DISTRIBUTION, TRACKING, MANAGEMENT, REPORTING AND DEPLOYMENT OF CLOUD RESOURCES WITHIN AN ENTERPRISE

US 20160012251A1
Filed: 07/10/2014
Published: 01/14/2016
Est. Priority Date: 07/10/2014
Status: Abandoned Application

First Claim

Patent Images

1. A computer implemented method of managing cloud resources provided by a service provider computing system to a user computing device via a computer network, said method comprising steps of:

providing a client tool on the user computing device, said client tool comprising executable software, said computing device including a user input device,providing a management server in network communication with the client tool, said management server comprising a computing system communicatively coupled to the client tool,providing a database addressable by the management server, the database being stored on a mass storage device and including a stored end user identification and a stored cloud resource identification associated with the stored end user identification,the client tool intercepting a first request from the user computing device to the service provider computing system, said first request being generated from a first user input from a first user using the user input device,the client tool sending the intercepted first request to the management server via network communication,the intercepted first request including a first user identification and a first cloud resource identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allows the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud services management system (CMS) provides functional modules to help businesses manage cloud services by identifying users, business units and projects and assign levels of access to cloud services to each. Data pertaining to the foregoing is stored in a database. Using the CMS, an enterprise manages user privileges, distributes and reassigns modules to enable controlled distribution and re-assignment of cloud resources across an enterprise, monitors the consumption of cloud resources by an enterprise, geography, business unit, project and user, and provisions resources with time limits.

Citations

20 Claims

1. A computer implemented method of managing cloud resources provided by a service provider computing system to a user computing device via a computer network, said method comprising steps of:
- providing a client tool on the user computing device, said client tool comprising executable software, said computing device including a user input device,providing a management server in network communication with the client tool, said management server comprising a computing system communicatively coupled to the client tool,providing a database addressable by the management server, the database being stored on a mass storage device and including a stored end user identification and a stored cloud resource identification associated with the stored end user identification,the client tool intercepting a first request from the user computing device to the service provider computing system, said first request being generated from a first user input from a first user using the user input device,the client tool sending the intercepted first request to the management server via network communication,the intercepted first request including a first user identification and a first cloud resource identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allows the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer implemented method of claim 1, further comprising steps ofstoring in the database a plurality of stored business unit identifications,associating at least one stored business unit identification with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored business unit identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored business unit identification is associated with the stored cloud resource identification;
    - if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored business unit identification is associated with the stored cloud resource identification, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not associated with the at least one stored business unit identification, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 3. The computer implemented method of claim 1, further comprising steps ofstoring in the database a plurality of stored project identifications,associating at least one stored project identification with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored project identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored project identification is associated with the stored cloud resource identification;
    - if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored project identification is associated with the stored cloud resource identification, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not associated with the at least one stored project identification, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 4. The computer implemented method of claim 2, further comprising steps ofstoring in the database a plurality of stored project identifications,associating at least one stored project identification with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored project identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored project identification is associated with the stored cloud resource identification;
    - if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored project identification is associated with the stored cloud resource identification, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not associated with the at least one stored project identification, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 5. The computer implemented method of claim 1, further comprising steps ofstoring in the database a plurality of stored temporal limits,associating at least one stored temporal limit with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored temporal limit,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored temporal limit is associated with the stored cloud resource identification;
    - the management server determining a time;
      
      if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored temporal limit is associated with the stored cloud resource identification, and the determined time is within the temporal limit, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the determined time is not within the at least one stored temporal limit, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 6. The computer implemented method of claim 5, the at least one temporal limit comprising a time range from a start date and start time to an end date and end time.
  - 7. The computer implemented method of claim 5, the at least one temporal limit comprising time duration.
  - 8. The computer implemented method of claim 5, the at least one temporal limit comprising a recurring time range.
  - 9. The computer implemented method of claim 1, further comprising a step of storing session information on the database, said session information including the first user identification, the first cloud resource identification, a session start time, a session start date, a session end time, and a session end date.
  - 10. The computer implemented method of claim 1, further comprising a step of reporting session information.

11. A system for managing cloud resources provided by a service provider computing system to a user computing device via a computer network, said system comprising:
- a client tool on the user computing device, said client tool comprising executable software,a management server in network communication with the client tool, said management server comprising a computing system communicatively coupled to the client tool,a database addressable by the management server, the database being stored on a mass storage device and including a stored end user identification and a stored cloud resource identification associated with the stored end user identification,the client tool intercepting a first request from the user computing device to the service provider computing system,the client tool sending the intercepted first request to the management server via network communication,the intercepted first request including a first user identification and a first cloud resource identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system of claim 11, further comprising:
    - the database storing a plurality of stored business unit identifications,the database associating at least one stored business unit identification with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored business unit identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored business unit identification is associated with the stored cloud resource identification;
      
      if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored business unit identification is associated with the stored cloud resource identification, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not associated with the at least one stored business unit identification, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 13. The computer system of claim 11, further comprisingthe database storing a plurality of stored project identifications,the database associating at least one stored project identification with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored project identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored project identification is associated with the stored cloud resource identification;
    - if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored project identification is associated with the stored cloud resource identification, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not associated with the at least one stored project identification, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 14. The computer system of claim 12, further comprising steps ofthe database storing a plurality of stored project identifications,the database associating at least one stored project identification with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored project identification,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored project identification is associated with the stored cloud resource identification;
    - if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored project identification is associated with the stored cloud resource identification, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not associated with the at least one stored project identification, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 15. The computer system of claim 11, further comprisinga plurality of stored temporal limits stored in the database,the database associating at least one stored temporal limit with the stored user identification,the management server retrieving from the database the stored end user identification and stored cloud resource identification, and the at least one stored temporal limit,the management server determining if the stored end user identification is the same as the first user identification in the intercepted first request,the management server determining if the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request,the management server determining if the at least one stored temporal limit is associated with the stored cloud resource identification;
    - the management server determining a time;
      
      if the management server determines that the stored end user identification is the same as the first user identification and the stored cloud resource identification is the same as the first cloud resource identification in the intercepted first request, and the at least one stored temporal limit is associated with the stored cloud resource identification, and the determined time is within the temporal limit, then the management server sends an access granted reply to the client tool, andif the management server determines that the stored end user identification is not the same as the first user identification, then the management server sends an access denied reply to the client tool,if the management server determines that the stored cloud resource identification is not the same as the first cloud resource identification in the intercepted first request, then the management server sends an access denied reply to the client tool,if the management server determines that the determined time is not within the at least one stored temporal limit, then the management server sends an access denied reply to the client tool,if the client tool receives an access granted reply from the management server in response to the first request, then the first client tool allowing the user computing device to send the first request to the service provider computer system, andif the client tool receives an access denied reply from the management server in response to the first request, then the first client tool preventing the user computing device from sending the first request to the service provider computer system.
  - 16. The computer system of claim 15, the at least one temporal limit comprising a time range from a start date and start time to an end date and end time.
  - 17. The computer system of claim 15, the at least one temporal limit comprising time duration.
  - 18. The computer system of claim 15, the at least one temporal limit comprising a recurring time range.
  - 19. The computer system of claim 11, further comprising a step of storing session information on the database, said session information including the first user identification, the first cloud resource identification, a session start time, a session start date, a session end time, and a session end date.
  - 20. The computer system of claim 11, further comprising a step of reporting session information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Singh, Anil
Original Assignee
Singh, Anil
Inventors
Singh, Anil

Application Number

US14/327,571
Publication Number

US 20160012251A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6227   where protection concerns t...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/102   Entity profiles

DISTRIBUTION, TRACKING, MANAGEMENT, REPORTING AND DEPLOYMENT OF CLOUD RESOURCES WITHIN AN ENTERPRISE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTION, TRACKING, MANAGEMENT, REPORTING AND DEPLOYMENT OF CLOUD RESOURCES WITHIN AN ENTERPRISE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links