Secure agent-less enterprise infrastructure discovery

US 8,099,767 B2
Filed: 07/01/2008
Issued: 01/17/2012
Est. Priority Date: 07/01/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method, in an agent-less discovery engine of a data processing system, for securing dynamic discovery of an enterprise computing infrastructure, comprising:

maintaining enterprise credential information in a secured trust store;

receiving an access request through a secure connection for access to a remote infrastructure component;

automatically determining the type of the access request;

for a root-level type access request, automatically responding to the request via the secure connection with enterprise root credentials from the trust store;

for an unprivileged type access request, automatically responding to the request via the secure connection with unprivileged access enterprise credentials from the trust store; and

automatically utilizing, by the agent-less discovery engine, the remotely received enterprise root credential or the remotely received unprivileged access enterprise credentials, depending on the determined type of the access request, to access the remote infrastructure component of the enterprise computing infrastructure to perform application configuration retrieval from the remote infrastructure component as part of the discovery of the enterprise computing infrastructure, wherein the secure trust store is maintained separate from the agent-less discovery engine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms for securing dynamic discovery of an enterprise computing infrastructure is provided. One implementation involves maintaining enterprise credential information in a secured trust store, receiving an access request through a secure connection for access to a remote infrastructure component, determining the type of the access request, for a root-level type access request, responding to the request via the secure connection with enterprise root credentials from the trust store, and for an unprivileged type access request, responding to the request via the secure connection with unprivileged access enterprise credentials from the trust store.

Citations

13 Claims

1. A method, in an agent-less discovery engine of a data processing system, for securing dynamic discovery of an enterprise computing infrastructure, comprising:
- maintaining enterprise credential information in a secured trust store;
  
  receiving an access request through a secure connection for access to a remote infrastructure component;
  
  automatically determining the type of the access request;
  
  for a root-level type access request, automatically responding to the request via the secure connection with enterprise root credentials from the trust store;
  
  for an unprivileged type access request, automatically responding to the request via the secure connection with unprivileged access enterprise credentials from the trust store; and
  
  automatically utilizing, by the agent-less discovery engine, the remotely received enterprise root credential or the remotely received unprivileged access enterprise credentials, depending on the determined type of the access request, to access the remote infrastructure component of the enterprise computing infrastructure to perform application configuration retrieval from the remote infrastructure component as part of the discovery of the enterprise computing infrastructure, wherein the secure trust store is maintained separate from the agent-less discovery engine.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - for an unprivileged type access request, creating credentials if the requested unprivileged access is for query-only access, and responding to the request via the secure connection with the created credentials.
  - 3. The method of claim 1, wherein:
    - maintaining enterprise credential information further comprises;
      
      an external credential manager maintaining enterprise credential information in the secured trust store;
      
      receiving an access request through a secure connection further comprises;
      
      the external credential manager receiving an access request through a secure connection for access to the remote infrastructure component; and
      
      responding to the request comprises;
      
      the external credential manager responding to the request via the secure connection.
  - 4. The method of claim 3 further including:
    - the credential manager renewing access credentials based on policies, before credential expiration.

5. An apparatus for securing dynamic discovery of an enterprise computing infrastructure, comprising:
- a credential administrator configured for maintaining enterprise credential information in a secured trust store;
  
  a request processing module configured for receiving an access request through a secure connection for access to a remote infrastructure component;
  
  a request type identification module configured for automatically determining the type of the access request, the request processing module further configured such that;
  
  for a root-level type access request, the request processing module automatically responds to the request via the secure connection with enterprise root credentials from the trust store; and
  
  for an unprivileged type access request, the request processing module automatically responds to the request via the secure connection with unprivileged access enterprise credentials from the trust store; and
  
  an agent-less discovery engine configured to automatically utilize either the remotely received enterprise root credential or the remotely received unprivileged access enterprise credentials, depending on the determined type of the access request, to access the remote infrastructure component of the enterprise computing infrastructure to perform application configuration retrieval from the remote infrastructure component as part of the discovery of the enterprise computing infrastructure, wherein the secure trust store is maintained separate from the agent-less discovery engine.
- View Dependent Claims (6, 7)
- - 6. The apparatus of claim 5 further comprising a credential creation module configured for creating credentials, wherein for an unprivileged type access request, credential creation module creates credentials if the requested unprivileged access is for query-only access, and the request processing module responds to the request via the secure connection with the created credentials.
  - 7. The apparatus of claim 6, wherein the credential administrator is further configured for renewing access credentials based on policies, before credential expiration.

8. A system for dynamic discovery of an enterprise computing infrastructure, comprising:
- an agent-less discovery engine configured for performing dynamic agent-less discovery, for access to a remote infrastructure component;
  
  a credential manager configured for securing dynamic discovery of the enterprise computing infrastructure, the credential manager comprising;
  
  a credential administrator configured for maintaining enterprise credential information in a secured trust store;
  
  a request processing module configured for receiving an access request from the agent-less discovery engine through a secure connection for access to a remote infrastructure component; and
  
  a request type identification module configured for automatically determining the type of the access request;
  
  the request processing module further configured such that;
  
  for a root-level type access request, the request processing module automatically responds to the request via the secure connection with enterprise root credentials from the trust store; and
  
  for an unprivileged type access request, the request processing module automatically responds to the request via the secure connection with unprivileged access enterprise credentials from the trust store,wherein the agent-less discovery engine configured to automatically utilize either the remotely received enterprise root credential or the remotely received unprivileged access enterprise credentials, depending on the determined type of the access request, to access the remote infrastructure component to perform application configuration retrieval from the remote infrastructure component as part of the discovery of the enterprise computing infrastructure, and wherein the secure trust store is maintained separate from the agent-less discovery engine.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8 further comprising a credential creation module configured for creating credentials, wherein for an unprivileged type access request, credential creation module creates credentials if the requested unprivileged access is for query-only access, and the request processing module responds to the request via the secure connection with the created credentials.
  - 10. The system of claim 9, wherein the credential administrator is further configured for renewing access credentials based on policies, before credential expiration.
  - 11. The system of claim 8 further including agent-full components.
  - 12. The system of claim 8, wherein the credential manager is further configured for shielding the agent-less discovery engine from credential management and allowing the agent-less discovery engine to perform a dynamic agent-less discovery of the enterprise infrastructure.
  - 13. The system of claim 8, wherein the credential manager is an external credential manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Alberti, Enrica, Pichetti, Luigi, Secchi, Marco, Secomandi, Antonio
Primary Examiner(s)
Chai, Longbit

Application Number

US12/166,252
Publication Number

US 20100005516A1
Time in Patent Office

1,295 Days
Field of Search

726/6
US Class Current

726/6
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/102 Entity profiles

Secure agent-less enterprise infrastructure discovery

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Secure agent-less enterprise infrastructure discovery

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links