| 发明名称 | Extending security platforms to cloud-based networks | ||
| 摘要 | Embodiments relate to systems and methods for extending a network security platform to a cloud-based network. A set of managed machines, such as personal computers or servers, can be managed by a network security engine. The network security engine can govern access to and operation of the set of managed machines through a set of security policies. According to embodiments, the set of security policies can be sub-divided into a partitioned security class corresponding to a subset of the managed network which is intended to be deployed as a cloud-accessible subset of the overall managed network. The partitioned security class can specify access restrictions for the cloud-accessible subset to receive resources from or provide resources to the external cloud environment. A corporate campus network or other managed network can therefore permit access of the cloud to some or all of its machines, while still maintaining desired local security conditions. | ||
| 申请公布号 | US8977750(B2) | 申请公布日期 | 2015.03.10 |
| 申请号 | US200912391802 | 申请日期 | 2009.02.24 |
| 申请人 | Red Hat, Inc. | 发明人 | Ferris James Michael |
| 分类号 | G06F15/16;H04L29/06 | 主分类号 | G06F15/16 |
| 代理机构 | Lowenstein Sandler LLP | 代理人 | Lowenstein Sandler LLP |
| 主权项 | 1. A method, comprising: generating a set of security policies for a set of managed machines in a network; identifying a cloud-accessible subset of the set of managed machines to be used as a shared resource by an external cloud environment; identifying a first subset of security policies within the set of security policies, the first subset of security policies corresponding to a set of access conditions for the cloud-accessible subset of the set of managed machines; identifying a second subset of baseline security policies within the set of security policies to apply to the cloud-accessible subset of the set of managed machines when the cloud-accessible subset of the set of managed machines are not exposed to the external cloud environment; generating, by a processor, a partitioned security class in the set of security policies that includes the first subset of security policies corresponding to the set of access conditions for the cloud-accessible subset of the set of managed machines; and in response to determining that the cloud-accessible subset of the set of managed machines is exposed to the external cloud environment, applying the partitioned security class to the subset of the set of managed machines, wherein the partitioned security class permits sharing of the cloud-accessible subset of the set of managed machines with the external cloud environment based on the first subset of security policies. | ||
| 地址 | Raleigh NC US | ||