Maintaining user identity associated with access to network resources using virtual machines

US 9,658,872 B1
Filed: 05/03/2012
Issued: 05/23/2017
Est. Priority Date: 05/03/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a server in a computer system from a user of the computer system, a request for access to a network resource in a legacy system, wherein the request includes a user identifier value that identifies the user, and wherein the legacy system is incapable of tracking the user identifier value;

upon receiving the request for access to the network resource in the legacy system from the user, determining, by the server of the computer system, whether at least one of a plurality of virtual machines that are uniquely associated with the user identifier value is running in a virtual machine environment of the computer system;

based on the at least one of the plurality of virtual machines not running in the virtual machine environment, instantiating, by the server of the computer system and in the virtual machine environment of the computer system, one or more virtual machines that are uniquely associated with the user identifier value and that are used only by the user, wherein the one or more virtual machines are configured to provide the user with access to the network resource in the legacy system;

processing, by the one or more virtual machines in the virtual machine environment of the computer system, the request for access to the network resource in the legacy system, wherein processing the request for access comprises performing one or more data requests to the network resource in the legacy system for the user without including the user identifier value in the one or more data requests;

storing, by the one or more virtual machines in the virtual machine environment of the computer system, a record of the one or more data requests to the network resource in the legacy system performed by the one or more virtual machines in a log file associated with the one or more virtual machines, wherein the log file stores the user identifier value that identifies the only user of the one or more virtual machines; and

identifying, by the server in the computer system and to an administrator of the computer system, the user associated with the one or more data requests to the network resource in the legacy system based on the user identifier value stored in the log file associated with the one or more virtual machines.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The identity of a user of a computerized system is maintained by operating a virtual machine used only by the user, such that logged actions made by the virtual machine can be associated with the user, wherein the user is not otherwise directly identified by the virtual machine. Information requests made from the virtual machine to a specific resource may be logged to enable tracking and auditing of resource access by the user. The virtual machine is managed by an access device to a data center for the enterprise system, a server, or other device within the data center.

15 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a server in a computer system from a user of the computer system, a request for access to a network resource in a legacy system, wherein the request includes a user identifier value that identifies the user, and wherein the legacy system is incapable of tracking the user identifier value;
  
  upon receiving the request for access to the network resource in the legacy system from the user, determining, by the server of the computer system, whether at least one of a plurality of virtual machines that are uniquely associated with the user identifier value is running in a virtual machine environment of the computer system;
  
  based on the at least one of the plurality of virtual machines not running in the virtual machine environment, instantiating, by the server of the computer system and in the virtual machine environment of the computer system, one or more virtual machines that are uniquely associated with the user identifier value and that are used only by the user, wherein the one or more virtual machines are configured to provide the user with access to the network resource in the legacy system;
  
  processing, by the one or more virtual machines in the virtual machine environment of the computer system, the request for access to the network resource in the legacy system, wherein processing the request for access comprises performing one or more data requests to the network resource in the legacy system for the user without including the user identifier value in the one or more data requests;
  
  storing, by the one or more virtual machines in the virtual machine environment of the computer system, a record of the one or more data requests to the network resource in the legacy system performed by the one or more virtual machines in a log file associated with the one or more virtual machines, wherein the log file stores the user identifier value that identifies the only user of the one or more virtual machines; and
  
  identifying, by the server in the computer system and to an administrator of the computer system, the user associated with the one or more data requests to the network resource in the legacy system based on the user identifier value stored in the log file associated with the one or more virtual machines.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein processing the request for access to the network resource comprises querying a database in the legacy system.
  - 3. The method of claim 1, further comprising monitoring the stored record of the one or more data requests to the network resource in the log associated with the one or more virtual machines to determine compliance by the user with a resource use policy.
  - 4. The method of claim 1, wherein the request for access to the network resource comprises a request for a shared resource in the legacy system, and wherein at least one of the one or more virtual machines comprises a shared resource virtual machine, wherein processing the request for access to the network resource comprises performing, by the shared resource virtual machine, additional data requests to the shared resource in the legacy system for the user without including the user identifier value in the additional data requests, and wherein storing the record of the one or more data requests to the network resource further comprises storing a record of the additional data requests to the shared resource in the legacy system performed by the shared resource virtual machine.
  - 5. The method of claim 1, further comprising:
    - identifying a first data element comprising already-changed data or potentially changed data;
      
      searching one or more logs of stored records of data requests to network resources in the legacy system for data requests to the first data element; and
      
      identifying one or more users associated with the data requests to the first data element based on the logs.
  - 6. The method of claim 5, further comprising notifying the one or more users associated with the data requests to the first data element of the already-changed data or the potentially changed data.
  - 7. The method of claim 1, wherein the user of the computer system comprises a single person, a group that includes one or more people, a project to which one or more people are assigned, or a location in which one or more people are located.

8. A computerized system, comprising:
- a server in a computer system comprising a processor and memory, the server configured to receive from a user of the computer system a request for access to a network resource in a legacy system, wherein the request includes a user identifier value that identifies the user, and wherein the legacy system is incapable of tracking the user identifier value, upon receiving the request for access to the network resource in the legacy system from the user, determine whether at least one of a plurality of virtual machines that are uniquely associated with the user identifier value is running in a virtual machine environment of the computer system, and based on the at least one of the plurality of virtual machines not running in the virtual machine environment, instantiate one or more virtual machines in the virtual machine environment of the computer system that are uniquely associated with the user identifier value and that are used only by the user; and
  
  the one or more virtual machines in the virtual machine environment of the computer system configured to process the request for access to the network resource in the legacy system, wherein the one or more virtual machines are configured to perform one or more data requests to the network resource in the legacy system for the user without including the user identifier value in the one or more data requests, and store a record of the one or more data requests to the network resource in the legacy system performed by the one or more virtual machines in a log file associated with the one or more virtual machines, wherein the log file stores the user identifier value that identifies the only user of the one or more virtual machines,the server in the computer system further configured to identify, to an administrator of the computer system, the user associated with the one or more data requests to the network resource in the legacy system based on the user identifier value stored in the log file associated with the one or more virtual machines.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computerized system of claim 8, wherein, to process the request for access to the network resource, the one or more virtual machines are further configured to query a database in the legacy system.
  - 10. The computerized system of claim 8, the computer system further configured to monitor the stored record of the one or more data requests to the network resource in the log associated with the one or more virtual machines to determine compliance by the user with a resource use policy.
  - 11. The computerized system of claim 8, wherein the request for access to the network resource comprises a request for a shared resource in the legacy system, and wherein at least one of the one or more virtual machines comprises a shared resource virtual machine, wherein, to process the request for access to the network resource, the shared resource virtual machine performs additional data requests to the shared resource in the legacy system for the user without including the user identifier value in the additional data requests, and wherein, to store the record of the one or more data requests to the network resource, the computer system stores a record of the additional data requests to the shared resource in the legacy system performed by the shared resource virtual machine.
  - 12. The computerized system of claim 8, the computer system further configured to identify a first data element comprising already-changed data or potentially changed data, search one or more logs of stored records of data requests to network resources in the legacy system for data requests to the first data element, and identify one or more users associated with the data requests to for the first data element based on the logs.
  - 13. The computerized system of claim 12, the computer system further configured to notify the one or more users associated with the data requests to the first data element of the already changed data or the potentially changed data.
  - 14. The computerized system of claim 8, wherein the user of the computer system comprises a single person, a group that includes one or more people, a project to which one or more people are assigned, or a location where one or more people are located.

15. A non-transitory machine-readable medium with instruction stored thereon, the instructions when executed cause a computerized system to:
- receive, by a server in a computer system from a user of the computer system, a request for access to a network resource in a legacy system, wherein the request includes a user identifier value that identifies the user, and wherein the legacy system is incapable of tracking the user identifier value;
  
  upon receiving the request for access to the network resource in the legacy system from the user, determine, by the server of the computer system, whether at least one of a plurality of virtual machines that are uniquely associated with the user identifier value is running in a virtual machine environment of the computer system;
  
  based on the at least one of the plurality of virtual machines not running in the virtual machine environment, instantiate, by the server in the computer system and in the virtual machine environment of the computer system, one or more virtual machines that are uniquely associated with the user identifier value and that are used only by the user, wherein the one or more virtual machines are configured to provide the user with access to the network resource in the legacy system;
  
  process, by the one or more virtual machines in the virtual machine environment of the computer system, the request for access to the network resource in the legacy system, wherein the instructions cause the computerized system to perform one or more data requests to the network resource in the legacy system for the user without including the user identifier value in the one or more data requests;
  
  store, by the one or more virtual machines in the virtual machine environment of the computer system, a record of the one or more data requests to the network resource in the legacy system performed by the one or more virtual machines in a log file associated with the one or more virtual machines, wherein the log file stores the user identifier value that identifies the only user of the one or more virtual machines; and
  
  identify, by the server in the computer system and to an administrator of the computer system, the user associated with the one or more data requests to the network resource in the legacy system based on the user identifier value stored in the log file associated with the one or more virtual machines.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The machine-readable medium of claim 15, wherein the instructions to process the request for access to the network resource further cause the computerized system to querying a database in the legacy system.
  - 17. The machine-readable medium of claim 15, the instructions when executed further cause the computerized system to monitor the stored record of the one or more data requests to the network resource in the log associated with the one or more virtual machines to determine compliance by the user with a resource use policy.
  - 18. The machine-readable medium of claim 15, wherein the request for access to the network resource comprises a request for a shared resource in the legacy system, and wherein at least one of the one or more virtual machines comprises a shared resource virtual machine, wherein the instructions to process the request for access to the network resource further cause the computerized system to perform, by the shared resource virtual machine, additional data requests to the shared resource in the legacy system for the user without including the user identifier value in the additional data requests, and wherein the instructions to store the record of the one or more data requests to the network resource further cause the computerized system to store a record of the additional data requests to the shared resource in the legacy system performed by the shared resource virtual machine.
  - 19. The machine-readable medium of claim 15, the instructions when executed further cause the computerized system to identify a first data element comprising already changed data or potentially changed data, search one or more logs of stored records of data requests to network resources in the legacy system for data requests to the first data element, and identify one or more users associated with the data requests to the first data element based on the logs.
  - 20. The machine-readable medium of claim 19, the instructions when executed further cause the computerized system to notify the one or more users associated with the data requests to the first data element of the already-changed data or the potentially changed data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Hanna, Stephen R.
Primary Examiner(s)
An, Meng
Assistant Examiner(s)
Teets, Bradley

Application Number

US13/463,489
Time in Patent Office

1,846 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3438   monitoring of user actions ...

G06F 2009/45562   Creating, deleting, cloning...

G06F 9/4451   User profiles; Roaming

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/50   Allocation of resources, e....

Maintaining user identity associated with access to network resources using virtual machines

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining user identity associated with access to network resources using virtual machines

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links