SECURELY AND AUTOMATICALLY CONNECTING VIRTUAL MACHINES IN A PUBLIC CLOUD TO CORPORATE RESOURCE
First Claim
1. A method, implemented by an enterprise computing system programmed to perform the following, comprising:
- starting, by a cloud engine of the enterprise computing system, an exchange with an authentication server that leads to a state in which both the cloud engine and the authentication server know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM), the VM hosted by a cloud computing system coupled to the enterprise computing system via a network;
sending, by the enterprise computing system, the OTP and the ID to the VM; and
establishing, by the enterprise computing system, a secure connection to the VM upon authenticating credentials submitted by the VM against the OTP and the ID.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for securely and automatically connecting a virtual machine in a public cloud to corporate resources. A cloud computing system is coupled to an enterprise computing system via a network. The enterprise computing system includes a management server, an authentication server and a virtual private network (VPN) server. A cloud engine runs on the management server. The cloud engine starts an exchange with the authentication server that leads to a state in which both parties know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM) hosted by the cloud computing system. The cloud engine sends the OTP and the ID to the VM. The VPN server then receives credentials from the VM. If the credentials are successfully authenticated against the OTP and the ID, a secure connection is established between the enterprise computing system and the VM.
-
Citations
20 Claims
-
1. A method, implemented by an enterprise computing system programmed to perform the following, comprising:
-
starting, by a cloud engine of the enterprise computing system, an exchange with an authentication server that leads to a state in which both the cloud engine and the authentication server know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM), the VM hosted by a cloud computing system coupled to the enterprise computing system via a network; sending, by the enterprise computing system, the OTP and the ID to the VM; and establishing, by the enterprise computing system, a secure connection to the VM upon authenticating credentials submitted by the VM against the OTP and the ID. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a management server, which includes a cloud engine that sends a one-time password (OTP) and an identifier (ID) to a virtual machine (VM), the VM hosted by a cloud computing system coupled to the management server via a network, wherein the cloud engine starts an exchange with an authentication server that leads to a state in which both the cloud engine and the authentication server know the OTP and the ID; a virtual private network (VPN) server to receive credentials from the VM; and the authentication server coupled to the management server and the VPN server to establish a secure connection to the VM upon authenticating the credentials against the OTP and the ID. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer readable storage medium including instructions that, when executed by a processing system, cause the processing system to perform a method comprising:
-
starting, by a cloud engine of an enterprise computing system, an exchange with an authentication server that leads to a state in which both the cloud engine and the authentication server know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM), the VM hosted by a cloud computing system coupled to the enterprise computing system via a network; sending, by the enterprise computing system, the OTP and the ID to the VM; and establishing, by the enterprise computing system, a secure connection to the VM upon authenticating credentials submitted by the VM against the OTP and the ID. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification