Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020112508 - STREAMLINED SECURE DEPLOYMENT OF CLOUD SERVICES

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

1. A method for streamlined secure deployment of cloud services in a cloud computing system having multiple servers executing instructions to provide a deployment service, the method comprising:

upon receiving an instruction to deploy a cloud service in the cloud computing system,

creating a deployment subscription to resources in the cloud computing system, the deployment subscription being owned by the deployment service;

in accordance with the created deployment subscription, instantiating one or more computing resources in the cloud computing system; and using the instantiated computing resources,

retrieving one or more components of an application corresponding to the cloud service based on a manifest identifying the one or more components and an installation sequence of the one or more components of the application; and

installing the retrieved one or more components of the application in the cloud computing system in accordance with the installation sequence identified in the manifest; and executing, with one or more of the servers in the cloud computing system, the installed one or more components of the application to make available the cloud service to users of the cloud computing system without exposing the one or more components of the application to the users.

2. The method of claim 1 wherein creating the subscription includes:

transmitting, from the deployment service, a request for the deployment subscription to a resource manager of the cloud computing system; and

receiving, from the resource manager, an authorization of the requested deployment subscription for accessing the resources in the cloud computing system, the authorization identifying one or more of a quantity or type of resources in the cloud computing system accessible by the deployment service.

3. The method of claim 1 wherein instantiating the one or more computing resources includes instantiating one or more of a secret storage, a virtual machine, or a storage account in the cloud computing system, the secret storage, the virtual machine, a container, or the storage account being accessible only by the deployment service without being accessible by an administrator or user of the cloud computing system.

4. The method of claim 1 wherein:

instantiating the one or more computing resources includes instantiating one or more of a virtual machine or a container; and

using the instantiated computing resources includes, with the deployment service, instructing the instantiated virtual machine or container to retrieve the one or more components of the application and install or update the retrieved one or more components of the application in the cloud computing system according to the installation sequence.

5. The method of claim 1, further comprising:

using the instantiated computing resources to collect account credential from an administrator of the cloud computing system; and

wherein retrieving the one or more components of an application includes retrieving the one or more components of an application using the collected account credential from the administrator.

6. The method of claim 1 wherein:

the manifest includes metadata identifying a property of acceptable account credentials for deploying the cloud service;

instantiating the one or more computing resources includes instantiating a secret storage;

using the instantiated computing resources further includes using the instantiated computing resources to collect input from an administrator of the cloud computing system, the collected input including an account credential; and the method further includes:

determining whether the account credential in the collected input has the property of the acceptable account credentials; and

in response to determining that the account credential in the collected input has the property of the acceptable account credentials, storing the account credential in the collected input in the instantiated secret storage.

7. The method of claim 1 wherein:

the manifest includes metadata identifying a property of acceptable account credentials for deploying the cloud service;

instantiating the one or more computing resources includes instantiating a secret storage;

using the instantiated computing resources further includes using the instantiated computing resources to collect input from an administrator of the cloud computing system, the collected input including an account credential; and the method further includes:

determining whether the account credential in the collected input has the property of the acceptable account credentials; and

in response to determining that the account credential in the collected input does not have the property of the acceptable account credentials, prompting the administrator to re-enter the account credential.

8. The method of claim 1 wherein:

instantiating the one or more computing resources includes instantiating a virtual machine and a secret storage in the cloud computing system; using the instantiated computing resources includes using the instantiated computing resources to collect account credential from an administrator of the cloud computing system; and

the method further includes:

storing the collected account credential from the administrator in the instantiated secret storage; and

using the stored account credential in the secret storage when deploying another cloud service in the cloud computing system in lieu of collecting the account credential from the administrator.

9. The method of claim 1 wherein:

the cloud computing system is a private cloud; and

the method further includes:

receiving, from a public cloud, a notification indicating that the cloud service is available for deployment or update in the private cloud; and in response to receiving the notification, providing the instruction to the deployment service to deploy or update the cloud service in the cloud computing system.

10. A computing device in a cloud computing system having multiple servers, the computing device comprising:

a processor; and

a memory operatively coupled to the processor, the memory containing instructions executable by the processor to provide a deployment service and additional instructions executable by the processor to cause the computing device to perform a process according to one of claims 1-9.