Methods and systems for providing authorized remote access to a computing environment provided by a virtual machine
DCFirst Claim
1. A method for providing authorized remote access to resources on desktop computing environments provided by virtual machines, the method comprising:
- (a) receiving, by a policy engine, a first request for access to a resource from a user at a first client machine;
(b) directing, by the policy engine, a first collection agent to gather information about the first client machine;
(c) granting, by the policy engine, the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access;
(d) identifying, by a broker machine, a first desktop computing environment already associated with the user,the first desktop computing environmenti) providing the resource according to the first granted level of access,ii) being provided by a first virtual machine selected by the broker machine, andiii) executing in an operating system provided by the first virtual machine,the first virtual machine executing in a first execution machine selected by the broker machine, andthe first execution machine executing a hypervisor providing access to hardware resources required by the first virtual machine; and
(e) establishing, by the broker machine responsive to the first granted level of access, a connection between the first client machine and the first desktop computing environment;
(f) receiving, by the policy engine, a second request for access to the resource from the user at a second client machine;
(g) directing, by the policy engine, a second collection agent to gather information about the second client machine;
(h) granting, by the policy engine, the second client machine a second level of access to the resource responsive to application of a policy to the information about the second client machine, the second level chosen from the plurality of levels of access;
(i) identifying, by the broker machine, a second desktop computing environment already associated with the user,the second desktop computing environmenti) providing the resource according to the second granted level of access,ii) being provided by a second virtual machine selected by the broker machine, andiii) executing in an operating system provided by the second virtual machine,the second virtual machine executing in a second execution machine selected by the broker machine, andthe second execution machine executing a hypervisor providing access to hardware resources required by the second virtual machine; and
(j) establishing, by the broker machine responsive to the second granted level of access a connection between the second client machine and the second desktop computing environment.
8 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method for providing authorized remote access to a computing environment provided by a virtual machine, includes the step of requesting, by a client machine, access to a resource. A collection agent gathers information about the client machine. A policy engine receives the gathered information. The policy engine makes an access control decision based on the received information. A computing environment already associated with the user is identified in response to the received information, the identified computing environment provided by a virtual machine. A broker server establishes, responsive to the access control decision, a connection between the client machine and the identified computing environment.
-
Citations
21 Claims
-
1. A method for providing authorized remote access to resources on desktop computing environments provided by virtual machines, the method comprising:
-
(a) receiving, by a policy engine, a first request for access to a resource from a user at a first client machine; (b) directing, by the policy engine, a first collection agent to gather information about the first client machine; (c) granting, by the policy engine, the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access; (d) identifying, by a broker machine, a first desktop computing environment already associated with the user, the first desktop computing environment i) providing the resource according to the first granted level of access, ii) being provided by a first virtual machine selected by the broker machine, and iii) executing in an operating system provided by the first virtual machine, the first virtual machine executing in a first execution machine selected by the broker machine, and the first execution machine executing a hypervisor providing access to hardware resources required by the first virtual machine; and (e) establishing, by the broker machine responsive to the first granted level of access, a connection between the first client machine and the first desktop computing environment; (f) receiving, by the policy engine, a second request for access to the resource from the user at a second client machine; (g) directing, by the policy engine, a second collection agent to gather information about the second client machine; (h) granting, by the policy engine, the second client machine a second level of access to the resource responsive to application of a policy to the information about the second client machine, the second level chosen from the plurality of levels of access; (i) identifying, by the broker machine, a second desktop computing environment already associated with the user, the second desktop computing environment i) providing the resource according to the second granted level of access, ii) being provided by a second virtual machine selected by the broker machine, and iii) executing in an operating system provided by the second virtual machine, the second virtual machine executing in a second execution machine selected by the broker machine, and the second execution machine executing a hypervisor providing access to hardware resources required by the second virtual machine; and (j) establishing, by the broker machine responsive to the second granted level of access a connection between the second client machine and the second desktop computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for providing authorized remote access to resources on desktop computing environments provided by virtual machines, the system comprising:
-
a policy engine that i) receives a first request for access to a resource from a user at a first client machine, ii) directs a first collection agent to gather information, iii) grants the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access, and iv) requests an enumeration of desktop computing environments associated with a user of the first client machine, the request including the first granted level of access; and a broker machine that i) enumerates a first desktop computing environment associated with the client machine, the first desktop computing environment i) providing the resource according to the first granted level of access, ii) being provided by a first virtual machine selected by the broker machine, and iii) executing in an operating system provided by the first virtual machine, the first virtual machine executing in a first execution machine selected by the broker machine, and the first execution machine executing a hypervisor providing access to hardware resources required by the first virtual machine; and ii) establishes a first connection between the first client machine and the first desktop computing environment providing the resource according to the first granted level of access;
whereinthe policy engine i) receives a second request for access to a resource from a user at a second client machine, ii) directs a second collection agent to gather information, iii) grants the second client machine a second level of access to the resource responsive to application of a policy to the information about the second client machine, the second level chosen from a plurality of levels of access, and iv) requests an enumeration of desktop computing environments associated with a user of the second client machine, the request including the second granted level of access; and the broker machine i) enumerates a second desktop computing environment associated with the client machine, the second desktop computing environment i) providing the resource according to the second granted level of access, ii) being provided by a second virtual machine selected by the broker machine, and iii) executing in an operating system provided by the second virtual machine, the second virtual machine executing in a second execution machine selected by the broker machine, and the second execution machine executing a hypervisor providing access to hardware resources required by the second virtual machine; and ii) establishes a second connection between the second client machine and the second desktop computing environment providing the resource according to the second granted level of access. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification