Securing A Virtual Environment And Virtual Machines
First Claim
1. A computer implemented method for securing a virtual environment and virtual machines in said virtual environment, comprising:
- providing a credential authority server for managing environment credentials of said virtual environment;
associating a virtual machine shim with each of said virtual machines and associating one or more hypervisor shims with one or more hypervisors, wherein each of said one or more hypervisors is configured to host and monitor one or more of said virtual machines in said virtual environment;
providing, on request, environment credentials to each of said virtual machines and said one or more hypervisors by said credential authority server on authorization of said each of said virtual machines and said one or more hypervisors by said credential authority server;
communicating said environment credentials provided to said each of said virtual machines, by each said virtual machine shim to said one or more hypervisor shims; and
validating said each of said virtual machines associated with each said virtual machine shim by said one or more hypervisors associated with said one or more hypervisor shims based on said communicated environment credentials to allow instantiation of said each of said virtual machines in said virtual environment.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer implemented method and system for securing a virtual environment and virtual machines in the virtual environment is provided. A credential authority server is provided for managing environment credentials of the virtual environment. A virtual machine shim is associated with each of the virtual machines, and one or more hypervisor shims are associated with one or more hypervisors. The credential authority server provides, on request, environment credentials to each of the virtual machines and the hypervisors on authorization of each of the virtual machines and the hypervisors. Each virtual machine shim associated with each of the virtual machines communicates the provided environment credentials to the hypervisor shims for validation. The hypervisors associated with the hypervisor shims validate each of the virtual machines associated with each virtual machine shim based on the communicated environment credentials to allow instantiation of each of the virtual machines in the virtual environment.
127 Citations
32 Claims
-
1. A computer implemented method for securing a virtual environment and virtual machines in said virtual environment, comprising:
-
providing a credential authority server for managing environment credentials of said virtual environment; associating a virtual machine shim with each of said virtual machines and associating one or more hypervisor shims with one or more hypervisors, wherein each of said one or more hypervisors is configured to host and monitor one or more of said virtual machines in said virtual environment; providing, on request, environment credentials to each of said virtual machines and said one or more hypervisors by said credential authority server on authorization of said each of said virtual machines and said one or more hypervisors by said credential authority server; communicating said environment credentials provided to said each of said virtual machines, by each said virtual machine shim to said one or more hypervisor shims; and validating said each of said virtual machines associated with each said virtual machine shim by said one or more hypervisors associated with said one or more hypervisor shims based on said communicated environment credentials to allow instantiation of said each of said virtual machines in said virtual environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer implemented system for securing a virtual environment and virtual machines in said virtual environment, comprising:
-
a credential authority server that manages environment credentials of said virtual environment, said credential authority server comprising a secure communication server module that receives and responds to requests for said environment credentials from said virtual machines and one or more hypervisors on authorization of each of said virtual machines and said one or more hypervisors, over secured network connections; a virtual machine shim associated with each of said virtual machines, each of said virtual machines comprising a secure communication client that transmits said requests for said environment credentials to said credential authority server and communicates said environment credentials to one or more hypervisor shims associated with said one or more hypervisors via said virtual machine shim for validation; and said one or more hypervisor shims associated with said one or more hypervisors, wherein each of said one or more hypervisors is configured to host and monitor one or more of said virtual machines in said virtual environment and to validate said virtual machines based on said communicated environment credentials, wherein said each of said one or more hypervisors comprises; a secure communication client that transmits said requests for said environment credentials to said credential authority server; and a validation module within each of said one or more hypervisor shims, wherein said validation module receives and validates said communicated environment credentials and enables said one or more hypervisors to validate said each of said virtual machines associated with each said virtual machine shim based on the communicated environment credentials to allow instantiation of said each of said virtual machines in said virtual environment. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A computer program product comprising computer executable instructions embodied in a non-transitory computer readable storage medium, wherein said computer program product comprises:
-
a first computer program code for providing a credential authority server for managing environment credentials of a virtual environment; a second computer program code for associating a virtual machine shim with each of a plurality of virtual machines and for associating one or more hypervisor shims with one or more hypervisors; a third computer program code for providing, on request, environment credentials to each of said virtual machines and said one or more hypervisors on authorization of said each of said virtual machines and said one or more hypervisors; a fourth computer program code for communicating said environment credentials provided to said each of said virtual machines, by each said virtual machine shim to said one or more hypervisor shims; and a fifth computer program code for validating said each of said virtual machines associated with each said virtual machine shim by said one or more hypervisors associated with said one or more hypervisor shims based on said communicated environment credentials to allow instantiation of said each of said virtual machines in said virtual environment.
-
Specification