System and method for virtual image security in a cloud environment
First Claim
1. A method to provide secure access in a virtual computing environment, the method executed by a processor comprising hardware, the processor configured to perform a plurality of operations, the operations comprising:
- assigning, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network and wherein assigning a status includes assigning a status indicating that the guest virtual machine is unavailable for use by a user;
receiving, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine;
receiving, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine; and
determining, at the virtual access control machine, an action to take based on the status.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided herein are systems and method enabling secure virtual image access in a virtual or cloud computing environment. The systems and methods include assigning a status to indicator to guest virtual machines (virtual images) that provide applications and other services to cloud consumers in the cloud environment. A virtual appliance machine in the cloud environment maintains the status of the guest virtual machines and makes decisions based on the status as to whether to allow access to the guest virtual machines. These decisions are transmitted to local elements on the guest virtual machines, which enforce access control on a local level. In this manner, unauthorized virtual image access is prevented providing increased security and data integrity.
51 Citations
24 Claims
-
1. A method to provide secure access in a virtual computing environment, the method executed by a processor comprising hardware, the processor configured to perform a plurality of operations, the operations comprising:
-
assigning, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network and wherein assigning a status includes assigning a status indicating that the guest virtual machine is unavailable for use by a user; receiving, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine; receiving, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine; and determining, at the virtual access control machine, an action to take based on the status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to provide secure access in a virtual computing environment, the system comprising:
a processor comprising hardware, the processor configured to; assign, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network and wherein the processor configured to assign the status is configured to assign a status indicating that the guest virtual machine is unavailable for use by a user, receive, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine, receive, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine, and determine, at the virtual access control machine, an action to take based on the status. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable medium including computer-executable instructions thereon, the computer-executable instructions, when executed, causing a processor to:
-
assign, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network and wherein the instructions to assign the status includes instructions to assign a status indicating that the guest virtual machine is unavailable for use by a user; receive, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine; receive, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine; and determine, at the virtual access control machine, an action to take based on the status. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification