-
公开(公告)号:US10356128B1
公开(公告)日:2019-07-16
申请号:US15661618
申请日:2017-07-27
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Grant Callaghan , Marcel Moolenaar , Vinay Wagh , Rohan Desai , Matthew Page , Gary Menezes , Antoine Pourchet , Ramya Olichandran
Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VM is at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.
-
公开(公告)号:US10999328B2
公开(公告)日:2021-05-04
申请号:US16430344
申请日:2019-06-03
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Grant Callaghan , Marcel Moolenaar , Vinay Wagh , Rohan Desai , Matthew Page , Gary Menezes , Antoine Pourchet , Ramya Olichandran
Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VMIs at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.
-
公开(公告)号:US10652281B1
公开(公告)日:2020-05-12
申请号:US15692890
申请日:2017-08-31
Applicant: VMware, Inc.
Inventor: Marcel Moolenaar , Dennis Ramdass , Ramya Olichandran
Abstract: A technique implements network policy deployed in a tag-based policy architecture of a virtualized computing environment. One or more virtual machine instances (VMIs) may be provided by a virtual data center (VDC) of the environment, wherein each VMI includes an intermediary manager of a computing cell that also includes a guest operating system (OS) and associated applications. The tag-based policy architecture may be configured to enforce the network policy in the virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources, such as the VMIs, coupled to a computer network and to authorize access to protected resources, such as virtualized network resources of the VDC.
-
-
Search Results
3
records
(took 0.01 seconds)
