SYSTEM AND METHOD FOR IDENTITY BASED AUTHENTICATION IN A DISTRIBUTED VIRTUAL SWITCH NETWORK ENVIRONMENT

US 20130332982A1
Filed: 06/11/2012
Published: 12/12/2013
Est. Priority Date: 06/11/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

forwarding user credentials from a virtual machine (VM) in a distributed virtual switch (DVS) network environment to a network element located outside the DVS network environment, wherein the user credentials relate to a user attempting to access the VM;

receiving a user policy from the network element; and

facilitating enforcement of the user policy within the DVS network environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method includes forwarding user credentials from a virtual machine in a distributed virtual switch (DVS) network environment to a network element outside the DVS network environment, receiving a user policy from the AAA server, and facilitating enforcement of the user policy within the DVS network environment. The user credentials may relate to a user attempting to access the VM. In a specific embodiment, the user credentials are provided in a 802.1X packet. In a particular embodiment, a network access control (NAC) in the DVS network environment forwards the user credentials, receives the user policy, and facilitates the enforcement of the user policy. In one embodiment, the NAC is provisioned as another VM in the DVS network environment.

89 Citations

View as Search Results

20 Claims

1. A method, comprising:
- forwarding user credentials from a virtual machine (VM) in a distributed virtual switch (DVS) network environment to a network element located outside the DVS network environment, wherein the user credentials relate to a user attempting to access the VM;
  
  receiving a user policy from the network element; and
  
  facilitating enforcement of the user policy within the DVS network environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the user credentials are provided in a 802.1X packet, and wherein the network element is an Authentication, Authorization, and Accounting (AAA) server.
  - 3. The method of claim 1, wherein the user policy includes information related to access control lists (ACLs), virtual local area networks (VLANs), virtual eXtensible local area networks (VXLANs), and security groups that are authorized to be accessed by the user.
  - 4. The method of claim 1, wherein the user policy comprises network configuration information based on the user credentials, including user profiling, user workspace management, and user identity management.
  - 5. The method of claim 1, wherein a network access control (NAC) in the DVS network environment forwards the user credentials, receives the user policy, and facilitates the enforcement of the user policy.
  - 6. The method of claim 5, wherein the NAC is provisioned as another VM in the DVS network environment.
  - 7. The method of claim 5, wherein the DVS network environment includes a plurality of tenants, and wherein the NAC and the network element are controlled by a common tenant.
  - 8. The method of claim 1, wherein facilitating enforcement of the user policy comprises forwarding the user policy to a virtual Ethernet module (VEM) that can enforce the user policy.

9. Logic encoded in non-transitory media that includes instructions for execution and when executed by a processor, is operable to perform operations comprising:
- forwarding user credentials from a VM in a DVS network environment to a network element outside the DVS network environment, wherein the user credentials relate to a user attempting to access the VM;
  
  receiving a user policy from the AAA server; and
  
  facilitating enforcement of the user policy within the DVS network environment.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The logic of claim 9, wherein the user credentials are provided in a 802.1X packet, and wherein the network element is an Authentication, Authorization, and Accounting (AAA) server.
  - 11. The logic of claim 9, wherein the user policy includes information related to ACLs, VLANs, VXLANs, and security groups that are authorized to be accessed by the user.
  - 12. The logic of claim 9, wherein a NAC in the DVS network environment forwards the user credentials, receives the user policy, and facilitates the enforcement of the user policy.
  - 13. The logic of claim 12, wherein the NAC is provisioned as another VM in the DVS network environment.
  - 14. The logic of claim 12, wherein the DVS network environment includes multiple tenants, and wherein the NAC and the network element are controlled by a common tenant.

15. An apparatus, comprising:
- a memory element for storing data; and
  
  a processor that executes instructions associated with the data, wherein the processor and the memory element cooperate, such that the apparatus is configured to;
  
  forward user credentials in a DVS network environment to a network element outside the DVS network environment, wherein the user credentials relate to a user attempting to access a virtual machine (VM);
  
  receive a user policy from the network element; and
  
  facilitate enforcement of the user policy within the DVS network environment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the user credentials are provided in a 802.1X packet, and wherein the network element is an Authentication, Authorization, and Accounting (AAA) server.
  - 17. The apparatus of claim 15, wherein the user policy includes information related to ACLs, VLANs, VXLANs, and security groups that are authorized to be accessed by the user.
  - 18. The apparatus of claim 15, wherein a NAC in the DVS network environment forwards the user credentials, receives the user policy, and facilitates the enforcement of the user policy.
  - 19. The apparatus of claim 18, wherein the NAC is provisioned as another VM in the DVS network environment.
  - 20. The apparatus of claim 18, wherein the DVS network environment includes multiple tenants, and wherein the NAC and the network element are controlled by a common tenant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Rao, Sudarshana Kandachar Sridhara, Fernandes, Lilian Sylvia

Granted Patent

US 8,893,258 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR IDENTITY BASED AUTHENTICATION IN A DISTRIBUTED VIRTUAL SWITCH NETWORK ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR IDENTITY BASED AUTHENTICATION IN A DISTRIBUTED VIRTUAL SWITCH NETWORK ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links