Automatic domain join for virtual machine instances
First Claim
1. A computer-implemented method, comprising:
- receiving, at a computing resource service provider separate from a requesting device, a request from a user associated with the requesting device to launch a virtual machine instance to be joined to a directory, the directory including a directory domain controller;
processing, by the computing resource service provider, the request to determine configuration information associated with the directory;
storing, by the computing resource service provider, the configuration information;
obtaining, at the computing resource service provider, a temporary set of credentials generated by launching the virtual machine instance;
authenticating, by the directory domain controller, that the user is authorized to join the directory based on the temporary set of credentials;
transmitting, by the computing resource service provider, a command to the directory domain controller to create a computer account corresponding to the directory; and
causing, by the directory domain controller, the virtual machine instance to join the directory based at least in part on the configuration information and authentication of the temporary set of credentials generated by the virtual machine instances.
1 Assignment
0 Petitions
Accused Products
Abstract
A customer submits a request to a virtual computer system service to launch a virtual machine instance and to join this instance to a managed directory. The service may obtain, from the customer, a domain name and Internet Protocol addresses for the selected directory, which is then stored within a systems management server. When launched, the instance may initiate an agent, which may communicate with the systems management server to obtain the configuration information. The agent may use this configuration information to establish a communications channel with the managed directory and create a temporary set of computer credentials that may be used to verify that the customer is authorized to join the virtual machine instance to the managed directory. If the credentials are valid, the managed directory may generate a computer account within the managed directory, which may be used to join the virtual machine instance to the managed directory.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, at a computing resource service provider separate from a requesting device, a request from a user associated with the requesting device to launch a virtual machine instance to be joined to a directory, the directory including a directory domain controller; processing, by the computing resource service provider, the request to determine configuration information associated with the directory; storing, by the computing resource service provider, the configuration information; obtaining, at the computing resource service provider, a temporary set of credentials generated by launching the virtual machine instance; authenticating, by the directory domain controller, that the user is authorized to join the directory based on the temporary set of credentials; transmitting, by the computing resource service provider, a command to the directory domain controller to create a computer account corresponding to the directory; and causing, by the directory domain controller, the virtual machine instance to join the directory based at least in part on the configuration information and authentication of the temporary set of credentials generated by the virtual machine instances. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system, comprising:
-
one or more processors; and memory storing therein instructions that, as a result of being executed by the one or more processors, cause the computer system to; receive, from a user of a computing device separate from the computer system, a request to launch and join a virtual machine instance to a directory, the directory managed by a directory domain controller; process, by the computer system, the request by at least obtaining configuration information associated with the directory; store the configuration information in association with the virtual machine instance; launch the virtual machine instance; obtain a temporary set of credentials generated by the virtual machine instance; authenticate, using the directory domain controller, that the user is authorized to join the directory based at least in part on the generated temporary set of credentials; cause an account for the virtual machine instance to be generated based on authenticating the temporary set of credentials generated by the virtual machine instance; and cause the account of the virtual machine instance to be associated with the directory based at least in part on the configuration information and authentication of the temporary set of credentials. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, at a virtual computing system service of a computing resource service provider, a first request from a user to launch a virtual machine instance to be joined to a directory, the directory associated with a directory domain controller; transmit, to a server separate from the virtual computing system service, a second request to obtain configuration information associated with the directory; receive, from the server, the configuration information; launch, by the virtual computing system service, the virtual machine instance; transmit, to the server, a temporary set of credentials generated by an automated agent within the virtual machine instance; authenticate, using the directory domain controller, that the user is authorized to join the directory based at least in part on the temporary set of credentials; cause an account for the virtual machine instance to be generated as a result of authenticating the temporary set of credentials; and use the configuration information and the temporary set of credentials generated by the automated agent to join the virtual machine instance to the directory. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification