Virtual gateways for isolating virtual machines
First Claim
1. A method, comprising:
- receiving, by a virtual gateway separating a plurality of virtual machines into an enclave separate from a plurality of other enclaves, a message destined for a target virtual machine of the plurality of virtual machines in the enclave;
identifying, by the virtual gateway, a community-of-interest corresponding to the target virtual machine;
encrypting, by the virtual gateway, the message with a key assigned to the identified community-of-interest;
transmitting the encrypted message to the target virtual machine;
receiving, at the virtual gateway, a request for a dynamic license from the virtual machine; and
transmitting, by the virtual gateway, the request for a dynamic license to a license server.
9 Assignments
0 Petitions
Accused Products
Abstract
Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine'"'"'s COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices.
-
Citations
23 Claims
-
1. A method, comprising:
-
receiving, by a virtual gateway separating a plurality of virtual machines into an enclave separate from a plurality of other enclaves, a message destined for a target virtual machine of the plurality of virtual machines in the enclave; identifying, by the virtual gateway, a community-of-interest corresponding to the target virtual machine; encrypting, by the virtual gateway, the message with a key assigned to the identified community-of-interest; transmitting the encrypted message to the target virtual machine; receiving, at the virtual gateway, a request for a dynamic license from the virtual machine; and transmitting, by the virtual gateway, the request for a dynamic license to a license server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product, comprising:
a non-transitory computer readable medium comprising; code to receive, by a virtual gateway separating a plurality of virtual machines into an enclave separate from a plurality of other enclaves, a message destined for a target virtual machine of the plurality of virtual machines in the enclave; code to identify, by the virtual gateway, a community-of-interest corresponding to the target virtual machine; code to encrypt, by the virtual gateway, the message with a key assigned to the identified community-of-interest; code to transmit the encrypted message to the target virtual machine; code to receive, at the virtual gateway, a request for a dynamic license from the virtual machine; and code to transmit, by the virtual gateway, the request for a dynamic license to a license server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. An apparatus, comprising:
-
a memory; a network interface; and a processor coupled to the memory and to the network interface, in which the processor is configured; to receive, by a virtual gateway separating a plurality of virtual machines into an enclave separate from a plurality of other enclaves, a message destined for a target virtual machine of the plurality of virtual machines in the enclave; to identify, by the virtual gateway, a community-of-interest corresponding to the target virtual machine; to encrypt, by the virtual gateway, the message with a key assigned to the identified community-of-interest; to transmit the encrypted message to the target virtual machine through the network interface; to receive a request, by the virtual gateway, for a dynamic license from the virtual machine; and to transmit, by the virtual gateway, the request for a dynamic license to a license server. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification