Single packet authorization in a cloud computing environment
First Claim
1. A compute node comprising:
- a virtual switch operating on at least a portion of a plurality of hardware resources of a cloud computing environment;
a virtual firewall;
a cloud workload executing a cloud service; and
a single packet authorization service;
wherein the virtual switchreceives a single packet authorization request from a single packet authorization client executing on a computing device external to and in communication with the cloud computing environment via a network, andforwards the single packet authorization request to the virtual firewall and to the single packet authorization service; and
wherein the virtual firewall denies the single packet authorization request in accordance with a firewall policy;
wherein the single packet authorization service utilizes a single packet authorization validation scheme to validate the single packet authorization request; and
wherein the virtual firewall implements a temporary firewall policy to allow incoming packets from the single packet authorization client and directed to the cloud service.
1 Assignment
0 Petitions
Accused Products
Abstract
Concepts and technologies disclosed herein are directed to single packet authorization (“SPA”) in a cloud computing environment. A compute node can include a virtual switch operating on at least a portion of a plurality of hardware resources of a cloud computing environment, a virtual firewall, a cloud workload executing a cloud service, and a SPA service. The virtual switch can receive a SPA request from a SPA client executing on a computing device. The virtual switch can forward the SPA request to the virtual firewall and to the SPA service. The virtual firewall can deny the SPA request in accordance with a firewall policy. The SPA service can utilize a SPA validation scheme to validate the SPA request. The virtual firewall can implement a temporary firewall policy to allow incoming packets from the SPA client and directed to the cloud service.
32 Citations
20 Claims
-
1. A compute node comprising:
-
a virtual switch operating on at least a portion of a plurality of hardware resources of a cloud computing environment; a virtual firewall; a cloud workload executing a cloud service; and a single packet authorization service; wherein the virtual switch receives a single packet authorization request from a single packet authorization client executing on a computing device external to and in communication with the cloud computing environment via a network, and forwards the single packet authorization request to the virtual firewall and to the single packet authorization service; and wherein the virtual firewall denies the single packet authorization request in accordance with a firewall policy; wherein the single packet authorization service utilizes a single packet authorization validation scheme to validate the single packet authorization request; and wherein the virtual firewall implements a temporary firewall policy to allow incoming packets from the single packet authorization client and directed to the cloud service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving, by a virtual switch operating on a compute node that, in turn, is operating on at least a portion of a plurality of hardware resources of a cloud computing environment, a single packet authorization request from a single packet authorization client executing on a computing device external to and in communication with the cloud computing environment via a network; forwarding, by the virtual switch, the single packet authorization request to a virtual firewall and to a single packet authorization service; denying, by the virtual firewall, the single packet authorization request in accordance with a firewall policy; utilizing, by the single packet authorization service, a single packet authorization validation scheme to validate the single packet authorization request; and implementing, by the virtual firewall, a temporary firewall policy to allow incoming packets from the single packet authorization client and directed to a cloud workload executing a cloud service within the compute node. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-readable storage medium having instructions stored thereon that, when executed by at least a portion of processing resources of a plurality of hardware resources of a cloud computing environment, cause the at least the portion of processing resources to perform operations comprising:
-
receiving, by a virtual switch, a single packet authorization request from a single packet authorization client executing on a computing device external to and in communication with the cloud computing environment via a network; forwarding, by the virtual switch, the single packet authorization request to a virtual firewall and to a single packet authorization service; denying, by the virtual firewall, the single packet authorization request in accordance with a firewall policy; utilizing, by the single packet authorization service, a single packet authorization validation scheme to validate the single packet authorization request; and implementing, by the virtual firewall, a temporary firewall policy to allow incoming packets from the single packet authorization client and directed to a cloud workload executing a cloud service within the compute node. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification