System and method for identity based authentication in a distributed virtual switch network environment
First Claim
1. A method executed by a network access control (NAC) in a distributed virtual switch (DVS) network environment, comprising:
- forwarding user credentials from a virtual machine (VM) in the DVS network environment to a network element located outside the DVS network environment, wherein the user credentials relate to a user attempting to access the VM, wherein a plurality of tenants subscribe to one or more VMs hosted in the DVS network and the tenants share underlying infrastructure of the DVS network, wherein each tenant controls a separate NAC and a separate network element that can assure security of user authentication relevant to the tenant;
receiving a user policy at the NAC from the network element, wherein the network element is configured with the user policy by a tenant controlling the NAC and the network element; and
facilitating enforcement of the user policy within the DVS network environment.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method includes forwarding user credentials from a virtual machine in a distributed virtual switch (DVS) network environment to a network element outside the DVS network environment, receiving a user policy from the AAA server, and facilitating enforcement of the user policy within the DVS network environment. The user credentials may relate to a user attempting to access the VM. In a specific embodiment, the user credentials are provided in a 802.1X packet. In a particular embodiment, a network access control (NAC) in the DVS network environment forwards the user credentials, receives the user policy, and facilitates the enforcement of the user policy. In one embodiment, the NAC is provisioned as another VM in the DVS network environment.
26 Citations
20 Claims
-
1. A method executed by a network access control (NAC) in a distributed virtual switch (DVS) network environment, comprising:
-
forwarding user credentials from a virtual machine (VM) in the DVS network environment to a network element located outside the DVS network environment, wherein the user credentials relate to a user attempting to access the VM, wherein a plurality of tenants subscribe to one or more VMs hosted in the DVS network and the tenants share underlying infrastructure of the DVS network, wherein each tenant controls a separate NAC and a separate network element that can assure security of user authentication relevant to the tenant; receiving a user policy at the NAC from the network element, wherein the network element is configured with the user policy by a tenant controlling the NAC and the network element; and facilitating enforcement of the user policy within the DVS network environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Logic encoded in non-transitory media that includes instructions for execution and when executed by a processor, is operable to perform operations comprising:
-
forwarding, by a NAC in the DVS, user credentials from a VM in a DVS network environment to a network element outside the DVS network environment, wherein the user credentials relate to a user attempting to access the VM, wherein a plurality of tenants subscribe to one or more VMs hosted in the DVS network and the tenants share underlying infrastructure of the DVS network, wherein each tenant controls a separate NAC and a separate network element that can assure security of user authentication relevant to the tenant; receiving a user policy at the NAC from the network element, wherein the network element is configured with the user policy by a tenant controlling the NAC and the network element; and facilitating enforcement of the user policy within the DVS network environment. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a memory element for storing data; and a processor that executes instructions associated with the data, wherein the processor and the memory element cooperate, such that the apparatus is configured to; forward user credentials, by a NAC in a DVS network environment to a network element outside the DVS network environment, wherein the user credentials relate to a user attempting to access a virtual machine (VM), wherein a plurality of tenants subscribe to one or more VMs hosted in the DVS network and the tenants share underlying infrastructure of the DVS network, wherein each tenant controls a separate NAC and a separate network element that can assure security of user authentication relevant to the tenant; receive a user policy at the NAC from the network element, wherein the network element is configured with the user policy by a tenant controlling the NAC and the network element; and facilitate enforcement of the user policy within the DVS network environment. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification