主权项 |
1. A method, comprising:
generating a one-time password (OTP) by one of a cloud engine of a private enterprise computing system or an authentication server, wherein the cloud engine is executable by a processing device; passing the OTP to the other one of the cloud engine and the authentication server; starting, by the cloud engine, an exchange with the authentication server to lead to a state in which both the cloud engine and the authentication server comprise an identifier (ID) of a virtual machine (VM), the VM hosted by a public cloud computing system coupled to the private enterprise computing system via a network; sending, by the private enterprise computing system, the OTP and the ID to the VM; creating an account at an account creation time before starting the VM; associating the OTP and the ID for the VM with the account; enabling the account at an account enablement time that is after the account creation time; receiving credentials of the VM and a request to access a virtual private network (VPN) server of the private enterprise computing system; authenticating the credentials of the VM against the OTP and the ID; and establishing, by the private enterprise computing system, a secure connection between the VPN server and the VM when the credentials received from the VM comprise the OTP and the ID. |