Virtual container storage interface controller
US-12175078-B2 · Dec 24, 2024 · US
End-to-end protection for shrouded virtual servers
US9882901B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9882901-B2 |
| Application number | US-201514968187-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 14, 2015 |
| Priority date | Dec 14, 2015 |
| Publication date | Jan 30, 2018 |
| Grant date | Jan 30, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method for securely deploying a shrouded virtual server, the method comprising: sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device; receiving, by the host manager, a request to deploy a virtual server using a shrouded mode, the shrouded mode preventing an administrator of the hosting system from accessing data of the virtual server, the request being sent by the client device in response to the hosting system being authenticated by the client device; deploying, by the host manager, a preconfigured hypervisor on the hosting system, wherein the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor; deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor; sending, by the host manager, an identifier of the virtual server for receipt by the client device storing, by the host manager, a memory address range corresponding to the virtual server; and in response to a system failure in the virtual server, clearing, by the host manager, the memory address range prior to storing a memory dump. 2. The computer implemented method of claim 1 , further comprising: storing, by the host manager, a client device identifier corresponding to the client device in the virtual server; and validating, by the virtual server, a communication from the client device based on the client device identifier. 3. The computer implemented method of claim 1 further comprising: storing, by the host manager, a client device identifier corresponding to the client device in the virtual server; and validating, by the virtual server, a communication from an authorized end-user device based on the client device identifier. 4. The computer implemented method of claim 1 , wherein the host manager configures the preconfigured hypervisor to encrypt the data in the virtual server using a session key received from the client device. 5. The computer implemented method of claim 1 , wherein the host manager configures the preconfigured hypervisor to encrypt paging data of the virtual server using a session key received from the client device. 6. The computer implemented method of claim 1 , wherein the host manager configures the preconfigured hypervisor to disable access to cache lines of the guest server. 7. The computer implemented method of claim 1 further comprising, prior to deployment of the preconfigured hypervisor, determining, by the host manager, authenticity of the preconfigured hypervisor by comparing a hash value of the preconfigured hypervisor with a predetermined value. 8. The computer implemented method of claim 1 further comprising, prior to deployment of the preconfigured boot image, determining, by the host manager, authenticity of the preconfigured boot image by comparing a hash value of the preconfigured boot image with a predetermined value. 9. A system for securely deploying a shrouded virtual server, the system comprising: a server computer; and a host manager console configured to: send an authentication information of a hosting system to a client device in response to a request from the client device; receive a request to deploy a virtual server using a shrouded mode, the shrouded mode preventing an administrator of the hosting system from accessing data of the virtual server, the request being sent by the client device in response to the hosting system being authenticated by the client device; deploy a preconfigured hypervisor on the hosting system, wherein the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor; deploy, via the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor; send an identifier of the virtual server for receipt by the client device store a memory address range corresponding to the virtual server; and in response to a system failure in the virtual server, clear the memory address range prior to storing a memory dump. 10. The system of claim 9 , wherein the host manager console is further configured to, store a client device identifier corresponding to the client device in the virtual server; and the virtual server is configured to validate a communication from the client device based on the client device identifier. 11. The system of claim 9 , wherein the host manager console is further configured to store a client device identifier corresponding to the client device in the virtual server; and the virtual server is configured to validate a communication from an authorized end-user device based on the client device identifier. 12. The system of claim 9 , wherein the host manager console configures the hypervisor to encrypt paging data of the virtual server using a session key received from the client device. 13. The system of claim 9 , wherein the host manager console is further configured to, prior to deployment of the preconfigured hypervisor, determine authenticity of the preconfigured hypervisor by comparing a hash value of the preconfigured hypervisor with a predetermined value. 14. A computer program product for extending shrouding capability of a virtual server hosting system, the computer program product comprising a computer readable storage device, the computer readable storage device comprising computer executable instructions, wherein the computer readable storage device comprises instructions to: send an authentication information of a hosting system to a client device in response to a request from the client device; receive a request to deploy a virtual server using a shrouded mode, the shrouded mode preventing an administrator of the hosting system from accessing data of the virtual server, the request being sent by the client device in response to the hosting system being authenticated by the client device; deploy a preconfigured hypervisor on the hosting system, wherein the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor; deploy, via the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor; send an identifier of the virtual server for receipt by the client device store a memory address range corresponding to the virtual server; and in response to a system failure in the virtual server, clear the memory address range prior to storing a memory dump. 15. The computer program product of claim 14 , wherein the computer readable storage device further comprises instructions to: store a client device identifier corresponding to the client device in the virtual server; and validate a communication from the client device based on the client device identifier. 16. The computer program product of claim 14 , wherein the computer readable storage device further comprises instructions to: store a client device identifier corresponding to the client device in the virtual server; and validate a communication from an authorized end-user device based on the client device identifier. 17. The computer program product of claim 14 , wherein the computer readable storage device further comprises instructions to configure the virtual server to encrypt paging data using a session key received from the client device. 18. The computer pro
Assignees
Inventors
Classifications
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Network integration; Enabling network access in virtual machine instances · CPC title
Isolation or security of virtual machine instances · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9882901B2 cover?
- Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigu…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 30 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).