METHOD AND APPARATUS FOR SETTING A SECURE COMMUNICATION PATH BETWEEN VIRTUAL MACHINES

US 20100058051A1
Filed: 08/24/2009
Published: 03/04/2010
Est. Priority Date: 09/02/2008
Status: Abandoned Application

First Claim

Patent Images

1. A computer readable recording medium storing instructions for allowing a computer system to execute a procedure setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, the procedure comprising:

providing business software that is operated by executing one or more task programs each provided for a virtual machine;

providing each of the set of servers with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers;

classifying the one or more task programs into task classes according to a type of a function to be realized thereby;

providing task connection information including information on whether a communication path is needed or not between each pair of task classes, and encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed;

selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed;

providing the selected first server with a first task program belonging to a first task class for handling a part of process to be operated by the business software;

starting up a first guest operating system provided for the first server, so as to make the first task program ready to be executed;

selecting, from among the set of servers, a second server with which the first task program is to communicate, on the basis of the task connection information;

determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information;

setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server; and

setting a secure communication path between the first guest operating system and a second guest operating system provided for the second server by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communication path is set between virtual machines each arranged within one of a set of servers in a network. There is provided business software operated by executing one or more task programs each provided for a virtual machine, and each server is provided with, as a virtual machine, a guest operating system controlled by a host operating system. The one or more task programs are classified into task classes according to a type of a function to be realized, and there is provided task connection information indicating whether a communication path is needed or not between each pair of task classes. Then, a secure communication path between a pair of guest operating systems is set by setting virtual network connection information to a pair of host operating systems corresponding to the pair of guest operating systems, on the basis of the task connection information.

Citations

12 Claims

1. A computer readable recording medium storing instructions for allowing a computer system to execute a procedure setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, the procedure comprising:
- providing business software that is operated by executing one or more task programs each provided for a virtual machine;
  
  providing each of the set of servers with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers;
  
  classifying the one or more task programs into task classes according to a type of a function to be realized thereby;
  
  providing task connection information including information on whether a communication path is needed or not between each pair of task classes, and encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed;
  
  selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed;
  
  providing the selected first server with a first task program belonging to a first task class for handling a part of process to be operated by the business software;
  
  starting up a first guest operating system provided for the first server, so as to make the first task program ready to be executed;
  
  selecting, from among the set of servers, a second server with which the first task program is to communicate, on the basis of the task connection information;
  
  determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information;
  
  setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server; and
  
  setting a secure communication path between the first guest operating system and a second guest operating system provided for the second server by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs.
- View Dependent Claims (2, 3, 4)
- - 2. The computer readable recording medium of claim 1, wherein the procedure further comprisesproviding a task management table for storing, in association with a task class, a server identifier identifying a server executing a task program belonging to the task class, whereina server executing a second task program belonging to a second task class with which the first task program is to communicate, is selected as the second server on the basis of the task connection information and the task management table, andit is determined that an encryption of transmission data between the first server and the second server is needed when it is determined that an encryption of transmission data is needed between the first task class including the first task program and the second task class including the second task program on the basis of the encryption information.
  - 3. The computer readable recording medium of claim 1, wherein the procedure further comprisesproviding a server management table storing an encryption system identifier identifying an encryption system and an encryption key corresponding to the encryption system in association with each server included in the set of servers, whereindata to be transmitted to a server included in the set of servers is encrypted by using an encryption system and an encryption key that are associated with the server in the server management table.
  - 4. The computer readable recording medium of claim 3, wherein, in an entry of the server management table, a public key is stored as an encryption key when an encryption system of the entry is a public key system, and a secret key is stored as an encryption key when an encryption system of the entry is a secret key system.

5. A method for setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, the method comprising:
- providing business software that is operated by executing one or more task programs each provided for a virtual machine;
  
  providing each of the set of servers with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers;
  
  classifying the one or more task programs into task classes according to a type of a function to be realized thereby;
  
  providing task connection information including information on whether a communication path is needed or not between each pair of task classes, and encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed;
  
  selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed;
  
  providing the selected first server with a first task program belonging to a first task class for handling a part of process to be operated by the business software;
  
  starting up a first guest operating system provided for the first server, so as to make the first task program ready to be executed;
  
  selecting, from among the servers in which the one or more task program are executed, a second server with which the first task program is to communicate, on the basis of the task connection information;
  
  determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information;
  
  setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server; and
  
  setting a secure communication path between the first guest operating system and a second guest operating system provided for the second server by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, further comprisingproviding a task management table for storing, in association with a task class, a server identifier identifying a server executing a task program belonging to the task class, whereina server executing a second task program belonging to a second task class with which the first task program is to communicate, is selected as the second server on the basis of the task connection information and the task management table, andit is determined that an encryption of transmission data between the first server and the second server is needed when it is determined that an encryption of transmission data is needed between the first task class including the first task program and the second task class including the second task program on the basis of the encryption information.
  - 7. The method of claim 5, further comprisingproviding a server management table storing an encryption system identifier identifying an encryption system and an encryption key corresponding to the encryption system, in association with each server included in the set of servers, whereindata to be transmitted to a server included in the set of servers is encrypted by using an encryption system and an encryption key that are associated with the server in the server management table.
  - 8. The method of claim 7, wherein, in an entry of the server management table, a public key is stored as an encryption key when an encryption system of the entry is a public key system, and a secret key is stored as an encryption key when an encryption system of the entry is a secret key system.

9. An apparatus for setting a secure communication path between virtual machines each arranged within a server included in a set of servers in a network, wherein there is provided business software that is operated by executing one or more task programs each provided for a virtual machine, and each of the set of servers is provided with, as a virtual machine, a guest operating system controlled by a host operating system thereof, the guest operating system executing a task program that handles a part of process to be operated by the business software, the host operating system controlling a secure communication between the guest operating system and another server included in the set of servers, the one or more task programs being classified into task classes according to a type of a function to be realized thereby, the apparatus comprising:
- a connection plan table including task connection information and encryption information, the task information including information on whether a communication path is needed or not between each pair of task classes, the encryption information including information on whether an encryption of transmission data is needed or not between each pair of task classes between which a communication path is needed;
  
  a startup instruction accepting module for selecting, from among the set of servers, a first server different from servers in which the one or more task program are executed, wherein the selected first server is provided with a first task program belonging to a first task class for handling a part of process to be operated by the business software;
  
  a guest OS startup module for starting up a first guest operating system provided for the selected first server, so as to make the first task program ready to be executed;
  
  a connection plan determining module for selecting, from among the servers in which the one or more task program are executed, a second server with which the first task program is to communicate, on the basis of the task connection information, and determining whether an encryption of transmission data is needed or not between the first task program and the selected second server, on the basis of the encryption information;
  
  a connection setting module for setting encryption setting information to both a first host operating system provided for the first server and a second host operating system provided for the second server when it is determined that an encryption of transmission data is needed between the first task program and the selected second server, wherein a secure communication path between the first guest operating system and a second guest operating system provided for the second server is set by setting virtual network connection information to both the first and second host operating systems, so as to operate the business software by executing the first task program as well as the one or more task programs.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus of claim 9, further comprisinga task management table for storing, in association with a task class, a server identifier identifying a server executing a task program belonging to the task class, whereina server executing a second task program belonging to a second task class with which the first task program is to communicate, is selected as the second server, on the basis of the task connection information and the task management table, andit is determined that encryption of transmission data between the first server and the second server is needed when it is determined that an encryption of transmission data is needed between the first task class including the first task program and the second task class including the second task program on the basis of the encryption information.
  - 11. The apparatus of claim 9, further comprisinga server management table for storing an encryption system identifier identifying an encryption system and an encryption key corresponding to the encryption system, in association with each server included in the set of servers, whereindata to be transmitted to a server included in the set of servers is encrypted by using an encryption system and an encryption key that are associated with the server in the server management table.
  - 12. The apparatus of claim 11, wherein, in an entry of the server management table, a public key is stored as an encryption key when an encryption system of the entry is a public key system, and a secret key is stored as an encryption key when an encryption system of the entry is a secret key system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Imai, Yuji

Application Number

US12/546,296
Publication Number

US 20100058051A1
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

G06F 9/45537   Provision of facilities of ...

H04L 63/0272   Virtual private networks

H04L 67/1001   for accessing one among a p...

H04L 67/1014   based on the content of a r...

METHOD AND APPARATUS FOR SETTING A SECURE COMMUNICATION PATH BETWEEN VIRTUAL MACHINES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SETTING A SECURE COMMUNICATION PATH BETWEEN VIRTUAL MACHINES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links