| 摘要 |
Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust. |
| 主权项 |
1. A method comprising:
transmitting, by a first computing system via a secure channel to a second computing system, a request to create a virtual machine in the second computing system, wherein the request includes at least a first token; recording, in a computer memory using a processor of the first computing system, the first token in association with the request for a virtual machine; receiving, by the first computing system from a server located in a secure zone in the second computing system, the first token after the second computing system requests to load components configured to boot the virtual machine; confirming, using the processor of the first computing system, authenticity of the received first token with the recorded first token; transmitting, by the first computing system to the server located in the secure zone in the second computing system, a second token unique to the request to load components, wherein the second token is configured to enable the server located in the secure zone of the second computing system to transmit the requested components and the second token to the virtual machine, wherein the requested components are unique to the request to load components; recording, in the computer memory using the processor of the first computing system, the second token in association with the request for the virtual machine; receiving, by the first computing system from the virtual machine, the second token after the virtual machine has been loaded with the requested components; confirming, using the processor of the first computing system, authenticity of the received second token with the recorded second token; transmitting, by the first computing system to the virtual machine, a third token and confidential information configured to enable the virtual machine to create a secure connection with the first computing system via a gateway server located in the secure zone of the second computing system; recording, in the computer memory using the processor of the first computing system, the third token in association with the request for the virtual machine; receiving, by the first computing system from the gateway server located in the secure zone of the second computing system, the third token and a request to establish a secure connection through the secure zone with the virtual machine; confirming, using the processor of the first computing system, authenticity of the received third token with the recorded third token; recording, using the processor of the first computing system, an entry in a log file stored on the computer memory of the first computing system indicating a duration of time in a boot phase exceeds a predetermined threshold of time; recording, using the processor of the first computing system, an entry in a log file stored on the computer memory of the first computing system indicating a duration of time in a unlock phase exceeds a predetermined threshold of time; and recording, using the processor of the first computing system, an entry in a log file stored on the computer memory of the first computing system indicating a duration of time in a connect phase exceeds a predetermined threshold of time. |
