| 发明名称 | System and method for software defined deployment of security appliances using policy templates | ||
| 摘要 | A method includes retrieving, from a memory accessible by a computer, a document comprising a workload definition document that defines an intended virtual configuration to include at least one virtual machine and at least one network appliance to be associated with at least one of the virtual machines in the intended virtual configuration, each network appliance respectively serving a role in the intended virtual configuration of transforming, inspecting, filtering, or otherwise manipulating all the network traffic, before it reaches an intended virtual machine, for purpose other than a data packet forwarding in a virtual configuration. The workload definition document is parsed to extract attributes of each of the network appliances, including one or more security policy to be applied to each network appliance. Configuration data is extracted from the parsed workload definition document that is related to any security policy of any of the network appliances to be deployed. A security template library is accessed to select a security template for each network appliance that will implement the one or more security policy for that network appliance to be deployed. | ||
| 申请公布号 | US9621592(B2) | 申请公布日期 | 2017.04.11 |
| 申请号 | US201514750247 | 申请日期 | 2015.06.25 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Ashley Paul Anthony;Berger Stefan;Liu Tian Cheng;Huang He Yuan;Iyer Sreekanth Ramakrishna;Kundu Ashish;Nagaratnam Nataraj;Pendarakis Dimitrios;Williams Ronald Becker |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | McGinn IP Law Group, PLLC | 代理人 | LaBaw, Esq. Jeff;McGinn IP Law Group, PLLC |
| 主权项 | 1. A method, comprising: retrieving, from a memory accessible by a computer, a document comprising a workload definition document that defines an intended virtual configuration to include at least one virtual machine and at least one network appliance to be associated with at least one of the virtual machines in the intended virtual configuration, each network appliance respectively serving a role in the intended virtual configuration of transforming, inspecting, filtering, or otherwise manipulating all network traffic, before said network traffic reaches an intended virtual machine, for purpose other than a data packet forwarding in a virtual configuration; parsing, using a processor on the computer, the workload definition document to extract attributes of each of the network appliances, including one or more security policies to be applied to each network appliance; extracting configuration data from the parsed workload definition document that are related to any security policy of any of the network appliances to be deployed; accessing a security template library to select a security template for each network appliance that will implement the one or more security policies for that network appliance to be deployed; retrieving a base image for each network appliance to be deployed; merging deployment-specific data from a snapshot taken from each network appliance with the a base image; and configuring each network appliance with at least one selected security template. | ||
| 地址 | Armonk NY US | ||