Secure data proxy for cloud computing environments
First Claim
1. An apparatus comprising:
- a plurality of host devices configured to support execution of applications on behalf of one or more tenants of cloud infrastructure; and
a secure data proxy implemented utilizing at least one of the host devices;
wherein the secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications;
wherein the data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure;
wherein the secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy; and
wherein the secure data proxy comprises a clustered secure data proxy implemented utilizing a cluster of proxy containers provided by respective ones of the host devices and wherein applications executing in respective application containers of respective ones of the host devices are each able to locally access the corresponding proxy container provided by that host device;
the host devices being implemented on at least one processing platform comprising a processor coupled to a memory.
3 Assignments
0 Petitions
Accused Products
Abstract
An apparatus in one embodiment comprises a plurality of host devices configured to support execution of applications on behalf of one or more tenants of cloud infrastructure. The apparatus further comprises a secure data proxy implemented utilizing at least one of the host devices. The secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications. The data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure. The secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy. The secure data proxy may be further configured to perform deduplication operations in conjunction with transfer of the data between the persistent storage and the non-persistent storage.
51 Citations
20 Claims
-
1. An apparatus comprising:
-
a plurality of host devices configured to support execution of applications on behalf of one or more tenants of cloud infrastructure; and a secure data proxy implemented utilizing at least one of the host devices; wherein the secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications; wherein the data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure; wherein the secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy; and wherein the secure data proxy comprises a clustered secure data proxy implemented utilizing a cluster of proxy containers provided by respective ones of the host devices and wherein applications executing in respective application containers of respective ones of the host devices are each able to locally access the corresponding proxy container provided by that host device; the host devices being implemented on at least one processing platform comprising a processor coupled to a memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
configuring a plurality of host devices to support execution of applications on behalf of one or more tenants of cloud infrastructure; and implementing a secure data proxy utilizing at least one of the host devices; wherein the secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications; wherein the data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure; wherein the secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy; and wherein the secure data proxy comprises a clustered secure data proxy implemented utilizing a cluster of proxy containers provided by respective ones of the host devices and wherein applications executing in respective application containers of respective ones of the host devices are each able to locally access the corresponding proxy container provided by that host device; the method being performed by at least one processing platform comprising a processor coupled to a memory. - View Dependent Claims (15, 16)
-
-
17. A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing platform comprising a processor coupled to a memory causes the processing platform:
-
to configure a plurality of host devices to support execution of applications on behalf of one or more tenants of cloud infrastructure; and to implement a secure data proxy utilizing at least one of the host devices; wherein the secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications; wherein the data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure; wherein the secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy; and wherein the secure data proxy comprises a clustered secure data proxy implemented utilizing a cluster of proxy containers provided by respective ones of the host devices and wherein applications executing in respective application containers of respective ones of the host devices are each able to locally access the corresponding proxy container provided by that host device. - View Dependent Claims (18, 19, 20)
-
Specification