主权项 |
1. A method implemented and residing within a non-transitory computer-readable storage medium that is executed by a processor as a cloud service, the processor configured to perform the method, comprising:
receiving a virtual machine (VM) request from a portal; instantiating a VM to be accessed at a dynamically created Internet Protocol (IP) address and at a dynamically created communication port number, the dynamically created IP address and dynamically created port number representing a combination dynamically created for accessing the instantiated VM, the VM instantiated as needed or requested; acquiring a secure token for a communication session to the VM, the secure token is unique to the VM, an authenticated principal requesting the VM, and the communication session, and generating the secure token collectively as pieces by the cloud service, the portal, and an identity service, the collective pieces form the secure token; returning the IP address, the port number, and the secure token back to the portal for the portal to communicate to the identity service that dynamically generates policy to be enforced during the communication session, the identity service also providing the IP address, the port number, and the secure token to the authenticated principal to use during the communication session with the VM and the identity service provides the policy to a secure socket layer virtual private network (SSL VPN) server for the SSL VPN server to enforce the policy when the principal initiates the communication session with the VM via a SSL VPN connection through the SSL VPN, the cloud service, the identity service, and the portal are all in trusted communication with one another, each of these entities are authenticated to one another and secure communications used between the entities including encrypted communications and usage of secure protocols; and forcing the secure token to expire after a configured period of idleness is detected and shutting down the VM automatically on a detected expiration of the secure token. |