TECHNIQUES FOR SECURE ACCESS MANAGEMENT IN VIRTUAL ENVIRONMENTS
First Claim
1. A method implemented and residing within a non-transitory computer-readable storage medium that is executed by a processor, the processor configured to perform the method, comprising:
- receiving a virtual machine (VM) request from a portal;
instantiating a VM to be accessed at a dynamically created Internet Protocol (IP) address and at a dynamically created communication port number;
acquiring a secure token for a communication session to the VM; and
returning the IP address, the port number, and the secure token back to the portal for the portal to communicate to an identity service that dynamically generates policy to be enforced during the communication session, the identity service also providing the IP address, the port number, and the secure token to an authenticated principal to use during the communication session with the VM and the identity service provides the policy to a secure socket layer virtual private network (SSL VPN) server for the SSL VPN server to enforce the policy when the principal initiates the communication session with the VM via a SSL VPN connection through the SSL VPN.
16 Assignments
0 Petitions
Accused Products
Abstract
Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server).
308 Citations
20 Claims
-
1. A method implemented and residing within a non-transitory computer-readable storage medium that is executed by a processor, the processor configured to perform the method, comprising:
-
receiving a virtual machine (VM) request from a portal; instantiating a VM to be accessed at a dynamically created Internet Protocol (IP) address and at a dynamically created communication port number; acquiring a secure token for a communication session to the VM; and returning the IP address, the port number, and the secure token back to the portal for the portal to communicate to an identity service that dynamically generates policy to be enforced during the communication session, the identity service also providing the IP address, the port number, and the secure token to an authenticated principal to use during the communication session with the VM and the identity service provides the policy to a secure socket layer virtual private network (SSL VPN) server for the SSL VPN server to enforce the policy when the principal initiates the communication session with the VM via a SSL VPN connection through the SSL VPN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method implemented and residing within a computer-readable storage medium that is executed by a processor of a network to perform the method, comprising:
-
receiving a request for a secure socket layer virtual private network (SSL VPN) connection to a Virtual Machine (VM), the request received from a principal to establish a SSL VPN communication session with the VM; requesting an identity service to authenticate the request on behalf of the principal; obtaining policies from the identity service for enforcement during the SSL VPN communication session; connecting the principal to the VM via the SSL VPN communication session when the principal is authenticated, connection achieved via an Internet Protocol (IP) address and port number combination acquired with the request; and enforcing the policies during the SSL VPN communication session. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A multiprocessor-implemented system, comprising:
-
a portal server; an identity server; a cloud server; and a secure socket layer virtual private network (SSL VPN) server; wherein the portal server is configured to facilitate authenticating a principal via the identity server for access to a virtual machine (VM), the cloud server is configured to dynamically instantiate the VM at a specified Internet Protocol (IP) address and port number and the cloud server is configured to provide access to the VM during a SSL VPN session when a secure token is presented, the SSL VPN server is configured to interact with the identity server, the principal, and the cloud server to authenticate the principal and establish the SSL VPN session at the specified IP address and port number with the secure token. - View Dependent Claims (17, 18, 19, 20)
-
Specification