Systems and methods for establishing cloud-based instances with independent permissions

US 9,215,229 B2
Filed: 06/27/2014
Issued: 12/15/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating management of cloud-based service instances, the method comprising:

receiving, by a cloud management service configured to communicate with a multi-tenant computing cloud, a request to perform an action on a cloud-based service instance hosted in the multi-tenant computing cloud, the request authenticated as originating from a requestor;

determining, by the cloud management service, that the request is allowable by the requestor based on a set of access controls associated with the cloud-based service instance; and

enabling, by the cloud management service responsive to determining that the request is allowable, the requestor to complete the request using an access credential associated with an access entity with permissions to access the cloud-based service instance by forwarding the request to the multi-tenant computing cloud with the access credential associated with the access entity.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for facilitating management of cloud-based service instances, the system including one or more computing systems configured to communicate with at least one multi-tenant computing cloud, and configured to establish a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance. The system can receive a request for the cloud-based service instance, the request authenticated as originating from a requestor; consult a set of access controls associated with the cloud-based service instance; determine, responsive to the consulting, if the request is allowable by the requestor; and enable, responsive to determining that the request is allowable by the requestor, the requestor to complete the request using a restricted access credential associated with the access entity.

35 Citations

View as Search Results

32 Claims

1. A method of facilitating management of cloud-based service instances, the method comprising:
- receiving, by a cloud management service configured to communicate with a multi-tenant computing cloud, a request to perform an action on a cloud-based service instance hosted in the multi-tenant computing cloud, the request authenticated as originating from a requestor;
  
  determining, by the cloud management service, that the request is allowable by the requestor based on a set of access controls associated with the cloud-based service instance; and
  
  enabling, by the cloud management service responsive to determining that the request is allowable, the requestor to complete the request using an access credential associated with an access entity with permissions to access the cloud-based service instance by forwarding the request to the multi-tenant computing cloud with the access credential associated with the access entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 3. The method of claim 1, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 4. The method of claim 1, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 5. The method of claim 1, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 6. The method of claim 1, further comprisingestablishing, by the cloud management service, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request,wherein enabling the requestor to complete the request comprises enabling the requestor to complete the request using an access credential associated with the custom access entity.
  - 7. The method of claim 1, further comprising establishing the cloud-based service instance by submitting, by the cloud management service to multi-tenant computing cloud, instructions to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 8. The method of claim 7, further comprising establishing the access entity with permissions to access the established cloud service instance separately from establishing the cloud-based service instance.

9. A system for facilitating management of cloud-based service instances, the system comprising:
- one or more servers including one or more hardware processors configured to communicate with at least one multi-tenant computing cloud; and
  
  computer readable memory storing instructions that, when executed by the one or more hardware processors, cause the one or more servers to;
  
  receive a request to perform an action on a cloud-based service instance hosted in the multi-tenant computing cloud, the request authenticated as originating from a requestor;
  
  determine that the request is allowable by the requestor based on a set of access controls associated with the cloud-based service instance; and
  
  enable the requestor, responsive to determining that the request is allowable, to complete the request using an access credential associated with an access entity with permissions to access the cloud-based service instance by forwarding the request to the multi-tenant computing cloud with the access credential associated with the access entity.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 11. The system of claim 9, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 12. The system of claim 9, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 13. The system of claim 9, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 14. The system of claim 9, the instructions further comprising instructions that, when executed by the one or more hardware processors, cause the one or more servers to:
    - establish, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request,wherein the requestor is enabled to complete the request using an access credential associated with the custom access entity.
  - 15. The system of claim 9, wherein the instructions further comprising instructions that, when executed by the one or more hardware processors, cause the one or more servers to establish the cloud-based service instance by submitting, by the cloud management service to multi-tenant computing cloud, instructions to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 16. The system of claim 15, wherein the instructions further comprising instructions that, when executed by the one or more hardware processors, cause the one or more servers to establish the access entity with permissions to access the established cloud service instance separately from establishing the cloud-based service instance.

17. A method of facilitating management of cloud-based service instances, the method comprising:
- receiving, by a cloud management service configured to communicate with a multi-tenant computing cloud, a request for direct access to a cloud-based service instance hosted in the multi-tenant computing cloud, the request authenticated as originating from a requestor;
  
  determining, by the cloud management service, that the request is allowable by the requestor based on a set of access controls associated with the cloud-based service instance; and
  
  enabling, by the cloud management service responsive to determining that the request is allowable, the requestor to complete the request using an access credential associated with an access entity with permissions to access the cloud-based service instance by returning to the requestor the access credential associated with the access entity.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 19. The method of claim 17, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 20. The method of claim 17, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 21. The method of claim 17, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 22. The method of claim 17, further comprisingestablishing, by the cloud management service, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request,wherein enabling the requestor to complete the request comprises enabling the requestor to complete the request using an access credential associated with the custom access entity.
  - 23. The method of claim 17, further comprising establishing the cloud-based service instance by submitting, by the cloud management service to multi-tenant computing cloud, instructions to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 24. The method of claim 23, further comprising establishing the access entity with permissions to access the established cloud service instance separately from establishing the cloud-based service instance.

25. A system for facilitating management of cloud-based service instances, the system comprising:
- one or more servers including one or more hardware processors configured to communicate with at least one multi-tenant computing cloud; and
  
  computer readable memory storing instructions that, when executed by the one or more hardware processors, cause the one or more servers to;
  
  receive a request for direct access to a cloud-based service instance hosted in the multi-tenant computing cloud, the request authenticated as originating from a requestor;
  
  determine that the request is allowable by the requestor based on a set of access controls associated with the cloud-based service instance; and
  
  enable the requestor, responsive to determining that the request is allowable, to complete the request using an access credential associated with an access entity with permissions to access the cloud-based service instance by returning, to the requestor, the access credential associated with the access entity.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The system of claim 25, wherein the access entity permissions are restricted to allow access only to the established cloud service instance.
  - 27. The system of claim 25, wherein the cloud-based service instance is associated with a resource pool comprising one or more cloud-based service instances and the access entity permissions are restricted to only accessing cloud-based service instances in the resource pool.
  - 28. The system of claim 25, wherein the cloud-based service instance provides one of a database, a load balancer, a message queue, a communication channel, and data storage.
  - 29. The system of claim 25, wherein the cloud-based service instance is a virtual service provided in the multi-tenant computing cloud.
  - 30. The system of claim 25, the instructions further comprising instructions that, when executed by the one or more hardware processors, cause the one or more servers to:
    - establish, responsive to determining that the request is allowable by the requestor, a custom access entity with permissions sufficient to perform the request,wherein the requestor is enabled to complete the request using an access credential associated with the custom access entity.
  - 31. The system of claim 25, wherein the instructions further comprising instructions that, when executed by the one or more hardware processors, cause the one or more servers to establish the cloud-based service instance by submitting, by the cloud management service to multi-tenant computing cloud, instructions to create, start, instantiate, discover, identify, duplicate, import, configure, or generate, the cloud-based service instance.
  - 32. The system of claim 31, wherein the instructions further comprising instructions that, when executed by the one or more hardware processors, cause the one or more servers to establish the access entity with permissions to access the established cloud service instance separately from establishing the cloud-based service instance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RightScale Incorporated (Flexera Software LLC)
Original Assignee
RightScale Incorporated (Flexera Software LLC)
Inventors
Eicken, Thorsten von, Gonzalez, Jose Maria Blanquer, Simon, Raphael George Jacques
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
Lwin, Maung

Application Number

US14/317,159
Publication Number

US 20140317701A1
Time in Patent Office

536 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

Systems and methods for establishing cloud-based instances with independent permissions

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for establishing cloud-based instances with independent permissions

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links