Cross provider security management functionality within a cloud service brokerage platform
First Claim
1. A method implemented by a cloud service brokerage (CSB) platform, comprising:
- enabling a user to create a plurality of virtual data centers (VDCs) each including one or more resource groups, wherein the one or more resource groups of each one of the VDCs comprise cloud resources procured from a respective one of a plurality of different cloud service providing entities, wherein enabling the user to create the VDCs includes the CSB platform instantiating an instance of an application programming interface (API) configured for provisioning cloud resources of a first one of the VDCs, wherein at least a portion of the cloud resources of the first one of the VDCs are procured from a first one of the different cloud service providing entities using a security credential issued by the first one of the different cloud service providing entities, wherein the CSB platform includes a cloud service bus through which the API is instantiated to provide an interface through which information required for said cloud resource provisioning is communicated between the CSB platform and said cloud service providing entities using a message-based architecture that allows asynchronous and parallel execution of provisioning tasks across cloud services and cloud service providers and wherein the cloud service bus comprises an inbuilt data driven engine that supports multiple workflow definitions and process definitions for at least one of cloud services, cloud service providers and cloud service types;
receiving a request from the user to associate the security credential with a second one of the VDCs within which cloud resources procured from a second one of the different cloud service providing entities are provisioned;
after receiving the request to associate the security credential with the second one of the VDCs, an instance of the API instantiated by the CSB platform providing the security credential to the second one of the different cloud service providing entities for enabling the security credential to be used by the second one of the different cloud service providing entities at the command of the CSB platform to implement provisioning of the cloud resources procured therefrom via the interface provided by the cloud service bus.
3 Assignments
0 Petitions
Accused Products
Abstract
Implementation of cross provider security in accordance with the disclosures made herein enables users of a system (e.g., a cloud services brokerage platform) in a cloud environment provides for system-managed provisioning and management of keys to cloud resources thereby allowing the user to manage data security and enable secured access to their cloud resources. To this end, cross provider security management functionality in accordance with the disclosures made herein can include provisioning system-generated keys across different regions in a provider, provisioning cloud brokerage system-generated keys across different providers; and associating (i.e., managing) the keys from the system to a hardware security module. The keys can be managed by/though a variety of different resources (e.g., brokering system, VDC, user group concepts, etc).
-
Citations
13 Claims
-
1. A method implemented by a cloud service brokerage (CSB) platform, comprising:
-
enabling a user to create a plurality of virtual data centers (VDCs) each including one or more resource groups, wherein the one or more resource groups of each one of the VDCs comprise cloud resources procured from a respective one of a plurality of different cloud service providing entities, wherein enabling the user to create the VDCs includes the CSB platform instantiating an instance of an application programming interface (API) configured for provisioning cloud resources of a first one of the VDCs, wherein at least a portion of the cloud resources of the first one of the VDCs are procured from a first one of the different cloud service providing entities using a security credential issued by the first one of the different cloud service providing entities, wherein the CSB platform includes a cloud service bus through which the API is instantiated to provide an interface through which information required for said cloud resource provisioning is communicated between the CSB platform and said cloud service providing entities using a message-based architecture that allows asynchronous and parallel execution of provisioning tasks across cloud services and cloud service providers and wherein the cloud service bus comprises an inbuilt data driven engine that supports multiple workflow definitions and process definitions for at least one of cloud services, cloud service providers and cloud service types; receiving a request from the user to associate the security credential with a second one of the VDCs within which cloud resources procured from a second one of the different cloud service providing entities are provisioned; after receiving the request to associate the security credential with the second one of the VDCs, an instance of the API instantiated by the CSB platform providing the security credential to the second one of the different cloud service providing entities for enabling the security credential to be used by the second one of the different cloud service providing entities at the command of the CSB platform to implement provisioning of the cloud resources procured therefrom via the interface provided by the cloud service bus. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium having tangibly embodied thereon and accessible therefrom instructions interpretable by at least one data processing device of a cloud service brokering (CSB) platform, the instructions are configured for causing the at least one data processing device to perform a method enabling brokering of cloud services by the CSB platform, the method comprising:
-
instantiating an instance of an application programming interface (API) configured for provisioning cloud resources procured from a first one of a plurality of cloud service providing entities; instantiating, within the CSB platform, a cloud service bus through which the API is instantiated to provide an interface through which information required for said cloud resource provisioning is communicated between the CSB platform and said cloud service providing entities using a message-based architecture that allows asynchronous and parallel execution of provisioning tasks across cloud services and cloud service providers and wherein the cloud service bus comprises an inbuilt data driven engine that supports multiple workflow definitions and process definitions for at least one of cloud services, cloud service providers and cloud service types; communicating, between the CSB platform and the first one of the cloud service providing entities via the interface of the cloud service bus during creation of a first virtual data center, information required for provisioning said cloud resources of a first virtual data center (VDC) that are procured from the first one of the cloud service providing entities, wherein said information required for provisioning said cloud resources includes a security credential issued by the first one of the cloud service providing entities for enabling provisioning of said cloud resources of the first VDC; and enabling creation of a second VDC comprising cloud resources procured from a second one of the cloud service providing entities different than the first one of the cloud service providing entities and having access privileged granted thereto through use of the security credential issued by the first one of the cloud service providing entities, wherein enabling creation of the second VDC includes causing an instance of the API to provide the security credential to the second one of the cloud service providing entities via the interface of the cloud service bus for enabling the security credential to be used by the second cloud service providing entity for provisioning of the cloud resources procured from the second one of the cloud service providing entities and wherein said provisioning of the cloud resources procured from the second one of the cloud service providing entities is performed via the interface provided by the cloud service bus. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification