TRUSTED PUBLIC INFRASTRUCTURE GRID CLOUD

US 20130291052A1
Filed: 04/30/2012
Published: 10/31/2013
Est. Priority Date: 04/30/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog;

a second module to facilitate defining a connection between the at least two selected cloud computing component templates;

a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates;

a fourth module to facilitate building a cloud computing component blueprint for the connected cloud computing components, wherein the cloud computing component blueprint includes information regarding the security level and policy assigned to the corresponding cloud computing component template, and the cloud computing component blueprint including information regarding the defined connection; and

a fifth module to facilitate coupling cloud computing components corresponding to the cloud computing component blueprint to a control server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.

124 Citations

21 Claims

1. A system comprising:
- a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog;
  
  a second module to facilitate defining a connection between the at least two selected cloud computing component templates;
  
  a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates;
  
  a fourth module to facilitate building a cloud computing component blueprint for the connected cloud computing components, wherein the cloud computing component blueprint includes information regarding the security level and policy assigned to the corresponding cloud computing component template, and the cloud computing component blueprint including information regarding the defined connection; and
  
  a fifth module to facilitate coupling cloud computing components corresponding to the cloud computing component blueprint to a control server.

2. A system comprising a secured cloud system design studio, an application manager, and a control server, the secured cloud system design studio;
- comprising;
  
  a policy builder that facilitates design of a security policy for a cloud computing component to comply with;
  
  a policy importer that facilitates the import of a security policy for a cloud computing component to comply with;
  
  a design studio that facilitates the design of a secured cloud computing component to be deployed in a cloud environment, wherein the design of the secured cloud computing component includes instantiating a security policy that the cloud computing component must comply with, and instantiating a security agent that monitors compliance with the security policy, wherein the security agent sends compliance data to the control server; and
  
  a cloud computing component catalog, wherein the cloud computing component catalog includes cloud computing component templates that the design studio can use to help facilitate the design of the cloud computing components, and wherein the cloud computing component templates include a template for a secured cloud computing component;
  
  the application manager;
  
  comprising;
  
  a grid deployer that facilitates deploying a designed cloud computing component; and
  
  a compliance reports module that facilitates creating compliance reports, the compliance reports identifying compliance status of a deployed, secured cloud computing component, the compliance reports created as a function of the instantiated security policy and the compliance data; and
  
  the control server comprising;
  
  a policy distributor, wherein the policy distributor receives information regarding changes in the instantiated security policy to be implemented on a cloud computing component and the policy distributor updates the security policy accordingly.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The system of claim 2, further comprising:
    - a virtualization environment comprising a deployed, secured cloud computing component, the deployed, secured cloud computing component including a security agent that maintains and enforces an instantiated security policy to be followed by the deployed, secured cloud computing component, and wherein the agent sends cloud computing component compliance information to the control server.
  - 4. The system of claim 2, wherein the design studio facilitates selecting a cloud computing component template, selection of virtual datacenter resources, and assignment of a security attribute and a policy to the cloud computing component template.
  - 5. The system of claim 2, further comprising:
    - a blueprints module that stores the blueprint of a cloud computing component application.
  - 6. The system of claim 2, wherein the grid deployer is coupled to the blueprints module, and wherein the grid deployer deploys the designed cloud computing component as a function of the relevant cloud computing component blueprints.
  - 7. The system of claim 2, wherein the control server further comprises a compliance analyzer that collects compliance information from an agent of a secured cloud computing component that has been deployed.
  - 8. The system of claim 2, wherein the application manager further comprises a deployment tracker, wherein the deployment tracker keeps track of where the cloud computing components deployed by the grid deployer are located.

9. A method comprising:
- selecting at least two cloud computing component templates from a cloud computing component catalog;
  
  defining a connection between the at least two selected cloud computing component templates;
  
  assigning a security level and a policy to at least one of the at least two selected cloud computing component templates;
  
  building a cloud computing component blueprint for each of the selected cloud computing components, wherein the cloud computing component blueprint includes information regarding the security level and policy assigned to the corresponding cloud computing component, and the cloud computing component blueprint includes information regarding the defined connection; and
  
  coupling relevant cloud computing components that a corresponding cloud computing component blueprint to a control server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the selecting at least two cloud computing components includes selecting a secured cloud computing component and a non-secured cloud computing component.
  - 11. The method of claim 9, wherein the assigning the security level includes importing a security policy for at least one of the at least two cloud computing components to comply with.
  - 12. The method of claim 9, further comprising:
    - updating the security levels and policies assigned to the selected cloud computing components.
  - 13. The method of claim 12, wherein the updating comprises:
    - generating a modified cloud computing component blueprint, wherein the cloud computing component blueprint is altered, in accord with a blueprint update corresponding to a modified security policy or new cloud computing component version, to create the modified cloud computing component blueprint;
      
      identifying where the cloud computing component to be updated is deployed; and
      
      updating the cloud computing component according to the altered cloud computing component blueprint.
  - 14. The method of claim 13, wherein the updating the cloud computing component is accomplished, at least in part, using one of a policy distributor and grid deployer.
  - 15. The method of claim 9, further comprising:
    - collecting audit and reporting information regarding secured cloud computing component compliance with the security policy; and
      
      generating compliance reports as a function of actual use of the secured cloud computing components and the security level and policy assigned to the cloud computing component templates.
  - 16. The method of claim 15, wherein the generating compliance reports is further a function of planned use of the secured cloud computing components.

17. A computer program product comprising:
- a computer readable storage medium having computer readable program code embodied therewith, the computer program code comprising;
  
  computer readable program code configured to select at least two cloud computing component templates from a cloud computing component catalog;
  
  computer readable program code configured to define connections between the at least two selected cloud computing component templates;
  
  computer readable program code configured to assign security levels and policies to at least one of the at least two selected cloud computing component templates;
  
  computer readable program code configured to build a cloud computing component blueprint for each of the selected cloud computing components, wherein the cloud computing component blueprint includes information regarding the security levels and policies assigned to the corresponding cloud computing component, and the cloud computing component blueprint including information regarding the defined connections corresponding to the cloud computing component; and
  
  computer readable program code configured to couple relevant cloud computing components with a corresponding cloud computing component blueprint to a control server.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer product of claim 17, wherein the assigning security levels includes computer readable program code configured to import a security policy for at least one of the at least two cloud computing components to comply with.
  - 19. The computer product of claim 17, wherein the computer readable storage medium having computer readable program code embodied therewith, further comprises computer program code comprising:
    - computer readable program code configured to update the security levels and policies assigned to the selected cloud computing components.
  - 20. The computer product of claim 19, wherein the computer readable storage medium having computer readable program code embodied therewith, further comprises computer program code comprising:
    - computer readable program code configured to generate a modified cloud computing component blueprint, wherein the cloud computing component blueprint is altered in accord with a blueprint update corresponding to a modified security policy or new cloud computing component version to create the modified cloud computing component blueprint;
      
      computer readable program code configured to identify where the cloud computing component to be updated is deployed; and
      
      computer readable program code configured to update the cloud computing component according to the altered cloud computing component blueprint.
  - 21. The computer product of claim 17, wherein the computer readable storage medium having computer readable program code embodied therewith, further comprises computer program code comprising:
    - computer readable program code configured to collect audit and reporting information regarding secured cloud computing component compliance with security policies; and
      
      computer readable program code configured to generate compliance reports as a function of actual use of the secured cloud computing components and the security levels and policies assigned to the cloud computing component templates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Hadar, Eitan, Kletskin, Michael, Barak, Nir, Jerbi, Amir, Bezalel, Yaacov

Granted Patent

US 9,626,526 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

TRUSTED PUBLIC INFRASTRUCTURE GRID CLOUD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED PUBLIC INFRASTRUCTURE GRID CLOUD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links