The background of the present disclosure is hereinafter introduced with the discussion of techniques relating to its context. However, even when this discussion refers to documents, acts, artifacts and the like, it does not suggest or represent that the discussed techniques are part of the prior art or are common general knowledge in the field relevant to the present disclosure.
The present disclosure relates to the information technology field. More specifically, this disclosure relates to the management of computing machines.
The management of computing machines, generally referred to as endpoints (or targets), plays a key role in several contexts, especially in large organizations wherein their number may become very high (for example, up to some hundreds of thousands). In general, the management of the endpoints requires the execution of specific management activities thereon (for example, the application of a patch to a software program); these operations may be controlled with a centralized approach, wherein a management server directly enforces the application of the management activities on the endpoints, or with a localized (or distributed) approach, wherein each endpoint directly controls the application of the management activities thereon. Particularly, the management of the endpoints may be controlled according to a paradigm based on management policies. Each management policy indicates one or more management activities that have to be executed on the endpoints to make them compliant with the management policy; the management policies are deployed to the endpoints, which directly verify their compliance with the management policies and execute the corresponding management activities to remedy any non-compliance therewith. Various resource management tools are available for facilitating the management of the endpoints; a commercial example of these resource management tools, in particular conforming to the policy-based paradigm, is IBM BigFix by IBM Corporation (trademarks).
The execution of the management activities may be conditioned by corresponding applicability rules; for example, each applicability rule defines one or more applicability conditions (such as a specific operating system, a minimum free memory) that should be fulfilled to enable the application of the corresponding management activity. As a result, the management activities are applied only on the endpoints having corresponding characteristics that fulfill their applicability rules; this allows applying the management activities selectively, only on the endpoints where it is necessary.
However, the definition of the applicability rules may be quite difficult and time consuming. Indeed, the variability of the characteristics of the endpoints (especially in highly heterogeneous and dynamic environments) may hinder the correct definition of the applicability rules. Therefore, this task is generally based on a trial and error approach, wherein the applicability rules are updated repeatedly (for example, during a test phase) in an attempt to reach a result that is satisfactory with a certain degree of confidence. However, this substantially remains a manual task, which strongly depends on personal skills and experience (and then it is prone to human errors). Particularly, when the applicability rules are too broad they cause failures on the endpoints wherein the corresponding management activities are not to be applied. In this case, a troubleshooting of the failures is required to correct the applicability rules accordingly; however, this may be quite complex and time-consuming. Conversely, when the applicability rules are too restrictive they cause the missing application of the corresponding management activities on endpoints wherein they are instead required. In this case, it may be even more difficult to identify the endpoints wherein the management activities are to be applied (and then correct the applicability rules accordingly). Indeed, this does cause any failure during the application of the management activities (so that it is not possible to detect the corresponding errors in the applicability rules immediately); any problems that may be caused by the missing application of the management activities manifest later on (even after a relatively long time) so that the identification of their correlation with the errors in the applicability rules requires deep investigations.
All of the above may have a detrimental effect on the whole management of the endpoints.