Systems and methods for establishing cloud-based instances with independent permissions

US 8,769,644 B1
Filed: 12/20/2013
Issued: 07/01/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating management of cloud-based service instances, the method comprising:

establishing, by a cloud management service configured to communicate with a multi-tenant computing cloud, a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance;

receiving, by the cloud management service, a request for the cloud-based service instance, the request authenticated as originating from a requestor, wherein the request is a request for direct access, by the requestor, to the cloud-based service instance;

consulting, by the cloud management service, a set of access controls associated with the cloud-based service instance;

determining, by the cloud management service, responsive to the consulting, if the request is allowable by the requestor; and

enabling, by the cloud management service responsive to determining that the request is allowable by the requestor, the requestor to complete the request using an access credential associated with the access entity by returning, to the requestor, the access credential associated with the access entity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for facilitating management of cloud-based service instances, the system including one or more computing systems configured to communicate with at least one multi-tenant computing cloud, and configured to establish a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance. The system can receive a request for the cloud-based service instance, the request authenticated as originating from a requestor; consult a set of access controls associated with the cloud-based service instance; determine, responsive to the consulting, if the request is allowable by the requestor; and enable, responsive to determining that the request is allowable by the requestor, the requestor to complete the request using a restricted access credential associated with the access entity.

56 Citations

View as Search Results

30 Claims

1. A method of facilitating management of cloud-based service instances, the method comprising:
- establishing, by a cloud management service configured to communicate with a multi-tenant computing cloud, a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance;
  
  receiving, by the cloud management service, a request for the cloud-based service instance, the request authenticated as originating from a requestor, wherein the request is a request for direct access, by the requestor, to the cloud-based service instance;
  
  consulting, by the cloud management service, a set of access controls associated with the cloud-based service instance;
  
  determining, by the cloud management service, responsive to the consulting, if the request is allowable by the requestor; and
  
  enabling, by the cloud management service responsive to determining that the request is allowable by the requestor, the requestor to complete the request using an access credential associated with the access entity by returning, to the requestor, the access credential associated with the access entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein establishing the cloud-based service instance comprises communicating, by the cloud management service, with the multi-tenant computing cloud, to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 3. The method of claim 1, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 4. The method of claim 1, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 5. The method of claim 1, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 6. The method of claim 1, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 7. The method of claim 1,further comprising establishing, by the cloud management service, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request,wherein enabling the requestor to complete the request comprises enabling the requestor to complete the request using an access credential associated with the custom access entity.
  - 8. The method of claim 1, wherein establishing further comprises storing, by the cloud management service, the access credential for the access entity.

9. A method of facilitating management of cloud-based service instances, the method comprising:
- establishing, by a cloud management service configured to communicate with a multi-tenant computing cloud, a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance;
  
  receiving, by the cloud management service, a request for the cloud-based service instance, the request authenticated as originating from a requestor, wherein the request is a request to perform an action on the cloud-based service instance;
  
  consulting, by the cloud management service, a set of access controls associated with the cloud-based service instance;
  
  determining, by the cloud management service, responsive to the consulting, if the request is allowable by the requestor; and
  
  enabling, by the cloud management service responsive to determining that the request is allowable by the requestor, the requestor to complete the request using an access credential associated with the access entity by forwarding the request to the multi-tenant computing cloud, with the access credential associated with the access entity.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein establishing the cloud-based service instance comprises communicating, by the cloud management service, with the multi-tenant computing cloud, to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 11. The method of claim 9, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 12. The method of claim 9, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 13. The method of claim 9, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 14. The method of claim 9, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 15. The method of claim 9,further comprising establishing, by the cloud management service, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request,wherein enabling the requestor to complete the request comprises enabling the requestor to complete the request using an access credential associated with the custom access entity.
  - 16. The method of claim 9, wherein establishing further comprises storing, by the cloud management service, the access credential for the access entity.

17. A system for facilitating management of cloud-based service instances, the system comprising one or more servers including one or more hardware processors configured to communicate with at least one multi-tenant computing cloud, the one or more servers including one or more hardware processors configured to:
- establish a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance;
  
  receive a request for the cloud-based service instance, the request authenticated as originating from a requestor, wherein the request is a request for direct access, by the requestor, to the cloud-based service instance;
  
  consult a set of access controls associated with the cloud-based service instance;
  
  determine, responsive to the consulting, if the request is allowable by the requestor; and
  
  enable, responsive to determining that the request is allowable by the requestor, the requestor to complete the request using a access credential associated with the access entity by returning, to the requestor, the access credential associated with the access entity.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the one or more servers including one or more hardware processors is further configured to establish the cloud-based service instance by communicating with the multi-tenant computing cloud to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 19. The system of claim 17, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 20. The system of claim 17, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 21. The system of claim 17, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 22. The system of claim 17, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 23. The system of claim 17,wherein the one or more servers including one or more hardware processors is further configured to establish, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request;
    - andwherein the one or more servers including one or more hardware processors is configured to enable the requestor to complete the request using an access credential associated with the custom access entity.
  - 24. The system of claim 17, wherein the one or more servers including one or more hardware processors is further configured to store the access credential for the access entity.

25. A system for facilitating management of cloud-based service instances, the system comprising one or more servers including one or more hardware processors configured to communicate with at least one multi-tenant computing cloud, the one or more servers including one or more hardware processors configured to:
- establish a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance;
  
  receive a request for the cloud-based service instance, the request authenticated as originating from a requestor, wherein the request is a request to perform an action on the cloud-based service instance;
  
  consult a set of access controls associated with the cloud-based service instance;
  
  determine, responsive to the consulting, if the request is allowable by the requestor; and
  
  enable, responsive to determining that the request is allowable by the requestor, the requestor to complete the request using an access credential associated with the access entity by forwarding the request to the multi-tenant computing cloud with the access credential associated with the access entity.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The system of claim 25, wherein the one or more servers including one or more hardware processors is further configured to establish the cloud-based service instance by communicating with the multi-tenant computing cloud to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 27. The system of claim 25, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 28. The system of claim 25, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 29. The system of claim 25,wherein the one or more servers including one or more hardware processors is further configured to establish, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request;
    - andwherein the one or more servers including one or more hardware processors is configured to enable the requestor to complete the request using an access credential associated with the custom access entity.
  - 30. The system of claim 25, wherein the one or more servers including one or more hardware processors is further configured to store the access credential for the access entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RightScale Incorporated (Flexera Software LLC)
Original Assignee
RightScale Incorporated (Flexera Software LLC)
Inventors
Eicken, Thorsten von, Gonzalez, Jose Maria Blanquer, Simon, Raphael George Jacques
Primary Examiner(s)
Gee, Jason K.
Assistant Examiner(s)
LWIN, MAUNG T

Application Number

US14/137,226
Time in Patent Office

193 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

Systems and methods for establishing cloud-based instances with independent permissions

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for establishing cloud-based instances with independent permissions

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links