Network-level access control management for the cloud

Assignee

• International Business Machines Corporation · US

Inventors

• Arup Acharya · Wantage, US
• Kirk A. Beaty · Somers, US
• Ashish Kundu · Elmsford, US
• Vijay K. Naik · Pleasantville, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L61/2564
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A cloud access manager obtains input regarding access control for at least one application deployed on a plurality of virtual machine instances in a cloud computing environment; the virtual machine instances are divided into at least first and second access zones. A cloud access manager registrar located in the cloud computing environment registers internet protocol addresses of external clients as seen from the cloud computing environment; at least some of the addresses are assigned to the clients via network address translation (NAT). Session traversal utility for NAT (STUN) is carried out to determine public internet protocol addresses assigned to the clients via NAT. The cloud access manager controls (i) access of the external clients to the plurality of virtual machine instances; and (ii) access of the plurality of virtual machine instances to each other, based on the registered internet protocol addresses, in accordance with the access zones.