-
公开(公告)号:US20070250833A1
公开(公告)日:2007-10-25
申请号:US11404361
申请日:2006-04-14
申请人: Nelson Araujo , Abhishek Dhasmana , Lloyd Giberson , Angel Monterrubio , John Parry , Eugene Polonsky , Kendra Yourtee , Brian Wahlert
发明人: Nelson Araujo , Abhishek Dhasmana , Lloyd Giberson , Angel Monterrubio , John Parry , Eugene Polonsky , Kendra Yourtee , Brian Wahlert
IPC分类号: G06F9/455
CPC分类号: G06F21/6218 , G06F9/45558 , G06F2009/45562 , G06F2009/45587
摘要: An administrative authority for virtual machines can send one or more delegated policy settings to a virtual machine manager. The virtual machine manager can in turn send management instructions that include the one or more policy settings to one or more virtual machine hosts. As such, a user's request for a virtual machine at a virtual machine host can be granted or denied based on the delegated policy settings. The policy settings can be updated periodically, and can include additional information about starting, stopping, expiring, saving, or even deleting virtual machines by particular users, as well as users accessing from particular locations. In addition, an agent operating at the virtual machine host can monitor and report virtual machine activity, to ensure unauthorized virtual machines are quickly stopped and reviewed until authorized.
摘要翻译: 虚拟机的管理权限可以将一个或多个委派的策略设置发送到虚拟机管理器。 虚拟机管理器可以依次向一个或多个虚拟机主机发送包括一个或多个策略设置的管理指令。 因此,可以基于委派的策略设置来授予或拒绝用户对虚拟机主机上的虚拟机的请求。 策略设置可以定期更新,并且可以包括有关特定用户以及从特定位置访问的用户的启动,停止,到期,保存或甚至删除虚拟机的其他信息。 此外,在虚拟机主机上运行的代理可以监视和报告虚拟机活动,以确保未经授权的虚拟机能够快速停止并进行审核。
-
公开(公告)号:US20070245348A1
公开(公告)日:2007-10-18
申请号:US11404334
申请日:2006-04-14
申请人: Nelson Araujo , Abhishek Dhasmana , Lloyd Giberson , Angel Monterrubio , John Parry , Eugene Polonsky , Brian Wahlert , Kendra Yourtee
发明人: Nelson Araujo , Abhishek Dhasmana , Lloyd Giberson , Angel Monterrubio , John Parry , Eugene Polonsky , Brian Wahlert , Kendra Yourtee
IPC分类号: G06F9/455
CPC分类号: G06F21/6218 , G06F21/53
摘要: The embodiments contemplate a system and method for a restriction of virtual machines for a group of one or more users. A predefined policy may include a restriction related to the group, as well as a measure of enforcement to initiate in the event of a violation of the restriction. The measure of enforcement may include a warning message or denial of resources. The restriction may be resource-based, time-based, machine-based, or a combination. The restriction may be a group-level restriction, in which the entire group actions are monitored, or a user-level restriction, in which the user's actions are monitored. In the event a user is assigned to more than one group, the policies of each group are assigned a priority level. The priority level dictates the restriction as well as the measure of enforcement.
摘要翻译: 实施例考虑了用于限制一个或多个用户的组的虚拟机的系统和方法。 预定义的策略可以包括与组相关的限制,以及在违反限制的情况下启动的强制措施。 执法措施可能包括警告信息或拒绝资源。 该限制可以是基于资源的,基于时间的,基于机器的或组合的。 该限制可以是其中监视整个组动作的组级别限制或用户级别限制,其中监视用户的动作。 在将用户分配给多个组的情况下,每个组的策略被分配优先级。 优先级决定了限制和执行措施。
-
公开(公告)号:US20120246738A1
公开(公告)日:2012-09-27
申请号:US13052313
申请日:2011-03-21
申请人: Shon Kiran Shah , William L. Scheidel , Anand Shankar Sarda , Gokcen Iskender , Lloyd Giberson , Evan Michael Keibler , Tolga Yildirim
发明人: Shon Kiran Shah , William L. Scheidel , Anand Shankar Sarda , Gokcen Iskender , Lloyd Giberson , Evan Michael Keibler , Tolga Yildirim
IPC分类号: G06F21/00
CPC分类号: G06F21/6218
摘要: The subject disclosure is directed towards resource sharing and/or isolation in a role based access (RBA) system. A resource may be associated with an owner, via an owner property, which provides isolation by enforcing exclusive access to that resource by the owner (unless the owner chooses to share). Sharing is provided by allowing the owner to identify, in a GrantedTo list, selected receiving user(s) or user role(s) that can have shared access. Also described is administrator-level control over the ability to share resources and/or receive shared resources, e.g., an administrator selects whether a resource owner is permitted to share resources and/or whether receiving users/user roles are permitted to receive shared resources.
摘要翻译: 主题公开涉及基于角色的访问(RBA)系统中的资源共享和/或隔离。 资源可以通过所有者属性与所有者相关联,所有者属性通过强制由所有者对该资源的独占访问来提供隔离(除非所有者选择共享)。 通过允许所有者在GrantedTo列表中识别可以具有共享访问权限的所选接收用户或用户角色来提供共享。 还描述了对共享资源和/或接收共享资源的能力的管理员级控制,例如管理员选择资源所有者是否被允许共享资源和/或是否允许接收用户/用户角色来接收共享资源。
-
-