Cached credentials for offline domain join and login without local access to the domain controller

US 10,033,730 B2
Filed: 11/22/2016
Issued: 07/24/2018
Est. Priority Date: 11/22/2016
Status: Active Grant

First Claim

Patent Images

1. A method for performing an offline domain join of a client without being locally connected, the method comprising:

receiving a request for a virtual disk from a user'"'"'s computing device to a server over a remote network connection;

capturing a pre-domain-join snapshot of a virtual machine based on the virtual disk;

starting the virtual machine on a local network of the server;

performing a domain join of the virtual machine with an active directory server on the local network;

receiving a username and password of the user over the remote network connection;

causing a login to be performed into the virtual machine using the received username and password, wherein logging into the virtual machine produces an encrypted cached credential on the virtual machine;

capturing a post-domain-join snapshot of the virtual machine and producing a delta based on differences between the pre-domain-join snapshot and the post-domain-join snapshot; and

transmitting the delta to the user'"'"'s computing device, wherein the delta can be applied to add the cached credential on the user'"'"'s computing device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for performing an offline domain join and login on behalf of a computing device in order to enable the device to access corporate resources without local access to the domain controller. A slave service is described that can start a virtual machine on a local network of the enterprise, perform an offline domain join of the virtual machine, perform a first login to the virtual machine using credentials of a remote user and then capture the changes made on the virtual machine and deliver those changes to the remote user'"'"'s device. These changes can then be applied on the user'"'"'s device to add the credentials and configuration changes necessary for the user to access the private enterprise resources remotely.

Citations

20 Claims

1. A method for performing an offline domain join of a client without being locally connected, the method comprising:
- receiving a request for a virtual disk from a user'"'"'s computing device to a server over a remote network connection;
  
  capturing a pre-domain-join snapshot of a virtual machine based on the virtual disk;
  
  starting the virtual machine on a local network of the server;
  
  performing a domain join of the virtual machine with an active directory server on the local network;
  
  receiving a username and password of the user over the remote network connection;
  
  causing a login to be performed into the virtual machine using the received username and password, wherein logging into the virtual machine produces an encrypted cached credential on the virtual machine;
  
  capturing a post-domain-join snapshot of the virtual machine and producing a delta based on differences between the pre-domain-join snapshot and the post-domain-join snapshot; and
  
  transmitting the delta to the user'"'"'s computing device, wherein the delta can be applied to add the cached credential on the user'"'"'s computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - powering on the virtual machine with a local account of the user;
      
      executing a domain join process of an operating system of the virtual machine and receiving a blob file from an active directory server;
      
      applying the blob file on the virtual machine and restarting the virtual machine;
      
      causing a login to be performed into the virtual machine as a domain user using the username and password received from the user; and
      
      powering off the virtual machine.
  - 3. The method of claim 1, wherein steps of capturing the pre-domain-join snapshot, starting the virtual machine, performing the domain join, causing a login to be performed into the virtual machine and capturing the post-domain-join snapshot are performed while the user'"'"'s computing device is downloading content of the virtual disk from the server.
  - 4. The method of claim 1, wherein the cached credentials are provided to the user'"'"'s computing device without requiring the user'"'"'s device to connect to the local network of the server.
  - 5. The method of claim 1, wherein the cached credentials are used by another instance of the virtual machine based on the virtual disk operating on the user'"'"'s computing device to establish connections to the local network of the server.
  - 6. The method of claim 1, wherein the user'"'"'s computing device further includes a hypervisor capable of executing an instance of the virtual machine based on the virtual disk after the delta has been merged onto the instance of the virtual machine.
  - 7. The method of claim 1, wherein performing the domain join of the virtual machine further comprises:
    - applying one or more security policies of the local network to the virtual machine.

8. A computing device, comprising:
- one or more processors; and
  
  memory storing instructions that when executed by the one or more processors, cause the computing device to;
  
  receive a request for a virtual disk from a user'"'"'s computing device to a server over a remote network connection;
  
  capture a pre-domain-join snapshot of a virtual machine based on the virtual disk;
  
  start the virtual machine on a local network of the server;
  
  perform a domain join of the virtual machine with an active directory server on the local network;
  
  receive a username and password of the user over the remote network connection;
  
  cause a login to be performed into the virtual machine using the received username and password, wherein logging into the virtual machine produces an encrypted cached credential on the virtual machine;
  
  capture a post-domain-join snapshot of the virtual machine and produce a delta based on differences between the pre-domain-join snapshot and the post-domain-join snapshot; and
  
  transmit the delta to the user'"'"'s computing device, wherein the delta can be applied to add the cached credential on the user'"'"'s computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing device of claim 8, wherein the memory further comprises instructions that when executed by the one or more processors, cause the computing device to:
    - power on the virtual machine with a local account of the user;
      
      execute a domain join process of an operating system of the virtual machine and receiving a blob file from an active directory server;
      
      apply the blob file on the virtual machine and restarting the virtual machine;
      
      cause a login to be performed into the virtual machine as a domain user using the username and password received from the user; and
      
      power off the virtual machine.
  - 10. The computing device of claim 8, wherein capturing the pre-domain-join snapshot, starting the virtual machine, performing the domain join, causing a login to be performed into the virtual machine and capturing the post-domain-join snapshot are performed while the user'"'"'s computing device is downloading content of the virtual disk from the server.
  - 11. The computing device of claim 8, wherein the cached credentials are provided to the user'"'"'s computing device without requiring the user'"'"'s device to connect to the local network of the server.
  - 12. The computing device of claim 8, wherein the cached credentials are used by another instance of the virtual machine based on the virtual disk operating on the user'"'"'s computing device to establish connections to the local network of the server.
  - 13. The computing device of claim 8, wherein the user'"'"'s computing device further includes a hypervisor capable of executing an instance of the virtual machine based on the virtual disk after the delta has been merged onto the instance of the virtual machine.
  - 14. The computing device of claim 8, wherein performing the domain join of the virtual machine further comprises:
    - applying one or more security policies of the local network to the virtual machine.

15. A non-transitory computer readable storage medium comprising one or more sequences of instructions, the instructions when executed by one or more processors causing the one or more processors to execute the operations of:
- receiving a request for a virtual disk from a user'"'"'s computing device to a server over a remote network connection;
  
  capturing a pre-domain-join snapshot of a virtual machine based on the virtual disk;
  
  starting the virtual machine on a local network of the server;
  
  performing a domain join of the virtual machine with an active directory server on the local network;
  
  receiving a username and password of the user over the remote network connection;
  
  causing a login to be performed into the virtual machine using the received username and password, wherein logging into the virtual machine produces an encrypted cached credential on the virtual machine;
  
  capturing a post-domain-join snapshot of the virtual machine and producing a delta based on differences between the pre-domain-join snapshot and the post-domain-join snapshot; and
  
  transmitting the delta to the user'"'"'s computing device, wherein the delta can be applied to add the cached credential on the user'"'"'s computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, further comprising instructions executed by one or more processors to cause the one or more processors to execute the operations of:
    - powering on the virtual machine with a local account of the user;
      
      executing a domain join process of an operating system of the virtual machine and receiving a blob file from an active directory server;
      
      applying the blob file on the virtual machine and restarting the virtual machine;
      
      causing a login to be performed into the virtual machine as a domain user using the username and password received from the user; and
      
      powering off the virtual machine.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein steps of capturing the pre-domain-join snapshot, starting the virtual machine, performing the domain join, causing a login to be performed into the virtual machine and capturing the post-domain-join snapshot are performed while the user'"'"'s computing device is downloading content of the virtual disk from the server.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the cached credentials are provided to the user'"'"'s computing device without requiring the user'"'"'s device to connect to the local network of the server.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein the cached credentials are used by another instance of the virtual machine based on the virtual disk operating on the user'"'"'s computing device to establish connections to the local network of the server.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the user'"'"'s computing device further includes a hypervisor capable of executing an instance of the virtual machine based on the virtual disk after the delta has been merged onto the instance of the virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Bakshan, Igal, Yogev, Yair, Halperin, Nohar
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US15/359,524
Publication Number

US 20180145960A1
Time in Patent Office

609 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/128   Details of file system snap...

G06F 2009/45562   Creating, deleting, cloning...

G06F 9/4405   Initialisation of multiproc...

G06F 9/442   Shutdown

G06F 9/452   Remote windowing, e.g. X-Wi...

G06F 9/45558   Hypervisor-specific managem...

H04L 61/3015   Name registration, generati...

H04L 61/457   containing identifiers of d...

H04L 63/0272   Virtual private networks

H04L 63/083   using passwords cryptograph...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

H04L 67/131   Protocols for games, networ...

Cached credentials for offline domain join and login without local access to the domain controller

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cached credentials for offline domain join and login without local access to the domain controller

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links