Real-time automated virtual private network (VPN) access management
First Claim
1. A method of managing virtual private network (VPN) access to a plurality of subnets containing respective hardware devices, the method comprising the steps of:
- receiving, by a processor, registration of a first user as authorized to access a first hardware device, the first hardware device currently residing on a first subnet and not a second subnet, and in response, granting the first user VPN access to the first subnet but not the second subnet;
receiving, by the processor, registration of a second user as authorized to access a second hardware device, the second hardware device currently residing on the second subnet and not the first subnet, and in response, granting the second user VPN access to the second subnet but not the first subnet; and
subsequently,detecting, by the processor, that the first hardware device resides on the second subnet and not the first subnet, and in response, the processor automatically granting the first user VPN access to the second subnet,wherein the first user is registered as authorized to access the first hardware device based on a first IP address or a first host name of the first hardware device, andwherein the second user is registered as authorized to access the second hardware device based on a second IP address or a second host name of the second hardware device.
4 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method for managing virtual private network (VPN) access to a network that is partitioned into a plurality of subnetworks (subnets). The method includes providing first information associated with hardware hosted on one or more subnets of the network; providing second information associated with users for VPN access, where the VPN access for each user is determined by a list of hardware each user has permission to access; detecting a hardware triggering event corresponding to a modification of the first information; and responsive to the detection of the hardware triggering event, automatically updating the second information based on the modification of the first information.
-
Citations
12 Claims
-
1. A method of managing virtual private network (VPN) access to a plurality of subnets containing respective hardware devices, the method comprising the steps of:
-
receiving, by a processor, registration of a first user as authorized to access a first hardware device, the first hardware device currently residing on a first subnet and not a second subnet, and in response, granting the first user VPN access to the first subnet but not the second subnet; receiving, by the processor, registration of a second user as authorized to access a second hardware device, the second hardware device currently residing on the second subnet and not the first subnet, and in response, granting the second user VPN access to the second subnet but not the first subnet; and
subsequently,detecting, by the processor, that the first hardware device resides on the second subnet and not the first subnet, and in response, the processor automatically granting the first user VPN access to the second subnet, wherein the first user is registered as authorized to access the first hardware device based on a first IP address or a first host name of the first hardware device, and wherein the second user is registered as authorized to access the second hardware device based on a second IP address or a second host name of the second hardware device. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product for managing virtual private network (VPN) access to a plurality of subnets containing respective hardware devices, the computer program product comprising:
-
one or more computer-readable storage devices, and program instructions stored on the one or more storage devices, the program instructions comprising; program instructions to receive registration of a first user as authorized to access a first hardware device, the first hardware device currently residing on a first subnet and not a second subnet, and in response, grant the first user VPN access to the first subnet but not the second subnet; program instructions to receive registration of a second user as authorized to access a second hardware device, the second hardware device currently residing on the second subnet and not the first subnet, and in response, grant the second user VPN access to the second subnet but not the first subnet; and program instructions to detect that the first hardware device subsequently resides on the second subnet and not the first subnet, and in response, automatically grant the first user VPN access to the second subnet, wherein the first user is registered as authorized to access the first hardware device based on a first IP address or a first host name of the first hardware device, and wherein the second user is registered as authorized to access the second hardware device based on a second IP address or a second host name of the second hardware device. - View Dependent Claims (6, 7, 8)
-
-
9. A computer system product for managing virtual private network (VPN) access to a plurality of subnets containing respective hardware devices, the computer system comprising:
-
one or more processors, one or more computer-readable memories and one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories, the program instructions comprising; program instructions to receive registration of a first user as authorized to access a first hardware device, the first hardware device currently residing on a first subnet of a private network and not a second subnet of the private network, and in response, grant the first user VPN access to the first subnet but not the second subnet; program instructions to receive registration of a second user as authorized to access a second hardware device, the second hardware device currently residing on the second subnet and not the first subnet, and in response, grant the second user VPN access to the second subnet but not the first subnet; and program instructions to detect that the first hardware device subsequently resides on the second subnet and not the first subnet, and in response, automatically grant the first user VPN access to the second subnet, wherein the first user is registered as authorized to access the first hardware device based on a first IP address or a first host name of the first hardware device, and wherein the second user is registered as authorized to access the second hardware device based on a second IP address or a second host name of the second hardware device. - View Dependent Claims (10, 11, 12)
-
Specification