METHODS AND SYSTEMS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO A COMPUTING ENVIRONMENT PROVIDED BY A VIRTUAL MACHINE

US 20070179955A1
Filed: 01/18/2007
Published: 08/02/2007
Est. Priority Date: 01/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method for providing authorized remote access to a computing environment provided by a virtual machine, the method comprising:

(a) requesting, by a client machine, access to a resource;

(b) gathering, by a collection agent, information about the client machine;

(c) receiving, by a policy engine, the gathered information;

(d) making, by a policy engine, an access control decision based on the received information;

(e) identifying a computing environment already associated with the user in response to the received information, the identified computing environment provided by a virtual machine; and

(f) establishing, by a broker server responsive to the access control decision, a connection between the client machine and the identified computing environment.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing authorized remote access to a computing environment provided by a virtual machine, includes the step of requesting, by a client machine, access to a resource. A collection agent gathers information about the client machine. A policy engine receives the gathered information. The policy engine makes an access control decision based on the received information. A computing environment already associated with the user is identified in response to the received information, the identified computing environment provided by a virtual machine. A broker server establishes, responsive to the access control decision, a connection between the client machine and the identified computing environment.

508 Citations

25 Claims

1. A method for providing authorized remote access to a computing environment provided by a virtual machine, the method comprising:
- (a) requesting, by a client machine, access to a resource;
  
  (b) gathering, by a collection agent, information about the client machine;
  
  (c) receiving, by a policy engine, the gathered information;
  
  (d) making, by a policy engine, an access control decision based on the received information;
  
  (e) identifying a computing environment already associated with the user in response to the received information, the identified computing environment provided by a virtual machine; and
  
  (f) establishing, by a broker server responsive to the access control decision, a connection between the client machine and the identified computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein step (a) further comprises requesting the resource over a network connection.
  - 3. The method of claim 1, wherein step (b) further comprises gathering the information over a network connection.
  - 4. The method of claim 1, wherein step (b) further comprises gathering information by executing at least one script on the client machine.
  - 5. The method of claim 1, wherein step (d) further comprises determining if the received information satisfies a condition.
  - 6. The method of claim 5, further comprising determining if the received information satisfies a condition by comparing the received information to at least one condition.
  - 7. The method of claim 6, wherein step (d) further comprises making an access control decision by applying a policy to the condition.
  - 8. The method of claim 1, wherein step (e) comprises identifying, in response to the received information, a first computing environment and a second computing environment, the first and second computing environments already associated with the user.
  - 9. The method of claim 1, wherein step (e) comprises identifying, in response to the received information, a first computing environment executing on a first server and a second computing environment executing on a second server, the first and second computing environments already associated with the user.
  - 10. The method of claim 1, wherein step (e) further comprises identifying, in response to the received information, a computing environment already associated with the user, the identified computing environment comprising a first application session and identifying, in response to the received information, a second computing environment, already associated with the user and comprising a second application session.
  - 11. The method of claim 10, wherein the first application session executes on a first server and the second application session executes on a second server.
  - 12. The method of claim 1, wherein step (f) establishing, by a broker server, a connection between the client machine and the identified computing environment subject to a rule.
  - 13. The method of claim 1, further comprising the step of disconnecting, by the broker server, the client machine from the identified computing environment in response to receiving a disconnect signal.
  - 14. The method of claim 13, further comprising updating, by the broker server, at least one data record associated with the identified computing environment indicating that the client machine and the identified computing environment are disconnected.

15. A system for providing authorized remote access to a computing environment provided by a virtual machine, the system comprising:
- a collection agent gathering information about a client machine;
  
  a policy engine receiving the gathered information, making an access control decision based on the received information, and requesting an enumeration of computing environments associated with a user of the client machine, the request including the access control decision; and
  
  a broker server enumerating a computing environment associated with the client machine responsive to the access control decision, the enumerated computing environment provided by a virtual machine.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The system of claim 15, wherein the collection agent executes on the client machine.
  - 17. The system of claim 15, wherein the policy engine transmits the collection agent to the client machine.
  - 18. The system of claim 15, wherein the policy engine transmits instructions to the collection agent determining the type of information the collection agent gathers.
  - 19. The system of claim 15, wherein the policy engine makes an access control decision based on applying a policy to the gathered information.
  - 20. The system of claim 15, wherein the broker server enumerates a first computing environment and a second computing environment, the first and second computing environments already associated with the user.
  - 21. The system of claim 15, wherein the broker server enumerates a first computing environment executing on a first server and a second computing environment executing on a second server, the first and second computing environments already associated with the user.
  - 22. The system of claim 15, wherein the broker server further comprises enumerating an identified computing environment already associated with the user, the identified computing environment comprising a first application session, and enumerating a second computing environment already associated with the user and comprising a second application session.
  - 23. The system of claim 22, wherein the first application session executes on a first server and the second application session executes on a second server.
  - 24. The system of claim 15, wherein the broker server disconnects the client machine from the identified computing environment upon receipt of a disconnect signal.
  - 25. The system of claim 24, wherein the broker server updates a data record associated with the identified computing environment to indicate that the client machine and the identified computing environment are disconnected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Pedersen, Bradley, LOW, Anthony, MAZZAFERRI, Richard, CROFT, Richard, Robinson, David

Granted Patent

US 7,949,677 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/748   Hypervideo linking data to ...

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 2209/541   Client-server

G06F 2221/2149   Restricted operating enviro...

G06F 3/1415   with means for detecting di...

G06F 3/1438   using more than one graphic...

G06F 3/1462   with means for detecting di...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/485   Task life-cycle, e.g. stopp...

G06F 9/5027   the resource being a machin...

G06F 9/5055   considering software capabi...

G06F 9/5077   Logical partitioning of res...

G06F 9/5088   involving task migration

G06F 9/54   Interprogram communication

G09G 2354/00   Aspects of interface with d...

G09G 2370/16   Use of wireless transmissio...

G09G 2370/22   Detection of presence or ab...

G09G 5/006   Details of the interface to...

G09G 5/14 : Display of multiple viewports

H04L 63/0227 : Filtering policies mail mes...

H04L 63/0428 : wherein the data content is...

H04L 63/06 : for supporting key manageme...

H04L 63/08 : for authentication of entit...

H04L 63/10 : for controlling access to d...

H04L 63/102 : Entity profiles

H04L 63/105 : Multiple levels of security

H04L 67/02 : based on web technology, e....

H04L 67/08 : specially adapted for termi...

H04L 67/14 : Session management for real...

H04L 67/141 : Setup of application sessio...

H04L 67/303 : Terminal profiles

H04L 67/51 : Discovery or management the...

H04L 67/56 : Provisioning of proxy servi...

H04L 67/563 : Data redirection of data ne...

H04L 67/564 : Enhancement of application ...

H04L 67/568 : Storing data temporarily at...

H04L 67/59 : Providing operational suppo...

H04L 69/24 : Negotiation of communicatio...

View All

METHODS AND SYSTEMS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO A COMPUTING ENVIRONMENT PROVIDED BY A VIRTUAL MACHINE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

508 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR PROVIDING AUTHORIZED REMOTE ACCESS TO A COMPUTING ENVIRONMENT PROVIDED BY A VIRTUAL MACHINE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

508 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links