×

Virtual firewalls for multi-tenant distributed services

  • US 8,904,511 B1
  • Filed: 08/23/2010
  • Issued: 12/02/2014
  • Est. Priority Date: 08/23/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for firewalling in a multi-tenant distributed service, comprising:

  • under control of one or more computer systems configured with executable instructions,provisioning a plurality of computing resources to a plurality of tenants of the multi-tenant distributed service responsive to user interaction with a provisioning user interface of the multi-tenant distributed service, the plurality of provisioned computing resources being maintained by the multi-tenant distributed service with a plurality of server computers of the multi-tenant distributed service;

    maintaining, with a firewalling component in a supervisory layer of the multi-tenant distributed service, a plurality of virtual firewalls that enforce a plurality of computing resource policy sets with respect to the plurality of provisioned computing resources, the plurality of computing resource policy sets that include firewalling policies established by a plurality of service users authorized by the plurality of tenants, the firewalling component being distinct from the plurality of provisioned computing resources;

    receiving, at a resource user interface of the multi-tenant distributed service, a first request targeting a distinguished computing resource of the plurality of provisioned computing resources;

    identifying, with the firewalling component in the supervisory layer of the multi-tenant distributed service, a distinguished virtual firewall of the plurality of virtual firewalls that enforces a distinguished policy set of the plurality of computing resource policy sets with respect to the distinguished computing resource;

    checking whether an update of the distinguished policy set is required based at least in part on information associated with the first request; and

    submitting a second request targeting the distinguished computing resource, with the firewalling component in the supervisory layer of the multi-tenant distributed service, to the distinguished virtual firewall to obtain enforcement of the distinguished policy set, the second request based at least in part on the first request.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×