主权项 |
1. A computing system implemented method for providing a virtual perimeter for a first plurality of assets, comprising:
maintaining, with a first instance of a virtual perimeter agent, a data structure for identifying the first plurality of assets,
wherein the first instance of the virtual perimeter agent resides on a first of the first plurality of assets,wherein the data structure includes identifiers for the first plurality of assets,wherein the first plurality of assets include computing systems configured to communicate over one or more networks,wherein the first plurality of assets is included within the virtual perimeter and a second plurality of assets is excluded from the virtual perimeter; providing services, from the first of the first plurality of assets, to a second of the first plurality of assets, at least partially based on the identifiers for the first plurality of assets and at least partially based on a first role assigned to the first of the first plurality of assets,
wherein the first role is enforced on the first of the first plurality of assets by the first instance of the virtual perimeter agent; and admitting one of the second plurality of assets into the virtual perimeter if characteristics of the one of the second plurality of assets satisfy criteria for admission to the virtual perimeter,
wherein admitting the one of the second plurality of assets includes:
installing a second instance of the virtual perimeter agent on the one of the second plurality of assets;adding an identifier of the one of the second plurality of assets to the data structure; andassigning a second role to the one of the second plurality of assets to determine second access privileges of the one of the second plurality of assets within the virtual perimeter. |