Secure integration of hybrid clouds with enterprise networks

US 9,294,443 B2
Filed: 09/02/2014
Issued: 03/22/2016
Est. Priority Date: 01/31/2005
Status: Active Grant

First Claim

Patent Images

1. A system for managing secure integration of a cloud-based computing resource with a private domain, the system comprising:

a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud;

a virtual data relay within the private domain and associated with the second virtual machine, the virtual data relay comprising;

a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member; and

a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of managing secure integration of a cloud-based computing resource with a private domain are disclosed. One system includes a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud. The system also includes a virtual data relay within the private domain and associated with the second virtual machine. The virtual data relay includes a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member. The virtual data relay also includes a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol.

Citations

20 Claims

1. A system for managing secure integration of a cloud-based computing resource with a private domain, the system comprising:
- a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud;
  
  a virtual data relay within the private domain and associated with the second virtual machine, the virtual data relay comprising;
  
  a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member; and
  
  a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein communications from virtual machines within the private domain that are members of the community of interest to the second virtual machine are routed to the second virtual machine via the virtual data relay.
  - 3. The system of claim 1, wherein the virtual data relay exchanges data between the private domain interface and the public cloud interface via clear text.
  - 4. The system of claim 1, wherein the second security protocol comprises IPsec.
  - 5. The system of claim 4, wherein the first security protocol comprises Stealth.
  - 6. The system of claim 4, wherein the public cloud interface forms a VPN connection to the second virtual machine from the virtual data relay.
  - 7. The system of claim 1, further comprising a licensing server communicatively connected to one or more virtual machines in the private domain and in the public cloud via a third security protocol.
  - 8. The system of claim 1, wherein the second security protocol is used to secure data transmitted from the private domain to the public cloud via the Internet.
  - 9. The system of claim 1, further comprising:
    - a third virtual machine within the public cloud; and
      
      a second virtual data relay within the private domain and associated with the third virtual machine, the second virtual data relay comprising;
      
      a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a second community of interest, the virtual data relay assigned a second community of interest key different from the community of interest key, the second community of interest key used by the private domain interface of the second virtual data relay and defining the second community of interest of which the third virtual machine is a member; and
      
      a public cloud interface used to establish a secure communication link with the third virtual machine, the public cloud interface of the second virtual data relay using the second security protocol.
  - 10. The system of claim 9, wherein the first virtual machine is included in the community of interest but excluded from the second community of interest, and wherein the first virtual machine can communicate with the second virtual machine but not the third virtual machine.

11. A method of securely integrating a cloud-based computing resource with a private domain, the method comprising:
- establishing a virtual data relay in a private domain of a hybrid cloud arrangement including a plurality of virtual machines across a private domain and a cloud-based domain, the virtual data relay dedicated to a cloud-based virtual machine;
  
  receiving data addressed to the cloud-based virtual machine at a private domain interface of the virtual data relay according to a first security protocol from a virtual machine within the community of interest, the virtual machine included within the private domain; and
  
  transmitting the data to the cloud-based virtual machine according to a second security protocol different from the first security protocol.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising assigning a role to each virtual machine within a hybrid cloud arrangement.
  - 13. The method of claim 11, further comprising establishing a connection to a licensing server using a third security protocol.
  - 14. The method of claim 13, wherein the first security protocol comprises a Stealth protocol and the second protocol comprises an IPsec protocol.
  - 15. The method of claim 14, wherein the third security protocol comprises a second Stealth protocol incompatible with the Stealth protocol.
  - 16. The method of claim 11, further comprising applying at least one filter at the second virtual data relay.
  - 17. The method of claim 16, wherein the at least one filter defines a plurality of connection rules for the cloud-based virtual machine.
  - 18. The method of claim 17, wherein the connection rules define an administrative community of interest, a service community of interest, and a license community of interest of which the cloud-based virtual machine is a member.

19. A system for managing secure integration of a cloud-based computing resource with a private domain, the system comprising:
- a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud;
  
  a virtual data relay within the private domain and associated with the second virtual machine, the virtual data relay comprising;
  
  a private domain interface used to establish a secure communication link according to a Stealth protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface to secure communications within a community of interest of which the second virtual machine is a member; and
  
  a public cloud interface;
  
  a gateway appliance through which communications from the virtual data relay are routed to the second virtual machine, the gateway appliance used to establish a VPN connection between the public cloud interface of the virtual data relay and the second virtual machine; and
  
  a licensing appliance accessible to each of the plurality of virtual machines via a licensing community of interest secured using a licensing community of interest key distributed to each of the plurality of virtual machines.
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising a credentialing service within the private domain, the credentialing service used to provide the community of interest key to the virtual data relay.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Johnson, Robert A, Brandt, Mark S, Byrd, Christopher A, Jaing, Kathy Y
Primary Examiner(s)
McNally, Michael S

Application Number

US14/474,459
Publication Number

US 20150381568A1
Time in Patent Office

567 Days
Field of Search

726/15
US Class Current

1/1
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 9/45533   Hypervisors; Virtual machin...

G06Q 10/10   Office automation; Time man...

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/04   for providing a confidentia...

H04L 63/0485   Networking architectures fo...

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

H04L 67/10   in which an application is ...

Secure integration of hybrid clouds with enterprise networks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure integration of hybrid clouds with enterprise networks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links