Webserver interface for deployment management tool

Abstract

A computer-implemented method includes submitting a description of devices to a webserver and receiving an identifier for the devices from the webserver. Information related to an application to be deployed is submitted to the webserver and an identifier for the application is received from the webserver. A request is submitted to the webserver to deploy the application to the devices, where the request includes the identifier for the devices and the identifier for the application. The request to deploy the application is independent of which deployment management tool is used to deploy the application to the devices.

Claims

1. A computer-implemented method comprising: submitting a description of a plurality of devices to a webserver as part of a request for the creation of a collection object that represents the plurality of devices and receiving an identifier for the collection object from the webserver; a submitter submitting attributes associated with an application to be deployed to the webserver; while preventing direct access by the submitter to a deployment management tool, receiving the attributes associated with the application from the submitter; calling at least one method in the deployment management tool to create an application in the deployment management tool based on the received attributes and to obtain the identifier for the created application; returning the identifier for the created application to the submitter; the submitter receiving the identifier for the application from the webserver; and submitting a request to the webserver to deploy the application to the plurality of devices, the request including the identifier for the collection object and the identifier for the application and the request being independent of which deployment management tool is used to deploy the application to the devices.

2. The computer-implemented method of claim 1, wherein the description of the plurality of devices comprises a description of a plurality of users and the request to deploy the application comprises a request to deploy the application to at least one device used by each user described by the description of the plurality of users.

3. The computer-implemented method of claim 1, wherein the description of the plurality of devices comprises a rule for identifying devices in a network of devices.

4. The computer-implemented method of claim 1, wherein submitting attributes associated with the application to be deployed comprises submitting an install command for installing the application on a device.

5. The computer-implemented method of claim 1, wherein submitting attributes associated with the application to be deployed comprises providing a location of an installation bundle containing the application to be installed.

6. The computer-implemented method of claim 1, wherein the attributes associated with the application comprises an identification of a distribution point group that includes at least one application catalog.

7. The computer-implemented method of claim 1, further comprising submitting a description of a maintenance window to associate with the devices together with the identifier for the devices.

8. A method comprising: while preventing direct access by a submitter to a deployment management tool, receiving attributes associated with an application from the submitter; calling at least one method in the deployment management tool to create an application object in the deployment management tool based on the received attributes and to obtain an identifier for the created application object; returning the identifier for the created application object to the submitter; while preventing direct access by the submitter to the deployment management tool, receiving a request to create a deployment together with an identifier for a collection representing a plurality of devices and the identifier for the created application object from the submitter; and calling at least one method in the deployment management tool to create the deployment so that the deployment is used by the deployment management tool to deploy the application to the plurality of devices represented by the identifier for the collection.

9. The method of claim 8 further comprising: while preventing direct access by the submitter to the deployment management tool, receiving a description of devices from a submitter; calling at least one method in a deployment management tool to create the collection based on the description of devices and to obtain the identifier for the collection; and returning the identifier for the collection to the submitter.

10. The method of claim 8 further comprising: while preventing direct access by a second submitter to the deployment management tool, receiving attributes associated with a second application from a second submitter; calling at least one method in the deployment management tool to create a second application object in the deployment management tool based on the received attributes associated with the second application and to obtain an identifier for the second created application object; and returning the identifier for the second created application object to the second submitter.

11. The method of claim 10, wherein receiving the attributes associated with the second application comprises receiving an identifier for the second submitter.

12. The method of claim 11 further comprising: while preventing direct access by a third submitter to the deployment management tool, receiving a request from the third submitter to delete the second created application object together with an identifier for the third submitter; and refusing to delete the second created application object because the identifier for the third submitter does not match the identifier for the second submitter.

13. The method of claim 8, wherein the attributes associated with the application comprise an install command.

14. The method of claim 8, wherein the description of devices comprises a description of the users of the devices.

15. A webserver comprising: a memory; and a processor executing instructions to provide: an application resource having a uniform resource identifier and instructions for processing requests to create application objects in a deployment management tool; a collection resource having a second uniform resource identifier and instructions for processing requests to create collections in the deployment management tool, each collection comprising a plurality of devices; a deployment resource having a third uniform resource identifier and instructions for processing requests to create a deployment in the deployment management tool based on an application object created by referencing the application resource and a collection created by referencing the collection resource; and instructions for processing requests to delete application objects that reference the application resource wherein the instructions prevent deletion of an application object when an identifier of a submitter requesting the deletion does not match the identifier of a submitter who requested creation of the application object.

16. The webserver of claim 15, wherein the request to create a collection comprises a query for identifying a set of devices to include in the collection.

17. The webserver of claim 15, wherein the request to create a collection comprises an identifier of a group of users to include in the collection.

18. The webserver of claim 15 further comprising: a maintenance window resource having a fourth uniform resource identifier and instructions for processing requests to create a maintenance window for a collection in the deployment management tool.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 is a block diagram of a system for deploying applications and updates.

(2) FIG. 2 is a block diagram of a system for controlling a deployment management tool while preventing direct access to the deployment management tool in accordance with one embodiment.

(3) FIG. 3 is a flow diagram of a method of deploying an application in accordance with one embodiment.

(4) FIG. 4 is a flow diagram of a method performed using a collection resource in accordance with one embodiment.

(5) FIG. 5 is a flow diagram of a method performed using a maintenance window resource in accordance with one embodiment.

(6) FIG. 6 is a flow diagram of a method performed using an application resource in accordance with one embodiment.

(7) FIG. 7 is a flow diagram of a second method performed using an application resource in accordance with one embodiment.

(8) FIG. 8 is a flow diagram of a method performed using a deployment resource in accordance with one embodiment.

(9) FIG. 9 is a flow diagram of a method of controlling a deployment management tool through resources to perform an update on devices in an enterprise in accordance with one embodiment.

(10) FIG. 10 is a block diagram of a computing device used in accordance with the various embodiments.

DETAILED DESCRIPTION

(11) Deployment management tools are complex programs used to deploy new applications and update patches to computing devices in an enterprise system. Such deployment management tools require users to interface with a large number of user interface screens in order to define the various parameters required for a deployment of an application or a patch. Users unfamiliar with the deployment management tool find it difficult to navigate through all the different user interface pages in order to create and schedule a deployment. In addition, users who are unfamiliar with the deployment management tool tend to introduce a large number of errors into the deployment management tool when given direct access to the tool. In particular, direct access to the deployment management tool allows users to change settings in the deployment management tool that will cause a deployment to fail.

(12) The embodiments described below improve the operation of deployment systems by reducing the number of user interfaces that a user has to navigate in order to create a deployment while also preventing the user from directly accessing the deployment management tool and thereby reducing the number of errors that a user can introduce into a deployment.

(13) FIG. 1 provides a block diagram of a system 100 used to deploy applications and update patches. In system 100, a deployment management tool 102 running on a deployment management server 104 transmits installation and update packages to one or more application catalogs 106 and deployment points, such as deployment points 108 and 110. Application catalog 106 runs on a webserver 112 while deployment points 108 and 110 run on respective enterprise servers 114 and 116. Devices, such as device 122, receive updates from application catalog 106 by directing a web browser within the device to the application catalog 106 through network 120. Alternatively, devices can use a deployment client, such as deployment clients 124, 126, 128 and 130 running on client devices 132, 134, 136 and 138 to access a deployment point in one of the enterprise servers so as to retrieve the installation or update package. Once a device has downloaded an installation package, it invokes an install command provided as part of the installation package to install the application or update on the device.

(14) FIG. 2 provides a block diagram of a system 200 for creating a deployment in deployment management tool 102 while preventing direct access to deployment management tool 102. In system 200, a webserver 214 supports various HTTP method calls relative to a collection of resources 212 so as to provide an interface between external devices, such as devices 220 and 222 and deployment management tool 102 on deployment management server 104. In particular, webserver 214 interacts with deployment management tool 102 through one or more API methods 216 on deployment management server 104 where API methods 216 are able to call methods within deployment management tool 102 directly.

(15) The collection of resources 212 include an application resource 204, a collection resource 206, a maintenance window resource 208 and a deployment resource 210, which each have a respective uniform resource identifier (URI). In accordance with one embodiment, webserver 214 supports at least one HTTP request method for each resource URI, such as GET, POST, PUT, and DELETE, for example. Each resource corresponds to an object used by deployment management tool 102 and stored in a deployment database 230. Thus, application resource 204 corresponds to Application objects that describe applications that are to be deployed, collection resource 206 corresponds to Collection objects that describe collections of devices or users that are to receive deployed applications, maintenance window resource 208 corresponds to Maintenance Window objects that describe time periods when devices associated with a collection can receive a deployment and deployment resource 210 corresponds to Deployment objects that describe parameters of deployments. In general, if the GET method is supported for a resource, web server 214 will use deployment management tool 102 to retrieve one or more corresponding objects from deployment database 230; if the POST method is supported, web server 214 will use deployment management tool 102 to create a new corresponding object in deployment database 230; if the PUT method is supported, web server 214 will use deployment management tool 102 to change a corresponding object in deployment database 230; and if the DELETE method is supported, web server 214 will use deployment management tool 102 to remove a corresponding object from deployment database 230.

(16) FIG. 3 provides a flow diagram of a method for creating a deployment using system 200 of FIG. 2. In step 300, a device, such as device 220 or device 222, submits a description of devices to include in a collection as part of a request for the creation of a collection. In accordance with one embodiment, this request is a Collection ReST call 250 for the creation of a collection of devices that takes the form of:

(17) POST/collection URI HTTP/1.1

(18) Content-type: application/JSON

(19) Authorization: OATH access token

(20) key: consumer key

(21) collection_name: Name of collection

(22) comment: Description of collection

(23) owned_by_this_site: True

(24) limit_to_collection_id: collection ID

(25) rule_name: name

(26) folder_id: Identifier for folder

(27) device_list: [device ID, device ID . . . ]

(28) query: query to add devices

(29) include_collection_ids: [list of collection IDs]

(30) exclude_collection_ids: [list of collection IDs]

(31) In accordance with another embodiment, the request is a Collection ReST call 250 for the creation of a collection of users that takes the form of:

(32) POST/collection URI HTTP/1.1

(33) Content-type: application/JSON

(34) Authorization: OAUTH access token

(35) key: consumer key

(36) collection_name: Name of collection

(37) comment:Description of collection

(38) owned_by_this_site: True

(39) limit_to_collection_id: collection ID

(40) rule_name: name

(41) folder_id: Identifier for folder

(42) user_group_list: Identifier of group of users

(43) include_collection_ids: [list of collection IDs]

(44) exclude_collection_ids: [list of collection IDs]

(45) The two HTTP requests described above both include a request line including an HTTP method of POST, the URI of collection resource 206, and the version of HTTP. The next three lines after the request line contain the header of the HTTP request, with each line containing an attribute:value pair. After the header, there is a blank line followed by the body of the request. The first attribute:value pair in the header indicates the format of the information in the body. In the embodiments shown above, the body has an application/JSON format, which also provides attribute:value pairs. The header also includes an authorization attribute, which provides an OAUTH access token and a key attribute, which provides a consumer key for accessing the deployment management tool.

(46) The body of the request includes a description of the collection to be created by providing a list of attribute:value pairs. In the body, the collection_name attribute is a name to assign to the newly created collection and the comment attribute is a description of the collection to be created. The limit_to_collection_id attribute limits the members of this collection to devices and users that are part of the collection identified for this attribute. The folder_id attribute provides the identifier for a location in the deployment management tool where this collection should be created. For device collections, the collection can be defined either using the device_list attribute and providing a list of device IDs or using the query attribute and providing a pattern (text and wildcards) or query for identifying devices to include in the collection. If the query attribute is used, the rule_name attribute is used to assign a rule name to the pattern or query. For user collections, the users can be identified from a user_group list attribute, which identifies a list of user groups that this collection targets. The include_collection_ids attribute provides a list of collections containing devices or users that should be included in the collection being created. The exclude_collection_ids parameter provides a list of collections containing devices or users that should be excluded from the present collection. The limit_to_collection_id, the include_collection_ids, the exclude_collection_ids, the device_list, the query, and the user_group list each provide a description of devices that are to be included in the collection with the user_group list indirectly describing the devices by providing a description of users who use the devices.

(47) FIG. 4 provides a flow diagram of a method performed by webserver 214 upon receiving a request to create a collection. In step 400 of FIG. 4, webserver 214 receives the request to create the collection, which includes receiving a description of the devices to include in the collection. At step 402, the webserver parses the request to retrieve the query or device/user list used to form this collection, the collection IDs of collections to include in the present collection, the collection IDs of collections to exclude from this collection, and the collection ID of the collection that the devices/users are limited to coming from, if any. Webserver 214 then uses API methods 216 to create a collection object in deployment management tool 102 at step 404. The created collection object is stored in deployment database 230 and is assigned a collection ID by deployment management tool 102. If a query was provided in the request at step 406, a query object is created for the collection at step 408 and the name of the query object is set to the rule name provided in the request at step 410. The query provided in the request is then set as the query for the query object at step 412. If a query was not provided in the request, then a list of devices/users was provided instead. At step 414, the list of devices or the identifier of the user group is stored as part of the collection object.

(48) At step 416, the include collection IDs are set for the collection and at step 418, the exclude collection IDs are set for the collection. At step 419, the limit to collection ID is set for the collection.

(49) If all of the operations described above succeed, the identifier for the newly created collection is returned at step 422. If one of the steps above does not succeed at step 420, an error is returned in the return message from web server 214 to client device 220/222 at step 424.

(50) Once a collection has been created, the attributes of the collection can be retrieved by sending an HTTP GET request to webserver 214 with the identifier for the collection placed at the end of the URI for collection resource 206. In response to the GET request, webserver 214 uses API methods 216 to request the attribute values of the collection from deployment management tool 102 and returns the attribute:value pairs for the collection to the requesting device. A list of collection IDs that have been created can be retrieved by sending an HTTP GET request to webserver 214 with just the URI for collection resource 206.

(51) Returning to FIG. 3, at step 302, the collection ID returned at step 422 of FIG. 4 is received. The collection ID represents an identifier for the devices described in the request for the collection. This ends collection ReST call 250 to collection resource 206.

(52) At step 304, a description of a maintenance window to associate with the devices of the created collection is sent to the webserver. In accordance with one embodiment, the description is sent as part of maintenance window ReST call 252 executed on device 222. Maintenance window ReST call 252 is directed to maintenance window resource 208 and in accordance with one embodiment, takes the following form:

(53) POST/maintenance window URI HTTP/1.1

(54) Content-type: application/JSON

(55) Authorization: OAUTH access token

(56) key: consumer key

(57) name: name of maintenance Window

(58) collection_id: ID of collection that maintenance window is to be applied to

(59) recurrence_type: none, monthly or weekly

(60) start_time: Date/time when application can start to be deployed to collection,

(61) hour_duration: maximum length of window,

(62) day: day of week when maintenance window should open if reoccurring

(63) week: week of month when maintenance window should open if reoccurring monthly

(64) The request line includes a POST command followed by the URI of maintenance window resource 208 and the version of HTTP. The header of the request is similar to the header of the collection request discussed above. The body of the request includes a description of the maintenance window using a series of attribute:value pairs. The name attribute provides a name to assign to the maintenance window and a collection_id attribute identifies the collection ID of the collection that the maintenance window is to be applied to. The recurrence_type attribute indicates whether the maintenance window is not to recur or is to recur on a weekly or monthly basis. The start_time attribute in the body designates a date and time when an application can start to be deployed to the collection. The hour_duration parameter indicates the length of the maintenance window after the start time during which the application can be deployed. For maintenance windows that recur weekly or monthly, the day attribute designates the day of the week when the maintenance window should reopen. For maintenance windows that recur monthly, the week attribute indicates which week of the month the maintenance window should open.

(65) Thus, the maintenance window designates a period of time and one or more dates during which an application may be deployed to the devices listed in a collection of devices or devices operated by a collection of users.

(66) FIG. 5 provides a flow diagram of a method performed by webserver 214 and API methods 216 upon receiving a request to create a maintenance window using maintenance window resource 208. In step 500, the request to establish a maintenance window for a collection is received by webserver 214 through a reference to the maintenance window resource 208's URI. At step 502, webserver 214 parses the request to obtain the collection ID and the attribute of the maintenance window. At step 504, webserver 214 interacts with deployment management tool 102 through API methods 216 to create a maintenance window object. The created maintenance window object is stored in deployment database 230 and is assigned an identifier by deployment management tool 102. At step 506, the parsed attributes are used to set the parameters of the maintenance window object. If all of the steps are performed successfully at step 508, the identifier for the maintenance window object is returned by webserver 214 to maintenance window ReST call 252 at step 512. If an error occurs while any of the steps are being performed, an error is returned by webserver 214 to maintenance window ReST call 252 at step 510.

(67) After requesting the creation of the maintenance window at step 304, the process of creating a deployment in FIG. 3 continues at step 306 where information related to an application to be deployed is submitted to the webserver. In accordance with one embodiment, the information is submitted as part of a request to create an application in an application ReST call 254, which references application resource 204's URI. In accordance with one embodiment, application ReST call 254 takes the forms of:

(68) POST/application URI HTTP/1.1

(69) Content-type: application/JSON

(70) Authorization: OAUTH access token

(71) key: consumer key

(72) application_name: name of Application

(73) publisher: name of publisher of application

(74) auto install: True/False

(75) software_version: version of application

(76) keywords: [List of keywords to for searching in Application Catalog/Software Center]

(77) description: short description of what the application is

(78) folder_id: identifier of folder where application is to be stored

(79) content_source: path to code registry containing application

(80) requirement_rules: [list of rules to be applied to devices]

(81) distribution_point_group_name: group of distribution points for distributing

(82) application

(83) dependent_application_ids: [List of applications that must be on device]

(84) install_command_line: <install command>

(85) uninstall_command_line:<uninstall command>

(86) detection:<script to detect>

(87) The attributes in the body of the request provide information related to the application to be deployed. The application_name, publisher, software_version, and description attributes provide the name, publisher, version of the application, and a short description of what the application is, respectively, which are to appear in any application catalog/software center that the application is to be placed in as part of the deployment. The keywords attribute provides a list of keywords that will be used to tag the application in the application catalog/software center for the purposes of retrieving the application through searches in the application catalog/software center. The auto_install attribute indicates whether the application can be installed as part of a sequence. The folder_ids attribute identifies a folder in deployment database 230 where the application is to be stored for deployment. The content_source attribute indicates the path to a code registry, such as code registries 270 and 272 of FIG. 2 where the installation files for the application are currently store. The distribution_point_group_name attribute provides the name of a group of distribution points from which the application will be distributed to individual devices. In accordance with one embodiment, such distribution points include one or more application catalogs and one or more distribution centers. The dependent_application_ids attribute provides a list of applications that must be on the device. The requirement_rules attribute provides a list of operating system types and versions that the device must be running in order for the application to be installed. The install_command_line attribute provides an install command that will trigger the installation of the application after the application has been downloaded to the device. The uninstall_command_line attribute provides an uninstall command to remove the application from the device. The detection attribute provides a script that can be used to detect whether the application is already installed on the device

(88) FIG. 6 provides a flow diagram of a method used by webserver 214 to create an application through deployment management tool 102 when application resource 204 is called with a POST request that references application resource 204's URI. In step 600, the POST request is received by webserver 214 and at step 602, webserver 214 parses the OAUTH token to identify the submitter. At step 604, webserver 214 parses the request to obtain the location of the application installation bundle, the name of the application, the install command, the uninstall command, and the script for detecting the application on a machine. At step 606, webserver 214 uses API methods 216 to create an application object in the deployment management tool 102. In accordance with one embodiment, creating the application involves storing the name of the application, the description of the application, the keywords for the application, and the location of the installation files for the application in database 230 as well as creating and storing an identifier for the application. At step 608, webserver 214 uses API methods 216 to create a new deployment type. In accordance with one embodiment, creating the new deployment type involves setting the install command, as well as the detection script, an installation start in location folder and an uninstall start in location folder. At step 610, the new deployment type is associated with the new application object. At step 612, the application is associated with the identifier of the submitter of this request. If all of the preceding steps were performed successfully at step 614, the identifier for the created application object is returned at step 618 to application ReST call 254. If an error occurred at any point, the error is returned at step 616.

(89) Once an application has been created, the attributes of the application can be retrieved by sending an HTTP GET request to webserver 214 with the identifier for the application placed at the end of the URI for application resource 204. In response to the GET request, webserver 214 uses API methods 216 to request the attribute values of the application from deployment management tool 102 and returns the attribute:value pairs for the application to the requesting device. A list of application IDs that have been created can be retrieved by sending an HTTP GET request to webserver 214 with just the URI for application resource 204.

(90) Using application ReST call 254, it is also possible to delete an application from deployment management tool 102. In accordance with one embodiment, such delete requests take the form of:

(91) DELETE/application URI/{APPLICATION ID} HTTP/1.1

(92) Content-type: application/JSON

(93) Authorization: OAUTH access token

(94) key: consumer key

(95) The request line includes a reference to the HTTP DELETE method and a reference to the URI of application resource 204 together with the application ID of the application to be deleted. The header contains the same information as the application POST request.

(96) FIG. 7 provides a flow diagram of a method performed by webserver 214 to delete an application. At step 700, webserver 214 receives a reference to the URI of application resource 204 together with the DELETE method name. At step 702, the application ID is parsed from the URI of application resource 204 and at step 704, the OAUTH token is parsed from the header of the DELETE request. Webserver 214 uses the OAUTH token to identify the ID of the submitter making the delete request. At step 706, webserver 214 uses API methods 216 to retrieve the ID of the submitter who POSTed the application causing the application to be created in deployment management tool 102. At step 708, the ID of the submitter of the DELETE request and the ID of the submitter of the POST request for the application are compared to determine if they match. If they do not match, an error is returned and the application is not deleted at step 710. If they do match, the application is deleted at step 712. Thus, webserver 214 provides protection against accidental deletion of an application in deployment management tool 102 by preventing submitters other than the submitter who posted the application from deleting the application from deployment management tool 102.

(97) Returning to the method of FIG. 3 for creating a deployment, after the application is created at step 306, the identifier for the application object is received by application ReST call 254 from webserver 214 at step 308. At step 310, a request is submitted to the webserver to deploy the application to the devices. In accordance with one embodiment, the request is made through a deployment ReST call 256 on device 222, which submits a request to create a deployment using deployment resource 210 while passing the received collection identifier and the received application identifier. In accordance with one embodiment, the request for creation of the deployment is submitted as:

(98) POST/deployment URI HTTP/1.1

(99) Content-type: application/JSON

(100) Authorization: OAUTH access token

(101) key: consumer key

(102) application_id: Identifier of Application to be deployed

(103) collection_id: Identifier of user or device collection that Application is to be deployed to

(104) offer_type_id: Required/Available

(105) desired_config_type: Install/Uninstall,

(106) start_time: Date/time to make deployment available

(107) enforcement_deadline: Date/Time by which devices must accept deployment

(108) use_gmt_times: True/False

(109) override_service_windows: True/False

(110) reboot_outside_of_service_windows: True/False

(111) require_approval: True/False

(112) notify_user: True/False

(113) wol enabled: True/False

(114) deployment_description: Description of deployment

(115) where the request includes a request line containing the POST method and a reference to the deployment URI. The request also includes a header similar to the header found in the other requests described above. The body of the request includes the application ID for the application to be deployed and the collection ID for the collection of devices or users that the application is to be deployed to. The offer_type_id attribute indicates whether the deployment is required or is simply to be made available. The desired_config_type attribute indicates whether the deployment is an install deployment or an uninstall deployment. The start_time attribute indicates the date and time that the deployment is to be made available and the enforcement_deadline attribute indicates the date and time by which devices must accept the deployment if the deployment is required. The use GMT_times attribute indicates whether the time will be based on the client time or on UTC time. The override_service_windows attribute indicates whether the application can be installed outside of a service window defined by a maintenance window for the collection or whether it can only be installed within a service window. The reboot_outside_of_service_windows attribute indicates whether the device can be rebooted outside of a maintenance window defined for the collection or whether the installation must wait for a service window before rebooting. The require_approval attribute indicates whether prior approval is required before a user can deploy the application from the application catalog. The notify_user attribute sets a user experience setting and the wol_enabled attribute sends wake up packets for a device when set to true. The deployment_description parameter provides a description of the deployment.

(116) FIG. 8 provides a flow diagram of a method performed by webserver 214 and API methods 216 to create a deployment. In step 800, a POST request to create the deployment is received from deployment ReST call 256 by webserver 214. At step 802, webserver 214 parses the request to retrieve the collection ID, the application ID, the start time, and the enforcement deadline, if any. At step 804, webserver 214 uses API methods 216 to create a deployment object in deployment management tool 102. In accordance with one embodiment, this involves storing an identifier for the deployment object in deployment database 230. At step 806, webserver 214 sets the collection for the deployment object to the parsed collection ID. At step 808, webserver 214 uses API methods 216 to set the application for the deployment object to the parsed application ID. At step 810, webserver 214 uses API methods 216 to set the schedule of the deployment for the deployment object. If all of the above steps above succeed at step 812, webserver 214 returns the deployment ID at step 816. If any of the steps fail, webserver 214 returns an error to deployment ReST call 256 at step 814. Once the deployment has been created, deployment management tool 102 will use the schedule stored for the deployment to trigger the deployment and the information associated with the identified application and the identified collection will be used by deployment management tool 102 to locate and deploy the installation files for the application and to distribute them to the devices represented by the collection.

(117) Note that all of the ReST calls discussed above are independent of the deployment management tool that is used to implement the deployment. As a result, webserver 214 allows different deployment management tools to be used without requiring changes to the ReST calls. This simplifies the coding required for the ReST calls by allowing one set of ReST calls to be created for all deployment management tools. In addition, if a different deployment management tool is later selected, the code on every device used to request a deployment does not have to be changed. Instead, only the code on webserver 214 needs to be changed to work with the new deployment management tool. This improves deployment technology by reducing the amount of work required when the deployment tool changes.

(118) In the discussion above, the ReST calls, such as collection ReST call 250, maintenance window ReST call 252, application ReST call 254 and deployment ReST call 256 were shown to be distinct elements located within device 222. In other embodiments, these calls are integrated together to form an integrated deployment script, such as integrated deployment script 258 in device 220. Such an integrated deployment script can include each of these ReST calls in a sequence together with error management code so as to allow the entire deployment to be created while making a single call to the integrated deployment script 258.

(119) In accordance with a further embodiment, webserver 214 can be used to create a deployment for a software update while preventing direct access to deployment management tool 102. FIG. 9 provides a flow diagram of one method of creating such a deployment. In step 900, collection ReST call 250 is used to create a collection of users/devices that are to receive the deployed update. Webserver 214 processes the request for the collection in an identical manner to that discussed above in FIG. 4. At step 902, the identifier for the collection is returned by webserver 214 to collection ReST call 250. At step 904, a maintenance window ReST call 252 is used to submit a request to webserver 214 for the creation of a maintenance window by referring to maintenance window resource 208. This submission includes the identifier of the collection returned at step 902 and has the same appearance, in accordance with one embodiment, as the POST request discussed above for maintenance window creation. In accordance with one embodiment, webserver 214 handles the request for the maintenance window using the same method discussed above in connection with FIG. 5. At step 906, deployment ReST call module 256 submits a request to create a deployment by referencing deployment resource 210 and providing the collection identifier returned in step 902 and an update_group_identifier. In accordance with one embodiment, the submitted request for the deployment appears as:

(120) POST/deployment URI HTTP/1.1

(121) Content-type: application/JSON

(122) Authorization: OAUTH access token

(123) key: consumer key

(124) update_group_id: Identifier of Update Group

(125) collection_id: Identifier of user or device collection that Application is to be deployed to

(126) suppress_reboot: 0

(127) start_time: Date/time to make deployment available

(128) enforcement_deadline: Date/Time by which devices must accept deployment

(129) use_gmt_times: True/False

(130) override_service_windows: True/False

(131) reboot_outside_of_service_windows: True/False

(132) notify_user: True/False

(133) deployment_description: Description of deployment

(134) where the attributes that are similar to the attributes of the POST request for the deployment of an application have the same meanings. The update_group_id attribute indicates the identifier of an update group which has an associated update group storage area 290 in FIG. 2. The suppress_reboot attribute indicates whether reboots will be allowed or if the reboots will be suppressed based upon whether the device is a workstation or a server. Upon receiving the request for the creation of the deployment based on the update, webserver 214 uses API methods 216 to create a deployment that will install the update located in update group storage 290 associated with the update group identifier to all devices represented by the collection identifier.

(135) By providing webserver 214, the various embodiments are able to receive and satisfy requests to create application objects, collections of devices, maintenance windows and deployments in a deployment management tool while at the same preventing direct access to the deployment management tool. This reduces the number of user interface screens that the person requesting the deployment must navigate while also reducing the number of errors that the person may introduce into the deployment.

(136) FIG. 10 provides an example of a computing device 10 that can be used as any of devices 220, 222, webserver 214, deployment management server 104, webserver 112, enterprise servers 114 and 116 and client devices 132, 134, 136, and 138 in the embodiments above. Computing device 10 includes a processing unit 12, a system memory 14 and a system bus 16 that couples the system memory 14 to the processing unit 12. System memory 14 includes read only memory (ROM) 18 and random access memory (RAM) 20. A basic input/output system 22 (BIOS), containing the basic routines that help to transfer information between elements within the computing device 10, is stored in ROM 18. Computer-executable instructions that are to be executed by processing unit 12 may be stored in random access memory 20 before being executed.

(137) Embodiments of the present invention can be applied in the context of computer systems other than computing device 10. Other appropriate computer systems include handheld devices, multi-processor systems, various consumer electronic devices, mainframe computers, and the like. Those skilled in the art will also appreciate that embodiments can also be applied within computer systems wherein tasks are performed by remote processing devices that are linked through a communications network (e.g., communication utilizing Internet or web-based software systems). For example, program modules may be located in either local or remote memory storage devices or simultaneously in both local and remote memory storage devices. Similarly, any storage of data associated with embodiments of the present invention may be accomplished utilizing either local or remote storage devices, or simultaneously utilizing both local and remote storage devices.

(138) Computing device 10 further includes an optional hard disc drive 24, an optional external memory device 28, and an optional optical disc drive 30. External memory device 28 can include an external disc drive or solid state memory that may be attached to computing device 10 through an interface such as Universal Serial Bus interface 34, which is connected to system bus 16. Optical disc drive 30 can illustratively be utilized for reading data from (or writing data to) optical media, such as a CD-ROM disc 32. Hard disc drive 24 and optical disc drive 30 are connected to the system bus 16 by a hard disc drive interface 32 and an optical disc drive interface 36, respectively. The drives and external memory devices and their associated computer-readable media provide nonvolatile storage media for the computing device 10 on which computer-executable instructions and computer-readable data structures may be stored. Other types of media that are readable by a computer may also be used in the exemplary operation environment.

(139) A number of program modules may be stored in the drives and RAM 20, including an operating system 38, one or more application programs 40, other program modules 42 and program data 44. In particular, application programs 40 can include programs for implementing any one of modules discussed above. Program data 44 may include any data used by the systems and methods discussed above.

(140) Processing unit 12, also referred to as a processor, executes programs in system memory 14 and solid state memory 25 to perform the methods described above.

(141) Input devices including a keyboard 63 and a mouse 65 are optionally connected to system bus 16 through an Input/Output interface 46 that is coupled to system bus 16. Monitor or display 48 is connected to the system bus 16 through a video adapter 50 and provides graphical images to users. Other peripheral output devices (e.g., speakers or printers) could also be included but have not been illustrated. In accordance with some embodiments, monitor 48 comprises a touch screen that both displays input and provides locations on the screen where the user is contacting the screen.

(142) The computing device 10 may operate in a network environment utilizing connections to one or more remote computers, such as a remote computer 52. The remote computer 52 may be a server, a router, a peer device, or other common network node. Remote computer 52 may include many or all of the features and elements described in relation to computing device 10, although only a memory storage device 54 has been illustrated in FIG. 10. The network connections depicted in FIG. 10 include a local area network (LAN) 56 and a wide area network (WAN) 58. Such network environments are commonplace in the art.

(143) The computing device 10 is connected to the LAN 56 through a network interface 60. The computing device 10 is also connected to WAN 58 and includes a modem 62 for establishing communications over the WAN 58. The modem 62, which may be internal or external, is connected to the system bus 16 via the I/O interface 46.

(144) In a networked environment, program modules depicted relative to the computing device 10, or portions thereof, may be stored in the remote memory storage device 54. For example, application programs may be stored utilizing memory storage device 54. In addition, data associated with an application program may illustratively be stored within memory storage device 54. It will be appreciated that the network connections shown in FIG. 10 are exemplary and other means for establishing a communications link between the computers, such as a wireless interface communications link, may be used.

(145) Although elements have been shown or described as separate embodiments above, portions of each embodiment may be combined with all or part of other embodiments described above.

(146) Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms for implementing the claims.