SECURE OUT-OF-BAND MANAGEMENT OF COMPUTING DEVICES OVER A COMMUNICATIONS NETWORK

US 20120079566A1
Filed: 09/25/2010
Published: 03/29/2012
Est. Priority Date: 09/25/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method on a computer system for facilitating management of virtual machines in a private data center over a communications network, comprising:

receiving, by a first computer in the private data center, a request via the communications network from a user for access to a subset of a plurality of virtual machines in the private data center;

executing a first authentication process by proxy between the user and the first computer;

executing a second authentication process by proxy between the user and a second computer at the private data center;

establishing a secure, out-of-band connection between the user and the subset of the plurality of virtual machines in the private data network; and

restricting access of the user to the subset of the plurality of virtual machines according to permissions associated with the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method on a computer system for facilitating management of virtual machines in a private data center over a communications network can be provided. The method can include receiving, by a first computer in the private data center, a request via the communications network from a user for access to a subset of a plurality of virtual machines in the private data center. The method can further include executing a first authentication process by proxy between the user and the first computer and executing a second authentication process by proxy between the user and a second computer at the private data center. The method can further include establishing a secure, out-of-band connection between the user and the subset of the plurality of virtual machines in the private data network and restricting access of the user to the subset of the plurality of virtual machines according to permissions associated with the user.

Citations

18 Claims

1. A method on a computer system for facilitating management of virtual machines in a private data center over a communications network, comprising:
- receiving, by a first computer in the private data center, a request via the communications network from a user for access to a subset of a plurality of virtual machines in the private data center;
  
  executing a first authentication process by proxy between the user and the first computer;
  
  executing a second authentication process by proxy between the user and a second computer at the private data center;
  
  establishing a secure, out-of-band connection between the user and the subset of the plurality of virtual machines in the private data network; and
  
  restricting access of the user to the subset of the plurality of virtual machines according to permissions associated with the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of executing a first authentication process further comprises:
    - sending, by the first computer, a request for credentials from the user;
      
      receiving and verifying, by the first computer, credentials provided by the user;
      
      reading, by the first computer, an IP address of the user'"'"'s computer; and
      
      opening one or more specified TCP ports on the first computer for sole use by packets received from the IP address of the user'"'"'s computer.
  - 3. The method of claim 2, wherein the step of executing a second authentication process further comprises:
    - sending, by the second computer, a request for credentials from the user;
      
      receiving and verifying, by the second computer, credentials provided by the user;
      
      verifying, by the second computer, a presence of a profile associated with the user based on the credentials provided by the user; and
      
      accessing, by the second computer, the profile associated with the user, wherein the profile includes permissions of the user in relation to the subset of the plurality of virtual machines in the private data center.
  - 4. The method of claim 3, further comprising:
    - monitoring IP packets exchanged between the user'"'"'s computer and the subset of the plurality of virtual machines in the private data center; and
      
      comparing the IP packets that were monitored against a set of signatures identifying intrusion activity so as to identify intrusion activity in the connection between the user'"'"'s computer and the subset of the plurality of virtual machines in the private data center.
  - 5. The method of claim 4, further comprising:
    - restricting each of the plurality of virtual machines from providing access to data and processing to other virtual machines, so as to further segregate routed network space and provide bandwidth management capabilities for each virtual machine of the plurality of virtual machines from others.
  - 6. The method of claim 5, wherein the step of restricting each of the plurality of virtual machines further comprises:
    - providing bandwidth management capabilities for each virtual machine of the plurality of virtual machines according to an amount of bandwidth required by the plurality of virtual machines.

7. A computer system for facilitating management of virtual machines in a private data center over a communications network, comprising:
- a first computer in the private data center, the first computer configured for receiving a request via the communications network from a user for access to a subset of the plurality of virtual machines in the private data center and executing a first authentication process by proxy with the user;
  
  a second computer in the private data center, the second computer configured for executing a second authentication process by proxy with the user; and
  
  a server in the private data center, the server configured for establishing a secure, out-of-band connection between the user and the subset of the plurality of virtual machines in the private data network and restricting access of the user to the subset of the plurality of virtual machines according to permissions associated with the user.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7, wherein the step of executing, by the first computer, a first authentication process further comprises:
    - sending a request for credentials from the user;
      
      receiving and verifying credentials provided by the user;
      
      reading an IP address of the user'"'"'s computer; and
      
      opening one or more specified TCP ports on the first computer for sole use by packets received from the IP address of the user'"'"'s computer.
  - 9. The computer system of claim 8, wherein the step of executing, by the second computer, a second authentication process further comprises:
    - sending a request for credentials from the user;
      
      receiving and verifying credentials provided by the user;
      
      verifying a presence of a profile associated with the user based on the credentials provided by the user; and
      
      accessing the profile associated with the user, wherein the profile includes permissions of the user in relation to the subset of the plurality of virtual machines in the private data center.
  - 10. The computer system of claim 9, wherein the server is further configured for:
    - monitoring IP packets exchanged between the user'"'"'s computer and the subset of the plurality of virtual machines in the private data center; and
      
      comparing the IP packets that were monitored against a set of signatures identifying intrusion activity so as to identify intrusion activity in the connection between the user'"'"'s computer and the subset of the plurality of virtual machines in the private data center.
  - 11. The computer system of claim 10, further comprising a third computer configured for:
    - restricting each of the plurality of virtual machines from providing access to data and processing to other virtual machines, so as to further segregate routed network space and provide bandwidth management capabilities for each virtual machine of the plurality of virtual machines from others.
  - 12. The computer system of claim 11, wherein the third computer is further configured for:
    - providing bandwidth management capabilities for each virtual machine of the plurality of virtual machines according to an amount of bandwidth required by the plurality of virtual machines.

13. A computer program product comprising a computer usable medium embodying computer usable program code for facilitating management of virtual machines in a private data center over a communications network, the computer program product comprising:
- computer usable program code on a first computer in the private data center for receiving a request via the communications network from a user for access to a plurality of virtual machines in the private data center and executing a first authentication process by proxy between the user and the first computer;
  
  computer usable program code on a second computer in the private data center for executing a second authentication process by proxy between the user and the second computer; and
  
  computer usable program code on a server for establishing a secure, out-of-band connection between the user and the plurality of virtual machines in the private data network and restricting access of the user to the plurality of virtual machines according to permissions associated with the user.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein the computer usable program code on the first computer further comprises:
    - computer usable program code for sending a request for credentials from the user, receiving and verifying credentials provided by the user, reading an IP address of the user'"'"'s computer and opening one or more specified TCP ports on the first computer for sole use by packets received from the IP address of the user'"'"'s computer.
  - 15. The computer program product of claim 14, wherein the computer usable program code on the second computer further comprises:
    - computer usable program code for sending a request for credentials from the user, receiving and verifying credentials provided by the user, verifying a presence of a profile associated with the user based on the credentials provided by the user and accessing the profile associated with the user, wherein the profile includes permissions of the user in relation to the plurality of virtual machines in the private data center.
  - 16. The computer program product of claim 15, wherein the computer usable program code on the server further comprises:
    - computer usable program code for monitoring IP packets exchanged between the user'"'"'s computer and the plurality of virtual machines in the private data center and comparing the IP packets that were monitored against a set of signatures identifying intrusion activity so as to identify intrusion activity in the connection between the user'"'"'s computer and the plurality of virtual machines in the private data center.
  - 17. The computer program product of claim 16, further comprising:
    - computer usable program code on a third computer for restricting each of the plurality of virtual machines from providing access to data and processing to other virtual machines, so as to further segregate routed network space and provide bandwidth management capabilities for each virtual machine of the plurality of virtual machines from others.
  - 18. The computer program product of claim 17, wherein the computer usable program code on the third computer is further configured for providing bandwidth management capabilities for each virtual machine of the plurality of virtual machines according to an amount of bandwidth required by the plurality of virtual machines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Broadbandone, Inc.
Original Assignee
Broadbandone, Inc.
Inventors
Barranco, Roger L., Slapp, Jeffrey

Application Number

US12/890,622
Publication Number

US 20120079566A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/55   Detecting local intrusion o...

H04L 63/0884   by delegation of authentica...

H04L 63/18   using different networks or...

SECURE OUT-OF-BAND MANAGEMENT OF COMPUTING DEVICES OVER A COMMUNICATIONS NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE OUT-OF-BAND MANAGEMENT OF COMPUTING DEVICES OVER A COMMUNICATIONS NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links