Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Protected application stack and method and system of utilizing
US2016173534A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016173534-A1 |
| Application number | US-201615050406-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 22, 2016 |
| Priority date | Apr 18, 2010 |
| Publication date | Jun 16, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure appliance for use within a multi-tenant cloud computing environment which comprises: a) a policy enforcement point (PEP); b) a hardened Operating System (OS) capable of deploying applications; and c) at least one application capable of hosting services and application program interfaces (APIs).
First claim
Opening claim text (preview).
1 . A method, comprising: running a first virtual policy enforcement point appliance using a hypervisor; running a first operating system using the first virtual policy enforcement point appliance, the first operating system including a firewall; and running a first application and a first policy enforcement point using the first operating system, the first virtual policy enforcement point appliance restricts all application layer communication to and from the first application to pass through the first policy enforcement point, the first policy enforcement point controls all application layer communication to and from the first application based on a set of policy constraints. 2 . The method of claim 1 , further comprising: running a second virtual policy enforcement point appliance using the hypervisor, the first virtual policy enforcement point appliance runs a first database, the second virtual policy enforcement point appliance runs a second database, wherein writes to the first database are replicated to the second database. 3 . The method of claim 1 , further comprising: running a cluster of virtual policy enforcement point appliances, the cluster of virtual policy enforcement point appliances including the first virtual policy enforcement point appliance; and automatically synchronizing the set of policy constraints across each virtual policy enforcement point appliance of the cluster of virtual policy enforcement point appliances. 4 . The method of claim 1 , further comprising: running an HTTP load balancer, the HTTP load balancer distributes messages to a cluster of virtual policy enforcement point appliances. 5 . The method of claim 1 , further comprising: deactivating all services from the first operating system that do not support the first virtual policy enforcement point appliance. 6 . The method of claim 1 , wherein: the running a first virtual policy enforcement point appliance using a hypervisor includes running the hypervisor on a set of one or more hardware processors. 7 . The method of claim 1 , further comprising: receiving a message from a hardware server; and determining, using the first policy enforcement point, whether to pass the message to the first application based on the set of policy constraints. 8 . The method of claim 1 , further comprising: running a second virtual policy enforcement point appliance using the hypervisor; running a second application using the second virtual policy enforcement point appliance; and controlling, using the first policy enforcement point, all application layer communication from the second application to the first application based on the set of policy constraints. 9 . The method of claim 1 , wherein: the first application communicates with the first policy enforcement point using a localhost connection. 10 . A system, comprising: a memory to store a set of policy constraints; and a set of hardware processors to run a hypervisor, the hypervisor to run a first virtual policy enforcement point appliance, the first virtual policy enforcement point appliance to run a first operating system that includes a firewall, the first operating system to run a first application and a first policy enforcement point, the first virtual policy enforcement point appliance to restrict all application layer communication to and from the first application to pass through the first policy enforcement point, the first policy enforcement point to control all application layer communication to and from the first application based on the set of policy constraints. 11 . The system of claim 10 , wherein: the set of hardware processors is to receive a message from a second server, the first policy enforcement point to determine whether to pass the message to the first application based on the set of policy constraints. 12 . The system of claim 10 , wherein: the set of hardware processors is to run a second application, the first policy enforcement point to control all application layer communication from the second application to the first application based on the set of policy constraints. 13 . The system of claim 10 , wherein: the first application is to communicate with the first policy enforcement point using a localhost connection. 14 . The system of claim 10 , wherein: the hypervisor is to run a second virtual policy enforcement point appliance, the first virtual policy enforcement point appliance to run a first database, the second virtual policy enforcement point appliance to run a second database, the first database comprises a primary database in which writes to the first database are replicated through to the second database. 15 . The system of claim 10 , wherein: the hypervisor is to run a cluster of virtual policy enforcement point appliances, the cluster of virtual policy enforcement point appliances includes the first virtual policy enforcement point appliance, the cluster of virtual policy enforcement point appliances to synchronize the set of policy constraints across each virtual policy enforcement point appliance of the cluster of virtual policy enforcement point appliances. 16 . The system of claim 10 , wherein: the hypervisor is to run an HTTP load balancer, the HTTP load balancer to distribute messages to a cluster of virtual policy enforcement point appliances including the first virtual policy enforcement point appliance. 17 . The system of claim 10 , wherein: the hypervisor is to receive a message from a hardware server, the first policy enforcement point to pass the message to the first application if the set of policy constraints are satisfied. 18 . The system of claim 10 , wherein: the hypervisor is to run a second virtual policy enforcement point appliance, the second virtual policy enforcement point appliance to run a second application, the first policy enforcement point controls all application layer communication from the second application to the first application based on the set of policy constraints. 19 . The system of claim 10 , wherein: the first policy enforcement point is to receive an inbound message and relay the inbound message to the first application if the set of policy constraints are satisfied. 20 . One or more storage devices containing processor readable code for programming one or more processors to perform a method, the processor readable code comprising: processor readable code configured to run a first virtual policy enforcement point appliance using a hypervisor; processor readable code configured to run a first operating system using the first virtual policy enforcement point appliance, the first operating system includes a firewall; and processor readable code configured to run a first application and a first policy enforcement point using the first operating system, the first virtual policy enforcement point appliance restricts all application layer communication to and from the first application to pass through the first policy enforcement point, the first policy enforcement point controls all application layer communication to and from the first application based on a set of policy constraints.
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Distributed architectures, e.g. distributed firewalls · CPC title
- H04L63/168Primary
above the transport layer · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016173534A1 cover?
- A secure appliance for use within a multi-tenant cloud computing environment which comprises: a) a policy enforcement point (PEP); b) a hardened Operating System (OS) capable of deploying applications; and c) at least one application capable of hosting services and application program interfaces (APIs).
- Who is the assignee on this patent?
- Ca Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 16 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).