US2012036561A1PendingUtilityA1

Methods and systems for securely managing virtualization platform

46
Assignee: BUDKO RENATAPriority: Sep 12, 2008Filed: Oct 14, 2011Published: Feb 9, 2012
Est. expirySep 12, 2028(~2.2 yrs left)· nominal 20-yr term from priority
H04L 63/10H04L 63/0281H04L 63/083H04L 63/20H04L 63/0823H04L 63/08
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Virtualization platforms and management clients therefor are communicatively coupled to one another via a control layer logically disposed therebetween. The control layer is configured to proxy virtualization management commands from the management clients to the virtualization platforms, but only after successful authentication of users (which may include automated agents and processes) issuing those commands and privileges of those users as defined by access control information accessible to the control layer. The control layer may be instantiated as an application running on a physical appliance logically interposed between the virtualization platforms and management clients, or a software package running on dedicated hardware logically interposed between the virtualization platforms and management clients, or as an application encapsulated in a virtual machine running on a compatible virtualization platform logically interposed between the virtualization platforms and management clients.

Claims

exact text as granted — not AI-modified
1 . A method of administering access to assets within a virtualized computer network environment, said method comprising:
 at a control layer within the virtualized computer network environment, authenticating system administrators attempting to access the assets of the virtualized computer network environment and privileges of the administrators on the basis of access control information accessible to the control layer;   for authenticated administrators and privileges of those administrators, transparently controlling executing of virtualization administration commands from one or more administration clients used by the authenticated administrators to said assets within the virtualized computer network environment; and   logging each attempted access, including failed attempts, to the assets within the virtualized computer network environment.   
     
     
         2 . The method of  claim 1 , wherein the authenticating includes inspecting each attempted access to the assets within a virtualized computer network environment to determine whether or not an asserted command or operation is one that is valid schematically and authorized for a respective one of the administrators issuing the asserted command. 
     
     
         3 . The method of  claim 2 , further comprising dropping an asserted command if it is either invalid, unauthorized, or both. 
     
     
         4 . The method of  claim 2 , further comprising notifying a network administrator of a failed attempt to access one or more of the assets within the virtualized computer network environment. 
     
     
         5 . The method of  claim 1 , wherein the access control information comprises restrictions based on some or all of: time of day, target virtualization platform, target virtualized resource, attempted administration operation or command, and location of administration client.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.