Secure virtualized servers

US 10,171,445 B2
Filed: 06/30/2016
Issued: 01/01/2019
Est. Priority Date: 06/30/2016
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure access to physical resources via a partitionable virtual input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the method comprising:

receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;

accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;

receiving, from the Kerberos server, a valid ticket,granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may be configured to provide secure access to a physical resource through the use of a partitionable virtual input/output server in a virtualized environment. A server may receive a request to access the physical resources from a cloud tenant administrator. The cloud tenant may be assigned to a particular working load partition (WPAR), and the physical resources may be assigned to the particular WPAR. A remote Kerberos server may be accessed in response to the request. The Kerberos server may be hosted in a private domain, and it may be used to authenticate access to the physical resource. The server may receive a valid ticket from the Kerberos server. The administrator may be granted access to the physical resources via access to the WPAR, based on the valid ticket and for the lifetime of the ticket.

15 Citations

18 Claims

1. A method for providing secure access to physical resources via a partitionable virtual input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the method comprising:
- receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;
  
  accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
  
  receiving, from the Kerberos server, a valid ticket,granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the particular WPAR is assigned a set of clients and a set of physical resources, wherein the physical resources are included in the set of physical resources assigned to the particular WPAR.
  - 3. The method of claim 1, wherein the remote Kerberos server is hosted locally by the cloud tenant.
  - 4. The method of claim 1, wherein the administrator is a verified user of a cloud tenant account, wherein the cloud tenant account has been assigned to the cloud tenant.
  - 5. The method of claim 1, wherein the remote Kerberos server is hosted by a third-party.
  - 6. The method of claim 2, wherein the set of physical resources comprise server hardware.

7. A system for providing secure access to physical resources via a partitionable virtual input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the system comprising:
- a computer readable storage medium with program instructions stored thereon; and
  
  one or more processors configured to execute the program instructions to perform a method comprising;
  
  receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resource are assigned to the particular WPAR;
  
  accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
  
  receiving, from the Kerberos server, a valid ticket,granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the particular WPAR is assigned a set of clients and a set of physical resources, wherein the physical resources are included in the set of physical resources assigned to the particular WPAR.
  - 9. The system of claim 7, wherein the remote Kerberos server is hosted locally by the cloud tenant.
  - 10. The system of claim 7, wherein the administrator is a verified user of a cloud tenant account, wherein the cloud tenant account has been assigned to the cloud tenant.
  - 11. The system of claim 7, wherein the remote Kerberos server is hosted by a third-party.
  - 12. The system of claim 8, wherein the set of physical resources comprise server hardware.

13. A computer program product for providing secure access to physical resources via a partitionable input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a computer processing circuit to cause the circuit to perform the method comprising:
- receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;
  
  accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
  
  receiving, from the Kerberos server, a valid ticket,granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein the particular WPAR is assigned a set of clients and a set of physical resources, wherein the physical resources are included in the set of physical resources assigned to the particular WPAR.
  - 15. The computer program product of claim 13, wherein the remote Kerberos server is hosted locally by the cloud tenant.
  - 16. The computer program product of claim 13, wherein the administrator is a verified user of a cloud tenant account, wherein the cloud tenant account has been assigned to the cloud tenant.
  - 17. The computer program product of claim 13, wherein the remote Kerberos server is hosted by a third-party.
  - 18. The computer program product of claim 14, wherein the set of physical resources comprise server hardware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Jain, Chethan, Ward, Maria R.
Primary Examiner(s)
Jhaveri, Jayesh M

Application Number

US15/198,270
Publication Number

US 20180007031A1
Time in Patent Office

915 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/53   by executing in a restricte...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/4856   resumption being on a diffe...

G06F 9/50   Allocation of resources, e....

G06F 9/5061   Partitioning or combining o...

G06F 9/5077   Logical partitioning of res...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

Secure virtualized servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure virtualized servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links