Establishing secure computing devices for virtualization and administration

摘要

Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

主权项

1. At a computer system including at least one processor, a computer-implemented method for providing computer system virtualization on a secure computing device, the method comprising:
an act of establishing a secure computing device including: establishing a device claim that identifies the secure computing device; establishing an updating policy configured to ensure that the secure computing device is running up-to-date software patches; instantiating an application blocking service configured to ensure that only applications on a specified whitelist are allowed to be executed on the secure computing device; and establishing a networking policy that prevents at least some inbound network connections from reaching the secure computing device; and an act of instantiating at least one virtual machine on the established secure device, the instantiated at least one virtual machine allowing at least one application to be executed that is not the specified whitelist.