Techniques to deliver security and network policies to a virtual network function
First Claim
Patent Images
1. An apparatus comprising:
- a first processing unit, the first processing unit comprising a secure execution partition, the secure execution partition comprising a partition of circuitry within the first processing unit and wherein the secure execution partition is a circuitry partition which is secured from other partitions within said circuitry; and
a policy agent executed at the secure execution partition, the policy agent to receive and validate a policy for a virtual network Function (VNF) and to configure the VNF to implement a network function based on the validated policy, the VNF to be executed upon a second processing unit different from the first processing unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Examples may include techniques to securely provision, configure, and de-provision virtual network functions for a software defined network or a cloud infrastructure elements. A policy for a virtual network function may be received, at a secure execution partition of circuitry, and the virtual network function configured to implement the policy by the secure execution partition of the circuitry. The secure execution partition may connect to the virtual network function through a virtual switch and may cause the virtual network function to implement a network function based on the policy.
-
Citations
25 Claims
-
1. An apparatus comprising:
-
a first processing unit, the first processing unit comprising a secure execution partition, the secure execution partition comprising a partition of circuitry within the first processing unit and wherein the secure execution partition is a circuitry partition which is secured from other partitions within said circuitry; and a policy agent executed at the secure execution partition, the policy agent to receive and validate a policy for a virtual network Function (VNF) and to configure the VNF to implement a network function based on the validated policy, the VNF to be executed upon a second processing unit different from the first processing unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving, at a secure execution partition of a first processing unit, a policy for a virtual network function (VNF), the secure execution partition comprising a partition of circuitry within the first processing unit and wherein the secure execution partition a circuitry partition which is secured from other partitions within said circuitry; and configuring and validating the VNF to implement a network function based on the validated policy the VNF to be executed by a second processing unit different than the first processing unit. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. At least one non-transitory machine readable medium comprising a plurality of instructions that in response to being executed by a secure execution partition of a first processing unit cause the secure execution partition to:
-
receive, at the secure execution partition, a policy for a virtual network function (VNF), the secure execution partition comprising a partition of circuitry within the first processing unit and wherein the secure execution partition is a circuitry partition which is secured from other partitions within said circuitry; validate the policy; and configure and validating the VNF to implement a network function based on the validated policy, the VNF to be executed by a second processing unit different from the first processing unit. - View Dependent Claims (23, 24, 25)
-
Specification