| 发明名称 |
Corralling virtual machines with encryption keys |
| 摘要 |
A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers. |
| 申请公布号 |
US8977867(B2) |
申请公布日期 |
2015.03.10 |
| 申请号 |
US201313753054 |
申请日期 |
2013.01.29 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Rangegowda Dharshan;Fries Robert M. |
| 分类号 |
G06F21/60;H04L9/08 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
Drakos Kate;Andrews David;Minhas Micky |
| 主权项 |
1. A system for securely managing one or more virtual machines on one or more physical hosts using one or more encryption keys, the system comprising one or more computer processors and computer storage media having encoded thereon computer executable instructions which, when executed upon the one or more computer processors, performs:
creating one or more virtual machines on the one or more physical hosts, wherein each of the one or more virtual machines comprises a unique ID, and is associated with the one or more virtual hard disks; associating an encryption key with one or more of the one or more virtual machine unique IDs; encrypting, using the encryption key, one or more of the one or more virtual hard disks for each of the one or more virtual machines associated with the encryption key; providing the encryption key to one or more hypervisor components that interface between the virtual machines and the associated one or more virtual hard disks, wherein the one or more hypervisor components provide read/write access of the one or more encrypted virtual hard disks to the corresponding virtual machine using the provided encryption key, the one or more hypervisor components maintain a separate scope and execution environment for each of the one or more virtual machines such that each virtual machine has a separate identity and operates as though it has complete access to all available resources but has visibility only to what is assigned to it by the hypervisor. |
| 地址 |
Redmond WA US |
