-
公开(公告)号:US10484430B2
公开(公告)日:2019-11-19
申请号:US15589486
申请日:2017-05-08
发明人: Ramnath Prasad , Pradeep Ayyappan Nair , Veena Ramachandran , Sandeep Kalarickal , Thomas Knudson , Pavan Gopal Bandla , Chetan Shankar , Ranajoy Sanyal , Qingsu Wu , Chi Zhou , Doug Kirschner , Ryan Meyer , Thomas Keane
摘要: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes screening criteria limiting automatic granting of JIT access to DevOps personnel who meeting the screening criteria. Screening information for the DevOps personnel is evaluated against one or more screening requirements set forth by the screening criteria. If the screening criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.
-
2.发明申请公开(公告)号:US20180364996A1
公开(公告)日:2018-12-20
申请号:US15628332
申请日:2017-06-20
发明人: Parvez Anandam , Ramnath Prasad , Pradeep Ayyappan Nair , Lihua Yuan , Yun Wu , George Chen , Jie Mao , David Maltz , Albert Greenberg , Thomas Keane
摘要: Software deployment to network devices in cloud computing environments subject to data control policies is provided in a manner that ensures compliance with the data control policies. A deployment service is located in a remote cloud computing environment separate from the cloud computing environments to which software is being deployed. The deployment service does not have access to restricted data in the cloud computing environments, including access control data, such that the deployment service cannot directly interact with network devices. The deployment service issues deployment requests to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access the network devices and issue commands to install the software on the network devices.
-
3.发明授权公开(公告)号:US10135907B2
公开(公告)日:2018-11-20
申请号:US14933815
申请日:2015-11-05
发明人: Karthik Palanivel , Jason Ward , Maksim Libenson , Rajesh Korada , Mike Kippen , William Bartholomew , Izabella Lankerovich , Pradeep Ayyappan Nair
摘要: Releases to the production environment of a cloud computing environment are deployed in a manner that maintains control over restricted data and the data plane of the cloud computing environment. A DevOps personnel is tasked with developing the release. However, the DevOps personnel is not authorized to deploy the release to the cloud computing environment because the DevOps personnel does not have access to restricted data in the cloud computing environment or the ability to modify the cloud computing environment to gain access to restricted data. Operating personnel who has access to restricted data and the right to modify the cloud computing environment is notified of the release and given release specifications providing details of the release. If the operator approves the release, the release is transferred to the cloud computing environment. A deployment engine then automatically deploys the release to the production environment of the cloud computing environment.
-
4.发明申请公开(公告)号:US20170134476A1
公开(公告)日:2017-05-11
申请号:US14933815
申请日:2015-11-05
发明人: Karthik Palanivel , Jason Ward , Maksim Libenson , Rajesh Korada , Mike Kippen , William Bartholomew , Izabella Lankerovich , Pradeep Ayyappan Nair
IPC分类号: H04L29/08
CPC分类号: H04L67/06 , G06F8/60 , G06F9/5072 , G06F21/60 , H04L67/10
摘要: Releases to the production environment of a cloud computing environment are deployed in a manner that maintains control over restricted data and the data plane of the cloud computing environment. A DevOps personnel is tasked with developing the release. However, the DevOps personnel is not authorized to deploy the release to the cloud computing environment because the DevOps personnel does not have access to restricted data in the cloud computing environment or the ability to modify the cloud computing environment to gain access to restricted data. Operating personnel who has access to restricted data and the right to modify the cloud computing environment is notified of the release and given release specifications providing details of the release. If the operator approves the release, the release is transferred to the cloud computing environment. A deployment engine then automatically deploys the release to the production environment of the cloud computing environment.
-
公开(公告)号:US10924497B2
公开(公告)日:2021-02-16
申请号:US16601134
申请日:2019-10-14
发明人: Ramnath Prasad , Pradeep Ayyappan Nair , Veena Ramachandran , Sandeep Kalarickal , Thomas Knudson , Pavan Gopal Bandla , Chetan Shankar , Ranajoy Sanyal , Qingsu Wu , Chi Zhou , Thomas Keane
摘要: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for an external device. When JIT access to a resource is requested by a device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the device.
-
公开(公告)号:US10762218B2
公开(公告)日:2020-09-01
申请号:US15628350
申请日:2017-06-20
发明人: Parvez Anandam , Ramnath Prasad , Pradeep Ayyappan Nair , Lihua Yuan , Sandeep Koushik Sheshadri , Shikhar Suri , Sharda Murthi , David Maltz , Albert Greenberg , Thomas Keane
IPC分类号: G06F21/60 , G06F8/60 , H04L29/06 , G06F9/451 , H04L12/24 , G06F8/61 , G06F21/62 , G06F9/445 , G06F9/50
摘要: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.
-
公开(公告)号:US11233794B2
公开(公告)日:2022-01-25
申请号:US16458168
申请日:2019-06-30
发明人: Chetan S. Shankar , LiLei Cui , Sandeep Kalarickal S , Thomas Charles Knudson , Pavan Gopal Bandla , Pradeep Ayyappan Nair , Aaron Keith Rosenfeld , Tyler S. Wiegers , Sudharshan Reddy Bommu , Margus Janese , Mario Mett , Chi Zhou
摘要: Methods, systems, and computer storage media for providing escorted-access management based on an escort-admin session engine are provided. The escort-admin session engine approves an external administrator's access to a resource instance based on a service team policy, while approving an escort operator to escort the external administrator in an escort-admin session that provides access to the resource. In operation, an external administrator's request for access to a resource is evaluated based on the service team policy that is managed by a service team. The request is approved with access rights to the resource identified in the policy. An escort operator is identified for the external administrator. The escort operator is approved to escort the external administrator for access to the resource during an escort-admin session. The escort-admin session includes an escort operator context referring to the escort operator having access rights based on the access rights approved using the policy.
-
8.发明授权公开(公告)号:US10708136B2
公开(公告)日:2020-07-07
申请号:US15628322
申请日:2017-06-20
发明人: Parvez Anandam , Ramnath Prasad , Pradeep Ayyappan Nair , David Maltz , Albert Greenberg , Thomas Keane
IPC分类号: G06F15/173 , H04L12/24 , H04L29/08 , G06F8/61 , G06F9/46 , G06F8/60 , H04L29/06 , G06F21/62 , G06F9/445 , G06F9/50
摘要: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.
-
公开(公告)号:US10476886B2
公开(公告)日:2019-11-12
申请号:US15589475
申请日:2017-05-08
发明人: Ramnath Prasad , Pradeep Ayyappan Nair , Veena Ramachandran , Sandeep Kalarickal , Thomas Knudson , Pavan Gopal Bandla , Chetan Shankar , Ranajoy Sanyal , Qingsu Wu , Chi Zhou , Thomas Keane
摘要: A JIT service in a cloud computing environment manages just-in-time access to resources in the cloud computing environment for DevOps personnel who do not have persistent access to restricted data or the ability to modify the cloud computing environment to gain access to restricted data. When JIT access to a resource is requested by a DevOps device, the JIT service retrieves a JIT policy for the resource that includes geolocation criteria limiting the geolocation from which JIT access can be automatically granted. The geolocation of the DevOps device is evaluated against the geolocation criteria. If the geolocation criteria and any other criteria of the JIT policy are satisfied, the JIT service provisions JIT access to the resource for the DevOps device.
-
公开(公告)号:US20180365435A1
公开(公告)日:2018-12-20
申请号:US15628350
申请日:2017-06-20
发明人: Parvez Anandam , Ramnath Prasad , Pradeep Ayyappan Nair , Lihua Yuan , Sandeep Koushik Sheshadri , Shikhar Suri , Sharda Murthi , David Maltz , Albert Greenberg , Thomas Keane
摘要: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.018 秒)
