Secure access to a virtual machine

US 9,443,078 B2
Filed: 04/20/2010
Issued: 09/13/2016
Est. Priority Date: 04/20/2010
Status: Active Grant

First Claim

Patent Images

1. A management appliance, said management appliance comprising:

at least one processor; and

a memory communicatively coupled to said at least one processor, said memory comprising executable code stored thereon such that said at least one processor, upon executing said executable code;

dispenses an image corresponding to a virtual machine to a distributed computing system comprising a plurality of interconnected computing devices, such that at least one of said computing devices implements said virtual machine;

establishes a trusted relationship with said virtual machine implemented on said at least one of said computing devices;

provides a user with access to said virtual machine based on said trusted relationship without further authentication credentials from said user; and

filters a request for access to the virtual machine based on access privileges of the user,wherein the filtering comprises, in response to a determination that said user has access to said management appliance and not said virtual machine, restricting said user'"'"'s access to said virtual machine based on credentials provided by said user upon accessing said management appliance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management appliance includes at least one processor; and a memory communicatively coupled to the at least one processor. The memory comprising executable code stored thereon such that the at least one processor, upon executing the executable code, is configured to: dispense an image corresponding to a virtual machine to a distributed computing system comprising a plurality of interconnected computing devices, such that at least one of the computing devices implements the virtual machine; establish a trusted relationship with the virtual machine; and provide an authenticated user with access to the virtual machine without further authentication credentials from the user.

61 Citations

View as Search Results

19 Claims

1. A management appliance, said management appliance comprising:
- at least one processor; and
  
  a memory communicatively coupled to said at least one processor, said memory comprising executable code stored thereon such that said at least one processor, upon executing said executable code;
  
  dispenses an image corresponding to a virtual machine to a distributed computing system comprising a plurality of interconnected computing devices, such that at least one of said computing devices implements said virtual machine;
  
  establishes a trusted relationship with said virtual machine implemented on said at least one of said computing devices;
  
  provides a user with access to said virtual machine based on said trusted relationship without further authentication credentials from said user; and
  
  filters a request for access to the virtual machine based on access privileges of the user,wherein the filtering comprises, in response to a determination that said user has access to said management appliance and not said virtual machine, restricting said user'"'"'s access to said virtual machine based on credentials provided by said user upon accessing said management appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12)
- - 2. The management appliance of claim 1, wherein said at least one processor establishes said trusted relationship upon dispensing said image corresponding to said virtual machine.
  - 3. The management appliance of claim 1, wherein said at least one processor establishes said trusted relationship in response to said user attempting to access said virtual machine.
  - 4. The management appliance of claim 1, wherein said trusted relationship is set to expire after a predetermined amount of time.
  - 5. The management appliance of claim 1, wherein said at least one processor establishes said trusted relationship through public-key cryptography.
  - 6. The management appliance of claim 5, wherein said at least one processor:
    - associates a public key with said virtual machine image; and
      
      associates a private key with said management appliance.
  - 7. The management appliance of claim 6, wherein said at least one processor maintains said private key in a secured storage location.
  - 8. The management appliance of claim 1, wherein said at least one processor accesses said virtual machine through a protocol selected from the group consisting of:
    - a Secure Shell (SSH) protocol and a File Transfer Protocol (FTP).
  - 11. The management appliance of claim 1, wherein said at least one processor, upon executing said executable code assigns a different level of access to each of a plurality of users.
  - 12. The management appliance of claim 11, wherein the filtering comprises catching the request before the requests are processed through a transfer protocol.

9. A computer program product for providing secure access to a virtual machine on a distributed computing system comprising a plurality of interconnected physical computing systems, said computer program product comprising:
- a computer readable storage medium having computer readable code embodied therewith, said computer readable program code to, when executed by a processor;
  
  dispense a virtual machine image from a management appliance to said distributed computing system;
  
  establish a trusted relationship between said management appliance and said virtual machine image implemented on at least one of said computing devices;
  
  provide a user with access to said virtual machine image from said management appliance based on said trusted relationship without further authentication credentials from said user; and
  
  filter a request for access to the virtual machine based on the access privileges of the current user,wherein the filtering comprises, in response to a determination that said user has access to said management appliance and not said virtual machine, restricting said user'"'"'s access to said virtual machine based on credentials provided by said user upon accessing said management appliance.
- View Dependent Claims (10, 13, 14, 15, 16, 17, 18, 19)
- - 10. The computer program product of claim 9, wherein said trusted relationship is established with public-key cryptography, said computer readable program code further comprising:
    - computer readable program code configured to associate a public key with said virtual machine image; and
      
      computer readable program code configured to associate a private key with said management appliance.
  - 13. The computer program product of claim 9, wherein said computer readable program code, when executed by a processor, establishes said trusted relationship upon dispensing said virtual machine image corresponding to said virtual machine.
  - 14. The computer program product of claim 9, wherein said computer readable program code, when executed by a processor, establishes said trusted relationship in response to said user attempting to access said virtual machine.
  - 15. The computer program product of claim 9, wherein said trusted relationship is set to expire after a predetermined amount of time.
  - 16. The computer program product of claim 10, wherein said computer readable program code, when executed by a processor, maintains said private key in a secured storage location.
  - 17. The computer program product of claim 9, wherein said computer readable program code, when executed by a processor, accesses said virtual machine through a protocol selected from the group consisting of:
    - a Secure Shell (SSH) protocol and a File Transfer Protocol (FTP).
  - 18. The computer program product of claim 9, wherein said computer readable program code, when executed by a processor, assigns a different level of access to each of a plurality of users.
  - 19. The management appliance of claim 18, wherein the filtering comprises catching the request before the requests are processed through a transfer protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ashok, Rohith Kottamangalam, Jemiolo, Daniel Everett, Kaplinger, Todd Eric, Shook, Aaron Kyle
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US12/763,748
Publication Number

US 20110258441A1
Time in Patent Office

2,338 Days
Field of Search

713/168
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 21/53   by executing in a restricte...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/102   Entity profiles

Secure access to a virtual machine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Secure access to a virtual machine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others