Methods and systems for securely managing virtualization platform
Abstract
Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.
Claims
exact text as granted — not AI-modified1 . A method of administering access to assets within a virtualized computer network environment, said method comprising:
at a control layer within the virtualized computer network environment, authenticating system administrators attempting to access the assets of the virtualized computer network environment and privileges of the administrators on the basis of access control information accessible to the control layer; for authenticated administrators and privileges of those administrators, transparently controlling executing of virtualization administration commands from one or more administration clients used by the authenticated administrators to said assets within the virtualized computer network environment; and logging each attempted access, including failed attempts, to the assets within the virtualized computer network environment.
2 . The method of claim 1 , wherein the authenticating includes inspecting each attempted access to the assets within a virtualized computer network environment to determine whether or not an asserted command or operation is one that is valid schematically and authorized for a respective one of the administrators issuing the asserted command.
3 . The method of claim 2 , further comprising dropping an asserted command if it is either invalid, unauthorized, or both.
4 . The method of claim 2 , further comprising notifying a network administrator of a failed attempt to access one or more of the assets within the virtualized computer network environment.
5 . The method of claim 1 , wherein the access control information comprises restrictions based on some or all of: time of day, target virtualization platform, target virtualized resource, attempted administration operation or command, and location of administration client.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.