Secure administration of virtual machines
First Claim
1. A method comprising:
- receiving a first request from an unverified entity to instantiate a first instance of a virtual machine, said first request defining a first set of one or more resources to be made available by a virtual machine server device to the first instance of the virtual machine, said first request including first security information;
validating the first request by verifying the unverified entity using the first security information;
accessing an authorization database, said authorization database identifying one or more resources, based on the verified entity, that the first instance of the virtual machine is authorized to use on the virtual machine server device, said authorization database defining one or more affinity-based restrictions for a multitenancy environment of the vitual machine server device;
based on the one or more resources and the one or more affinity-based restrictions identified by the authorization database, determining a subset of the first set of one or more resources that exists on the virtual machine server device and is available to be provided by the virtual machine server device to the first instance of the virtual machine; and
responsive to validating the first request;
instantiating the first instance of the virtual machine with access to the subset of the first set of one or more resources.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for performing secure administration of virtual domain resource allocation are provided herein. A cloud service provider (CSP) may provide instances of virtual machines to one or more contracting user entities. The cloud service provider may store an authorization database identifying one or more resources (e.g., storage, CPU, etc.) that each of the different contracting user entities is authorized to use on a virtual machine server device. The CSP may subsequently receive a request from an unverified entity to instantiate a virtual machine with access to one or more resources. The request may include security information. The CSP validates the request by verifying the unverified entity using the first security information (e.g., checking a PKI certificate, requiring a login/password, etc.) and, when the request is validated, provides access to the verified entity to a subset of the requested one or more resources based on the authorization database.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a first request from an unverified entity to instantiate a first instance of a virtual machine, said first request defining a first set of one or more resources to be made available by a virtual machine server device to the first instance of the virtual machine, said first request including first security information; validating the first request by verifying the unverified entity using the first security information; accessing an authorization database, said authorization database identifying one or more resources, based on the verified entity, that the first instance of the virtual machine is authorized to use on the virtual machine server device, said authorization database defining one or more affinity-based restrictions for a multitenancy environment of the vitual machine server device; based on the one or more resources and the one or more affinity-based restrictions identified by the authorization database, determining a subset of the first set of one or more resources that exists on the virtual machine server device and is available to be provided by the virtual machine server device to the first instance of the virtual machine; and responsive to validating the first request; instantiating the first instance of the virtual machine with access to the subset of the first set of one or more resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more nontransitory computer readable media comprising computer readable instructions that, when executed, configure a virtualization server to perform:
-
receiving a first request from an unverified entity to instantiate a first instance of a virtual machine, said first request defining a first set of one or more resources to be made available by the virtualization server to the first instance of the virtual machine, said first request including first security information; validating the first request by verifying the unverified entity using the first security information; and responsive to validating the first request; based on an authorization database identifying one or more resources that each of a plurality of entities is authorized to access and based on one or more affinity-based restrictions for a multitenancy environment of the virtualization server, determining a subset of the first set of one or more resources that exists on the virtualization server and is available to be provided by the virtualization server to the first instance of the virtual machine, and instatiating the first instance of the virtual machine with the subset of the first set of one or more resources. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A virtualization server, comprising:
-
a processor; and memory storing computer readable instructions that, when executed by the processor, configure the virtualization server to perform; receiving a first request from an unverified entity to instantiate a first instance of a virtual machine, said first request defining a first set of one or more resources to be made available by the virtualization server to the first instance of the virtual machine, said first request including first security information, said first request defining one or more affinity-based restrictions for a multitenancy environment of the virtualization server; validating the first request by verifying the unverified entity using the first security information; and responsive to validating the first request; based on an authorization database identifying one or more resources that each of a plurality of entities is authorized to access and based on the one or more affinity-based restrictions, determining a subset of the first set of one or more resources that exists on the virtualization server and is available to be provided by the virtualization server to the first instance of the virtual machine, and instantiating the first instance of the virtual machine with the subset of the first set of one or more resources. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification