Network Access Control Policy for Virtual Machine Migration

US 20130152076A1
Filed: 12/07/2011
Published: 06/13/2013
Est. Priority Date: 12/07/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

at a first device in a network, receiving a message from a second device comprising information configured to request a migration of a virtual machine to the first device;

sending a message to the second device comprising information configured to request information about the operating conditions of the virtual machine;

receiving a response to the request comprising information about operating conditions of the virtual machine;

determining whether the information in the response complies with a network access control policy; and

in response to determining that the information complies with the network access control policy, permitting the virtual machine to migrate, or otherwise denying the virtual machine migration request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided to apply a network access control policy to a virtual machine (VM) migration before allowing the VM to migrate from one server to another server. At a first device in a network, a message is received from a second device, the message comprising information configured to request a migration of a virtual machine to the first device. A request is sent to the second device configured to request information about the operating conditions of the VM. A response to the request is received comprising information about the VM'"'"'s operating conditions. A determination is made as to whether the information in the response complies with a network access control policy. In response to determining that the information complies with the network access control policy, the virtual machine is permitted to migrate, or otherwise the virtual machine migration request is denied.

Citations

25 Claims

1. A method comprising:
- at a first device in a network, receiving a message from a second device comprising information configured to request a migration of a virtual machine to the first device;
  
  sending a message to the second device comprising information configured to request information about the operating conditions of the virtual machine;
  
  receiving a response to the request comprising information about operating conditions of the virtual machine;
  
  determining whether the information in the response complies with a network access control policy; and
  
  in response to determining that the information complies with the network access control policy, permitting the virtual machine to migrate, or otherwise denying the virtual machine migration request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein sending comprises sending one or more of protocol stack probe request, an application probe request, an virtual machine authentication request, and a traffic monitoring request.
  - 3. The method of claim 1, wherein sending comprises sending a trusted agent software process to run in connection with the virtual machine to be migrated.
  - 4. The method of claim 3, wherein sending comprises sending the trusted agent configured to collect virtual machine health information comprising one or more of virtual machine operating system (OS) version, OS patch versions, root-kit information, virtual machine traffic types, virtual machine traffic volume, and services used by the virtual machine.
  - 5. The method of claim 3, further comprising sending a query to the trusted agent for virtual machine health information, and wherein receiving a response comprises receiving the health information.
  - 6. The method of claim 3, wherein sending comprises sending the trusted agent configured to repair any defects in the virtual machine that would otherwise prevent virtual machine migration.
  - 7. The method of claim 6, wherein sending comprises sending the trusted agent configured to repair any defects in the virtual machine by installing corrective operating system patches.
  - 8. The method of claim 3, wherein sending comprises sending the trusted agent configured with the network access control policy to determine if the virtual machine is suitable for virtual machine migration.
  - 9. The method of claim 8, wherein sending comprises sending the trusted agent configured to work in connection with an authorization/authentication server to determine if the virtual machine is suitable for virtual machine migration.
  - 10. The method of claim 1, wherein sending comprises sending the request configured to query a hypervisor associated with the virtual machine about the virtual machine'"'"'s operating conditions.
  - 11. The method of claim 1, further comprising applying the network access control policy to a virtual machine that is started, instantiated, brought back up from a down condition, or brought back online from an offline condition.

12. A method comprising:
- sending a message to a first device from a second device, the message comprising information configured to request migration of a virtual machine to the first device;
  
  receiving a request message from the first device comprising information configured to request information about the operating conditions of the virtual machine;
  
  sending a response to the request message, the response comprising information about operating conditions of the virtual machine;
  
  receiving a message from the first device comprising information configured to grant or deny the virtual machine migration request;
  
  in response to receiving a grant message, migrating the virtual machine to the first device; and
  
  in response to receiving a denial message, canceling migration of the virtual machine to the first device.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, wherein receiving the request message comprises receiving one or more of a protocol stack probe request, an application probe request, a virtual machine authentication request, a traffic monitoring request, and a hypervisor query.
  - 14. The method of claim 12, wherein receiving the request message comprises receiving a trusted agent software process to run in connection with the virtual machine to be migrated and that collects virtual machine health information comprising one or more of virtual machine operating system (OS) version, OS patch versions, root-kit information, virtual machine traffic types, virtual machine traffic volume, and services used by the virtual machine, and that repairs any defects in the virtual machine that would otherwise prevent virtual machine migration.
  - 15. The method of claim 12, wherein receiving the request message comprises receiving a trusted agent software process configured with a network access control policy and configured to determine if the virtual machine is suitable for virtual machine migration.

16. An apparatus comprising:
- one or more network interface units configured to interface with one or more network appliances; and
  
  a processor coupled to the one or more network interface units and configured to;
  
  receive a message from a network appliance comprising information configured to request a migration of a virtual machine;
  
  send a message to the network appliance comprising information configured to request information about operating conditions of the virtual machine;
  
  receive a response to the request comprising information about the virtual machine'"'"'s operating conditions;
  
  determine whether the information in the response complies with a network access control policy; and
  
  in response to determining that the information complies with the network access control policy, permit the virtual machine to migrate otherwise deny the virtual machine migration request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, wherein the processor is configured to send the message comprising one or more of a protocol stack probe request, an application probe request, an virtual machine authentication request, a traffic monitoring request, and a hypervisor query.
  - 18. The apparatus of claim 16, wherein the processor is configured to send a trusted agent software process configured to run in connection with the virtual machine to be migrated and configured to collect virtual machine health information comprising one or more of virtual machine operating system (OS) version, OS patch versions, root-kit information, virtual machine traffic types, virtual machine traffic volume, and services used by the virtual machine.
  - 19. The apparatus of claim 16, wherein the processor is configured to send a trusted agent software process configured to repair any defects in the virtual machine that would otherwise prevent virtual machine migration, and to work in connection with an authorization/authentication server to determine if the virtual machine is suitable for virtual machine migration.
  - 20. The apparatus of claim 16, wherein the processor is configured to send a trusted agent software process configured with the network access control policy and configured to determine if the virtual machine is suitable for virtual machine migration.

21. One or more computer readable storage media storing instructions that, when executed by a processor, cause the processor to:
- receive a message from a network appliance comprising information configured to request a migration of a virtual machine;
  
  send a message to the network appliance comprising information configured to request information about the operating conditions of the virtual machine;
  
  receive a response to the request comprising information about operating conditions of the virtual machine;
  
  determine whether the information in the response complies with a network access control policy; and
  
  in response to determining that the information complies with the network access control policy, permit the virtual machine to migrate otherwise deny the virtual machine migration request.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer readable storage media of claim 21, wherein the instructions operable to send comprise instructions operable to send the message comprising one or more of a protocol stack probe request, an application probe request, an virtual machine authentication request, a traffic monitoring request, and a hypervisor query.
  - 23. The computer readable storage media of claim 21, wherein the instructions operable to send comprise instructions operable to send a trusted agent software process to run in connection with the virtual machine to be migrated and configured to collect virtual machine health information comprising one or more of virtual machine operating system (OS) version, OS patch versions, root-kit information, virtual machine traffic types, virtual machine traffic volume, and services used by the virtual machine.
  - 24. The computer readable storage media of claim 21, wherein the instructions operable to send comprise instructions operable to send a trusted agent software process configured to repair any defects in the virtual machine that would otherwise prevent virtual machine migration, and to work in connection with an authorization/authentication server to determine if the virtual machine is suitable for virtual machine migration.
  - 25. The computer readable storage media of claim 21, wherein the instructions operable to send comprise instructions operable to send a trusted agent software process configured with a network access control policy and configured to determine if the virtual machine is suitable for virtual machine migration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patel, Alpesh

Application Number

US13/313,663
Publication Number

US 20130152076A1
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

Network Access Control Policy for Virtual Machine Migration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Network Access Control Policy for Virtual Machine Migration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links