Installing configuration information on a host

US 10,116,700 B2
Filed: 10/18/2016
Issued: 10/30/2018
Est. Priority Date: 12/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method of installing configuration information on a host, comprising:

initiating provisioning of the host to provide a virtual data processing instance in a virtualized environment, wherein a computing resource can be shared by a plurality of virtual data processing instances;

connecting, by the host, to a management system to initiate enrolling of the virtual data processing instance in the management system based on information received by the host via a communication network from a provisioning system, wherein the host comprises memory and one or more hardware processors;

authenticating, by the host, to the management system using credentials received by the host via the communication network from the provisioning system;

receiving, in response to the host initiated enrolment of the virtual data processing instance in the management system and by the authenticated host via the communication network, configuration information from the management system; and

installing, by the authenticated host, the received configuration information to create the virtual data processing instance in the virtualized environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Citations

20 Claims

1. A method of installing configuration information on a host, comprising:
- initiating provisioning of the host to provide a virtual data processing instance in a virtualized environment, wherein a computing resource can be shared by a plurality of virtual data processing instances;
  
  connecting, by the host, to a management system to initiate enrolling of the virtual data processing instance in the management system based on information received by the host via a communication network from a provisioning system, wherein the host comprises memory and one or more hardware processors;
  
  authenticating, by the host, to the management system using credentials received by the host via the communication network from the provisioning system;
  
  receiving, in response to the host initiated enrolment of the virtual data processing instance in the management system and by the authenticated host via the communication network, configuration information from the management system; and
  
  installing, by the authenticated host, the received configuration information to create the virtual data processing instance in the virtualized environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the host connects to the management system using TCP/IP and a security protocol.
  - 3. The method according to claim 1, wherein the host connects to the management system before or during boot of the host.
  - 4. The method according to claim 1, wherein the provisioning system comprises a cloud instance manager configured to install credentials on hosts.
  - 5. The method according to claim 1, wherein the configuration information comprises authentication-related configuration information.
  - 6. The method according to claim 5, wherein the configuration information comprises information about at least one authentication source.
  - 7. The method according to claim 5, wherein the configuration information comprises configuration information for at least one Pluggable Authentication Module (PAM).
  - 8. The method according to claim 1, wherein the configuration information comprises a Pluggable Authentication Module (PAM) implementing authentication.
  - 9. The method according to claim 1, wherein the configuration information comprises an executable file.

10. An apparatus providing a host, the apparatus comprising a computing resource that can be shared by a plurality of virtual data processing instances in a virtualized environment, wherein the apparatus is configured to:
- initiate provisioning of the host to provide a virtual data processing instance in the virtualized environment;
  
  connect the host to a management system for host initiated enrolling of the virtual data processing instance in the management system based on information received via a communication network from a provisioning system;
  
  authenticate the host to the management system using credentials received by the host via the communication network from the provisioning system;
  
  receive, in response to the host initiated enrolment of the virtual data processing instance in the management system and after the authentication of the host, configuration information via the communication network from the management system; and
  
  install the received configuration information to the host to create the virtual data processing instance in the virtualized environment.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The apparatus according to claim 10, configured to cause the host to connect to the management system before or during boot of the host.
  - 12. The apparatus according to claim 10, wherein the configuration information comprises authentication-related configuration information.
  - 13. The apparatus according to claim 12, wherein the configuration information comprises information about at least one authentication source.
  - 14. The apparatus according to claim 12, wherein the configuration information comprises configuration information for at least one Pluggable Authentication Module (PAM).
  - 15. The apparatus according to claim 10, wherein the configuration information comprises a Pluggable Authentication Module (PAM) implementing authentication and/or an executable file.
  - 16. The apparatus according to claim 10, configured to provide a virtualized environment wherein a kernel is shared by a plurality of virtual data processing instances.

17. A non-transitory computer readable media comprising program code for causing an apparatus operable to provide a virtual data processing instance in a virtualized environment wherein a computing resource can be shared by a plurality of virtual data processing instances and comprising a processor to perform instructions for:
- initiating provisioning of a host;
  
  connecting the host to a management system for host initiated enrolment of the virtual data processing instance in the management system based on information received via a communication network from a provisioning system;
  
  authenticating the host to the management system using credentials received by the host via the communication network from the provisioning system;
  
  receiving, in response to the host initiated enrolment of the virtual data processing instance in the management system and by the authenticated host via the communication network, configuration information from the management system; and
  
  installing the received configuration information to the host to create the virtual data processing instance in the virtualized environment.

18. A management system comprising:
- one or more processors; and
  
  memory storing executable instructions that, when executed by the one or more processors, cause the management system to;
  
  provide a provisioning system via a communication network with credential information for use in authentication of a host to be provisioned for host initiated enrolment of a virtual data processing entity in the management system, wherein the host comprises a computing resource that can be shared by a plurality of virtual data processing instances in a virtualized environment and the provisioning system is for provisioning virtual data processing instances in the virtualized environment;
  
  receive, via the communication network, valid authentication from the host based on credentials installed on the host via the communication network by the provisioning system;
  
  determine configuration information for the host; and
  
  send the configuration information via the communication network to the host to be provisioned in response to the host initiated enrolment of the virtual data processing entity in the management system.
- View Dependent Claims (19, 20)
- - 19. The management system according to claim 18, wherein a virtual data processing instance is provided by a kernel shared by the plurality of virtual data processing instances.
  - 20. The management system according to claim 18, wherein the configuration information comprises information of authentication credentials for future authentication to the management system or contents for at least configuration file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SSH Communications Security Oyj
Original Assignee
SSH Communications Security Oyj
Inventors
Ylonen, Tatu J.
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/296,365
Publication Number

US 20170041349A1
Time in Patent Office

742 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

H04L 61/4523   using lightweight directory...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321 : involving a third party or ...

H04L 9/3263 : involving certificates, e.g...

H04L 9/3268 : using certificate validatio...

View All

Installing configuration information on a host

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Installing configuration information on a host

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links