Techniques for identity-enabled interface deployment
First Claim
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
- configuring a cloud agent for deployment within a target cloud environment, the cloud agent configured within an enterprise environment and the cloud agent is configured to process on processors of the target cloud environment and to use interfaces that the target cloud environment uses;
authenticating the cloud agent and obtaining a cloud agent identity;
assigning an expiration condition to the cloud agent identity that when satisfied renders the cloud agent identity invalid and providing the configured cloud agent with a mechanism to extend the expiration condition of the agent by obtaining other credentials to extend beyond the expiration condition by extending an expiration specification, wherein the agent uses the mechanism for raising a particular event that results in the agent obtaining the other credentials;
requesting, by the cloud agent, a security token from a security manager of the target cloud environment, the security token unique to the target cloud environment;
receiving, by the cloud agent, a token expiration condition with the security token, and when the token expiration condition is met, the security token becomes invalid for use within the target cloud environment; and
deploying the cloud agent to the target cloud environment for enforcement of enterprise policy within the target cloud environment, via the cloud agent.
16 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing identity-enabled interfaces for deployment are presented. Specifically, an agent of an enterprise infrastructure authenticates and acquires an agent identity for interacting with a cloud processing environment. Once the agent is deployed in the cloud processing environment, enterprise policy can be enforced within the cloud processing environment on actions occurring within the cloud. The agent acts as an Application Programming Interface between the enterprise and the cloud processing environment. The reverse is also achievable, where a cloud deploys an agent to the enterprise to deploy a cloud interface within the enterprise for policy enforcement.
-
Citations
8 Claims
-
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors configured to perform the method, comprising:
-
configuring a cloud agent for deployment within a target cloud environment, the cloud agent configured within an enterprise environment and the cloud agent is configured to process on processors of the target cloud environment and to use interfaces that the target cloud environment uses; authenticating the cloud agent and obtaining a cloud agent identity; assigning an expiration condition to the cloud agent identity that when satisfied renders the cloud agent identity invalid and providing the configured cloud agent with a mechanism to extend the expiration condition of the agent by obtaining other credentials to extend beyond the expiration condition by extending an expiration specification, wherein the agent uses the mechanism for raising a particular event that results in the agent obtaining the other credentials; requesting, by the cloud agent, a security token from a security manager of the target cloud environment, the security token unique to the target cloud environment; receiving, by the cloud agent, a token expiration condition with the security token, and when the token expiration condition is met, the security token becomes invalid for use within the target cloud environment; and deploying the cloud agent to the target cloud environment for enforcement of enterprise policy within the target cloud environment, via the cloud agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification