摘要:
Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update.
摘要:
Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed.
摘要:
Techniques for secure network communication are provided. Credentials for a user along with a transparently generated secret are sent to a resource that the user desires to establish a secure communication session with. After successful authentication of the user, an initial sequence number for a first transaction of the session is set on a client of the user. Thereafter, with each transaction of the session the client supplies a new and unique sequence number to a server of the resource and uses the secret to encode and validate that transaction. The server of the resource does not permit any transaction that includes an invalid or previously used sequence number.
摘要:
Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update.
摘要:
Techniques for secure network communication are provided. Credentials for a user along with a transparently generated secret are sent to a resource that the user desires to establish a secure communication session with. After successful authentication of the user, an initial sequence number for a first transaction of the session is set on a client of the user. Thereafter, with each transaction of the session the client supplies a new and unique sequence number to a server of the resource and uses the secret to encode and validate that transaction. The server of the resource does not permit any transaction that includes an invalid or previously used sequence number.
摘要:
Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server).
摘要:
Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed.
摘要:
Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed.
摘要:
Techniques for distributed testing are provided. Resources are identified for performing tests over a network. The tests and policies are sent to the resources and a proxy. The proxy delivers data for the tests to the resources and enforces the policies during the tests. The proxy also gathers statistics and results from the resources, which are executing the tests, and the proxy reports the statistics and results to one or more third-party services for subsequent manipulation and analysis.
摘要:
Techniques for identity-based network mapping are provided. A principal is associated with a resource identifier via a mapping. Conditions of a network are dynamically evaluated in response to policy and actions taken against a resource associated with the resource identifier of the mapping. The principal and the hardware resource of a machine are associated with two different types of resources and the mapping is used to manage security and maintenance associated with a network for shutting down the principal from accessing the network when an issue is detected with the hardware resource and the hardware resource is shut down when the issue is with the principal.