PATENT: REUSABLE AUTOMATION MODULES FOR CONFIGURATION CHANGES OF IT ASSETS

COOPERATIVE PATENT CLASSIFICATION (CPC): G06F9/06 - Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
G PHYSICS
G06 COMPUTING; CALCULATING OR COUNTING
G06F ELECTRIC DIGITAL DATA PROCESSING

Int. C. : G06F 15/16 (2006.01) H04L 2/24 (2006.01) H04L 12/26 (2006.01) HO4L 12/28 (2006.01) HO4L 12/58 2006.01) HO4L 29/06 (2006.01)
U.S. C.: H04L 12/24 (2013.01); H04L 12/2602 (2013.01); H04L 12/2801 (2013.01); H04L 41/00 (2013.01); H04L 41/046 (2013.01); H04L 41/048 (2013.01); H04L 41/0654 (2013.01); H04L 41/0813 (2013.01); H04L 41/082 (2013.01); H04L 41/0803 (2013.01); H04L 41/0806 (2013.01); H04L 51/00 (2013.01); H04L 51/04 (2013.01); H04L 51/046 (2013.01); H04L 65/40 (2013.01); H04L 65/403 (2013.01)
USPC.: 709/223; 709/201; 709/202; 709/203; 709/205; 709/206; 709/217; 709/218; 709/219; 709/224; 709/225; 709/227; 705/305; 705/30; 705/32; 705/7.13; 705/7.14; 705/7.16; 718/100; 718/102
FIELD OF THE INVENTION: This invention relates generally to information technology (IT) systems, and more specifically to systems and methods for automating and deploying IT solutions.

ABSTRACT

A system and methods for automating the provisioning, administration and maintenance of information technology (IT) assets within an enterprise is described. The method comprises the fixed steps of once defining a configuration change within the IT ticketing system and identifying the necessary tasks to enable the change; as well as the repeating dynamic steps of assigning the tasks their specific variables at run time, and then executing the resulting output scripts, and closing the main configuration change ticket. The method allows round the clock, vendor-agnostic unattended execution of changes in disparate systems, spanning multiple IT departments in real-time.

BACKGROUND OF THE INVENTION

The role of the ticketing systems has changed over time. Originally, in the physical on-premises world, the purpose of the helpdesk was three fold: making sure the ticket is approved by the rightful asset owner; then routing the work item to the correctly privileged team in full possession of the necessary technical knowledge; and finally, there is a record of the configuration change preserved in the ticket after it has been closed.  The process worked as follows. A user would open a change request, for example to refresh a database from another. The ticket then would be routed to the database administration team. The management would approve the request and assign it to a person. The DBA then would schedule and execute the configuration change, upload the output logs and close the change request. In the physical world the Helpdesk was a digital switchboard, a place for a user to raise an incident, or for the IT professional to resolve it.
With the advent of the cloud, the paradigm shifted.  The physical server became a snippet of JSON definition code. The administrator also became obsolete.  The technical knowledge was replaced by automated decision workflows.  The Cloud afforded us the opportunity for automating long running business processes spanning multiple departments or even companies. For example, a Cloud automation service that allows a company to create workflows as visual diagrams and coordinate multiple cross-Clouds services. Such Cloud automation is well-suited for long-running workflows with complex logic, error handling, and parallel executions of serverless applications, requiring close integration with the Cloud services.
The following outlines such challenges for the enterprise automation.

INFLEXIBILITY OF CURRENT AUTOMATION OFFERINGS

Slow, Compartmentalized, Single-Use Automation: It takes months or even years to properly automate a process (new versions come out, new requirements are raised, new API’s tested, etc.) When such a process is successfully automated, the effort and the code are rarely reused by other departments or business units. That means when it is time to automate the following application or business process, the enterprise automation department has to start from scratch. The ROI from the current automation offerings by the Cloud vendors may be described as “too little, too late and for too few”.

SKILL GAP

Lack of Expertise: Organizations struggle to find qualified cloud automation and DevOps engineers, delaying initiatives and leading to potential security vulnerabilities.
Rapid Evolution of Technology: Cloud technologies change quickly, making it challenging for professionals to stay updated and adapt to new tools and practices.

MULTI-CLOUD AND HYBRID COMPLEXITY

Unified Management: Managing and governing infrastructure, data, and applications across various cloud platforms (multi-cloud) and environments (hybrid cloud) remains a significant hurdle.
Integration Challenges: Integrating automation tools across different cloud providers, each with its unique APIs and frameworks, can be complex and time-consuming.
Lack of Standardization: Multi-cloud environments often result in disparate configurations, creating inconsistencies and security gaps.

SECURITY AND COMPLIANCE CHALLENGES

Attack Surface Expansion: Cloud environments expand the attack surface, requiring more robust security measures and automation for detection and response.
Misconfigurations and Human Error: Cloud infrastructure misconfigurations are a common cause of data breaches, highlighting the need for automated remediation and proactive monitoring.
Lack of Visibility: Limited visibility into cloud infrastructure and application behavior makes it difficult to detect and respond to threats in real time.
Regulatory Compliance: Ensuring compliance with data privacy regulations (e.g., GDPR, HIPAA) across complex cloud environments presents a significant challenge.

COST OPTIMIZATION

Cloud Waste: Identifying and eliminating unused or underutilized cloud resources is crucial to control costs and maximize the return on investment.
Dynamic Cloud Pricing: Fluctuations in cloud pricing and service options require continuous monitoring and adjustments to optimize costs effectively.

AUTOMATION WORKFLOW MANAGEMENT

Current Automation Software Inflexibility: All pre-packaged software or Cloud services need time to become fully integrated into an enterprise’s current platform.
Lack of Internal Standards: Before a process may be automated, it has to follow certain internal conventions; their absence prolongs the automation project or makes it impossible. It is of paramount importance to develop and adopt standardized processes and best practices for building, deploying, and managing automation workflows.
Complex Workflows: Designing and managing complex automation workflows with multiple steps and dependencies can be challenging, especially in multi-cloud environments.
Monitoring and Observability: Gaining comprehensive insights into the behavior and performance of automated systems requires robust monitoring and observability tools and strategies.

Without a doubt, in the context of the Cloud, automation plays a big role. However, while the services automate a large portion of traditional IT tasks, they don't entirely eliminate the need for technical expertise. Instead, they shift the focus of the administrator’s role from routine low level operational tasks to higher-level architectural decisions, performance optimization, and data governance. That is a business side of the IT industry that may not be appealing to the former on-prem DBA, and even if it is, it takes years to begin to understand that side of the IT business and decades to master it. Also, the Cloud DBA is expected to be very diverse in his/her knowledge, sometimes unreasonably so. After all, such complex automated workflows rarely include just one database vendor or service. There are hundreds of them now, all mutate and change every day, and a Cloud professional is actually expected to be an expert in all. The second factor that presents a significant challenge for the enterprise automation is its cost. Even if a company hired a small team of top notch DevOps professionals that worked exclusively on automating one business process, such an automation effort would require months or even years to document and code. All other work will have to be put on hold while that happens. A smaller company may not have enough time and resources for such a long running and expensive undertaking. A larger enterprise suffers as well, as almost none of the automation efforts are reusable. That implies an automation effort for one project or department is almost never reused by another. Consequently, the smaller companies can’t even afford to enter the custom enterprise automation market, while the larger enterprises are extremely inefficient at it. What is needed, therefore, are systems and methods of reducing the administrative and cost burden associated with IT tasks automation.
While there are other inventions addressing the deficiencies above, they all are too piece-meal (partial and unsystematic) and designed to aid the administrator, instead of replacing him/her entirely. Such inventions usually do not benefit the enterprise as a business entity. For example, let’s say a database team gets some new software feature that may flash a screen with suggestions prior to an execution, or verifies passwords. Will that small feature speed up major product releases or long running projects? Will it put the company as whole ahead of its competition? The answer is a resounding “no”.  It doesn’t matter how many features or shortcuts the conventional automation methods introduce. They all rely on a human being somewhere in the chain of the IT maintenance and human are not a very efficient, scalable or secure resource. The only way to automate the IT process or task delivery is to automate it end to end, from opening a service ticket to closing it. The present invention addresses such challenges.

BRIEF SUMMARY OF THE INVENTION

Essentially, the current invention takes advantage of the fact that in the cloud everything is code. All configuration change requests are either raised on a schedule, or requested to be run once by a user. Both of these triggers may be coded in a Cloud-readable format. Once the task is raised, the system performs all the necessary organizational and functional pre-checks, obtains valid approvals, assigns the task an automation module, which performs all the tasks in their correct sequence.  The invention consists of three resources: an existing ticketing system, an automation software unit and the actual asset, be it a service or an instance.

Pic.1. High Level Architecture, Tools and Their Purpose

Conventionally, the work item was assigned to a person.  Each such task iteration is considered entirely different in the conventional automation systems. For example, a refresh executed this quarter has a different task ID than the previous quarter. In ours, there is only one refresh, be it an Oracle database, Sybase, SQL Server or any other software. The role of the ticketing system is extended in our case. Our system stores reusable  task templates for all major time consuming, repeating, hard to control tasks and processes – upgrades, refreshes, migrations, etc. Except, in our implementation, there is no administrator. Rather, the ticketing system assigns the work to automation software instead of a person (Ansible in our implementation). The automation software contacts the Cloud to get the asset tags, then contacts the Vault to securely retrieve the passwords, fills out the Ticketing System task template with its automation logic stored in YML playbooks, runs the resulting script iterations on disparate systems the second the task was opened and approved.

Pic. 2. Example of Process Automation (A vendor-Agnostic Multi-Cloud Database Refresh)

Pic. 3. Example of Oracle Implementation of the Refresh Logic in Ansible.

DETAILED DESCRIPTION AND BEST MODE OF IMPLEMENTATION

A list of common database task modules is developed – upgrades, patching, refreshes, code migrations, custom jobs, etc. Each such task is assigned a unique identifier. So, a RFRSH_DBS means a database refresh of some sort, for example, or an UPGRD_DBS implies a database upgrade. Then for every variation of the specific task - type, vendor, Cloud, version, etc – a workflow of general automation roles is pre-written. For example, if a company uses only two vendor and two version variations of database software, all four RFRSH_DBS task automation roles have to be pre-created. Each automated refresh role is a logical answer to the question “if money were no object, what would be the most efficient possible way to execute this job? In this case, there will be one Ansible playbook called RFRSH_DBS with four roles inside, each will work with a specific asset. At run time, the Ticketing System (ServiceNow in our example) determines which task template should be filled out with what Cloud asset tags to successfully run. The system then creates specific scripts and runs them in parallel on multiple assets, need be. Essentially, the Ticketing System decides whether or not to run, what to run, when and where; the automation unit decides how to do the job efficiently, in general, by what methods, in which order; and the Cloud asset tags, or the Ticketing System, feed the run-time variables. It is Ansible automation that runs the scripts, not a person. The logs then are uploaded to the Ticketing System. There is no administrator in our implementation. The modern IT enterprise is too diverse, complex and ever-changing to efficiently maintain with people’s knowledge. In addition to opening, approving, auto-assigning and executing a specific configuration change, the system keeps track of dependencies between tasks. Such dependencies may span multiple departments or IT teams. The following describes such task dependencies.

Start to Finish (SF): is a logical relationship (or dependency) in which a finishing event of a Successor Activity is dependent on the starting event of a Predecessor Activity. Two activities L and M having SF relationship with 2 days of Lag:
M(F) = L(S) + 2 days
Finish to Start (FS): a Successor Activity cannot start until a Predecessor Activity has finished. Two activities J and K having FS relationship with 1 day of Lead:
K(F) = J(F) – 1 day
Start to Start (SS):  a successor activity cannot start until its predecessor activity has started. Two activities J and K having SS relationship with 1 day of Lead:
K(S) = J(S) – 1 day
Finish to Finish (FF):  in which a successor activity cannot finish until its predecessor activity has finished. Two activities L and M having FF relationship with 1 minute of Lag:
M(F) = L(F) + 1 minute

The budgetary, operational and functional automated pre-checks may include such business rules such as “never refresh PROD from a lower environment database”.

CLAIMS

The algorithms and operations presented herein are not inherently related to any particular computer or other system or apparatus. Various general-purpose systems may also be used with programs in accordance with the descriptions herein, or it may prove convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these systems will be apparent to those of skill in the art, along with equivalent variations. In addition, embodiments of the invention are not described with reference to any particular programming language or software vendor. It is appreciated that a variety of programming languages may be used to implement the present teachings as described herein, and any references to specific languages are provided for disclosure of enablement and best mode of embodiments of the invention.
Embodiments of the invention are well suited to a wide variety of computer network systems over numerous topologies. Within this field, the configuration and management of large networks include storage devices and computers that are communicatively coupled to dissimilar computers and storage devices over a network, such as the Internet.
What is claimed is:

Pic. 4. Claims

REDACTED

END OF PATENT