CROSS PROVIDER SECURITY MANAGEMENT FUNCTIONALITY WITHIN A CLOUD SERVICE BROKERAGE PLATFORM

US 20150188927A1
Filed: 03/02/2015
Published: 07/02/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a cloud service brokerage platform, comprising:

enabling a user to create a plurality of virtual data centers (VDCs) each including one or more resource groups, wherein the one or more resource groups of each one of the VDCs comprise cloud services procured from a respective one of a plurality of different cloud service providing entities; and

enabling the user to associate a common security credential with each one of the VDCs for enabling secure access thereto through use of the security credential.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementation of cross provider security in accordance with the disclosures made herein enables users of a system (e.g., a cloud services brokerage platform) in a cloud environment provides for system-managed provisioning and management of keys to cloud resources thereby allowing the user to manage data security and enable secured access to their cloud resources. To this end, cross provider security management functionality in accordance with the disclosures made herein can include provisioning system-generated keys across different regions in a provider, provisioning cloud brokerage system-generated keys across different providers; and associating (i.e., managing) the keys from the system to a hardware security module. The keys can be managed by/though a variety of different resources (e.g., brokering system, VDC, user group concepts, etc).

94 Citations

View as Search Results

20 Claims

1. A method implemented by a cloud service brokerage platform, comprising:
- enabling a user to create a plurality of virtual data centers (VDCs) each including one or more resource groups, wherein the one or more resource groups of each one of the VDCs comprise cloud services procured from a respective one of a plurality of different cloud service providing entities; and
  
  enabling the user to associate a common security credential with each one of the VDCs for enabling secure access thereto through use of the security credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 18)
- - 2. The method of claim 1 wherein enabling the user to associate the common security credential to each one of the VDCs includes providing the security credential to each one of the different cloud service providing entities.
  - 3. The method of claim 1 wherein the security credential is a secure shell public key.
  - 4. The non-transitory computer-readable storage medium of claim 1 wherein a first one of the different cloud service providing entities is a first cloud service provider and a second one of the different cloud service providing entities is a second cloud service provider.
  - 5. The method of claim 1 wherein a first one of the different cloud service providing entities is a first region of a cloud service provider and a second one of the different cloud service providing entities is a second region of the cloud service provider.
  - 6. The method of claim 1 wherein enabling the user to associate the common security credential with each one of the VDCs includes one of:
    - causing a system-generated security credential to be generated; and
      
      causing a user-defined security credential to be imported.
  - 7. The method of claim 1, further comprising:
    - in response to a command by the user, displaying information showing each cloud resource having the security credential associated therewith.
  - 18. The cloud service brokerage platform of claim 1 wherein the first cloud service providing entity is a first region of a cloud service provider and the second cloud service providing entity is a second region of the cloud service provider.

8. A non-transitory computer-readable storage medium having tangibly embodied thereon and accessible therefrom instructions interpretable by at least one data processing device, the instructions are configured for causing the at least one data processing device to perform a method enabling brokering of cloud services, the method comprising:
- receiving, from a user, information defining a first virtual data center (VDC), wherein the first VDC comprises cloud services procured from a first cloud service providing entity;
  
  assigning a security credential to the first VDC for enabling secure access thereto through use of the security credential; and
  
  enabling the user to create a second VDC comprising cloud services procured from a second cloud service providing entity different than the first cloud service providing entity and having access privileged granted thereto through use of the security credential.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable storage medium of claim 8 wherein enabling the user to create the second VDC having access privileged granted thereto through use of the security credential includes providing the security credential to the second cloud service providing entity.
  - 10. The non-transitory computer-readable storage medium of claim 8 wherein the security credential is a secure shell public key.
  - 11. The non-transitory computer-readable storage medium of claim 8 wherein the first cloud service providing entity is a first cloud service provider and the second cloud service providing entity is a second cloud service provider.
  - 12. The non-transitory computer-readable storage medium of claim 8 wherein the first cloud service providing entity is a first region of a cloud service provider and the second cloud service providing entity is a second region of the cloud service provider.
  - 13. The non-transitory computer-readable storage medium of claim 8 wherein the method enabling brokering of cloud services further comprises:
    - providing the security credential for enabling assignment thereof, wherein providing the security credential includes one of causing a system-generated security credential to be generated and causing a user-defined security credential to be imported.
  - 14. The non-transitory computer-readable storage medium of claim 8 wherein the method enabling brokering of cloud services further comprises:
    - in response to a command by the user, displaying information showing each cloud resource having the security credential associated therewith.

15. A cloud service brokerage (CSB) platform, comprising:
- a first instantiation of a virtual data center (VDC) including one or more resource groups, wherein the one or more resource groups of the first instantiation of the VDC comprise cloud services procured from a first cloud service providing entity and wherein the first instantiation of the VDC has assigned thereto, by a creator of the first instantiation of the VDC, a security credential for enabling secure access thereto by the user through use of the security credential; and
  
  a second instantiation of a VDC including one or more resource groups comprising cloud services, wherein the one or more resource groups of the second instantiation of the VDC comprise cloud services procured from a second cloud service providing entity different than the first cloud service providing entity and wherein the second instantiation of the VDC has assigned thereto, by the CSB platform, the security credential thereby enabling secure access thereto by the user through use of the security credential.
- View Dependent Claims (16, 17, 19, 20)
- - 16. The cloud service brokerage platform of claim 15 wherein the security credential is a secure shell public key.
  - 17. The cloud service brokerage platform of claim 15 wherein the first cloud service providing entity is a first cloud service provider and the second cloud service providing entity is a second cloud service provider.
  - 19. The cloud service brokerage platform of claim 15 wherein the security credential includes one of causing a system-generated security credential to be generated and causing a user-defined security credential to be imported.
  - 20. The cloud service brokerage platform of claim 15, further comprising:
    - a data structure associating each cloud resource of the instantiations of the VDCs with the security credential assigned thereto.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
Gravitant, Inc. (International Business Machines Corporation)
Inventors
Santhi, Fenil Raj Kumar, Grandhe, Kishor, Narasimhan, Balaji, Modh, Manish Mahesh, Dave, Kedar

Granted Patent

US 9,832,205 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 8/60   Software deployment

G06Q 10/0631   Resource planning, allocati...

H04L 41/145   involving simulating, desig...

H04L 41/5054   Automatic deployment of ser...

H04L 43/062   related to network traffic

H04L 47/78   Architectures of resource a...

H04L 63/104   Grouping of entities

H04L 67/1001   for accessing one among a p...

CROSS PROVIDER SECURITY MANAGEMENT FUNCTIONALITY WITHIN A CLOUD SERVICE BROKERAGE PLATFORM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CROSS PROVIDER SECURITY MANAGEMENT FUNCTIONALITY WITHIN A CLOUD SERVICE BROKERAGE PLATFORM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links