Secure Network Cloud Architecture
First Claim
Patent Images
1. An apparatus comprising:
- at least one processor; and
at least one memory storing computer executable instructions that, when executed by the at least one processor, cause the apparatus to at least;
transmit, via a secure channel to a cloud computing system, a request to create a virtual machine in a second computing system, wherein the request includes at least a first token;
receive, from a secure boot server, the first token after the second computing system requests to load components configured to boot the virtual machine;
transmit, to the secure boot server, a second token unique to the request to load components, wherein the second token enables the secure boot server to transmit the requested components and the second token to the virtual machine, wherein the requested components are unique to the request to load components;
receive, from the virtual machine, the second token after the virtual machine has been loaded with the requested components;
transmit, to the virtual machine, a third token and confidential information configured to enable the virtual machine to create a secure connection with the apparatus via a gateway server located in the cloud computing system;
receive, from the gateway server, the third token and a request to establish a secure connection with the virtual machine through the gateway server; and
communicate with the virtual machine over the established secure connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company'"'"'s network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.
211 Citations
30 Claims
-
1. An apparatus comprising:
-
at least one processor; and at least one memory storing computer executable instructions that, when executed by the at least one processor, cause the apparatus to at least; transmit, via a secure channel to a cloud computing system, a request to create a virtual machine in a second computing system, wherein the request includes at least a first token; receive, from a secure boot server, the first token after the second computing system requests to load components configured to boot the virtual machine; transmit, to the secure boot server, a second token unique to the request to load components, wherein the second token enables the secure boot server to transmit the requested components and the second token to the virtual machine, wherein the requested components are unique to the request to load components; receive, from the virtual machine, the second token after the virtual machine has been loaded with the requested components; transmit, to the virtual machine, a third token and confidential information configured to enable the virtual machine to create a secure connection with the apparatus via a gateway server located in the cloud computing system; receive, from the gateway server, the third token and a request to establish a secure connection with the virtual machine through the gateway server; and communicate with the virtual machine over the established secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 21)
-
-
8. A method comprising:
-
transmitting, by a first computing system via a secure channel to a second computing system, a request to create a virtual machine in the second computing system, wherein the request includes at least a first token; recording, in a computer memory using a processor of the first computing system, the first token in association with the request for a virtual machine; receiving, by the first computing system from a server located in a secure zone in the second computing system, the first token after the second computing system requests to load components configured to boot the virtual machine; confirming, using the processor of the first computing system, authenticity of the received first token with the recorded first token; transmitting, by the first computing system to the server located in the secure zone in the second computing system, a second token unique to the request to load components, wherein the second token is configured to enable the server located in the secure zone of the second computing system to transmit the requested components and the second token to the virtual machine, wherein the requested components are unique to the request to load components; recording, in the computer memory using the processor of the first computing system, the second token in association with the request for the virtual machine; receiving, by the first computing system from the virtual machine, the second token after the virtual machine has been loaded with the requested components; confirming, using the processor of the first computing system, authenticity of the received second token with the recorded second token; transmitting, by the first computing system to the virtual machine, a third token and confidential information configured to enable the virtual machine to create a secure connection with the first computing system via a gateway server located in the secure zone of the second computing system; recording, in the computer memory using the processor of the first computing system, the third token in association with the request for the virtual machine; receiving, by the first computing system from the gateway server located in the secure zone of the second computing system, the third token and a request to establish a secure connection through the secure zone with the virtual machine; and confirming, using the processor of the first computing system, authenticity of the received third token with the recorded third token. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
22. A non-transitory computer-readable storage medium storing computer-executable instructions, which when executed by an apparatus, cause the apparatus to at least:
-
transmit, to a cloud provider of a cloud computing system, a request to create a virtual machine in a second computing system, wherein the request includes at least a first token; receive, from a secure boot server, the first token in response to the second computing system requesting to load components configured to boot the virtual machine; transmit, to the secure boot server, unique operating system components and a second token; receive, from the virtual machine, the second token in response to the virtual machine having been loaded with the unique operating system components; transmit, to the virtual machine, a third token and confidential information configured to enable the virtual machine to create a secure connection with the apparatus via a gateway server located in the cloud computing system; and receive, from the gateway server, the third token and a request to establish a secure connection with the virtual machine through the gateway server. - View Dependent Claims (23, 24)
-
-
25. A system comprising:
-
an organization computer network comprising at least one processor and at least one memory configured to; using a cloud orchestrator, monitor state of a virtual machine in a virtual private cloud network; using a database, store a reservation corresponding to the virtual machine, wherein the reservation comprises confidential information and a unique identifier; and using a firewall, regulate network traffic into the organization computer network; wherein the organization computer network is located outside of a cloud DMZ network and the virtual private cloud network. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification