Secure data access in cloud computing environments

US 10,609,143 B1
Filed: 09/19/2016
Issued: 03/31/2020
Est. Priority Date: 09/19/2016
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

cloud infrastructure comprising at least a first cloud; and

a storage system separate from the first cloud and providing persistent storage for one or more applications and associated data;

the first cloud comprising a virtual machine image having installed therein an application launcher for at least one of the applications of the storage system;

wherein responsive to a request to execute the at least one application in the first cloud, the first cloud configures a virtual machine instance based on the virtual machine image to execute the application launcher;

wherein in conjunction with the execution of the application launcher in the virtual machine instance, the at least one application is loaded from the storage system into the virtual machine instance for execution;

wherein in conjunction with the execution of the at least one application in the virtual machine instance, a clustered data proxy associated with the at least one application communicates with the storage system to transfer portions of the data required for execution of the at least one application into non-persistent storage of the virtual machine instance;

wherein the clustered data proxy interacts with a data cache of the storage system to transfer the portions of the data required for execution of the at least one application into the non-persistent storage of the virtual machine instance and to transfer corresponding modified data back from the non-persistent storage of the virtual machine instance to the storage system;

wherein the clustered data proxy and the at least one application run in a same virtual machine instance of the first cloud;

wherein the first cloud is one of a plurality of clouds of the cloud infrastructure; and

wherein the clustered data proxy is configured to communicate with one or more additional clustered data proxies across the plurality of clouds, the one or more additional clustered data proxies corresponding to one or more additional ones of the applications of the storage system running on one or more additional ones of the plurality of clouds;

the cloud infrastructure being implemented on at least one processing platform comprising one or more processing devices each having at least one processor coupled to a memory.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus in one embodiment comprises cloud infrastructure having at least a first cloud. The apparatus further comprises a storage system separate from the first cloud and providing persistent storage for an application and associated data. The first cloud comprises a virtual machine image having installed therein an application launcher for the application of the storage system. Responsive to a request to execute the application, the first cloud configures a virtual machine instance based on the virtual machine image to execute the application launcher. In conjunction with the execution of the application launcher, the application is loaded from the storage system into the virtual machine instance for execution. In conjunction with the execution of the application, a data proxy associated with the application communicates with the storage system to transfer portions of the data required for execution of the application into non-persistent storage of the virtual machine instance.

10 Citations

View as Search Results

20 Claims

1. An apparatus comprising:
- cloud infrastructure comprising at least a first cloud; and
  
  a storage system separate from the first cloud and providing persistent storage for one or more applications and associated data;
  
  the first cloud comprising a virtual machine image having installed therein an application launcher for at least one of the applications of the storage system;
  
  wherein responsive to a request to execute the at least one application in the first cloud, the first cloud configures a virtual machine instance based on the virtual machine image to execute the application launcher;
  
  wherein in conjunction with the execution of the application launcher in the virtual machine instance, the at least one application is loaded from the storage system into the virtual machine instance for execution;
  
  wherein in conjunction with the execution of the at least one application in the virtual machine instance, a clustered data proxy associated with the at least one application communicates with the storage system to transfer portions of the data required for execution of the at least one application into non-persistent storage of the virtual machine instance;
  
  wherein the clustered data proxy interacts with a data cache of the storage system to transfer the portions of the data required for execution of the at least one application into the non-persistent storage of the virtual machine instance and to transfer corresponding modified data back from the non-persistent storage of the virtual machine instance to the storage system;
  
  wherein the clustered data proxy and the at least one application run in a same virtual machine instance of the first cloud;
  
  wherein the first cloud is one of a plurality of clouds of the cloud infrastructure; and
  
  wherein the clustered data proxy is configured to communicate with one or more additional clustered data proxies across the plurality of clouds, the one or more additional clustered data proxies corresponding to one or more additional ones of the applications of the storage system running on one or more additional ones of the plurality of clouds;
  
  the cloud infrastructure being implemented on at least one processing platform comprising one or more processing devices each having at least one processor coupled to a memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19)
- - 2. The apparatus of claim 1 wherein the storage system comprises an enterprise storage system implemented outside of the cloud infrastructure and the first cloud comprises a public cloud accessible to the enterprise storage system over at least one network.
  - 3. The apparatus of claim 1 wherein the storage system is part of a second cloud of the cloud infrastructure.
  - 4. The apparatus of claim 1 wherein the non-persistent storage of the virtual machine instance comprises virtual random access memory of the virtual machine instance.
  - 5. The apparatus of claim 1 wherein the at least one application executes in the virtual machine instance without any of its associated data being stored in persistent storage of the first cloud.
  - 6. The apparatus of claim 1 wherein the clustered data proxy is loaded from the storage system into the virtual machine instance as part of the at least one application.
  - 7. The apparatus of claim 1 wherein the virtual machine instance is automatically shut down responsive to completion of the execution of the at least one application.
  - 8. The apparatus of claim 1 wherein the application launcher is preinstalled as a pre-boot environment in a separate disk partition added to a virtual disk of the virtual machine image.
  - 9. The apparatus of claim 1 wherein the application launcher is installed in respective virtual machine images of respective ones of the plurality of clouds and wherein the application launcher when executed in respective virtual machine instances that are configured in the respective clouds based on the respective virtual machine images causes at least one of the applications of the storage system and a corresponding data proxy to be loaded into each of the virtual machine instances.
  - 10. The apparatus of claim 9 wherein the first cloud generates multiple virtual machine instances based on the virtual machine image in which application launchers are installed and further wherein each of the multiple virtual machine instances in the first cloud executes one or more applications that communicate with a corresponding storage system via a separate clustered data proxy.
  - 11. The apparatus of claim 9 wherein each of the clouds has a set of clustered data proxies that communicate with respective corresponding clustered data proxies in sets of clustered data proxies in respective other ones of the clouds and wherein a particular one of the clustered data proxies in the set of clustered data proxies in a given one of the clouds is the only one of the clustered data proxies of that set that can access data persistently stored in a local storage system of that cloud.
  - 12. The apparatus of claim 9 wherein the clouds have respective local storage systems and no data of any one of the clouds is persistently stored in a local storage system of any other one of the clouds and wherein one or more applications from a given one of the clouds executing in other ones of the clouds access the corresponding local storage system of the given cloud only via one or more clustered data proxies of that cloud.
  - 19. The apparatus of claim 1 wherein an additional application launcher is installed in the first cloud for one or more applications of an additional storage system, and wherein responsive to a request to execute at least one of the applications of the additional storage system in the first cloud, the first cloud configures an additional virtual machine instance based on the virtual machine image to execute at least one of the applications of the additional storage system.

13. A method comprising:
- providing cloud infrastructure comprising at least a first cloud;
  
  configuring the first cloud for communication with a storage system that is separate from the first cloud and provides persistent storage for one or more applications and associated data;
  
  installing an application launcher in a virtual machine image of the first cloud;
  
  responsive to a request to execute at least one of the applications in the first cloud, configuring in the first cloud a virtual machine instance based on the virtual machine image to execute the application launcher;
  
  in conjunction with the execution of the application launcher in the virtual machine instance, loading the at least one application from the storage system into the virtual machine instance for execution; and
  
  in conjunction with the execution of the application in the virtual machine instance, transferring portions of the data required for execution of the at least one application into non-persistent storage of the virtual machine instance;
  
  wherein a clustered data proxy associated with the at least one application interacts with a data cache of the storage system to transfer the portions of the data required for execution of the at least one application into the non-persistent storage of the virtual machine instance and to transfer corresponding modified data back from the non-persistent storage of the virtual machine instance to the storage system;
  
  wherein the clustered data proxy and the at least one application run in a same virtual machine instance of the first cloud;
  
  wherein the first cloud is one of a plurality of clouds of the cloud infrastructure; and
  
  wherein the clustered data proxy is configured to communicate with one or more additional clustered data proxies across the plurality of clouds, the one or more additional clustered data proxies corresponding to one or more additional ones of the applications of the storage system running on one or more additional ones of the plurality of clouds;
  
  the cloud infrastructure being implemented on at least one processing platform comprising one or more processing devices each having at least one processor coupled to a memory.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 wherein the at least one application executes in the virtual machine instance without any of its associated data being stored in persistent storage of the first cloud.
  - 15. The method of claim 13 wherein the application launcher is installed in respective virtual machine images of respective ones of the plurality of clouds, and further wherein the application launcher when executed in respective virtual machine instances that are configured in the respective clouds based on the respective virtual machine images causes at least one of the applications to be loaded into the respective virtual machine instances for execution.

16. A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device of a processing platform causes the processing platform:
- to configure a first cloud of cloud infrastructure for communication with a storage system that is separate from the first cloud and provides persistent storage for one or more applications and associated data;
  
  to install an application launcher in a virtual machine image of the first cloud;
  
  responsive to a request to execute at least one of the applications in the first cloud, to configure in the first cloud a virtual machine instance based on the virtual machine image to execute the application launcher;
  
  in conjunction with the execution of the application launcher in the virtual machine instance, to load the at least one application from the storage system into the virtual machine instance for execution; and
  
  in conjunction with the execution of the at least one application in the virtual machine instance, to transfer portions of the data required for execution of the at least one application into non-persistent storage of the virtual machine instance;
  
  wherein a clustered data proxy associated with the at least one application interacts with a data cache of the storage system to transfer the portions of the data required for execution of the at least one application into the non-persistent storage of the virtual machine instance and to transfer corresponding modified data back from the non-persistent storage of the virtual machine instance to the storage system;
  
  wherein the clustered data proxy and the at least one application run in a same virtual machine instance of the first cloud;
  
  wherein the first cloud is one of a plurality of clouds of the cloud infrastructure; and
  
  wherein the clustered data proxy is configured to communicate with one or more additional clustered data proxies across the plurality of clouds, the one or more additional clustered data proxies corresponding to one or more additional ones of the applications of the storage system running on one or more additional ones of the plurality of clouds.
- View Dependent Claims (17, 18, 20)
- - 17. The computer program product of claim 16 wherein the at least one application executes in the virtual machine instance without any of its associated data being stored in persistent storage of the first cloud.
  - 18. The computer program product of claim 16 wherein the application launcher is installed in respective virtual machine images of respective ones of the plurality of clouds, and further wherein the application launcher when executed in respective virtual machine instances that are configured in the respective clouds based on the respective virtual machine images causes at least one of the applications to be loaded into the respective virtual machine instances for execution.
  - 20. The computer program product of claim 16 wherein an additional application launcher is installed in the first cloud for one or more applications of an additional storage system, and wherein responsive to a request to execute at least one of the applications of the additional storage system in the first cloud, the first cloud configures an additional virtual machine instance based on the virtual machine image to execute at least one of the applications of the additional storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Nossik, Misha, Du, Lejin
Primary Examiner(s)
Wasel, Mohamed A.
Assistant Examiner(s)
Hackenberg, Rachel J

Application Number

US15/268,788
Time in Patent Office

1,289 Days
Field of Search
US Class Current
CPC Class Codes

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04L 67/2866   Architectures; Arrangements

H04L 67/568   Storing data temporarily at...

Secure data access in cloud computing environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data access in cloud computing environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links