System and method for virtual image security in a cloud environment
First Claim
1. A method to provide secure access in a virtual computing environment, the method executed by a processor comprising hardware, the processor configured to perform a plurality of operations, the operations comprising:
- assigning, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network;
receiving, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine;
receiving, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine;
determining, at the virtual access control machine, an action to take based on the status; and
sending, from the virtual access control machine, information to the guest virtual machine regarding the (i) status of the guest virtual machine in response to the request, or (ii) the action, or (iii) both (i) and (ii).
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods enabling secure virtual image access in a virtual or cloud computing environment. The systems and methods include assigning a status to indicator to guest virtual machines (virtual images) that provide applications and other services to cloud consumers in the cloud environment. A virtual appliance machine in the cloud environment maintains the status of the guest virtual machines and makes decisions based on the status as to whether to allow access to the guest virtual machines. These decisions are transmitted to local elements on the guest virtual machines, which enforce access control on a local level. In this manner, unauthorized virtual image access is prevented providing increased security and data integrity.
91 Citations
20 Claims
-
1. A method to provide secure access in a virtual computing environment, the method executed by a processor comprising hardware, the processor configured to perform a plurality of operations, the operations comprising:
-
assigning, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network; receiving, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine; receiving, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine; determining, at the virtual access control machine, an action to take based on the status; and sending, from the virtual access control machine, information to the guest virtual machine regarding the (i) status of the guest virtual machine in response to the request, or (ii) the action, or (iii) both (i) and (ii). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to provide secure access in a virtual computing environment, the system comprising:
a processor comprising hardware, the processor configured to; assign, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network, receive, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine, receive, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine, determine, at the virtual access control machine, an action to take based on the status, and send, from the virtual access control machine, information to the guest virtual machine regarding the (i) status of the guest virtual machine in response to the request, or (ii) the action, or (iii) both (i) and (ii). - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable medium including computer-executable instructions thereon, the computer-executable instructions, when executed, causing a processor to:
-
assign, by a virtual access control machine of a virtual computing environment, a status to a guest virtual machine supporting a service, wherein the guest virtual machine is accessible to a user through a network; receive, at the virtual access control machine, information from the guest virtual machine representative of an attempted use of the guest virtual machine; receive, at the virtual access control machine, a request, by the guest virtual machine, for the status of the guest virtual machine; determine, at the virtual access control machine, an action to take based on the status; and send, from the virtual access control machine, information to the guest virtual machine regarding the (i) status of the guest virtual machine in response to the request, or (ii) the action, or (iii) both (i) and (ii). - View Dependent Claims (18, 19, 20)
-
Specification