公开(公告)号：US20130298210A1

公开(公告)日：2013-11-07

申请号：US13462223

申请日：2012-05-02

Applicant: Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

Inventor： Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

IPC: G06F9/455 ,  H04L9/32 ,  G06F21/00 ,  G06F15/16

CPC classification number: G06F9/45558 ,  G06F9/4416 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L63/0823 ,  H04L63/0869

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract translation: 在包括执行虚拟机的主计算系统的环境中，以及将主机通信地耦合到分配给特定虚拟机的客户端计算系统的安全云计算通道，特定虚拟机生成证书， 将证书安装在自身上，并将证书表示返回给客户端。 虚拟机配置时可能会发生这种情况。 在从客户端到虚拟机的后续连接请求期间，虚拟机将证书返回给客户机。 客户端将在配置期间返回的证书表示与后续连接期间返回的证书进行比较，如果存在匹配，则虚拟机将被验证到客户端。 因此，在这种情况下，虚拟机进行认证，而客户端不必为证书生成，安装和管理安全性。

公开(公告)号：US20130297921A1

公开(公告)日：2013-11-07

申请号：US13462275

申请日：2012-05-02

Applicant: Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

Inventor： Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

IPC: G06F9/00

CPC classification number: G06F9/45558 ,  G06F9/4406 ,  G06F2009/45562 ,  G06F2009/45575

Abstract: The provisioning of a virtual machine when booted from virtual storage. During virtual machine boot from an image, the virtual machine detects storage media. The virtual machine acquires a provisioning agent and provisioning data from the detected storage media. The virtual machine uses the provisioning data to provision itself, and executes the provisioning agent. The provisioning agent may monitor the progress of the provisioning and/or report a status of the provisioning. The virtual machine may operate in a cloud computing environment, the status of the provisioning agent being returned to the user through the cloud environment. The user need not generate the provisioning data in a format readable by the virtual machine. Instead, perhaps some naturally entered user input is used to automatically generate the properly formatted provisioning data using perhaps a service in the cloud.

Abstract translation: 从虚拟存储引导时提供虚拟机。 在虚拟机从映像引导过程中，虚拟机检测存储介质。 虚拟机从检测到的存储介质中获取供应代理并提供数据。 虚拟机使用配置数据来自行设置，并执行配置代理。 供应代理可以监视供应的进度和/或报告供应的状态。 虚拟机可以在云计算环境中操作，通过云环境将供应代理的状态返回给用户。 用户不需要以虚拟机可读的格式生成配置数据。 相反，也许一些自然输入的用户输入可以使用云中的服务来自动生成正确格式化的配置数据。

公开(公告)号：US08719402B2

公开(公告)日：2014-05-06

申请号：US12908891

申请日：2010-10-21

Applicant: Sushant P. Rewaskar ,  Muhammad Umer Azad ,  Corey M. Sanders ,  Saad Syed ,  Charles T. Lenzmeier ,  Gaurav Gupta

Inventor： Sushant P. Rewaskar ,  Muhammad Umer Azad ,  Corey M. Sanders ,  Saad Syed ,  Charles T. Lenzmeier ,  Gaurav Gupta

IPC: G06F15/173

CPC classification number: H04L41/0816 ,  H04L41/0631 ,  H04L41/0654 ,  H04L67/10 ,  H04L67/125

Abstract: Goal state indicators can be communicated from a fabric controller of a computer cluster to each of multiple compute instances in the computer cluster managed by the fabric controller. The goal state indicators can be formatted according to a structured protocol that defines multiple possible goal states. Additionally, status reports can be received from the compute instances. Each of the status reports can indicate a current state of one of the compute instances relative to a goal state previously indicated in a goal state indicator communicated to that one of the compute instances.

Abstract translation: 目标状态指示器可以从计算机集群的结构控制器传送到由光纤控制器管理的计算机集群中的多个计算实例中的每一个。 目标状态指示符可以根据定义多个可能目标状态的结构化协议进行格式化。 另外，可以从计算实例接收状态报告。 状态报告中的每一个可以指示计算实例中的一个计算实例相对于先前在传达给该计算实例的目标状态指示符中指示的目标状态的当前状态。

公开(公告)号：US08621553B2

公开(公告)日：2013-12-31

申请号：US12415079

申请日：2009-03-31

Applicant: Saad Syed ,  Chetan Shankar ,  Jose M. Bernabeu-Auban ,  Sushant P. Rewaskar ,  Muhammad Umer Azad

Inventor： Saad Syed ,  Chetan Shankar ,  Jose M. Bernabeu-Auban ,  Sushant P. Rewaskar ,  Muhammad Umer Azad

IPC: G06F17/00 ,  G06F7/04 ,  G06F21/00 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F21/6218 ,  G06F21/53 ,  G06F21/604 ,  H04L63/20 ,  H04L67/10

Abstract: Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.

Abstract translation: 诸如云服务的应用可以部署在网络环境（例如，云计算环境）内。 不幸的是，当应用程序在网络环境中实例化时，他们有能力破坏其他应用程序和/或网络环境的基础设施的安全性。 因此，如本文所提供的，安全方案可以应用于应用程序将被实例化的网络环境。 安全性方案可以包括从描述应用和/或分配给应用的资源的应用服务模型导出的一个或多个安全层（例如，虚拟机级安全性，应用级安全性，操作系统级安全性等）。

公开(公告)号：US20120102186A1

公开(公告)日：2012-04-26

申请号：US12908891

申请日：2010-10-21

Applicant: Sushant P. Rewaskar ,  Muhammad Umer Azad ,  Corey M. Sanders ,  Saad Syed ,  Charles T. Lenzmeier ,  Gaurav Gupta

Inventor： Sushant P. Rewaskar ,  Muhammad Umer Azad ,  Corey M. Sanders ,  Saad Syed ,  Charles T. Lenzmeier ,  Gaurav Gupta

IPC: G06F15/173

CPC classification number: H04L41/0816 ,  H04L41/0631 ,  H04L41/0654 ,  H04L67/10 ,  H04L67/125

Abstract: Goal state indicators can be communicated from a fabric controller of a computer cluster to each of multiple compute instances in the computer cluster managed by the fabric controller. The goal state indicators can be formatted according to a structured protocol that defines multiple possible goal states. Additionally, status reports can be received from the compute instances. Each of the status reports can indicate a current state of one of the compute instances relative to a goal state previously indicated in a goal state indicator communicated to that one of the compute instances.

Abstract translation: 目标状态指示器可以从计算机集群的结构控制器传送到由光纤控制器管理的计算机集群中的多个计算实例中的每一个。 目标状态指示符可以根据定义多个可能目标状态的结构化协议进行格式化。 另外，可以从计算实例接收状态报告。 状态报告中的每一个可以指示计算实例中的一个计算实例相对于先前在传达给该计算实例的目标状态指示符中指示的目标状态的当前状态。

公开(公告)号：US09436492B2

公开(公告)日：2016-09-06

申请号：US13462275

申请日：2012-05-02

Applicant: Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

Inventor： Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

IPC: G06F9/44 ,  G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/4406 ,  G06F2009/45562 ,  G06F2009/45575

Abstract: The provisioning of a virtual machine when booted from virtual storage. During virtual machine boot from an image, the virtual machine detects storage media. The virtual machine acquires a provisioning agent and provisioning data from the detected storage media. The virtual machine uses the provisioning data to provision itself, and executes the provisioning agent. The provisioning agent may monitor the progress of the provisioning and/or report a status of the provisioning. The virtual machine may operate in a cloud computing environment, the status of the provisioning agent being returned to the user through the cloud environment. The user need not generate the provisioning data in a format readable by the virtual machine. Instead, perhaps some naturally entered user input is used to automatically generate the properly formatted provisioning data using perhaps a service in the cloud.

Abstract translation: 从虚拟存储引导时提供虚拟机。 在虚拟机从映像引导过程中，虚拟机检测存储介质。 虚拟机从检测到的存储介质中获取供应代理并提供数据。 虚拟机使用配置数据来自行设置，并执行配置代理。 供应代理可以监视供应的进度和/或报告供应的状态。 虚拟机可以在云计算环境中操作，通过云环境将供应代理的状态返回给用户。 用户不需要以虚拟机可读的格式生成配置数据。 相反，也许一些自然输入的用户输入可以使用云中的服务来自动生成正确格式化的配置数据。

公开(公告)号：US09210162B2

公开(公告)日：2015-12-08

申请号：US13462223

申请日：2012-05-02

Applicant: Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

Inventor： Eron D. Wright ,  Muhammad Umer Azad ,  Sushant P. Rewaskar ,  Corey M. Sanders ,  Saad Syed

IPC: G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F9/45558 ,  G06F9/4416 ,  G06F2009/45591 ,  G06F2009/45595 ,  H04L63/0823 ,  H04L63/0869

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract translation: 在包括执行虚拟机的主计算系统的环境中，以及将主机通信地耦合到分配给特定虚拟机的客户端计算系统的安全云计算通道，特定虚拟机生成证书， 将证书安装在自身上，并将证书表示返回给客户端。 虚拟机配置时可能会发生这种情况。 在从客户端到虚拟机的后续连接请求期间，虚拟机将证书返回给客户机。 客户端将在配置期间返回的证书表示与后续连接期间返回的证书进行比较，如果存在匹配，则虚拟机将被验证到客户端。 因此，在这种情况下，虚拟机进行认证，而客户端不必为证书生成，安装和管理安全性。

公开(公告)号：US20100251328A1

公开(公告)日：2010-09-30

申请号：US12415079

申请日：2009-03-31

Applicant: Saad Syed ,  Chetan Shankar ,  Jose M. Bernabeu-Auban ,  Sushant P. Rewaskar ,  Muhammad Umer Azad

Inventor： Saad Syed ,  Chetan Shankar ,  Jose M. Bernabeu-Auban ,  Sushant P. Rewaskar ,  Muhammad Umer Azad

IPC: G06F21/00 ,  G06F21/20

CPC classification number: G06F21/6218 ,  G06F21/53 ,  G06F21/604 ,  H04L63/20 ,  H04L67/10

Abstract: Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.

Abstract translation: 诸如云服务的应用可以部署在网络环境（例如，云计算环境）内。 不幸的是，当应用程序在网络环境中实例化时，他们有能力破坏其他应用程序和/或网络环境的基础设施的安全性。 因此，如本文所提供的，安全方案可以应用于应用程序将被实例化的网络环境。 安全方案可以包括从描述应用和/或分配给应用的资源的应用服务模型导出的一个或多个安全层（例如，虚拟机级安全性，应用级安全性，操作系统级安全性等）。