Managing virtual machines with system-wide policies
First Claim
1. A method for automatically managing the creation and operation of a virtual machine, comprising:
- receiving electronic control instructions from a virtual machine authority, the control instructions comprising a policy setting, the policy setting authorizing a creation of a virtual machine or an operation of a virtual machine;
storing the policy setting in a configuration store;
receiving a user request to create the virtual machine in accordance with a parameter;
determining from the policy setting that the user request can be granted;
sending a first instruction to a virtual machine host, the virtual machine host creates the virtual machine in accordance with a parameter in response to receiving the first instruction;
identifying that the virtual machine at the virtual machine host is unauthorized to execute upon the virtual machine host because the virtual machine is operating outside of the policy setting in the configuration store; and
sending a second instruction to the virtual machine host, in response to determining that the virtual machine is unauthorized, the virtual machine host halts the virtual machine from further operation, pauses the virtual machine, or deletes the virtual machine in response to receiving the second instruction.
4 Assignments
0 Petitions
Accused Products
Abstract
An administrative authority for virtual machines can send one or more delegated policy settings to a virtual machine manager. The virtual machine manager can in turn send management instructions that include the one or more policy settings to one or more virtual machine hosts. As such, a user'"'"'s request for a virtual machine at a virtual machine host can be granted or denied based on the delegated policy settings. The policy settings can be updated periodically, and can include additional information about starting, stopping, expiring, saving, or even deleting virtual machines by particular users, as well as users accessing from particular locations. In addition, an agent operating at the virtual machine host can monitor and report virtual machine activity, to ensure unauthorized virtual machines are quickly stopped and reviewed until authorized.
144 Citations
19 Claims
-
1. A method for automatically managing the creation and operation of a virtual machine, comprising:
-
receiving electronic control instructions from a virtual machine authority, the control instructions comprising a policy setting, the policy setting authorizing a creation of a virtual machine or an operation of a virtual machine; storing the policy setting in a configuration store; receiving a user request to create the virtual machine in accordance with a parameter; determining from the policy setting that the user request can be granted; sending a first instruction to a virtual machine host, the virtual machine host creates the virtual machine in accordance with a parameter in response to receiving the first instruction; identifying that the virtual machine at the virtual machine host is unauthorized to execute upon the virtual machine host because the virtual machine is operating outside of the policy setting in the configuration store; and sending a second instruction to the virtual machine host, in response to determining that the virtual machine is unauthorized, the virtual machine host halts the virtual machine from further operation, pauses the virtual machine, or deletes the virtual machine in response to receiving the second instruction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for automatically managing the creation and operation of a virtual machine, comprising:
-
a processor; a memory communicatively coupled to the processor when the system is operational, the memory bearing instructions that, upon execution by the processor, cause the processor to perform operations comprising; receiving electronic management instructions from a virtual machine manager, the management instructions comprising a policy setting for a virtual machine host, the policy setting authorizing a creation of a virtual machine or an operation of a virtual machine; receiving a request to create a virtual machine in accordance with a parameter; identifying from the policy setting that the request can be granted; creating the virtual machine in accordance with the request; identifying an operational characteristic of the virtual machine installed at the virtual machine host; identifying that the virtual machine at the virtual machine host is unauthorized to execute on the virtual machine host because the operational characteristic of the virtual machine is operating outside of the policy setting; and halting the virtual machine from further operation, pausing the virtual machine, or deleting the virtual machine in response to determining that the virtual machine is unauthorized. - View Dependent Claims (16, 17, 18)
-
-
19. A computer-readable storage medium having computer-executable instructions stored thereon that upon execution by a processor cause the creation and operation a virtual machine through delegated authority the acts comprising:
-
receiving electronic control instructions from a virtual machine authority, the control instructions comprising a policy setting, the policy setting authorizing a creation of a virtual machine or an operation of a virtual machine; passing the policy setting to a configuration store; receiving a user request to create the virtual machine in accordance with a parameter; determining from the policy setting that the user request can be granted; sending a first instruction to a virtual machine host, the virtual machine host creates the virtual machine in accordance with a parameter in response to receiving the first instruction; identifying that the virtual machine at the virtual machine host is unauthorized to execute upon the virtual machine host because the virtual machine is operating outside of the policy setting in the configuration store; and sending a second instruction to the virtual machine host, in response to determining that the virtual machine is unauthorized, the virtual machine host halts the virtual machine from further operation, pauses the virtual machine, or deletes the virtual machine in response to receiving the second instruction.
-
Specification