Application deployment and monitoring in a cloud environment to satisfy integrity and geo-fencing constraints
First Claim
1. A computer-implemented method for deploying an application on a cloud environment satisfying integrity and geo-fencing constraints, the method comprising:
- receiving a guest application for deployment on a cloud environment;
receiving the integrity constraints on the integrity of each of a plurality of hosts where the application is to be deployed;
receiving geo-fencing constraints identifying a geographic location where the guest application is to be deployed;
verifying integrity of at least one of the plurality of hosts based at least in part on the integrity constraints by receiving a checksum from a trusted platform module (TPM) and a virtual TPM for each of the plurality of hosts, decrypting the checksum, verifying the checksum by comparing the decrypted checksum against a checksum received from a digital signature associated with the guest application, and certifying results of the comparison of the decrypted checksum against a checksum received from the digital signature associated with the guest application by signing the results with a private key;
determining for which of the plurality of hosts the integrity constraints and the geo-fencing constraints are satisfied;
deploying the guest application on at least one of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints, the guest application being specified as a workload pattern of virtual machines and interconnections between them;
performing monitoring of a deployed workload pattern at execution time to mitigate against integrity modifications;
detecting an integrity violation of the deployed workload pattern; and
responsive to detecting the integrity violation, initiating a corrective action, the corrective action comprising destroying the deployed workload pattern on the at least one of the plurality of hosts to which the workload pattern was deployed and redeploying the workload pattern to another of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints.
1 Assignment
0 Petitions
Accused Products
Abstract
Examples of techniques for deploying an application on a cloud environment satisfying integrity and geo-fencing constraints are disclosed herein. A computer implemented method may include: receiving a guest application for deployment on a cloud environment; receiving the integrity constraints on the integrity of each of the plurality of host where the application is to be deployed; receiving geo-fencing constraints identifying a geographic location where the guest application is to be deployed; determining for which of the plurality of hosts the integrity constraints and the geo-fencing constraints are satisfied; and deploying the guest application on at least one of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints.
25 Citations
12 Claims
-
1. A computer-implemented method for deploying an application on a cloud environment satisfying integrity and geo-fencing constraints, the method comprising:
-
receiving a guest application for deployment on a cloud environment; receiving the integrity constraints on the integrity of each of a plurality of hosts where the application is to be deployed; receiving geo-fencing constraints identifying a geographic location where the guest application is to be deployed; verifying integrity of at least one of the plurality of hosts based at least in part on the integrity constraints by receiving a checksum from a trusted platform module (TPM) and a virtual TPM for each of the plurality of hosts, decrypting the checksum, verifying the checksum by comparing the decrypted checksum against a checksum received from a digital signature associated with the guest application, and certifying results of the comparison of the decrypted checksum against a checksum received from the digital signature associated with the guest application by signing the results with a private key; determining for which of the plurality of hosts the integrity constraints and the geo-fencing constraints are satisfied; deploying the guest application on at least one of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints, the guest application being specified as a workload pattern of virtual machines and interconnections between them; performing monitoring of a deployed workload pattern at execution time to mitigate against integrity modifications; detecting an integrity violation of the deployed workload pattern; and responsive to detecting the integrity violation, initiating a corrective action, the corrective action comprising destroying the deployed workload pattern on the at least one of the plurality of hosts to which the workload pattern was deployed and redeploying the workload pattern to another of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for deploying an application on a cloud environment satisfying integrity and geo-fencing constraints, the system comprising:
a processor in communication with one or more types of memory, the processor configured to; receive a guest application for deployment on a cloud environment; receive the integrity constraints on the integrity of each of the plurality of host where the application is to be deployed; receive geo-fencing constraints identifying a geographic location where the guest application is to be deployed; verify integrity of at least one of the plurality of hosts based at least in part on the integrity constraints by receiving a checksum from a trusted platform module (TPM) and a virtual TPM for each of the plurality of hosts, decrypting the checksum, verifying the checksum by comparing the decrypted checksum against a checksum received from a digital signature associated with the guest application, and certifying results of the comparison of the decrypted checksum against a checksum received from the digital signature associated with the guest application by signing the results with a private key; determine for which of the plurality of hosts the integrity constraints and the geo-fencing constraints are satisfied; deploy the guest application on at least one of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints, the guest application being specified as a workload pattern of virtual machines and interconnections between them; perform monitoring of a deployed workload pattern at execution time to mitigate against integrity modifications; detect an integrity violation of the deployed workload pattern; and responsive to detecting the integrity violation, initiate a corrective action, the corrective action comprising destroying the deployed workload pattern on the at least one of the plurality of hosts to which the workload pattern was deployed and redeploying the workload pattern to another of the plurality of hosts that satisfy the integrity constraints and the geo-fencing constraints. - View Dependent Claims (9, 10, 11, 12)
Specification