The present invention generally relates to platform management of computer systems, and relates more specifically to the implementation of the Hardware Platform Interface (HPI) specification that is used for the platform management of computer systems.
Modern integrated computer systems provide multiple services like voice and data transmission, system management, security, wireless communication, video conferencing, web services, etc. These computer systems are assembled using various hardware and software components, better known in the industry as Commercial-off-the-shelf (COTS) components, which are sourced from multiple vendors. These computer systems provide services to the users even when hardware and software faults occur and the COTS components are upgraded. The Service Availability Forum (SAF), an industry consortium of telecommunication and computer equipment manufacturers and users, provides specifications that provide open standards for high-availability computer systems, including the Hardware Platform Interface (HPI) specification for platform management of computer systems.
An interface implemented in accordance with the HPI specification enables the use of the COTS components to construct the high-availability computer systems. These high-availability computer systems can provide uninterrupted services to the users. The interface allows the users to set and retrieve configuration and operational data related to the COTS components. Examples of operational data may include data related to starting up, shutting down, and testing of the COTS components.
The HPI specification enables the modeling of the computer systems in the form of sets of resources and domains. A resource is an abstract representation of a set of management data and management capabilities of the platform of the computer systems. A domain is an abstract collection of resources. Each resource can be a member of one or more domains. The HPI specification requires a user application program to establish a management context with a domain to access any of the management data and management capabilities provided through the set of resources that are members of the domain.
User application programs can monitor and control the computer system by accessing the management capabilities modeled in the set of resources of the domain. Therefore, access restrictions for accessing the set of resources are desirable to restrict unwanted user application programs from controlling the computer system. Moreover, without the access restrictions, unwanted programs running on a computer system can also adversely affect the performance of the computer system.
In implementations of the HPI specification, the user application programs are linked to a library, which provides access to the domains and the resources. The HPI specification does not require the implementation of any access restrictions, and some implementations of the HPI specification may permit any user application program to access the library. In other implementations, access restrictions are defined to make the library accessible only to pre-defined user application programs. However, these access restrictions may only provide a single level of access control. User application programs may either have access to the library and all the management capabilities provided by the domains and resources accessible through the library or have no access at all.
Further, the domains and the resources may be spread over multiple computer systems that are remotely connected by a network. Examples of the network may include Ethernet, Internet Protocol (IP) network, or a wireless network. Access restrictions also have to be implemented over the network.
Conventional mechanisms for implementing access restrictions may include making non-standard calls to the library prior to making standard calls for linking with the library. The standard calls are used for establishing the management context. The non-standard calls, which are not included in the HPI specification, are used to identify the user application programs making these calls. The user application programs can be identified by passing the credentials of the user-application programs to the library for verification before making a standard HPI library call. However, this mechanism does not provide portability of the user application programs on different platforms that implement the HPI specification.
Other conventional mechanisms may include the use of a table maintained by a system administrator for identifying the user application programs. The table can be accessible by the library to enable it to control the access for establishing the management context. However, this mechanism may be difficult to maintain, as the table must be updated whenever new user application programs are introduced in the system.
In view of the foregoing discussion, there is a need for the implementation of the HPI specification that can provide access control. This access control can permit the user application programs to access restricted sets of resources and domains. Moreover, there is a need for an implementation of the HPI specifications that can be portable across different platforms. Further, there is a need for the implementation of the HPI specifications that can provide access to the resources and domains spread over the network of remotely-connected computer systems. The access to the resources and domains spread over the network is also provided, based on the access restrictions.