| 发明名称 | Secure administration of virtual machines | ||
| 摘要 | Methods and systems for performing secure administration of virtual domain resource allocation are provided herein. A cloud service provider (CSP) may provide instances of virtual machines to one or more contracting user entities. The cloud service provider may store an authorization database identifying one or more resources (e.g., storage, CPU, etc.) that each of the different contracting user entities is authorized to use on a virtual machine server device. The CSP may subsequently receive a request from an unverified entity to instantiate a virtual machine with access to one or more resources. The request may include security information. The CSP validates the request by verifying the unverified entity using the first security information (e.g., checking a PKI certificate, requiring a login/password, etc.) and, when the request is validated, provides access to the verified entity to a subset of the requested one or more resources based on the authorization database. | ||
| 申请公布号 | US9258290(B2) | 申请公布日期 | 2016.02.09 |
| 申请号 | US201314050488 | 申请日期 | 2013.10.10 |
| 申请人 | Citrix Systems, Inc. | 发明人 | Bursell Michael Hingston McLaughlin |
| 分类号 | H04L29/06;G06F21/44;G06F21/62 | 主分类号 | H04L29/06 |
| 代理机构 | Banner & Witcoff, Ltd. | 代理人 | Banner & Witcoff, Ltd. |
| 主权项 | 1. A method comprising: receiving a first request from an unverified entity to instantiate a first instance of a virtual machine, said first request defining a first set of one or more resources to be made available by a virtual machine server device to the first instance of the virtual machine, said first request including first security information; validating the first request by verifying the unverified entity using the first security information; accessing an authorization database, said authorization database identifying one or more resources, based on the verified entity, that the first instance of the virtual machine is authorized to use on the virtual machine server device, said authorization database defining one or more affinity-based restrictions for a multitenancy environment of the vitual machine server device; based on the one or more resources and the one or more affinity-based restrictions identified by the authorization database, determining a subset of the first set of one or more resources that exists on the virtual machine server device and is available to be provided by the virtual machine server device to the first instance of the virtual machine; and responsive to validating the first request: instantiating the first instance of the virtual machine with access to the subset of the first set of one or more resources. | ||
| 地址 | Fort Lauderdale FL US | ||