model information, such as information contained in an SDM. Additionally, attribute propagation module 2102 receives policy information 2106, constraint information 2108, dependency information 2110, and information regarding other attributes 2112. Attribute propagation module 2102 then distributes one or more attributes to an evaluation module 2114, which evaluates constraints and policies based on the attribute values. Evaluation module 2114 detects deviations in any constraints or policies and takes appropriate action to correct the deviation. Alternatively, evaluation module 2114 may bring the deviation to the attention of an administrator or other user.

For example, two different applications (application A and application B) both use a SQL Server database and the database uses a disk drive to host the data. If application A has a business-importance rating of 1, and application B has a business-importance rating of 2, the database gets the highest of these two ratings, which is 2. When application A is released to production, its business-importance rating is raised to 4, representing customer-facing-mission-critical, and this rating is propagated to the database. If there is a policy that every database with business-importance of 4 must be stored on a RAID storage subsystem, the evaluation module detects that a change to one of the applications caused the database to be out of compliance with a policy. The evaluation module then initiates actions to correct that situation or notify an administrator of the situation. If, at a later time, Application A is removed or no longer connected to the database, the database gets a lower business-importance rating and no longer requires a costly RAID storage device. Having a RAID storage device is not a violation of the initial policy, but it is unnecessary, and there may be another policy that databases should not use RAID storage devices unless their business-importance rating is high enough.

In another example, the propagated attribute is communicated to an administrator when a constraint violation is detected, but not used in the analysis. The database may have a simpler constraint that is not dependent on any propagated attribute, such as “the journaling file should not be installed on a compressed drive.” The corrective action for this constraint may be specified as “notify the administrator with a warning” because the rule is not important (not classified as a serious error). In this situation, the management system should not take any form of automated corrective action or otherwise enforce the policy. However, if the rule indicates that the business-importance attribute should be included in the notification to the administrator, the administrator may decide to give the violation greater attention for a mission-critical database than for other databases.

In yet another example, an attribute may influence the schedule by which a management action is taken. If many systems are found to be in violation of a particular security policy, and correcting that violation requires manual intervention, the systems with high business-importance may be prioritized ahead of other systems.

In a particular implementation, attribute propagation module 2102 may not receive one or more of: policy information 2106, constraint information 2108, dependency information 2110, or information regarding other attributes 2112. Attribute propagation module 2102 may receive policy information 2106, constraint information 2108, dependency information 2110, and information regarding other attributes 2112 from any number of sources. In other embodiments, attribute propagation module 2102 receives additional information not shown in FIG. 21.

Example Computer Environment

FIG. 22 illustrates an example general computer environment 2200, which can be used to implement the techniques described herein. The computer environment 2200 is only one example of a computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the computer and network architectures. Neither should the computer environment 2200 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the example computer environment 2200.

Computer environment 2200 includes a general-purpose computing device in the form of a computer 2202. Computer 2202 can be, for example, a computing device on which an application is installed or monitored, or a computing device on which at least portions of process 300 of FIG. 3 are implemented. Computer 2202 can be, for example, a desktop computer, a handheld computer, a notebook or laptop computer, a server computer, a game console, and so on. The components of computer 2202 can include, but are not limited to, one or more processors or processing units 2204, a system memory 2206, and a system bus 2208 that couples various system components including the processor 2204 to the system memory 2206.

The system bus 2208 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures can include an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnects (PCI) bus also known as a Mezzanine bus.

Computer 2202 typically includes a variety of computer readable media. Such media can be any available media that is accessible by computer 2202 and includes both volatile and non-volatile media, removable and non-removable media.

The system memory 2206 includes computer readable media in the form of volatile memory, such as random access memory (RAM) 2210, and/or non-volatile memory, such as read only memory (ROM) 2212. A basic input/output system (BIOS) 2214, containing the basic routines that help to transfer information between elements within computer 2202, such as during start-up, is stored in ROM 2212. RAM 2210 typically contains data and/or program modules that are immediately accessible to and/or presently operated on by the processing unit 2204.

Computer 2202 may also include other removable/non-removable, volatile/non-volatile computer storage media. By way of example, FIG. 22 illustrates a hard disk drive 2216 for reading from and writing to a non-removable, non-volatile magnetic media (not shown), a magnetic disk drive 2218 for reading from and writing to a removable, non-volatile magnetic disk 2220 (e.g., a “floppy disk”), and an optical disk drive 2222 for reading from and/or writing to a removable, non-volatile optical disk 2224 such as a CD-ROM, DVD-ROM, or other optical media. The hard disk drive 2216, magnetic disk drive 2218, and optical disk drive 2222 are each connected to the system bus 2208 by one or more data media interfaces 2226. Alternatively, the hard disk drive 2216, magnetic disk drive 2218, and optical disk drive 2222 can be connected to the system bus 2208 by one or more interfaces (not shown).

The disk drives and their associated computer-readable media provide non-volatile storage of computer readable instructions, data structures, program modules, and other data for computer 2202. Although the example illustrates a hard disk 2216, a removable magnetic disk 2220, and a removable optical disk 2224, it is to be appreciated that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes or other magnetic storage devices, flash memory cards, CD-ROM, digital versatile disks (DVD) or other optical storage, random access memories (RAM), read only memories (ROM), electrically erasable programmable read-only memory (EEPROM), and the like, can also be utilized to implement the exemplary computing system and environment.

Any number of program modules can be stored on the hard disk 2216, magnetic disk 2220, optical disk 2224, ROM 2212, and/or RAM 2210, including by way of example, an operating system 2226, one or more application programs 2228, other program modules 2230, and program data 2232. Each of such operating system 2226, one or more application programs 2228, other program modules 2230, and program data 2232 (or some combination thereof) may implement all or part of the resident components that support the distributed file system.

A user can enter commands and information into computer 2202 via input devices such as a keyboard 2234 and a pointing device 2236 (e.g., a “mouse”). Other input devices 2238 (not shown specifically) may include a microphone, joystick, game pad, satellite dish, serial port, scanner, and/or the like. These and other input devices are connected to the processing unit 2204 via input/output interfaces 2240 that are coupled to the system bus 2208, but may be connected by other interface and bus structures, such as a parallel port, game port, or a universal serial bus (USB).

A monitor 2242 or other type of display device can also be connected to the system bus 2208 via an interface, such as a video adapter 2244. In addition to the monitor 2242, other output peripheral devices can include components such as speakers (not shown) and a printer 2246 which can be connected to computer 2202 via the input/output interfaces 2240.

Computer 2202 can operate in a networked environment using logical connections to one or more remote computers, such as a remote computing device 2248. By way of example, the remote computing device 2248 can be a personal computer, portable computer, a server, a router, a network computer, a peer device or other common network node, and the like. The remote computing device 2248 is illustrated as a portable computer that can include many or all of the elements and features described herein relative to computer 2202.

Logical connections between computer 2202 and the remote computer 2248 are depicted as a local area network (LAN) 2250 and a general wide area network (WAN) 2252. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.

When implemented in a LAN networking environment, the computer 2202 is connected to a local network 2250 via a network interface or adapter 2254. When implemented in a WAN networking environment, the computer 2202 typically includes a modem 2256 or other means for establishing communications over the wide network 2252. The modem 2256, which can be internal or external to computer 2202, can be connected to the system bus 2208 via the input/output interfaces 2240 or other appropriate mechanisms. It is to be appreciated that the illustrated network connections are exemplary and that other means of establishing communication link(s) between the computers 2202 and 2248 can be employed.

In a networked environment, such as that illustrated with computing environment 2200, program modules depicted relative to the computer 2202, or portions thereof, may be stored in a remote memory storage device. By way of example, remote application programs 2258 reside on a memory device of remote computer 2248. For purposes of illustration, application programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computing device 2202, and are executed by the data processor(s) of the computer.

Various modules and techniques may be described herein in the general context of computer-executable instructions, such as program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Typically, the functionality of the program modules may be combined or distributed as desired in various embodiments.

An implementation of these modules and techniques may be stored on or transmitted across some form of computer readable media. Computer readable media can be any available media that can be accessed by a computer. By way of example, and not limitation, computer readable media may comprise “computer storage media” and “communications media.”

“Computer storage media” includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.

“Communication media” typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as carrier wave or other transport mechanism. Communication media also includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared, and other wireless media. Combinations of any of the above are also included within the scope of computer readable media.

Alternatively, portions of the framework may be implemented in hardware or a combination of hardware, software, and/or firmware. For example, one or more application specific integrated circuits (ASICs) or programmable logic devices (PLDs) could be designed or programmed to implement one or more portions of the framework.

CONCLUSION

Although the invention has been described in language specific to structural features and/or methodological acts, it is to be understood that the invention defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the claimed invention.

Claims

1. A method comprising:

accessing a set of one or more models, the one or more models including: a model of an application, the model of the application including one or more information pages for each of one or more components or relationships in the model of the application; or a model of a system, the model of the system representing one or more managed systems and including characteristics and relationships of the one or more managed systems;

performing, with the set of one or more models, at least two of: provisioning systems based on the set of one or more models; provisioning virtual systems based on the set of one or more models; provisioning test environments based on the set of one or more models; updating the set of one or more models based on deployments made in the system; predicting system capacity based on the set of one or more models; monitoring health of the system based on the set of one or more models; managing configurations of the system based on the set of one or more models; or updating the set of one or more models by propagating attributes.

2. A method as recited in claim 1, wherein the set of one or more models includes both the model of the application and the model of the system.

3. A method as recited in claim 1, wherein the performing comprises:

performing at least one of: the provisioning systems based on the set of one or more models; the provisioning virtual systems based on the set of one or more models; or the provisioning test environments based on the set of one or more models; and

performing at least one of: the updating the set of one or more models based on deployments made in the system; the predicting system capacity based on the set of one or more models; the monitoring health of the system based on the set of one or more models; the managing configurations of the system based on the set of one or more models; or the updating the set of one or more models by propagating attributes.

4. A method as recited in claim 3, wherein the performing at least one of the updating, the predicting, the monitoring, the managing, or the updating comprises performing each of:

the updating the set of one or more models based on deployments made in the system;

the predicting system capacity based on the set of one or more models;

the monitoring health of the system based on the set of one or more models;

the managing configurations of the system based on the set of one or more models; and

the updating the set of one or more models by propagating attributes.

5. A method as recited in claim 1, wherein the model of the system includes a plurality of components, and wherein the predicting system capacity comprises:

identifying relationships among the plurality of components based on the model of the system;

identifying transactions to be performed by the system;

identifying a cost associated with each of the identified transactions; and

simulating operation of the system using the model of the system and the identified costs.

6. A method as recited in claim 1, wherein the updating the set of one or more models by propagating attributes comprises:

identifying a plurality of attributes associated with the system;

determining a manner in which the plurality of attributes are to be propagated throughout the system; and

propagating the plurality of attributes to a plurality of components of the system based on information contained in the model of the system.

7. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:

create one or more of: an application model, the application model including one or more information pages for each of one or more components or relationships in the application model; or a system model, the system model representing one or more managed systems and including characteristics and relationships of the one or more managed systems;

do two or more of: provision systems based on the created one or more models; provision virtual systems based on the created one or more models; provision test environments based on the created one or more models; update the created one or more models based on deployments made in the system; predict system capacity based on the created one or more models; monitor health of the system based on the created one or more models; manage configurations of the system based on the created one or more models; or update the created one or more models by propagating attributes.

8. One or more computer readable media as recited in claim 7, wherein to create one or more of the application model and the system model is to create both the application model and the system model.

9. One or more computer readable media as recited in claim 7, wherein the plurality of instructions further causes the one or more processors to:

do one or more of: provision systems based on the created one or more models; provision virtual systems based on the created one or more models; or provision test environments based on the created one or more models; and

do one or more of: update the created one or more models based on deployments made in the system; predict system capacity based on the created one or more models; monitor health of the system based on the created one or more models; manage configurations of the system based on the created one or more models; or update the created one or more models by propagating attributes.

10. One or more computer readable media as recited in claim 9, wherein to do one or more of update the created one or more models based on deployments made in the system, predict system capacity based on the created one or more models, monitor health of the system based on the created one or more models, manage configurations of the system based on the created one or more models, or update the created one or more models by propagating attributes is to do each of update the created one or more models based on deployments made in the system, predict system capacity based on the created one or more models, monitor health of the system based on the created one or more models, manage configurations of the system based on the created one or more models, or update the created one or more models by propagating attributes.

11. One or more computer readable media as recited in claim 7, wherein the one or more managed systems comprises a plurality of computing devices and a plurality of software applications installed on the plurality of computing devices.

12. One or more computer readable media as recited in claim 7, wherein the plurality of instructions further cause the one or more processors to:

receive notification of a problem from a first component of the system;

determine a cause of the problem, the determination being made at least in part based on the created one or more models; and

identify at least one component associated with the cause of the problem.

13. One or more computer readable media as recited in claim 7, wherein the plurality of instructions further cause the one or more processors to:

identify relationships among a plurality of components of the system based on the created one or more models;

identify a proposed change to at least one of the plurality of components; and

determine an expected impact on the system caused by the proposed change, the determination being made at least in part based on the created one or more models.

14. A system comprising:

means for accessing one or more of an application model and a system model, the application model including one or more information pages for each of one or more components or relationships in the application model, and the system model representing one or more managed systems and including characteristics and relationships of the one or more managed systems;

two or more of: means for provisioning systems based on one or more of the application model and the system model; means for provisioning virtual systems based on one or more of the application model and the system model; means for provisioning test environments based on one or more of the application model and the system model; means for updating one or more of the application model and the system model based on deployments made in the system; means for predicting system capacity based on one or more of the application model and the system model; means for monitoring health of the system based on one or more of the application model and the system model; means for managing configurations of the system based on one or more of the application model and the system model; or means for updating one or more of the application model and the system model by propagating attributes.

15. A system as recited in claim 14, wherein the means for accessing comprises means for accessing both the application model and the system model.

16. A system as recited in claim 14, further comprising:

at least one of: the means for provisioning systems based on one or more of the application model and the system model; the means for provisioning virtual systems based on one or more of the application model and the system model; the means for provisioning test environments based on one or more of the application model and the system model; and

at least one of: the means for updating one or more of the application model and the system model based on deployments made in the system; the means for predicting system capacity based on one or more of the application model and the system model; the means for monitoring health of the system based on one or more of the application model and the system model; the means for managing configurations of the system based on one or more of the application model and the system model; or the means for updating one or more of the application model and the system model by propagating attributes.

17. A system as recited in claim 16, further comprising all of:

the means for updating one or more of the application model and the system model based on deployments made in the system;

the means for predicting system capacity based on one or more of the application model and the system model;

the means for monitoring health of the system based on one or more of the application model and the system model;

the means for managing configurations of the system based on one or more of the application model and the system model; or

the means for updating one or more of the application model and the system model by propagating attributes.