Methods and systems for assigning access control levels in providing access to resources via virtual machines
First Claim
1. A system for granting levels of access to a resource according to information gathered about client machines comprising:
- a policy engine thati) receives a first request for access to a resource from a user at a first client machine,ii) directs a first collection agent to gather information about the first client machine,iii) grants the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access; and
a broker machine thati) selects a first virtual machine that can providea) a first desktop computing environment with the resource according to the first granted level of access, andb) a first operating system in which to execute the first desktop computing environment,ii) selects a first execution machine executing a first hypervisor providing access to hardware resources required by the first virtual machine,iii) launches the first virtual machine into the first execution machine, the first virtual machine executing the first operating system,iv) launches the first desktop computing environment with the resource according to the first granted level of access into the first executing operating system on the first execution machine;
v) establishes a first connection between the client machine and the first desktop computing environment with the resource according to the first granted level of access;
whereinthe policy enginei) receives a second request for access to the resource from the user at a second client machine,ii) directs a second collection agent to gather information about the second client machine, andiii) grants the second client machine a second level of access to the resource responsive to application of the policy to the information about the second client machine, the second level chosen from the plurality of levels of access; and
the broker machinei) selects a second virtual machine that can providea) a second desktop computing environment with the resource according to the second granted level of access, andb) a second operating system in which to execute the second desktop computing environment,ii) selects a second execution machine executing a second hypervisor providing access to hardware resources required by the second virtual machine,iii) launches the second virtual machine into the second execution machine, the second virtual machine executing the second operating system,iv) launches the second desktop computing environment with the resource according to the second granted level of access into the second executing operating system on the second execution machine;
v) establishes a second connection between the client machine and the second desktop computing environment with the resource according to the second granted level of access.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for granting access to resources includes a client machine, a collection agent, a policy engine, and a broker server. The client machine requests access to a resource. The collection agent gathers information about the client machine. The policy engine receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information. The broker server establishes, responsive to the assigned level of access, a connection between the client machine and a computing environment providing the requested resource, the computing environment provided by a virtual machine.
-
Citations
33 Claims
-
1. A system for granting levels of access to a resource according to information gathered about client machines comprising:
-
a policy engine that i) receives a first request for access to a resource from a user at a first client machine, ii) directs a first collection agent to gather information about the first client machine, iii) grants the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access; and a broker machine that i) selects a first virtual machine that can provide a) a first desktop computing environment with the resource according to the first granted level of access, and b) a first operating system in which to execute the first desktop computing environment, ii) selects a first execution machine executing a first hypervisor providing access to hardware resources required by the first virtual machine, iii) launches the first virtual machine into the first execution machine, the first virtual machine executing the first operating system, iv) launches the first desktop computing environment with the resource according to the first granted level of access into the first executing operating system on the first execution machine; v) establishes a first connection between the client machine and the first desktop computing environment with the resource according to the first granted level of access;
whereinthe policy engine i) receives a second request for access to the resource from the user at a second client machine, ii) directs a second collection agent to gather information about the second client machine, and iii) grants the second client machine a second level of access to the resource responsive to application of the policy to the information about the second client machine, the second level chosen from the plurality of levels of access; and the broker machine i) selects a second virtual machine that can provide a) a second desktop computing environment with the resource according to the second granted level of access, and b) a second operating system in which to execute the second desktop computing environment, ii) selects a second execution machine executing a second hypervisor providing access to hardware resources required by the second virtual machine, iii) launches the second virtual machine into the second execution machine, the second virtual machine executing the second operating system, iv) launches the second desktop computing environment with the resource according to the second granted level of access into the second executing operating system on the second execution machine; v) establishes a second connection between the client machine and the second desktop computing environment with the resource according to the second granted level of access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for granting levels of access to a resource according to information gathered about client machines, the method comprising:
-
receiving, by a policy engine, a first request for access to a resource from a user at a first client machine; directing, by the policy engine, a first collection agent to gather information about the first client machine; granting, by the policy engine, the first client machine a first level of access to the resource responsive to application of a policy to the information about the first client machine, the first level chosen from a plurality of levels of access; selecting, by a broker machine, a first virtual machine that can provide a first desktop computing environment with the resource according to the first granted level of access and a first operating system in which to execute the first desktop computing environment; selecting, by the broker machine, a first execution machine executing a first hypervisor providing access to hardware resources required by the first virtual machine; launching, by the broker machine, the first virtual machine into the first execution machine, the first virtual machine executing the first operating system; launching, by the broker machine, the first desktop computing environment with the resource according to the first granted level of access into the first executing operating system on the first execution machine; establishing, by the broker machine, a first connection between the client machine and the first desktop computing environment with the resource according to the first granted level of access; receiving, by the policy engine, a second request for access to the resource from the user at a second client machine; directing, by the policy engine, a second collection agent to gather information about the second client machine; granting, by the policy engine, the second client machine a second level of access to the resource responsive to application of the policy to the information about the second client machine, the second level chosen from the plurality of levels of access selecting, by the broker machine, a second virtual machine that can provide a second desktop computing environment with the resource according to the second granted level of access and a second operating system in which to execute the second desktop computing environment; selecting, by the broker machine, a second execution machine executing a second hypervisor providing access to hardware resources required by the second virtual machine; launching, by the broker machine, the second virtual machine into the second execution machine, the second virtual machine executing the second operating system; launching, by the broker machine, the second desktop computing environment with the resource according to the second granted level of access into the second executing operating system on the second execution machine; and establishing, by the broker machine, a second connection between the client machine and the second desktop computing environment with the resource according to the second granted level of access. - View Dependent Claims (29, 30, 31, 32, 33)
-
Specification