公开(公告)号：WO2023059339A1

公开(公告)日：2023-04-13

申请号：PCT/US2021/054189

申请日：2021-10-08

Applicant: KASTEN, INC.

Inventor： BHAT, Onkar ,  DIXIT, Deepika ,  KAMRA, Vaibhav ,  MANVILLE, Thomas ,  TOLIA, Niraj

IPC: H04L9/40 ,  H04L63/0884 ,  H04L63/10

Abstract: Disclosed herein are system, method, and computer program product embodiments for role-based access control in multi-tenancy environments using cloud-native objects. An embodiment operates by executing an application in a cluster. The embodiment creates roles corresponding to a user or group of users. The embodiment defines a set of permissions for the roles. The embodiment binds the roles to native objects in a cloud orchestrator based on the set of permissions for the roles. The embodiment receives a first request from a user to log in. The embodiment transmits a request to authenticate the user. The embodiment receives a list of a set of permissions for the user. The embodiment causes a display of system assets on a user interface of a client device based on the list of the set of permissions for the user.

公开(公告)号：WO2023063943A1

公开(公告)日：2023-04-20

申请号：PCT/US2021/054787

申请日：2021-10-13

Applicant: KASTEN, INC.

Inventor： MANVILLE, Thomas ,  KAMRA, Vaibhav ,  DIXIT, Deepika ,  SEVERSON, Mark ,  BHAT, Onkar ,  VORBAU, Alex

IPC: G06F9/50 ,  G06F11/14

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster distribution. In some embodiments, a server on a primary computing cluster receives an update to an object stored on the primary computing cluster and to be implemented by a secondary computing cluster. Furthermore, the server receives a request to distribute the object to the secondary computing cluster. The server further retrieves the object based on an object identifier or an identifier of the secondary computing cluster. Moreover, the server identifies the secondary computing cluster based on the object identifier or the identifier of the secondary computing cluster. The server then distributes the object to the secondary computing cluster via a persistent connection.

公开(公告)号：WO2023059337A1

公开(公告)日：2023-04-13

申请号：PCT/US2021/054163

申请日：2021-10-08

Applicant: KASTEN, INC.

Inventor： MANVILLE, Thomas ,  KAMRA, Vaibhav ,  DIXIT, Deepika ,  TOLIA, Niraj ,  SEVERSON, Mark ,  BHAT, Onkar ,  VORBAU, Alex

IPC: G06F21/30 ,  G06F9/50 ,  H04L41/08 ,  G06F21/44 ,  G06F21/53 ,  H04L41/28

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster boot-strapping. In some embodiments, a server residing on a primary computing cluster receives a first request to establish a temporary connection between the primary computing cluster and a secondary computing cluster. The server establishes the temporary connection between the primary computing cluster and the secondary computing cluster using the first set of credentials. Furthermore, the server receives a second request to establish a persistent connection between the primary computing cluster and the secondary computing cluster. The server establishes the persistent connection by transmitting a third request comprising the configuration settings to the secondary computing cluster thereby causing the secondary computing cluster to generate a second set of credentials corresponding to the primary computing cluster. The server receives and stores the second set of credentials.

公开(公告)号：WO2023059338A1

公开(公告)日：2023-04-13

申请号：PCT/US2021/054164

申请日：2021-10-08

Applicant: KASTEN, INC.

Inventor： MANVILLE, Thomas ,  KAMRA, Vaibhav ,  DIXIT, Deepika ,  TOLIA, Niraj ,  SEVERSON, Mark ,  BHAT, Onkar ,  VORBAU, Alex

IPC: G06F21/41 ,  G06F21/62

Abstract: Disclosed herein are system, method, and computer program product embodiments for multi-cluster access. In some embodiments, the server receives a first request to bind one or more cluster roles associated with a user to each of one or more secondary computing clusters. The server binds the users credentials with the one or more cluster roles corresponding to each of one or more secondary computing clusters. Furthermore, the server receives a second request for providing the user access to the primary computing cluster. Moreover, the server receives a third request from the user interface intended for at least one secondary computing cluster. The server forwards the third request to the at least one secondary computing cluster while impersonating at least one cluster role of the one or more cluster roles corresponding to the at least one secondary computing cluster.

公开(公告)号：WO2022189838A1

公开(公告)日：2022-09-15

申请号：PCT/IB2021/052331

申请日：2021-03-19

Applicant: KASTEN, INC.

Inventor： DIXIT, Deepika ,  LOPEZ, Julio ,  MANVILLE, Thomas ,  KAMRA, Vaibhav

IPC: H04L9/08 ,  G06F21/62 ,  H04W12/041

Abstract: Disclosed herein are system, method, and computer program product embodiments for encryption key management. An embodiment operates by executing an initial non-backup instance of an application and generates a primary key using a cryptographic algorithm. The embodiment requests a customer to create a passphrase configured to encrypt and decrypt the primary key. The embodiment generates a derived key using a cryptographic algorithm and the customer passphrase as input. The embodiment then encrypts the primary key using the generated derived key and stores the encrypted primary key in a catalog.