System and method for enforcement of security controls on virtual machines throughout life cycle state changes
First Claim
Patent Images
1. A computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
computer readable program code configured to instantiate a guest virtual machine in a virtual computing environment;
computer readable program code configured to install a life cycle agent on the guest virtual machine;
computer readable program code configured to assign a certificate that identifies the virtual machine, a set of policies, and an encryption key to the guest virtual machine; and
computer readable program code configured to provide the identifying certificate, the set of policies, and the encryption key to the guest virtual machine for use of the identifying certificate, the set of policies or the encryption key, in conjunction with the life cycle agent.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods associated with virtual machine security are described herein. One example method includes instantiating a guest virtual machine in a virtual computing environment. The method also includes installing a life cycle agent on the guest virtual machine, assigning an identifying certificate, a set of policies, and an encryption key to the guest virtual machine, and providing the certificate, policies, and encryption key to the guest virtual machine. The certificate, policies, and encryption key may then be used by the guest virtual machine to authenticate itself within the virtual computing environment and to protect data stored on the guest virtual machine.
-
Citations
38 Claims
-
1. A computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising; computer readable program code configured to instantiate a guest virtual machine in a virtual computing environment; computer readable program code configured to install a life cycle agent on the guest virtual machine; computer readable program code configured to assign a certificate that identifies the virtual machine, a set of policies, and an encryption key to the guest virtual machine; and computer readable program code configured to provide the identifying certificate, the set of policies, and the encryption key to the guest virtual machine for use of the identifying certificate, the set of policies or the encryption key, in conjunction with the life cycle agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a policy data store, comprising hardware, to store policies associated with a guest virtual machine operating in a virtual computing environment; an agent deployment module to deploy a life cycle agent to a guest virtual machine; a policy deployment module to transmit a set of the policies to the life cycle agent; and a life cycle engine module to monitor state changes associated with the guest virtual machine based on the policies, and to take remedial action upon detecting an unauthorized state change. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A system, comprising:
-
a policy data store, comprising hardware, to store policies associated with a guest virtual machine operating in a virtual computing environment; an agent deployment module to deploy a life cycle agent to a guest virtual machine; a policy deployment module to transmit a set of the policies to the life cycle agent; and a virtual machine integrity module to detect integrity of the guest virtual machine based on the policies, and to take remedial action upon detecting that integrity of the guest virtual machine has been compromised. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A method comprising:
-
instantiating a guest virtual machine in a virtual computing environment; installing a life cycle agent on the guest virtual machine; assigning a certificate that identifies the virtual machine, a set of policies, and an encryption key to the guest virtual machine; and providing the identifying certificate, the set of policies, and the encryption key to the guest virtual machine for use of the identifying certificate, the set of policies or the encryption key, in conjunction with the life cycle agent. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
Specification