Secure Network Cloud Architecture
First Claim
Patent Images
1. A method comprising:
- receiving, by a secure boot server from a virtual machine, a request to download components configured to boot the virtual machine, wherein the request includes at least a first token;
transmitting, by the secure boot server to a first computing system, the first token;
receiving, by the secure boot server from the first computing system, a second token indicating authorization to transmit unique components to the virtual machine in response to the request to download components;
generating, by the secure boot server, unique components comprising at least one of;
unique identifier, configuration settings, and unique data elements; and
transmitting, by the secure boot server to the virtual machine, the unique components and the second token, wherein the secure boot server is located within a cloud DMZ at a cloud computing system, and the virtual machine is located at a cloud computing system outside the cloud DMZ.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company'"'"'s network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.
-
Citations
29 Claims
-
1. A method comprising:
-
receiving, by a secure boot server from a virtual machine, a request to download components configured to boot the virtual machine, wherein the request includes at least a first token; transmitting, by the secure boot server to a first computing system, the first token; receiving, by the secure boot server from the first computing system, a second token indicating authorization to transmit unique components to the virtual machine in response to the request to download components; generating, by the secure boot server, unique components comprising at least one of;
unique identifier, configuration settings, and unique data elements; andtransmitting, by the secure boot server to the virtual machine, the unique components and the second token, wherein the secure boot server is located within a cloud DMZ at a cloud computing system, and the virtual machine is located at a cloud computing system outside the cloud DMZ. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A cloud computing system comprising at least a secure boot server and a gateway server, the system comprising:
-
at least one processor; and at least one memory storing computer executable instructions that, when executed by the at least one processor, cause the system at least to; receive, by the secure boot server from a virtual machine, a request to download components configured to boot the virtual machine, wherein the request includes at least a first token; transmit, by the secure boot server to a first computing system, the first token after receiving the request from the virtual machine to download components; receive, by the secure boot server from the first computing system, a second token indicating authorization to transmit unique components to the virtual machine in response to the request to download components; transmit, by the secure boot server to the virtual machine, the unique components and the second token; receive, by the gateway server from the virtual machine, a third token and a confidential information indicating authorization from the first computing system to create a secure channel with the virtual machine via the gateway server; transmit, by the gateway server to the first computing system, the third token to confirm authenticity of the received third token to a recorded third token at the first computing system; and establish, by the gateway server, the secure channel between the virtual machine and the first computing system, wherein the secure boot server and gateway server are located within a cloud DMZ at a cloud computing system, and the virtual machine is located outside the cloud DMZ at the cloud computing system. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium storing computer-executable instructions, which when executed by an apparatus, cause the apparatus to at least:
-
receive, from a virtual machine, a request to download components configured to boot the virtual machine, wherein the request includes at least a first token; transmit, to a first computing system, the first token; receive, from the first computing system, a second token indicating authorization to transmit unique components to the virtual machine in response to the request to download components; transmit, to the virtual machine, the unique components and the second token, wherein a secure boot server is located within a cloud DMZ at a cloud computing system, and the virtual machine is located at a cloud computing system outside the cloud DMZ. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
a cloud DMZ network comprising at least one processor and at least one memory configured to; using an internal firewall, regulate network traffic between an organization computer network and a cloud gateway; using an external firewall, regulate network traffic between the cloud DMZ and a virtual private cloud; using a secure boot server, send unique operating system components to a virtual machine in the virtual private cloud; and using a gateway server, establish a secure channel between the virtual machine and the organization computer network; wherein the internal firewall, external firewall, secure boot server, and gateway server are located within the cloud DMZ network; and the virtual private cloud network comprising at least one processor and at least one memory configured to; using a virtualization platform, create the virtual machine in the at least one memory of the virtual private cloud network. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification