Browse Prior Art Database

A method and system for robust and efficient software discovery on the Linux Containers environment by incremental scans

IP.com Disclosure Number: IPCOM000244746D
Publication Date: 2016-Jan-08
Document File: 3 page(s) / 29K

Publishing Venue

The IP.com Prior Art Database

Abstract

This article addresses the discovery drawbacks on the Linux Containers space, where the thin containers are deployed ad-hoc with the pre-defined payload and those containers are managed by a single entity called Container Engine. We provide a way to avoid expensive scanning of containers, in favor of the running the cheap, efficient incremental scan of the container's template files.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 47% of the total text.

Page 01 of 3

A method and system for robust and efficient software discovery on the Linux Containers environment by incremental scans

In the Software Asset Management (SAM) space, there is a need to determine in the robust and authoratitive way the presence and usage of the software licenses . Based on such discovery, a number of scenarios are possible, including license cost optimization, software license audit exposure prevention , budget planning and others. The discovery part is complex due to the nature of the ways how software is discovered, which in most of the cases is either by interrogating the installation registries or content of the file system of the system -under-scan.

Such discovery has few drawbacks:
a) usually such scan requires Agent deployed on the system -under-scan
b) Agent needs to run expensive filesystem scans , which in the high-workload and dynamic environment is not acceptable due to the potential of business workload disruptions
c) Agent needs to run the discovery soon after system -under-scan is provisioned and before it is de-provisioned.

This idea addresses the discovery drawbacks on the Linux Containers space , where the thin containers are deployed ad-hoc with the pre-defined payload and those containers are managed by a single entity called Container Engine . The proposal provides a way
to avoid expensive scanning of containers , in favor of the running the cheap, efficient incremental scan of the container's template files.

At the high level, this proposal describes a way of optimized software discovery on the Linux Containers environment, by providing the incremental scanning technique of the container template files. This will provide the cost-efficient way for SAM tool to quickly identify the software running on Linux Containers on various types of environment , including Instrastructure-as-a-server or Platform-as-a-Service clouds. It avoids the expensive file system scans of the containers or their templates , avoids installing any monitoring agent on the runtime containers , yet providing the 100% acurrate and reliable software inventory reports for the SAM tool .

At the very high level, the idea is to provide a solution which scans the differences between container templates, to identify the newly installed software, by comparison of the newer template file with the baseline template file . This way, the expensive full-filesystem-scan of the whole template file is avoided .

In Docker (www.docker.org) - the leading technology for Linux Containers , the virtualized runtime entity are being called containers - they provide the runtime isolation for processes, memory, processor and filesystem. Each container is instantiated by reference to its template - which is the static description of what should be deployed & running within container. Templates can build the hierarchical inheritance structure , where the top-level template identifies the base Operating System (e.g. Ubuntu Linux system), and the template...