Browse Prior Art Database

Method and System for Maintaining Consistent Security Policy Data across Loosely Coupled Private Clouds

IP.com Disclosure Number: IPCOM000236910D
Publication Date: 2014-May-21
Document File: 2 page(s) / 48K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method and system is disclosed for maintaining consistent security policy data across loosely coupled private clouds.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Page 01 of 2

Method and System for Maintaining Consistent Security Policy Data across Loosely Coupled Private Clouds

Disclosed is a method and system for maintaining consistent security policy data across loosely coupled private clouds. The method and system utilizes an efficient and secure mechanism to manage distributed and access control configuration data to ensure proper maintenance of consistency and security policies of data. The mechanism specifically maintains security configuration and security policy data consistency in distributed systems. Distributed systems can be such as, but not limited to, cloud networking, where one or more

private clouds are loosely and dynamically integrated together to allow centralized management and workload deployment across multiple clouds. The distributed systems that are addressed by the mechanism are, federating corporate private clouds that are hosted at one or more geographical data centres. The method and system is built and works upon PureApplication System* trust framework product, which essentially packages a private

cloud in a physical rack.

In accordance with the method and system, multiple racks in the data centres are dynamically grouped together to form a loosely coupled clouds where user workload can be deployed across one or more private cloud racks. Each rack, in an operation mode, is managed and maintained by administrators at the one or more data centres. Conceptually each rack uses a common Lightweight Directory Access Protocol (LDAP) service for user authentication. Cloud administrators register LDAP users and LDAP groups to become cloud users and grant the registered users and groups access permission to cloud resources, such as, but not limited to, computers, VMs, IP addresses, disk storage, OS images, application patterns, and application instances. Each rack, representing a private cloud contains its local copy of user repository, security configuration, and resource access control policy that collectively provide a consistent view of user management and security policy data across multiple racks (private clouds).

The method and system provides several mechanisms to synchronize user management and security policy data across multiple racks and to provide a consistent view of the collectively data. However, an important approach in the mechanisms is to synchronize the distributed data on demand so that not all racks need to be operational at the same time. The approach essentially maintains consistent view of configuration data across all racks using a lazy, on-demand, intelligent synchronization mechanism that supports a single panel configuration management console on any rack and on all racks. Subsequently, a mutual trust relationship is established among the racks and racks are authorized to access services and resources of other racks in the multi-rack system based on the trust relationship and by the access control policy.

The method and system also provides resolutions f...