Method for generating secure snapshots
US-9317315-B2 · Apr 19, 2016 · US
Virtual machine locking
US10037219B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10037219-B2 |
| Application number | US-201514723374-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 27, 2015 |
| Priority date | May 27, 2015 |
| Publication date | Jul 31, 2018 |
| Grant date | Jul 31, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for virtual machine locking. An example method may include: applying a lock to a virtual machine, the lock enabling ongoing execution of the virtual machine and outbound communication by the virtual machine while precluding unauthenticated inbound communication to the virtual machine, receiving, from a first device and in response to an authentication request, an authentication attempt, processing the authentication attempt to authenticate the first device with respect to the virtual machine, and in response to a determination that the first device was successfully authenticated with respect to the virtual machine, enabling inbound communication from the first device to the virtual machine.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: applying a lock at a virtualization manager for a virtual machine while the virtual machine is in communication with at least one of a first device or a second device, the lock enabling ongoing execution of the virtual machine to receive inbound communication from the first device and to restrict inbound communication from the second device; receiving, from the second device, an authentication attempt; processing, by a processing device, the authentication attempt to authenticate the second device with respect to the virtual machine; and in response to a determination that the second device was successfully authenticated with respect to the virtual machine, enabling inbound communication from the second device to the virtual machine. 2. The method of claim 1 , wherein applying the lock to the virtual machine comprises applying the lock to the virtual machine with respect to the second device to preclude unauthenticated inbound communication from the second device to the virtual machine. 3. The method of claim 2 , wherein the lock is to permit unauthenticated inbound communication from the first device to the virtual machine. 4. The method of claim 1 , further comprising identifying an irregularity with respect to an operation of the virtual machine. 5. The method of claim 4 , wherein applying the lock to the virtual machine comprises applying the lock to the virtual machine in response to an identification of the irregularity. 6. The method of claim 1 , further comprising: in response to an application of the lock, providing a notification of the lock to the second device that was previously connected to the virtual machine. 7. The method of claim 1 , further comprising: in response to an application of the lock, prompting the second device that was previously connected to the virtual machine to authenticate. 8. The method of claim 1 , further comprising receiving a request to perform an operation in relation to the virtual machine. 9. The method of claim 8 , wherein applying the lock to the virtual machine comprises applying the lock to the virtual machine in response to the request to perform the operation. 10. The method of claim 9 , wherein the operation comprises a maintenance operation. 11. A system comprising: a memory; and a processing device, operatively coupled to the memory, to: apply a lock at a virtualization manager to a virtual machine while the virtual machine is in communication with at least one of a first device or a second device, the lock enabling ongoing execution of the virtual machine and outbound communication by the virtual machine to receive inbound communication from the first device and to restrict inbound communication from the second device; receive, from the second device, an authentication attempt; process the authentication attempt to authenticate the second device with respect to the virtual machine; and in response to a determination that the second device was successfully authenticated with respect to the virtual machine, enable inbound communication from the second device to the virtual machine. 12. The system of claim 11 , wherein to apply the lock to the virtual machine the processing device is further to apply the lock to the virtual machine with respect to the second device to preclude unauthenticated inbound communication from the second device to the virtual machine. 13. The system of claim 12 , wherein the lock is to permit unauthenticated inbound communication from the first device to the virtual machine. 14. The system of claim 11 , wherein the processing device is further to identify an irregularity with respect to an operation of the virtual machine, and to apply the lock to the virtual machine the processing device is further to apply the lock to the virtual machine in response to an identification of the irregularity. 15. The system of claim 11 , wherein the processing device is further to receive a request to perform an operation in relation to the virtual machine. 16. The system of claim 15 , wherein to apply the lock to the virtual machine the processing device is further to apply the lock to the virtual machine in response to the request to perform the operation. 17. The system of claim 16 , wherein the operation comprises a maintenance operation. 18. A non-transitory computer-readable storage medium having instructions that, when executed by a processing device, cause the processing device to: identify an irregularity with respect to an operation of a virtual machine; in response to an identification of the irregularity, apply a lock at a virtualization manager for the virtual machine while the virtual machine is in communication with at least one of a first device or a second device, the lock enabling ongoing execution of the virtual machine to receive inbound communication from the first device and to restrict inbound communication from the second device; receive, from the second device, an authentication attempt; process the authentication attempt to authenticate the second device with respect to the virtual machine; and in response to a determination that the second device was successfully authenticated with respect to the virtual machine, enable inbound communication from the second device to the virtual machine. 19. The non-transitory computer-readable storage medium of claim 18 , wherein to apply the lock to the virtual machine the processing device is further to apply the lock to the virtual machine with respect to the second device such that the lock precludes unauthenticated inbound communication from the second device to the virtual machine. 20. The non-transitory computer-readable storage medium of claim 19 , wherein the lock is to permit unauthenticated inbound communication from the first device to the virtual machine.
Assignees
Inventors
Classifications
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
Isolation or security of virtual machine instances · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
Network integration; Enabling network access in virtual machine instances · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10037219B2 cover?
- Systems and methods for virtual machine locking. An example method may include: applying a lock to a virtual machine, the lock enabling ongoing execution of the virtual machine and outbound communication by the virtual machine while precluding unauthenticated inbound communication to the virtual machine, receiving, from a first device and in response to an authentication request, an authenticat…
- Who is the assignee on this patent?
- Red Hat Israel Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 31 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).