TRUSTED PLATFORM MODULE (TPM) ASSISTED DATA CENTER MANAGEMENT
First Claim
1. A machine-implemented method, comprising:
- initiating a physical processing environment configured for hosting virtual processing environments associated with virtual machines on a physical device;
receiving from the physical device a trusted platform module (TPM) remote attestation for a configuration of the physical processing environment on the physical device; and
supplying identifying information back to the physical device and the physical processing environment in response to the TPM remote attestation, wherein the physical device and the physical processing environment subsequently use the identifying information to authenticate to and securely interact with a data center.
16 Assignments
0 Petitions
Accused Products
Abstract
Techniques for trusted platform module (TPM) assisted data center management are provided. A data center registers TPM remote attestations for physical processing environments of physical devices within a data center. Each time a physical processing environment is established; a new TPM remote attestation is generated and validated against the registered TPM remote attestation. Additionally, during registration other identifying information is supplied to the physical processing environments that permit each physical processing environment to be authenticated, validated, and controlled via unique identities. Inter-data center communication is established for sharing virtual processing environments and administrative operations are authenticated within each of the data centers perform any administrative operation is permitted to process within a particular data center.
143 Citations
25 Claims
-
1. A machine-implemented method, comprising:
-
initiating a physical processing environment configured for hosting virtual processing environments associated with virtual machines on a physical device; receiving from the physical device a trusted platform module (TPM) remote attestation for a configuration of the physical processing environment on the physical device; and supplying identifying information back to the physical device and the physical processing environment in response to the TPM remote attestation, wherein the physical device and the physical processing environment subsequently use the identifying information to authenticate to and securely interact with a data center. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-implemented method, comprising:
-
receiving a request to initiate a virtual processing environment for a virtual machine within a physical processing environment installed on a physical device of a local data center; validating a remote data center signature associated with the virtual processing environment; and configuring the virtual processing environment and the virtual machine for installation and initiation on the physical device of the local data center. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A machine-implemented method, comprising:
-
registering a trusted platform module (TPM) attestation for an administrative processing environment that controls and administers physical processing environments of a data center and virtual processing environments that run within those physical processing environments of the data center; and verifying the TPM attestation for an administrative operation initiated on or against the physical or virtual processing environments within the data center to authenticate the administrative operation before that administrative operation is processed within the data center. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A machine-implemented system, comprising
a data center registration service implemented in a computer-readable storage medium and to process on a network; - and
an identity service implemented in a computer-readable storage medium and to process on the network; wherein data center registration service is to register a trusted platform module (TPM) remote attestation received from a physical processing environment of a physical device when that physical processing environment is initiated on the physical device, and wherein during initiation the physical processing environment interacts with the identity service to acquire identifying information that is subsequently at least partially used by the physical processing environment in combination with the TPM remote attestation to authenticate to and interact with a data center to receive commands, data, and virtual processing environments that execute within the physical processing environment as virtual machines. - View Dependent Claims (22, 23, 24, 25)
- and
Specification