The invention relates generally to mechanisms for preventing a distribution of a failure and a preventing module. The invention relates further to an operating system, a computer system, a data processing program, and a computer program product.
In the field of distributed server client environments, systems management may be used for administration of distributed systems including (and commonly in practice) computer systems. The client-server model may be used for a distributed application that partitions tasks or workloads between providers of a resource or service, i.e. servers, and service requesters, i.e. clients. Often, clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system.
Such systems may use a policy management, for example, as disclosed in U.S. Patent Application Publication No. 2007/0180490 A1. In this document, a system and method for providing policy-based protection services is disclosed. As a new threat is understood, one or more protection techniques are considered for protecting an asset. The organization assigns responsibilities to carry out or protect the asset and a policy is constructed. After the policy is developed, a plan is put into action to protect the asset, and a policy implementer is developed and/or purchased, distributed, configured, and managed. Finally, the policy, its enforcement, and its effectiveness, are reviewed to determine any changes needed, and new requirements are discovered, closing the lifecycle. An embodiment of the disclosure provides a method for sharing policy-based analysis, including: identifying at least one of a threat, a vulnerability, and a deficiency in a policy to produce a policy requirement; analyzing the policy requirement to produce at least one of a new policy element and revised policy element; and sharing the at least one of a new policy element and revised policy element.
Nowadays, the compliance of assets to specific policies is a critical aspect for many companies. Several products on the field deal with such issues by following several approaches either centrally orchestrated by a server or, using a policy approach where each agent will be in charge of ensuring compliance with a distributed policy.
One example of a policy-based architecture is the so-called BigFix® technology architecture formerly introduced by BigFix® Inc. Key components of the BigFix® service delivery platform include the BigFix® Agent, BigFix® Server and Console, BigFix® Fixlet messages, and BigFix® Relays. The BigFix® Platform creates a communication and management infrastructure for delivery of security and system management services to networked desktop, laptop/notebook and server computers. By assigning responsibility for reporting and management actions on endpoints themselves, the BigFix® platform may enable visibility and management of information technology (IT) infrastructures of a big amount of desktop, mobile and server computers. The BigFix® Agent resides on managed devices and acts as a universal policy engine capable of delivering multiple management services. A single BigFix® Agent can execute a diverse and extensible array of management services that range from real-time client status reporting, to patch and software distribution, to security policy enforcement.
The BigFix® architecture is used to keep computers in a desired state and to leverage the Fixlet concept. A Fixlet—in the remaining document being referred to as “fixlets”—is an object with a relevance statement and an associated action used to install software, updates and patches, as well as configuring computer properties. The relevance is evaluated on the clients in order to see whether or not the fixlet is applicable.
In a distributed environment, several fixlets may be enabled daily and sometimes in sequence. The installation sequence obviously may depend on specific external conditions that are mainly based on the reachability of each client in a specific timeframe or the dynamic population of specific logical groups. For that reason, it may happen that a particular installation sequence could cause a fault on a specific system that may depend on the specific installation sequence.
U.S. Patent Application Publication No. 2004/0019835 A1 discloses an operating system error handling mechanism. The described systems and methods may be utilized for single or multiple processor computer systems to handle errors in a coordinated manner between hardware and any firmware or software layers. A computer system includes a non-volatile memory and at least one processor. A firmware error handling routine is stored on the non-volatile memory. The firmware error handling routine is for handling errors. Each of the at least one processors detect errors. Each processor executes the firmware error handling routine on detecting an error. The executed firmware error handling routine handles the error. The executed firmware error handling routine also logs error information to a log. The systems and methods provide for coordinated error handling that enhance error recovery, provide error containment and maintain system availability.
However, when an error or fault occurs at one client caused by a sequence of instructions or fixlets, the same error may occur at further clients. This may lead to a propagation of the error when the same sequence of fixlets should be executed by a plurality of clients. Thus, there may be a need for an improved method of preventing distribution of errors caused by such instructions.