METHODS AND SYSTEMS FOR SECURE STORAGE SEGMENTATION BASED ON SECURITY CONTEXT IN A VIRTUAL ENVIRONMENT

US 20140157363A1
Filed: 12/05/2012
Published: 06/05/2014
Est. Priority Date: 12/05/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a request to place a workload in a hypervisor-based host;

identifying a security level of the workload;

identifying a security level of a storage device associated with the hypervisor-based host;

granting the request to place the workload in the hypervisor-based host if the security level of the workload corresponds to the security level of the storage device; and

denying the request to place the workload in the hypervisor-based host if the security level of the workload does not correspond to the security level of the storage device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.

55 Citations

View as Search Results

20 Claims

1. A method comprising:
- identifying a request to place a workload in a hypervisor-based host;
  
  identifying a security level of the workload;
  
  identifying a security level of a storage device associated with the hypervisor-based host;
  
  granting the request to place the workload in the hypervisor-based host if the security level of the workload corresponds to the security level of the storage device; and
  
  denying the request to place the workload in the hypervisor-based host if the security level of the workload does not correspond to the security level of the storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the workload is an instance of a virtual machine on the hypervisor-based host.
  - 3. The method of claim 1 wherein granting the request to place the workload in the hypervisor-based host comprises:
    - associating at least one virtual disk on the storage device with the workload.
  - 4. The method of claim 3, wherein the storage device is a physical disk comprising a plurality of virtual disks used by workloads on different hypervisor-based hosts.
  - 5. The method of claim 4, wherein each of the workloads is assigned to one of:
    - a cloud tenant, a cloud sub-tenant, or an operation performed for a cloud tenant or sub-tenant.
  - 6. The method of claim 1, wherein the security level of the storage device is identified based on at least one of:
    - the security level of the workload, input provided by a system administrator, or sensitivity of content on the storage device.
  - 7. The method of claim 1, wherein the request to place the workload in the hypervisor-based host is any one of an initial placement request with respect to the workload or a request to migrate the workload to the hypervisor-based host from another hypervisor-based host.

8. A system comprising:
- a memory; and
  
  a processing device coupled with the memory to;
  
  identify a request to place a workload in a hypervisor-based host;
  
  identify a security level of the workload;
  
  identify a security level of a storage device associated with the hypervisor-based host;
  
  grant the request to place the workload in the hypervisor-based host if the security level of the workload corresponds to the security level of the storage device; and
  
  deny the request to place the workload in the hypervisor-based host if the security level of the workload does not correspond to the security level of the storage device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the workload is an instance of a virtual machine on the hypervisor-based host.
  - 10. The system of claim 8, wherein when granting the request to place the workload in the hypervisor-based host comprises, the processing device further to:
    - associate at least one virtual disk on the storage device with the workload.
  - 11. The system of claim 10, wherein the storage device is a physical disk comprising a plurality of virtual disks used by workloads on different hypervisor-based hosts.
  - 12. The system of claim 11, wherein each of the workloads is assigned to one of:
    - a cloud tenant, a cloud sub-tenant, or an operation performed for a cloud tenant or sub-tenant.
  - 13. The system of claim 8, wherein the security level of the storage device is identified based on at least one of:
    - the security level of the workload, input provided by a system administrator, or sensitivity of content on the storage device.
  - 14. The system of claim 8, wherein the request to place the workload in the hypervisor-based host is any one of an initial placement request with respect to the workload or a request to migrate the workload to the hypervisor-based host from another hypervisor-based host.

15. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform a method comprising:
- identifying a request to place a workload in a hypervisor-based host;
  
  identifying a security level of the workload;
  
  identifying a security level of a storage device associated with the hypervisor-based host;
  
  granting the request to place the workload in the hypervisor-based host if the security level of the workload corresponds to the security level of the storage device; and
  
  denying the request to place the workload in the hypervisor-based host if the security level of the workload does not correspond to to the security level of the storage device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the workload is an instance of a virtual machine on the hypervisor-based host, and wherein the request to place the workload in the hypervisor-based host is any one of an initial placement request with respect to the workload or a request to migrate the workload to the hypervisor-based host from another hypervisor-based host.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein when granting the request to place the workload in the hypervisor-based host the processing device further to perform:
    - associating at least one virtual disk on the storage device with the workload.
  - 18. The non-transitory computer readable storage medium of claim 17, wherein the storage device is a physical disk comprising a plurality of virtual disks used by workloads on different hypervisor-based hosts.
  - 19. The non-transitory computer readable storage medium of claim 18, wherein each of the workloads is assigned to one of:
    - a cloud tenant, a cloud sub-tenant, or an operation performed for a cloud tenant or sub-tenant.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the security level of the storage device is identified based on at least one of:
    - the security level of the workload, input provided by a system administrator, or sensitivity of content on the storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Banerjee, Deb

Granted Patent

US 9,185,114 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5044   considering hardware capabi...

G06F 9/5077   Logical partitioning of res...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

METHODS AND SYSTEMS FOR SECURE STORAGE SEGMENTATION BASED ON SECURITY CONTEXT IN A VIRTUAL ENVIRONMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR SECURE STORAGE SEGMENTATION BASED ON SECURITY CONTEXT IN A VIRTUAL ENVIRONMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links