News Column

Patent Application Titled "Methods and Systems for Secure Storage Segmentation Based on Security Context in a Virtual Environment" Published Online

June 26, 2014



By a News Reporter-Staff News Editor at Computer Weekly News -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventor Banerjee, Deb (Cupertino, CA), filed on December 5, 2012, was made available online on June 12, 2014.

The assignee for this patent application is Symantec Corporation.

Reporters obtained the following quote from the background information supplied by the inventors: "Dynamic server and datacenter technology, such as infrastructure virtualization, helps businesses to reduce operating expenses, improve uptime and connectivity, and scale resources rapidly. Many organizations use virtualization techniques to create an internal, private cloud that spreads among computing, storage, and networking resources within an IT infrastructure. Other organizations may use a public Infrastructure-as-a-Service (IaaS) cloud that may accommodate multiple cloud tenants, such as competitors that subscribe to the same public IaaS cloud. Data within private or public clouds might be sensitive and organizations might wish to isolate workloads and storage devices from unauthorized parties."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventor's summary information for this patent application: "In one implementation, a system for associating a storage device with a workload is described. An example system may include a memory and a processing device that identifies a request to place a workload in a host. The processing device can identify a security level of the workload using the security level of the data stored in a storage device associated with that workload. The processing device also may grant the request to place the workload in the host if the security level of the host corresponds to the security level of the workload. If the security level of the host does not corresponds to the security level of the workload, the processor can deny the request to place the workload in the host. A host can have many virtual machines belonging to different workloads and can have many different storage devices attached to it.

"In one implementation, the workload is an instance of a virtual machine on the host. In one implementation, the system further associates at least one virtual disk on the storage device with the host when granting the request to place the workload in the host. In one implementation, the storage device is a physical disk comprising a plurality of virtual disks used by workloads on different hosts. In one implementation, each of the workloads is assigned to one of: a cloud tenant, a cloud sub-tenant. In one implementation, the security level of the workload is identified based on at least one of: the security level of the data, input provided by a system administrator, or sensitivity of content on the storage device. In one implementation, the request to place the workload in the host is any one of an initial placement request with respect to the workload or a request to migrate the workload to the host from another host.

"Further, a method for associating a host with a workload is described. In one implementation, the method includes identifying a request to place a workload in a host. The method identifies a security level of the workload. The method further identifies a security level of the host based on the risk associated with the workloads running on that host. If the security level of the workload corresponds to the security level of the host, the method grants the request to place the workload in the host. The method denies the request to place the workload in the host if the security level of the workload does not correspond to the security level of the host.

"In addition, a non-transitory computer readable storage medium for associating a storage device with a workload in a virtual environment is described. An example non-transitory computer readable storage medium includes instructions that, when executed by a processing device, cause the processing device to perform a method that identifies a request to place a workload in a host. The method identifies a security level of the workload. The method further identifies a security level of the host. If the security level of the workload corresponds to the security level of the host, the method grants the request to place the workload in the host. The method denies the request to place the workload in the host if the security level of the workload does not correspond to the security level of the host.

"In one implementation, a system for placing virtual disks is described. An example system may include a memory and a processing device that identifies a request to place a virtual disk from a first data store to a second data store. The processing device can identify a security level of a workload and of a host associated with the second data store. The processing device can also identify a security level of the virtual disk. The processing device can grant the request to place the virtual disk in the second data store if the security level of the host corresponds to the security level of the virtual disk. The processing device can also grant the request to place the virtual disk in the second data store if the security level of the workload corresponds to the security level of the virtual disk. If the security level of the host does not correspond to the security level of the virtual disk, the processor can deny the request to place the virtual disk in the second data store. If the security level of the workload does not correspond to with the security level of the virtual disk, the processor can deny the request to place the virtual disk in the second data store.

BRIEF DESCRIPTION OF THE DRAWINGS

"The present disclosure will be understood more fully from the detailed description given below and from the accompanying drawings of various implementations of the disclosure.

"FIG. 1 illustrates example system architecture, in accordance with various implementations.

"FIG. 2 is a block diagram of an implementation of a workload placement module.

"FIG. 3 is a flow diagram illustrating an implementation for a method for identifying a security level of a storage device.

"FIG. 4 is a flow diagram illustrating an implementation for a method for handling a request to place a workload in a virtual computing environment.

"FIG. 5 is a block diagram of an example computer system that may perform one or more of the operations described herein."

For more information, see this patent application: Banerjee, Deb. Methods and Systems for Secure Storage Segmentation Based on Security Context in a Virtual Environment. Filed December 5, 2012 and posted June 12, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=109&p=3&f=G&l=50&d=PG01&S1=20140605.PD.&OS=PD/20140605&RS=PD/20140605

Keywords for this news article include: Symantec Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Computer Weekly News


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters