Managing virtual overlay infrastructures
    2.
    发明授权
    Managing virtual overlay infrastructures 有权
    管理虚拟覆盖基础设施

    公开(公告)号:US08544002B2

    公开(公告)日:2013-09-24

    申请号:US11718196

    申请日:2005-10-28

    IPC分类号: G06F9/50

    摘要: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Each virtual infrastructure can be passivated by suspending applications, stopping operating systems, and storing state, to enable later reactivation. This is simpler for a complete virtual infrastructure than for groups of virtual entities and physical entities. It enables cloned virtual infrastructure to be created for testing, upgrading or sharing without risk to the parent. On failure, reversion to a previous working clone is feasible.

    摘要翻译: 系统具有映射到用于处理,存储和网络通信的物理资源的虚拟覆盖基础设施,虚拟基础设施具有用于处理,存储和网络通信的虚拟实体。 每个虚拟基础设施可以通过挂起应用程序,停止操作系统和存储状态来钝化,以便稍后重新启动。 与虚拟实体和物理实体的组相比,这对于完整的虚拟基础设施来说更简单。 它可以创建克隆的虚拟基础架构,用于测试,升级或共享,而不会对父级造成风险。 失败后,回复到以前的工作克隆是可行的。

    TRUSTED KEY MANAGEMENT FOR VIRTUALIZED PLATFORMS
    3.
    发明申请
    TRUSTED KEY MANAGEMENT FOR VIRTUALIZED PLATFORMS 有权
    虚拟平台的关键管理

    公开(公告)号:US20100082991A1

    公开(公告)日:2010-04-01

    申请号:US12242104

    申请日:2008-09-30

    IPC分类号: H04L9/32 H04L9/08

    CPC分类号: H04L9/083 H04L2209/805

    摘要: To provide a secure service to an application virtual machine running in a first domain of a virtualized computing platform, a second domain is arranged to run a corresponding service driver exclusively for the application virtual machine. As part of the secure service, the service driver effects a key-based cryptographic operation; to do so, the service driver has to obtain the appropriate key from a key manager. The key manager is arranged to store the key and to release it to the service driver only upon receiving evidence of its identity and being satisfied of compliance with release policies associated with the key. These policies include receipt of valid integrity metrics, signed by trusted-device functionality of the virtualized computing platform, for the service driver and the code on which it depends.

    摘要翻译: 为了向在虚拟化计算平台的第一域中运行的应用虚拟机提供安全服务,第二域被安排为专用于应用虚拟机运行相应的服务驱动器。 作为安全服务的一部分,服务驱动程序实现了基于密钥的加密操作; 要这样做,服务驱动程序必须从密钥管理器获取适当的密钥。 密钥管理器被安排为存储密钥,并且仅在接收到其身份的证据并且满足与密钥相关的释放策略的满足时将其释放给服务驱动器。 这些策略包括为服务驱动程序及其所依赖的代码接收由虚拟化计算平台的可信设备功能签名的有效完整性度量。

    Systems and Methods for Providing Remediation Recommendations
    4.
    发明申请
    Systems and Methods for Providing Remediation Recommendations 审中-公开
    提供补救建议的制度和方法

    公开(公告)号:US20080270198A1

    公开(公告)日:2008-10-30

    申请号:US11739839

    申请日:2007-04-25

    IPC分类号: G06Q99/00

    CPC分类号: G06Q10/06 G06Q10/0631

    摘要: In one embodiment, a system and method pertain to receiving audit exceptions indicative of instances of noncompliance of an information system under evaluation relative to a policy or standard, identifying remediation recommendations that are relevant to the audit exceptions and that indicate how to correct conditions that caused the noncompliance, and providing the remediation recommendations to an entity responsible for correcting the conditions so as to provide information as to how the information system can be brought into compliance with the policy or standard.

    摘要翻译: 在一个实施例中,系统和方法涉及接收关于相对于策略或标准进行评估的信息系统不符合实例的审计异常,识别与审计异常相关的补救建议,并且指示如何纠正引起的条件 不合规,并向负责纠正条件的实体提供补救建议,以提供信息系统如何符合政策或标准的信息。

    Configuring computer systems
    5.
    发明授权

    公开(公告)号:US06978379B1

    公开(公告)日:2005-12-20

    申请号:US09578503

    申请日:2000-05-26

    CPC分类号: G06F21/604 G06F21/6218

    摘要: An apparatus (22,44) is described for use in generating configuration information for a computer system (12) employing hierarchical entities.A policy template (24) is employed which contains a definition of an abstract high-level policy, for the configuration of the system, and permitted refinements to that policy, the definition referring to a plurality of the entities. An information and system model (16) contains information about the computer system and its environment including the entities referred to in the high-level policy definition, the hierarchy thereof and non-hierarchical relations between the entities. A policy authoring engine (26) refines the high-level policy definition with reference to the permitted refinements thereto and the stored information about the entities to which the high-level policy definition relates in order to produce a refined policy definition. In doing this, the engine presents refinement options to a user (10) via a user interface (28) and refines the high-level policy definition in dependence upon options selected by the user via the user interface. Some of the entities stored in the model (16) may be abstract entities, but with pointers to data in the computer system representing an instance of that abstract entity. The refined policy may be in terms of a policy context, referring to unbound entities, and a policy statement. A policy deployer (20) stores rules for interpreting the policy statement as instructions executable by the computer system and is operable, with reference to the information and system model (16), to bind the unbound entities in the policy context to instances of those entities, and, with reference to the stored rules, to interpret the policy statement into a series of instructions to the computer system referring to the bound instances or derivatives of them.The apparatus facilitates the refinement of abstract policies and implementation of the refined policies.

    Controlling virtual overlay infrastructure
    6.
    发明授权
    Controlling virtual overlay infrastructure 有权
    控制虚拟覆盖基础设施

    公开(公告)号:US09596239B2

    公开(公告)日:2017-03-14

    申请号:US11718122

    申请日:2005-10-28

    IPC分类号: G06F9/455 H04L29/06 G06F21/60

    摘要: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Virtual infrastructures of different users share physical resources but are isolated. Each infrastructure has its own infrastructure controller to create and configure the infrastructure. It has a user accessible part (CFC) for configuration of that user's infrastructure, and a user inaccessible part (UFC) able to access the mapping and the physical resources. This increases user control to ease system administration, while maintaining security by limiting access to the mapping.

    摘要翻译: 系统具有映射到用于处理,存储和网络通信的物理资源的虚拟覆盖基础设施,虚拟基础设施具有用于处理,存储和网络通信的虚拟实体。 不同用户的虚拟基础架构共享物理资源,但是是孤立的。 每个基础设施都有自己的基础设施控制器来创建和配置基础架构。 它具有用于配置该用户基础设施的用户可访问部分(CFC),以及能够访问映射和物理资源的用户无法访问的部分(UFC)。 这增加了用户控制以简化系统管理,同时通过限制对映射的访问来保持安全性。

    Trusted key management for virtualized platforms
    8.
    发明授权
    Trusted key management for virtualized platforms 有权
    虚拟化平台的可信密钥管理

    公开(公告)号:US09559842B2

    公开(公告)日:2017-01-31

    申请号:US12242104

    申请日:2008-09-30

    IPC分类号: H04L9/32 H04L9/08

    CPC分类号: H04L9/083 H04L2209/805

    摘要: To provide a secure service to an application virtual machine running in a first domain of a virtualized computing platform, a second domain is arranged to run a corresponding service driver exclusively for the application virtual machine. As part of the secure service, the service driver effects a key-based cryptographic operation; to do so, the service driver has to obtain the appropriate key from a key manager. The key manager is arranged to store the key and to release it to the service driver only upon receiving evidence of its identity and being satisfied of compliance with release policies associated with the key. These policies include receipt of valid integrity metrics, signed by trusted-device functionality of the virtualized computing platform, for the service driver and the code on which it depends.

    摘要翻译: 为了向在虚拟化计算平台的第一域中运行的应用虚拟机提供安全服务,第二域被安排为专用于应用虚拟机运行相应的服务驱动器。 作为安全服务的一部分,服务驱动程序实现了基于密钥的加密操作; 要这样做,服务驱动程序必须从密钥管理器获取适当的密钥。 密钥管理器被安排为存储密钥,并且仅在接收到其身份的证据并且满足与密钥相关的释放策略的满足时将其释放给服务驱动器。 这些策略包括为服务驱动程序及其所依赖的代码接收由虚拟化计算平台的可信设备功能签名的有效完整性度量。

    VIRTUAL COMPUTING INFRASTRUCTURE
    9.
    发明申请
    VIRTUAL COMPUTING INFRASTRUCTURE 审中-公开
    虚拟计算基础设施

    公开(公告)号:US20090199177A1

    公开(公告)日:2009-08-06

    申请号:US11718194

    申请日:2005-10-28

    IPC分类号: G06F9/455

    CPC分类号: H04L67/1097 G06F9/5077

    摘要: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. The system has a mapping manager to dynamically alter the mapping for balancing, performance, and redundancy. There can be more independence from the underlying physical configuration, compared to known methods of virtualizing only some of the entities. The mapping manager can be distributed across a number of entities on different physical servers arranged to cooperate with each other.

    摘要翻译: 系统具有映射到用于处理,存储和网络通信的物理资源的虚拟覆盖基础设施,虚拟基础设施具有用于处理,存储和网络通信的虚拟实体。 系统具有映射管理器,用于动态更改映射以实现平衡,性能和冗余。 与已知的仅虚拟化一些实体的方法相比,底层物理配置可以有更多的独立性。 映射管理器可以分布在布置为彼此协作的不同物理服务器上的多个实体上。