SYSTEM AND METHOD FOR A CLOUD COMPUTING ABSTRACTION LAYER WITH SECURITY ZONE FACILITIES
First Claim
1. A computer-implemented method comprising:
- receiving, by a computing system, a computing workflow to be performed in a cloud-computing environment including a plurality of cloud-computing resources;
identifying, by the computing system, a computer workload to perform the computing workflow, wherein the computer workload includes a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS);
associating, by the computing system, a policy with the computer workload, wherein the policy is applied to the computer workload when the computer workload is deployed within a security zone assigned for the computer workload, wherein one or more boundaries of the security zone are updatable, wherein the policy is updatable for the computer workload when the computer workload is deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction;
deploying, by the computing system, the computer workload in a virtual private cloud within the clouding-computing environment; and
applying, by the computing system, the policy to the computer workload when the computer workload performs the computing workflow within the virtual private cloud.
2 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for a virtualization environment adapted for development and deployment of at least one software workload, the virtualization environment having a metamodel framework that allows the association of a policy to the software workload upon development of the workload that is applied upon deployment of the software workload. This allows a developer to define a security zone and to apply at least one type of security policy with respect to the security zone including the type of security zone policy in the metamodel framework such that the type of security zone policy can be associated with the software workload upon development of the software workload, and if the type of security zone policy is associated with the software workload, automatically applying the security policy to the software workload when the software workload is deployed within the security zone.
134 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computing system, a computing workflow to be performed in a cloud-computing environment including a plurality of cloud-computing resources; identifying, by the computing system, a computer workload to perform the computing workflow, wherein the computer workload includes a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS); associating, by the computing system, a policy with the computer workload, wherein the policy is applied to the computer workload when the computer workload is deployed within a security zone assigned for the computer workload, wherein one or more boundaries of the security zone are updatable, wherein the policy is updatable for the computer workload when the computer workload is deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction; deploying, by the computing system, the computer workload in a virtual private cloud within the clouding-computing environment; and applying, by the computing system, the policy to the computer workload when the computer workload performs the computing workflow within the virtual private cloud. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
at least one processor; and a memory storing instructions that, when executed by the at least one processor, cause the system to perform; receiving a computing workflow to be performed in a cloud-computing environment including a plurality of cloud-computing resources; identifying a computer workload to perform the computing workflow, wherein the computer workload includes a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS); associating a policy with the computer workload, wherein the policy is applied to the computer workload when the computer workload is deployed within a security zone assigned for the computer workload, wherein one or more boundaries of the security zone are updatable, wherein the policy is updatable for the computer workload when the computer workload is deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction; deploying the computer workload in a virtual private cloud within the clouding-computing environment; and applying the policy to the computer workload when the computer workload performs the computing workflow within the virtual private cloud. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to perform:
-
receiving a computing workflow to be performed in a cloud-computing environment including a plurality of cloud-computing resources; identifying a computer workload to perform the computing workflow, wherein the computer workload includes a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS); associating a policy with the computer workload, wherein the policy is applied to the computer workload when the computer workload is deployed within a security zone assigned for the computer workload, wherein one or more boundaries of the security zone are updatable, wherein the policy is updatable for the computer workload when the computer workload is deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction; deploying the computer workload in a virtual private cloud within the clouding-computing environment; and applying the policy to the computer workload when the computer workload performs the computing workflow within the virtual private cloud. - View Dependent Claims (17, 18, 19, 20)
-
Specification