SECURED LOGICAL COMPONENT FOR SECURITY IN A VIRTUAL ENVIRONMENT

US 20140282813A1
Filed: 03/12/2013
Published: 09/18/2014
Est. Priority Date: 03/12/2013
Status: Active Grant

First Claim

Patent Images

1. A system for providing security in a virtual environment, the system comprising:

a link module that links a secured logical component to a logical entity including a set of virtual machines;

a security module that identifies a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity; and

a control module that controls, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing security in a virtual environment are provided. An example system includes a link module that links a secured logical component to a logical entity including a set of virtual machines. The example system also includes a security module that identifies a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity. The example system further includes a control module that controls, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.

33 Citations

View as Search Results

20 Claims

1. A system for providing security in a virtual environment, the system comprising:
- a link module that links a secured logical component to a logical entity including a set of virtual machines;
  
  a security module that identifies a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity; and
  
  a control module that controls, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the secured logical component runs on a preconfigured virtual machine running on a host machine, and the preconfigured virtual machine includes the link module, security module, and control module.
  - 3. The system of claim 2, wherein the preconfigured virtual machine is preconfigured to run an operating system without user selection of the operating system.
  - 4. The system of claim 1, wherein the secured logical component includes a network interface, and the link module links a logical network associated with the logical entity to the network interface.
  - 5. The system of claim 4, wherein the logical entity is associated with a set of host machines running the set of virtual machines, wherein the set of host machines includes a set of physical network interfaces, and each virtual machine of the set of virtual machines includes a virtual network interface associated with the set of physical network interfaces, wherein the link module links the one or more virtual network interfaces of the set of virtual machines to the logical network.
  - 6. The system of claim 5, wherein the link module links the secured logical component to a second logical entity including a second set of virtual machines, the security module identifies the set of security policies for one or more communications between the first logical entity and the second logical entity, and the control module controls, based on the set of security policies, the one or more communications between the first logical entity and the second logical entity.
  - 7. The system of claim 6, wherein the link module links the logical network associated with the second logical entity to the network interface, wherein the second logical entity is associated with a second set of host machines running the second set of virtual machines, wherein the second set of host machines includes a second set of physical network interfaces, and each virtual machine of the second set of virtual machines includes a second virtual network interface associated with the second set of physical network interfaces, and wherein the link module links the one or more second virtual network interfaces of the second set of virtual machines to the logical network.
  - 8. The system of claim 7, wherein the link module unlinks the secured logical component from the second logical entity and links the secured logical component to a third logical entity including a third set of virtual machines, wherein the security module identifies a second set of security policies for one or more communications between the first logical entity and the third logical entity, and wherein the control module controls, based on the second set of security policies, one or more communications between the first logical entity and the third logical entity.
  - 9. The system of claim 8, wherein the link module links the logical network associated with the third logical entity to the network interface, wherein the third logical entity is associated with a third set of host machines running the third set of virtual machines, wherein the third set of host machines includes a third set of physical network interfaces, and each virtual machine of the third set of virtual machines includes a third virtual network interface associated with the third set of physical network interfaces, and wherein the link module links the one or more third virtual network interfaces of the third set of virtual machines to the logical network.
  - 10. The system of claim 1, wherein the link module links the secured logical component to a network, the security module identifies the set of security policies for one or more communications received via the network to the logical entity or one or more communications sent via the network from the logical entity, and the control module controls based on the set of security policies the one or more communications received via the network to the logical entity or the one or more communications sent via the network from the logical entity.
  - 11. The system of claim 1, wherein the first logical entity is a first datacenter, the first secured logical component includes the link module, security module, and control module, and the link module links the first secured logical component to a second logical entity that is a second datacenter including a second set of virtual machines, wherein a second secured logical component is linked to the second datacenter, and the first and second secured logical components establish a secure connection and encrypt one or more communications between the first and second logical entities.
  - 12. The system of claim 1, wherein the logical entity is at least one of a datacenter, cluster, and virtual machine.

13. A method of providing security in a virtual environment, the method comprising:
- linking, by one or more processors, a secured logical component to a logical entity including a set of virtual machines;
  
  identifying a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity; and
  
  controlling, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, further comprising:
    - identifying a network interface of the secured logical component; and
      
      linking a logical network associated with the logical entity to the network interface.
  - 15. The method of claim 14, further comprising:
    - identifying a set of host machines associated with the logical entity, the host machines running the set of virtual machines and including a set of physical network interfaces;
      
      identifying one or more virtual network interfaces associated with the set of virtual machines and the set of physical network interfaces; and
      
      linking the one or more virtual network interfaces of the set of virtual machines to the logical network.
  - 16. The method of claim 15, further comprising:
    - linking the secured logical component to a second logical entity including a second set of virtual machines, wherein the identifying a set of security policies includes identifying the set of security policies for one or more communications between the first logical entity and the second logical entity, and the controlling includes controlling, based on the set of security policies, the one or more communications between the first logical entity and the second logical entity;
      
      linking the logical network associated with the second logical entity to the network interface;
      
      identifying a second set of host machines associated with the second logical entity, the second set of host machines running the second set of virtual machines and including a second set of physical network interfaces;
      
      identifying one or more virtual network interfaces associated with the second set of virtual machines and the second set of physical network interfaces; and
      
      linking the one or more virtual network interfaces of the second set of virtual machines to the logical network.
  - 17. The method of claim 16, further comprising:
    - unlinking the secured logical component from the second logical entity;
      
      linking the secured logical component to a third logical entity including a third set of virtual machines;
      
      identifying a second set of security policies for one or more communications between the first logical entity and the third logical entity;
      
      controlling, based on the second set of security policies, one or more communications between the first logical entity and the third logical entity;
      
      linking the logical network associated with the third logical entity to the network interface,identifying a third set of host machines associated with the third logical entity, the third set of host machines running the third set of virtual machines and including a third set of physical network interfaces;
      
      identifying one or more virtual network interfaces associated with the third set of virtual machines and the third set of physical network interfaces; and
      
      linking the one or more virtual network interfaces of the third set of virtual machines to the logical network.
  - 18. The method of claim 13, further comprising:
    - linking the secured logical component to a network, wherein the identifying a set of security policies includes identifying the set of security policies for one or more communications received via the network to the logical entity or one or more communications sent via the network from the logical entity, and the controlling includes controlling, based on the set of security policies, the one or more communications received via the network to the logical entity or the one or more communications sent via the network from the logical entity.
  - 19. The method of claim 13, wherein the first logical entity is a first datacenter, the method further comprising:
    - linking the secured logical component to a second logical entity, the second logical entity being a second datacenter including a second set of virtual machines and being linked to a second secured logical component;
      
      establishing a secure connection with the second secured logical component;
      
      encrypting one or more communications between the first and second logical entities; and
      
      sending the encrypted one or more communications.

20. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions that when executed by one or more processors is adapted to cause the one or more processors to perform a method comprising:
- linking a secured logical component to a logical entity including a set of virtual machines;
  
  identifying a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity; and
  
  controlling, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Original Assignee
Red Hat Israel Ltd. (International Business Machines Corporation)
Inventors
Botzer, David

Granted Patent

US 9,584,544 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

H04L 63/20 for managing network securi...

SECURED LOGICAL COMPONENT FOR SECURITY IN A VIRTUAL ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURED LOGICAL COMPONENT FOR SECURITY IN A VIRTUAL ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links