Securing an injection of a workload into a virtual network hosted by a cloud-based platform

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Abhijeet Kumar · Bengaluru, IN
• Aanand Ramachandran · Redmond, US
• Jayesh Kumaran · Redmond, US
• David Michael Brumley · Bellevue, US
• Rishabh Tewari · Sammamish, US
• Nisheeth Srivastava · Sammamish, US
• Sushant Sharma · Sammamish, US
• Deepak Bansal · Bellevue, US
• Abhishek Ellore SREENATH · Kanchinakote, IN
• Parag Sharma · Issaquah, US
• Abhishek Shukla · Redmond, US
• Avijit Gupta · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/108
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Additionally or alternatively, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls to the tenant's virtual network.