×

Methods and systems for assigning access control levels in providing access to resources via virtual machines

  • US 7,954,150 B2
  • Filed: 01/18/2007
  • Issued: 05/31/2011
  • Est. Priority Date: 01/24/2006
  • Status: Active Grant
First Claim
Patent Images

1. A system for granting levels of access to a resource according to information gathered about client machines comprising:

  • a policy engine thati) receives a first request for access to a resource from a user at a first client machine,ii) directs a first collection agent to gather information about the first client machine,iii) grants the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access; and

    a broker machine thati) selects a first virtual machine that can providea) a first desktop computing environment with the resource according to the first granted level of access, andb) a first operating system in which to execute the first desktop computing environment,ii) selects a first execution machine executing a first hypervisor providing access to hardware resources required by the first virtual machine,iii) launches the first virtual machine into the first execution machine, the first virtual machine executing the first operating system,iv) launches the first desktop computing environment with the resource according to the first granted level of access into the first executing operating system on the first execution machine;

    v) establishes a first connection between the client machine and the first desktop computing environment with the resource according to the first granted level of access;

    whereinthe policy enginei) receives a second request for access to the resource from the user at a second client machine,ii) directs a second collection agent to gather information about the second client machine, andiii) grants the second client machine a second level of access to the resource responsive to application of the policy to the information about the second client machine, the second level chosen from the plurality of levels of access; and

    the broker machinei) selects a second virtual machine that can providea) a second desktop computing environment with the resource according to the second granted level of access, andb) a second operating system in which to execute the second desktop computing environment,ii) selects a second execution machine executing a second hypervisor providing access to hardware resources required by the second virtual machine,iii) launches the second virtual machine into the second execution machine, the second virtual machine executing the second operating system,iv) launches the second desktop computing environment with the resource according to the second granted level of access into the second executing operating system on the second execution machine;

    v) establishes a second connection between the client machine and the second desktop computing environment with the resource according to the second granted level of access.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×