Abstract: Systems and methods involve compute nodes configured to define and/or otherwise process information associated with one or more virtual machines. In one exemplary implementation, a compute node may be configured to enable a firewall between the virtual machine and at least a portion of a network. Moreover, the firewall may be configured to detect undesired traffic based on a list of rules or an Ethernet bridge table associated with communication between the virtual machine and the network. Various features may also relate to the compute node being configured to lock the virtual machine in response to the firewall detecting undesired traffic associated with the virtual machine.
Abstract: Systems and methods for virtual machine host isolation are disclosed. According to one implementation, an illustrative system may include a first compute node configured to be operatively coupled to a second compute node via a first application server, and to a third compute node via a second application server. In operation, the first compute node may be configured to receive an instruction from the second compute node via the first server to define a virtual machine, and send an instruction to the third compute node via the second server to define the virtual machine.
Abstract: In a method for secure cloud computing, a virtual machine (VM) associated with a client is executed at a computer within a trusted computing cloud. An image including state information of the VM is obtained; storage of the image is arranged; a freshness hash of the image is determined; and the freshness hash is sent to the client. Subsequently, at the same computer or at a different computer within the trusted computing cloud, the stored image may be retrieved; a freshness hash of the retrieved image may be determined; the freshness hash of the retrieved image may be sent to the client; and an indication may be received from the client verifying the integrity of the freshness hash of the stored image.
Type:
Grant
Filed:
March 16, 2011
Date of Patent:
July 14, 2015
Assignee:
Virtustream Canada Holdings, Inc.
Inventors:
David Lie, Reuven Cohen, Richard Reiner
Abstract: Systems and methods are disclosed involving compute nodes configured to define and/or otherwise processing information associated with one or more virtual machines. In one exemplary implementation, a compute node may be configured to enable a firewall between the virtual machine and at least a portion of a network. Moreover, the firewall may be configured to detect undesired traffic based on a list of rules or an Ethernet bridge table associated with communication between the virtual machine and the network. Various features may also relate to the compute node being configured to lock the virtual machine in response to the firewall detecting undesired traffic associated with the virtual machine.
Abstract: Systems and methods for virtual machine host isolation are disclosed. According to one implementation, an illustrative system may include a first compute node configured to be operatively coupled to a second compute node via a first application server, and to a third compute node via a second application server. In operation, the first compute node may be configured to receive an instruction from the second compute node via the first server to define a virtual machine, and send an instruction to the third compute node via the second server to define the virtual machine.