SECURELY ONBOARDING VIRTUAL MACHINES USING A CENTRALIZED POLICY SERVER

US 20170339018A1
Filed: 05/23/2016
Published: 11/23/2017
Est. Priority Date: 05/23/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining a virtual machine (VM) inventory baseline of a system, including identifying VMs in a baseline configuration and generating a VM fingerprint for each VM in the inventory baseline;

detecting a user onboarded VM;

moving the user onboarded VM to a quarantine operating area for a period of time;

assessing an operational posture of the user onboarded VM;

comparing the operational posture of the user onboarded VM to an operational posture policy of the system;

when the operational posture of the user onboarded VM meets the operational posture policy of the system, moving the user onboarded VM from the quarantine area to an operational area; and

when the operational posture of the user onboarded system does not meet the operational policy posture of the system and the period of time has expired, terminating the user onboarded VM.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, a method can include determining a virtual machine (VM) inventory baseline of a system, including identifying VMs in a baseline configuration and generating a VM fingerprint for each VM in the inventory baseline, and detecting a user onboarded VM and moving the user onboarded VM to a quarantine operating area for a period of time. The operational posture of the user onboarded VM can be compared to an operational posture policy of the system. When the operational posture of the user onboarded VM meets the operational posture policy of the system, the user onboarded VM is moved from the quarantine area to an operational area, and, when the operational posture of the user onboarded system does not meet the operational policy posture of the system and the period of time has expired, the user onboarded VM is terminated.

Citations

18 Claims

1. A method comprising:
- determining a virtual machine (VM) inventory baseline of a system, including identifying VMs in a baseline configuration and generating a VM fingerprint for each VM in the inventory baseline;
  
  detecting a user onboarded VM;
  
  moving the user onboarded VM to a quarantine operating area for a period of time;
  
  assessing an operational posture of the user onboarded VM;
  
  comparing the operational posture of the user onboarded VM to an operational posture policy of the system;
  
  when the operational posture of the user onboarded VM meets the operational posture policy of the system, moving the user onboarded VM from the quarantine area to an operational area; and
  
  when the operational posture of the user onboarded system does not meet the operational policy posture of the system and the period of time has expired, terminating the user onboarded VM.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising when the operational posture of the user onboarded VM meets the operational posture policy of the system, updating the inventory baseline to include the user onboarded VM and a fingerprint of the user onboarded VM.
  - 3. The method of claim 1, wherein assess the operational posture of the user onboarded VM includes assigning a posture assessment agent to the user onboarded VM and receiving posture assessment information from the posture assessment agent.
  - 4. The method of claim 1, further comprising:
    - determining an available maximum number of VMs permitted in the system according to a license and determining a current number of VMs in the system; and
      
      when the number of VMs in the system is equal to or above the maximum number of VMs permitted, preventing the user onboarded VM from being moved from the quarantine area to the operational area.
  - 5. The method of claim 1, wherein the quarantine area includes resources that are limited compared to the resources provided by the operational area.
  - 6. The method of claim 1, wherein the fingerprint is based on one or more of the following:
    - VM ID, QUID, MAC address, and a VM operational parameter.

7. A system comprising:
- one or more processors coupled to a nontransitory computer readable medium having stored thereon on software instructions that, when executed by the one or more processors, cause to perform operations including;
  
  determining a virtual machine (VM) inventory baseline of a system, including identifying VMs in a baseline configuration and generating a VM fingerprint for each VM in the inventory baseline;
  
  detecting a user onboarded VM;
  
  moving the user onboarded VM to a quarantine operating area for a period of time;
  
  assessing an operational posture of the user onboarded VM;
  
  comparing the operational posture of the user onboarded VM to an operational posture policy of the system;
  
  when the operational posture of the user onboarded VM meets the operational posture policy of the system, moving the user onboarded VM from the quarantine area to an operational area; and
  
  when the operational posture of the user onboarded system does not meet the operational policy posture of the system and the period of time has expired, terminating the user onboarded VM.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the operations further comprise when the operational posture of the user onboarded VM meets the operational posture policy of the system, updating the inventory baseline to include the user onboarded VM and a fingerprint of the user onboarded VM.
  - 9. The system of claim 7, wherein assess the operational posture of the user onboarded VM includes assigning a posture assessment agent to the user onboarded VM and receiving posture assessment information from the posture assessment agent.
  - 10. The system of claim 7, wherein the operations further comprise:
    - determining an available maximum number of VMs permitted in the system according to a license and determining a current number of VMs in the system; and
      
      when the number of VMs in the system is equal to or above the maximum number of VMs permitted, preventing the user onboarded VM from being moved from the quarantine area to the operational area.
  - 11. The system of claim 7, wherein the quarantine area includes resources that are limited compared to the resources provided by the operational area.
  - 12. The system of claim 7, wherein the fingerprint is based on one or more of the following:
    - VM ID, QUID, MAC address, and a VM operational parameter.

13. A nontransitory computer readable medium having stored thereon software instructions that, when executed by one or more processors, cause the one or more processors to:
- determining a virtual machine (VM) inventory baseline of a system, including identifying VMs in a baseline configuration and generating a VM fingerprint for each VM in the inventory baseline;
  
  detecting a user onboarded VM;
  
  moving the user onboarded VM to a quarantine operating area for a period of time;
  
  assessing an operational posture of the user onboarded VM;
  
  comparing the operational posture of the user onboarded VM to an operational posture policy of the system;
  
  when the operational posture of the user onboarded VM meets the operational posture policy of the system, moving the user onboarded VM from the quarantine area to an operational area; and
  
  when the operational posture of the user onboarded system does not meet the operational policy posture of the system and the period of time has expired, terminating the user onboarded VM.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The nontransitory computer readable medium of claim 13, wherein the operations further comprise when the operational posture of the user onboarded VM meets the operational posture policy of the system, updating the inventory baseline to include the user onboarded VM and a fingerprint of the user onboarded VM.
  - 15. The nontransitory computer readable medium of claim 13, wherein assess the operational posture of the user onboarded VM includes assigning a posture assessment agent to the user onboarded VM and receiving posture assessment information from the posture assessment agent.
  - 16. The nontransitory computer readable medium of claim 13, wherein the operations further comprise:
    - determining an available maximum number of VMs permitted in the system according to a license and determining a current number of VMs in the system; and
      
      when the number of VMs in the system is equal to or above the maximum number of VMs permitted, preventing the user onboarded VM from being moved from the quarantine area to the operational area.
  - 17. The nontransitory computer readable medium of claim 13, wherein the quarantine area includes resources that are limited compared to the resources provided by the operational area.
  - 18. The nontransitory computer readable medium of claim 13, wherein the fingerprint is based on one or more of the following:
    - VM ID, UUID, MAC address, and a VM operational parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Avaya Incorporated
Inventors
PRABHU, Atul, Krishna, Nishant, Kanungo, Biswajit

Granted Patent

US 10,511,483 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 2221/033   Test or assess software

G06F 9/45533   Hypervisors; Virtual machin...

H04L 41/0893   Assignment of logical group...

SECURELY ONBOARDING VIRTUAL MACHINES USING A CENTRALIZED POLICY SERVER

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SECURELY ONBOARDING VIRTUAL MACHINES USING A CENTRALIZED POLICY SERVER

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links