System for securing virtual machine disks on a remote shared storage subsystem
First Claim
Patent Images
1. A cloud computing data processing system comprising:
- a hardware appliance having a secure container configured for communicative coupling to different hypervisors, each of the different hypervisors supporting virtual machine (VM) storage in a cloud computing environment;
a data store of VM images for storage in at least one of the different hypervisors; and
,a secure distribution module executing in the memory of the hardware appliance, the module comprising program code enabled upon execution in the hardware appliance to compose at least one VM disk in a secure container, which is configured to deploy VM images into the cloud computing environment, to encrypt the composed at least one VM disk, to transmit the at least one encrypted VM disk to a hypervisor in the cloud computing environment, to generate a bootloader associated with the encrypted VM disk in the secure container, to generate a security token for the bootloader, to transmit the bootloader to the hypervisor in the cloud computing environment, to receive a request to activate a VM instance, to request a key by the bootloader, to verify the bootloader using the security token, and to provide the key to the bootloader to unlock the at least one VM disk upon verification of the bootloader.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method, data processing system and computer program product for secure distribution of virtualized storage. In an embodiment of the invention, a method for secure distribution of virtualized storage in a host in a cloud computing can include composing at least one virtual machine (VM) disk in a secure container and configured to deploy VM images into a cloud computing environment, encrypting the composed at least one VM disk, transmitting the encrypted VM disk to a hypervisor in the cloud computing environment receiving a request to activate a VM instance and generating a bootloader in the secure container, transmitting the bootloader to the hypervisor in the cloud computing environment and providing a key to the bootloader to unlock the at least one VM disk.
126 Citations
6 Claims
-
1. A cloud computing data processing system comprising:
-
a hardware appliance having a secure container configured for communicative coupling to different hypervisors, each of the different hypervisors supporting virtual machine (VM) storage in a cloud computing environment; a data store of VM images for storage in at least one of the different hypervisors; and
,a secure distribution module executing in the memory of the hardware appliance, the module comprising program code enabled upon execution in the hardware appliance to compose at least one VM disk in a secure container, which is configured to deploy VM images into the cloud computing environment, to encrypt the composed at least one VM disk, to transmit the at least one encrypted VM disk to a hypervisor in the cloud computing environment, to generate a bootloader associated with the encrypted VM disk in the secure container, to generate a security token for the bootloader, to transmit the bootloader to the hypervisor in the cloud computing environment, to receive a request to activate a VM instance, to request a key by the bootloader, to verify the bootloader using the security token, and to provide the key to the bootloader to unlock the at least one VM disk upon verification of the bootloader. - View Dependent Claims (2, 3)
-
-
4. A computer program product for secure distribution of virtualized storage in a cloud computing environment, the computer program product comprising:
-
a computer readable storage device having stored therein computer readable program code, the computer readable program code comprising; computer readable program code for composing at least one virtual machine (VM) disk in a secure container and configured to deploy VM images into a cloud computing environment; computer readable program code for encrypting the composed VM disk; computer readable program code for transmitting the encrypted VM disk to a hypervisor in the cloud computing environment; computer readable program code for generating a bootloader associated with the encrypted VM disk in the secure container; computer readable program code for generating a security token for the bootloader; computer readable program code for transmitting the bootloader to the hypervisor in the cloud computing environment; computer readable program code for receiving a request to activate a VM instance; computer readable program code for requesting a key by the bootloader; computer readable program code for verifying the bootloader using the security token; and computer readable program code for providing the key to the bootloader to unlock the at least one VM disk upon verification of the bootloader. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsAshok, Rohith, Hogstrom, Matthew R., Whalley, Ian N.
-
Primary Examiner(s)Gergiso, Techane
-
Application NumberUS12/983,053Publication NumberTime in Patent Office935 DaysField of Search713/150, 717/174, 718/1US Class Current713/150CPC Class CodesG06F 2009/4557 Distribution of virtual mac...G06F 2009/45575 Starting, stopping, suspend...G06F 21/575 Secure bootG06F 9/45558 Hypervisor-specific managem...H04L 63/045 wherein the sending and rec...H04L 63/166 at the transport layer
