Cross provider security management functionality within a cloud service brokerage platform

US 9,832,205 B2
Filed: 03/02/2015
Issued: 11/28/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a cloud service brokerage (CSB) platform, comprising:

enabling a user to create a plurality of virtual data centers (VDCs) each including one or more resource groups, wherein the one or more resource groups of each one of the VDCs comprise cloud resources procured from a respective one of a plurality of different cloud service providing entities, wherein enabling the user to create the VDCs includes the CSB platform instantiating an instance of an application programming interface (API) configured for provisioning cloud resources of a first one of the VDCs, wherein at least a portion of the cloud resources of the first one of the VDCs are procured from a first one of the different cloud service providing entities using a security credential issued by the first one of the different cloud service providing entities, wherein the CSB platform includes a cloud service bus through which the API is instantiated to provide an interface through which information required for said cloud resource provisioning is communicated between the CSB platform and said cloud service providing entities using a message-based architecture that allows asynchronous and parallel execution of provisioning tasks across cloud services and cloud service providers and wherein the cloud service bus comprises an inbuilt data driven engine that supports multiple workflow definitions and process definitions for at least one of cloud services, cloud service providers and cloud service types;

receiving a request from the user to associate the security credential with a second one of the VDCs within which cloud resources procured from a second one of the different cloud service providing entities are provisioned;

after receiving the request to associate the security credential with the second one of the VDCs, an instance of the API instantiated by the CSB platform providing the security credential to the second one of the different cloud service providing entities for enabling the security credential to be used by the second one of the different cloud service providing entities at the command of the CSB platform to implement provisioning of the cloud resources procured therefrom via the interface provided by the cloud service bus.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementation of cross provider security in accordance with the disclosures made herein enables users of a system (e.g., a cloud services brokerage platform) in a cloud environment provides for system-managed provisioning and management of keys to cloud resources thereby allowing the user to manage data security and enable secured access to their cloud resources. To this end, cross provider security management functionality in accordance with the disclosures made herein can include provisioning system-generated keys across different regions in a provider, provisioning cloud brokerage system-generated keys across different providers; and associating (i.e., managing) the keys from the system to a hardware security module. The keys can be managed by/though a variety of different resources (e.g., brokering system, VDC, user group concepts, etc).

Citations

13 Claims

1. A method implemented by a cloud service brokerage (CSB) platform, comprising:
- enabling a user to create a plurality of virtual data centers (VDCs) each including one or more resource groups, wherein the one or more resource groups of each one of the VDCs comprise cloud resources procured from a respective one of a plurality of different cloud service providing entities, wherein enabling the user to create the VDCs includes the CSB platform instantiating an instance of an application programming interface (API) configured for provisioning cloud resources of a first one of the VDCs, wherein at least a portion of the cloud resources of the first one of the VDCs are procured from a first one of the different cloud service providing entities using a security credential issued by the first one of the different cloud service providing entities, wherein the CSB platform includes a cloud service bus through which the API is instantiated to provide an interface through which information required for said cloud resource provisioning is communicated between the CSB platform and said cloud service providing entities using a message-based architecture that allows asynchronous and parallel execution of provisioning tasks across cloud services and cloud service providers and wherein the cloud service bus comprises an inbuilt data driven engine that supports multiple workflow definitions and process definitions for at least one of cloud services, cloud service providers and cloud service types;
  
  receiving a request from the user to associate the security credential with a second one of the VDCs within which cloud resources procured from a second one of the different cloud service providing entities are provisioned;
  
  after receiving the request to associate the security credential with the second one of the VDCs, an instance of the API instantiated by the CSB platform providing the security credential to the second one of the different cloud service providing entities for enabling the security credential to be used by the second one of the different cloud service providing entities at the command of the CSB platform to implement provisioning of the cloud resources procured therefrom via the interface provided by the cloud service bus.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the security credential is a secure shell public key.
  - 3. The method of claim 1 wherein:
    - a first one of the different cloud service providing entities is a first cloud service provider;
      
      a second one of the different cloud service providing entities is a second cloud service provider; and
      
      instantiating the instance of the API is performed by the cloud service brokerage platform during one of procurement of the cloud resources from the first cloud service provider and provisioning of the cloud resources procured from the first cloud service provider.
  - 4. The method of claim 1 wherein a first one of the different cloud service providing entities is a first region of a cloud service provider and a second one of the different cloud service providing entities is a second region of the cloud service provider.
  - 5. The method of claim 1 wherein associating the security credential with each one of the VDCs includes one of:
    - causing a system-generated security credential to be generated; and
      
      causing a user-defined security credential to be imported.
  - 6. The method of claim 1, further comprising:
    - in response to a command by the user, displaying information showing each cloud resource having the security credential associated therewith.

7. A non-transitory computer-readable storage medium having tangibly embodied thereon and accessible therefrom instructions interpretable by at least one data processing device of a cloud service brokering (CSB) platform, the instructions are configured for causing the at least one data processing device to perform a method enabling brokering of cloud services by the CSB platform, the method comprising:
- instantiating an instance of an application programming interface (API) configured for provisioning cloud resources procured from a first one of a plurality of cloud service providing entities;
  
  instantiating, within the CSB platform, a cloud service bus through which the API is instantiated to provide an interface through which information required for said cloud resource provisioning is communicated between the CSB platform and said cloud service providing entities using a message-based architecture that allows asynchronous and parallel execution of provisioning tasks across cloud services and cloud service providers and wherein the cloud service bus comprises an inbuilt data driven engine that supports multiple workflow definitions and process definitions for at least one of cloud services, cloud service providers and cloud service types;
  
  communicating, between the CSB platform and the first one of the cloud service providing entities via the interface of the cloud service bus during creation of a first virtual data center, information required for provisioning said cloud resources of a first virtual data center (VDC) that are procured from the first one of the cloud service providing entities, wherein said information required for provisioning said cloud resources includes a security credential issued by the first one of the cloud service providing entities for enabling provisioning of said cloud resources of the first VDC; and
  
  enabling creation of a second VDC comprising cloud resources procured from a second one of the cloud service providing entities different than the first one of the cloud service providing entities and having access privileged granted thereto through use of the security credential issued by the first one of the cloud service providing entities, wherein enabling creation of the second VDC includes causing an instance of the API to provide the security credential to the second one of the cloud service providing entities via the interface of the cloud service bus for enabling the security credential to be used by the second cloud service providing entity for provisioning of the cloud resources procured from the second one of the cloud service providing entities and wherein said provisioning of the cloud resources procured from the second one of the cloud service providing entities is performed via the interface provided by the cloud service bus.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The non-transitory computer-readable storage medium of claim 7 wherein enabling the user to create the second VDC having access privileged granted thereto through use of the security credential includes providing the security credential to the second cloud service providing entity in conjunction with creating the first VDC.
  - 9. The non-transitory computer-readable storage medium of claim 7 wherein the security credential is a secure shell public key.
  - 10. The non-transitory computer-readable storage medium of claim 7 wherein:
    - the first one of the cloud service providing entities is a first cloud service provider;
      
      the second one of the cloud service providing entities is a second cloud service provider; and
      
      instantiating the instance of the API is performed by the cloud service brokerage platform during one of procurement of the cloud resources from the first cloud service provider and provisioning of the cloud resources procured from the first cloud service provider.
  - 11. The non-transitory computer-readable storage medium of claim 7 wherein the first one of the cloud service providing entities is a first region of a cloud service provider and the second one of the cloud service providing entities is a second region of the cloud service provider.
  - 12. The non-transitory computer-readable storage medium of claim 7 wherein the method enabling brokering of cloud services further comprises:
    - providing the security credential for enabling assignment thereof, wherein providing the security credential includes one of causing a system-generated security credential to be generated and causing a user-defined security credential to be imported.
  - 13. The non-transitory computer-readable storage medium of claim 7 wherein the method enabling brokering of cloud services further comprises:
    - in response to a command by the user, displaying information showing each cloud resource having the security credential associated therewith.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Santhi, Fenil Raj Kumar, Grandhe, Kishor, Narasimhan, Balaji, Dave, Kedar, Modh, Manish Mahesh
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Khan, Hassan

Application Number

US14/635,778
Publication Number

US 20150188927A1
Time in Patent Office

1,002 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 8/60   Software deployment

G06Q 10/0631   Resource planning, allocati...

H04L 41/145   involving simulating, desig...

H04L 41/5054   Automatic deployment of ser...

H04L 43/062   related to network traffic

H04L 47/78   Architectures of resource a...

H04L 63/104   Grouping of entities

H04L 67/1001   for accessing one among a p...

Cross provider security management functionality within a cloud service brokerage platform

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Cross provider security management functionality within a cloud service brokerage platform

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links