Virtual Securty Zones for Data Processing Environments
First Claim
Patent Images
1. A computer program product for selectively providing security and network isolation of data processing environments, comprising:
- a computer readable storage medium;
first program instructions to define a number of security zones, wherein each of the number of security zones comprises a security policy defining access of each service instance that is a member of a security zone in the number of security zones;
second program instructions to associate a service instance as a member of a security zone, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources, wherein the data processing resource is selected from data processing resources that are part of a data center, data processing resources that are part of a private cloud, data processing resources that are part of a public cloud, or data processing resources that are part of a hybrid cloud comprising a number of public clouds and a number of private clouds; and
wherein the first program instructions and the second program instructions are stored on the computer readable storage medium.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus, and computer program product for providing security and network isolation for service instances comprising data processing resources provided as a service by a provider of data processing resources. Individual service instances may be associated as members of one or more security zones. The security zones comprise security policies that define access of each service instance that is a member of a security zone.
99 Citations
20 Claims
-
1. A computer program product for selectively providing security and network isolation of data processing environments, comprising:
-
a computer readable storage medium; first program instructions to define a number of security zones, wherein each of the number of security zones comprises a security policy defining access of each service instance that is a member of a security zone in the number of security zones; second program instructions to associate a service instance as a member of a security zone, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources, wherein the data processing resource is selected from data processing resources that are part of a data center, data processing resources that are part of a private cloud, data processing resources that are part of a public cloud, or data processing resources that are part of a hybrid cloud comprising a number of public clouds and a number of private clouds; and wherein the first program instructions and the second program instructions are stored on the computer readable storage medium. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing security and network isolation for data processing environments, comprising:
associating, by a processor unit, a service instance as a member of a security zone, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources and wherein the security zone comprises a security policy defining access of each service instance that is a member of the security zone. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. An apparatus, comprising:
a processor unit configured to associate a service instance as a member of a security zone, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources and wherein the security zone comprises a security policy defining access of each service instance that is a member of the security zone. - View Dependent Claims (14, 15, 16, 17, 18)
-
19. A method for selectively providing security and network isolation for data processing environments, comprising:
-
defining, by a processor unit, a service instance as a member of a number of security zones, wherein the service instance comprises a data processing resource provided as a service by a provider of data processing resources and wherein each of the number of security zones comprises a security policy; and applying, by the processor unit, the security policy of the number of security zones, wherein the service instance is defined as a member of the number of security zones. - View Dependent Claims (20)
-
Specification