Method and system for providing a virtual asset perimeter
First Claim
1. A computing system implemented method for providing a virtual perimeter for assets, comprising:
- maintaining, by a first instance of a virtual perimeter agent installed on a first virtual asset of a first plurality of assets, a data structure for identifying a first plurality of assets, wherein separate instances of the virtual perimeter agent reside on each virtual asset of the first plurality of assets, wherein the data structure includes identifiers for each asset of the first plurality of assets, wherein the first plurality of assets include virtual assets and computing systems configured to communicate over one or more networks, wherein the first plurality of assets is within a first virtual perimeter and a second plurality of assets is outside the first virtual perimeter but is inside a second virtual perimeter, at least one virtual asset of the second plurality of assets being assigned a first set of roles associated with the second virtual perimeter, wherein a given asset being assigned a role with respect to a given virtual perimeter enables the given asset to perform one or more virtual asset operations within the given virtual perimeter and restricts the given asset from performing other virtual asset operations within the given virtual perimeter;
providing services, by the first virtual asset to a second virtual asset of the first plurality of assets, at least partially based on the identifiers for the first plurality of assets and based on a first role assigned to the first virtual asset, wherein the first role is enforced on the first of the first plurality of assets by the first instance of the virtual perimeter agent;
qualifying, by the virtual perimeter agent of the first virtual asset by virtue of the first virtual asset being assigned a first virtual perimeter role enabling admissions operations, a third virtual asset of the second plurality of assets for admission into the first virtual perimeter by determining whether the third virtual asset satisfies criteria for admission into the first virtual perimeter, the qualification of the third virtual asset including;
requesting, by the virtual perimeter agent of the first virtual asset of the third virtual asset, communications history of the third virtual asset;
receiving, responsive to the request and from the third virtual asset at the first virtual asset, communications history data of the third virtual asset; and
analyzing, by the virtual perimeter agent of the first virtual asset, the communications history data and comparing the communications history data against admissions and exclusionary criteria to determine whether to qualify the third virtual asset;
admitting, by the virtual perimeter agent of the first virtual asset, the qualified third virtual asset into the first virtual perimeter by;
installing, by the virtual perimeter agent of the first virtual asset, an instance of the virtual perimeter agent on the admitted qualified third virtual asset;
adding, by the virtual perimeter agent of the first virtual asset, an identifier of the one of the second plurality of assets to the data structure; and
assigning, by the virtual perimeter agent of the first virtual asset, a second role to the one of the second plurality of assets to determine second access privileges of the one of the second plurality of assets within the virtual perimeter.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method provides a virtual perimeter by maintaining a data structure for identifying a first plurality of assets, according to one embodiment. The system and method provides services to a second of the first plurality of assets, at least partially based on identifiers for the first plurality of assets and at least partially based on a first role assigned to a first of the first plurality of assets, according to one embodiment. The system and method include admitting one of a second plurality of assets into the virtual perimeter if characteristics of the one of the second plurality of assets satisfy criteria for admission to the virtual perimeter, according to on embodiment.
-
Citations
30 Claims
-
1. A computing system implemented method for providing a virtual perimeter for assets, comprising:
-
maintaining, by a first instance of a virtual perimeter agent installed on a first virtual asset of a first plurality of assets, a data structure for identifying a first plurality of assets, wherein separate instances of the virtual perimeter agent reside on each virtual asset of the first plurality of assets, wherein the data structure includes identifiers for each asset of the first plurality of assets, wherein the first plurality of assets include virtual assets and computing systems configured to communicate over one or more networks, wherein the first plurality of assets is within a first virtual perimeter and a second plurality of assets is outside the first virtual perimeter but is inside a second virtual perimeter, at least one virtual asset of the second plurality of assets being assigned a first set of roles associated with the second virtual perimeter, wherein a given asset being assigned a role with respect to a given virtual perimeter enables the given asset to perform one or more virtual asset operations within the given virtual perimeter and restricts the given asset from performing other virtual asset operations within the given virtual perimeter; providing services, by the first virtual asset to a second virtual asset of the first plurality of assets, at least partially based on the identifiers for the first plurality of assets and based on a first role assigned to the first virtual asset, wherein the first role is enforced on the first of the first plurality of assets by the first instance of the virtual perimeter agent; qualifying, by the virtual perimeter agent of the first virtual asset by virtue of the first virtual asset being assigned a first virtual perimeter role enabling admissions operations, a third virtual asset of the second plurality of assets for admission into the first virtual perimeter by determining whether the third virtual asset satisfies criteria for admission into the first virtual perimeter, the qualification of the third virtual asset including; requesting, by the virtual perimeter agent of the first virtual asset of the third virtual asset, communications history of the third virtual asset; receiving, responsive to the request and from the third virtual asset at the first virtual asset, communications history data of the third virtual asset; and analyzing, by the virtual perimeter agent of the first virtual asset, the communications history data and comparing the communications history data against admissions and exclusionary criteria to determine whether to qualify the third virtual asset; admitting, by the virtual perimeter agent of the first virtual asset, the qualified third virtual asset into the first virtual perimeter by; installing, by the virtual perimeter agent of the first virtual asset, an instance of the virtual perimeter agent on the admitted qualified third virtual asset; adding, by the virtual perimeter agent of the first virtual asset, an identifier of the one of the second plurality of assets to the data structure; and assigning, by the virtual perimeter agent of the first virtual asset, a second role to the one of the second plurality of assets to determine second access privileges of the one of the second plurality of assets within the virtual perimeter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing system implemented method for maintaining a virtual perimeter of communicatively coupled assets, comprising:
-
receiving, at a virtual perimeter agent of a first virtual asset from a second virtual asset, a request for access to a first virtual perimeter, wherein the first asset is one of a first plurality of assets and the second asset is one of a second plurality of assets different from the first plurality of assets, wherein the first plurality of assets are included within the first virtual perimeter and the second plurality of assets are outside the virtual perimeter, wherein each of the first plurality of assets and each of the second plurality of assets include one or more of a server, a computing system, a virtual machine, and a mobile device, at least one virtual asset of the second plurality of assets being granted a first set of roles associated with a second virtual perimeter, wherein a given asset being assigned a role with respect to a given virtual perimeter enables the given asset to perform one or more virtual asset operations within the given virtual perimeter and restricts the given asset from performing other virtual asset operations within the given virtual perimeter; transmitting, by the virtual perimeter agent of the first virtual asset to the second virtual asset, a request for communications history data of the second virtual asset; receiving, from the second virtual asset by the first virtual asset, communications history data of the second asset; analyzing, by the virtual perimeter agent of the first virtual asset, the communications history data and comparing the communications history data against admissions and exclusionary criteria to determine whether to qualify the second virtual asset for access to the first virtual perimeter; qualifying, responsive to completing the analysis by the first virtual asset, by virtue of the first virtual asset being assigned a first virtual perimeter role enabling admissions operations, the second virtual asset; admitting, by the virtual perimeter agent of the first virtual asset, the second virtual asset-into the first virtual perimeter by installing, by the virtual perimeter agent of the first virtual asset, an instance of the virtual perimeter agent on the qualified second virtual asset; assigning, by the virtual perimeter agent of the first virtual asset, a role to the second virtual asset and determining second access privileges of the one of the second plurality of assets within the virtual perimeter based on the assigned role; and providing virtual perimeter admission information to the second asset to enable the second asset to share services and resources with the first plurality of assets within the first virtual perimeter. - View Dependent Claims (15)
-
-
16. A system for providing a virtual perimeter, the system comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which, when executed by any set of the at least one processors, perform a process for providing the virtual perimeter for assets, the process including; maintaining, by a first instance of a virtual perimeter agent installed on a first virtual asset of a first plurality of assets, a data structure for identifying a first plurality of assets, wherein separate instances of the virtual perimeter agent reside on each virtual asset of the first plurality of assets, wherein the data structure includes identifiers for each asset of the first plurality of assets, wherein the first plurality of assets include virtual assets and computing systems configured to communicate over one or more networks, wherein the first plurality of assets is within a first virtual perimeter and a second plurality of assets is outside the first virtual perimeter but is inside a second virtual perimeter, at least one virtual asset of the second plurality of assets being assigned a first set of roles associated with the second virtual perimeter, wherein a given asset being assigned a role with respect to a given virtual perimeter enables the given asset to perform one or more virtual asset operations within the given virtual perimeter and restricts the given asset from performing other virtual asset operations within the given virtual perimeter; providing services, by the first virtual asset to a second virtual asset of the first plurality of assets, at least partially based on the identifiers for the first plurality of assets and based on a first role assigned to the first virtual asset, wherein the first role is enforced on the first of the first plurality of assets by the first instance of the virtual perimeter agent; qualifying, by the first virtual asset by virtue of the first virtual asset being assigned a first virtual perimeter role enabling admissions operations, a third virtual asset of the second plurality of assets for admission into the first virtual perimeter by determining whether the third virtual asset satisfies criteria for admission into the first virtual perimeter, the qualification of the third virtual asset including; requesting, by the first virtual asset of the third virtual asset, communications history of the third virtual asset; receiving, responsive to the request and from the third virtual asset at the first virtual asset, communications history data of the third virtual asset; and analyzing, by the first virtual asset, the communications history data and comparing the communications history data against admissions and exclusionary criteria to determine whether to qualify the third virtual asset; admitting, by the first virtual asset, the qualified third virtual asset into the first virtual perimeter by; installing, by the virtual perimeter agent of the first virtual asset, an instance of the virtual perimeter agent on the admitted qualified third virtual asset; adding, by the virtual perimeter agent of the first virtual asset, an identifier of the one of the second plurality of assets to the data structure; and assigning, by the virtual perimeter agent of the first virtual asset, a second role to the one of the second plurality of assets to determine second access privileges of the one of the second plurality of assets within the virtual perimeter. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for maintaining a virtual perimeter of communicatively coupled assets, comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the at least one processors, perform a process for maintaining the virtual perimeter of the communicatively coupled assets, the process including; receiving, at a virtual perimeter agent of a first virtual asset from a second virtual asset, a request for access to a first virtual perimeter, wherein the first asset is one of a first plurality of assets and the second asset is one of a second plurality of assets different from the first plurality of assets, wherein the first plurality of assets are included within the first virtual perimeter and the second plurality of assets are outside the virtual perimeter, wherein each of the first plurality of assets and each of the second plurality of assets include one or more of a server, a computing system, a virtual machine, and a mobile device, at least one virtual asset of the second plurality of assets being granted a first set of roles associated with a second virtual perimeter, wherein a given asset being assigned a role with respect to a given virtual perimeter enables the given asset to perform one or more virtual asset operations within the given virtual perimeter and restricts the given asset from performing other virtual asset operations within the given virtual perimeter; transmitting, by the virtual perimeter agent of the first virtual asset to the second virtual asset, a request for communications history data of the second virtual asset; receiving, from the second virtual asset by the first virtual asset, communications history data of the second asset; analyzing, by the first virtual asset, the communications history data and comparing the communications history data against admissions and exclusionary criteria to determine whether to qualify the second virtual asset for access to the first virtual perimeter; qualifying, responsive to completing the analysis by the first virtual asset, by virtue of the first virtual asset being assigned a first virtual perimeter role enabling admissions operations, the second virtual asset; admitting, by the first virtual asset, the second virtual asset-into the first virtual perimeter by installing, by the virtual perimeter agent of the first virtual asset, an instance of the virtual perimeter agent on the qualified second virtual asset; assigning, by the virtual perimeter agent of the first virtual asset, a role to the second virtual asset and determining second access privileges of the one of the second plurality of assets within the virtual perimeter based on the assigned role; and providing virtual perimeter admission information to the second asset to enable the second asset to share services and resources with the first plurality of assets within the first virtual perimeter. - View Dependent Claims (30)
-
Specification