System and method for a cloud computing abstraction layer with security zone facilities
First Claim
1. A method, comprising:
- providing at least one processor capable of executing computing code in data communication with a nontransitory computer readable storage medium having encoded thereon computer executable instructions which, when executed on the processor, provide a virtualization environment adapted for development of a software workload to be deployed using at least one resource of a computing cloud, the software workload including a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS), the virtualization environment having a metamodel framework that allows for the association of at least one policy to the software workload, the policy to be applied to the software workload upon its deployment;
defining a security zone including at least one of the cloud resource(s), wherein one or more boundaries of the security zone are updatable, wherein one or more updated policies are applicable to the software workload when deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction;
determining at least one of a plurality of security zone policy types, each type comprising at least one security policy that may be applied to the software workload using at least one resource within the security zone;
including the at least one security zone policy type in the metamodel framework;
associating a security policy of the at least one security zone policy type(s) with the software workload upon development of the software workload; and
automatically applying the security policy to the software workload when the software workload is deployed within the security zone.
6 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for a virtualization environment adapted for development and deployment of at least one software workload, the virtualization environment having a metamodel framework that allows the association of a policy to the software workload upon development of the workload that is applied upon deployment of the software workload. This allows a developer to define a security zone and to apply at least one type of security policy with respect to the security zone including the type of security zone policy in the metamodel framework such that the type of security zone policy can be associated with the software workload upon development of the software workload, and if the type of security zone policy is associated with the software workload, automatically applying the security policy to the software workload when the software workload is deployed within the security zone.
228 Citations
20 Claims
-
1. A method, comprising:
-
providing at least one processor capable of executing computing code in data communication with a nontransitory computer readable storage medium having encoded thereon computer executable instructions which, when executed on the processor, provide a virtualization environment adapted for development of a software workload to be deployed using at least one resource of a computing cloud, the software workload including a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS), the virtualization environment having a metamodel framework that allows for the association of at least one policy to the software workload, the policy to be applied to the software workload upon its deployment; defining a security zone including at least one of the cloud resource(s), wherein one or more boundaries of the security zone are updatable, wherein one or more updated policies are applicable to the software workload when deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction; determining at least one of a plurality of security zone policy types, each type comprising at least one security policy that may be applied to the software workload using at least one resource within the security zone; including the at least one security zone policy type in the metamodel framework; associating a security policy of the at least one security zone policy type(s) with the software workload upon development of the software workload; and automatically applying the security policy to the software workload when the software workload is deployed within the security zone. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14)
-
-
12. A system, comprising:
-
at least one processor capable of executing computing code; and a non-transitory computer readable storage medium in data communication with the processor and having encoded thereon computer executable instructions for providing a virtualization environment adapted for development of a software workload to be deployed using at least one resource of a computing cloud, the software workload including a software unit of computing processing performed via at least one of an Infrastructure-as-a-Service (IaaS), a Platform-as-a-Service (PaaS), or a Service-as-a-Service (SaaS), the virtualization environment having a meta model framework that allows the association of at least one policy to the software workload, the policy to be applied to the software workload upon its deployment, and which allows for the defining of a security zone including at least one of the cloud resource(s), wherein one or more boundaries of the security zone are updatable, wherein one or more updated policies are applicable to the software workload when deployed within the security zone, and wherein the security zone is definable at differing levels of abstraction, and the determining of at least one of a plurality of security zone policy types, each type comprising at least one security policy that may be applied to the software workload using at least one resource within the security zone, including the security zone policy type in the metamodel framework such that a security policy of the at least one security zone policy type(s) can be associated with the software workload upon development of the software workload, and allows for automatically applying the security policy to the software workload when the software workload is deployed within the security zone. - View Dependent Claims (13, 15, 16, 17, 18, 19, 20)
-
Specification