1. Field of the Invention
Provided are a method, system, and computer program product for a local authorization extension to provide access authorization for a module to access a computing system.
2. Description of the Related Art
Today, many computing services are delivered as cloud services provided by a cloud computing center, in particular, a public cloud computing or private cloud computing centers, or simply cloud center. The cloud services may comprise techniques such as software-as-a-service, platform-as-a-service and/or infrastructure-as-a-service (IaaS). A public cloud system is typically operated by a cloud provider, which offers cloud services for private (business to consumer, B2C) or enterprise costumers (business to business, B2B) being referred to as cloud service consumers or customers. A trivial cloud service may be an access to a computing system with an operating system of any kind installed, which may be provided by the cloud service provider to the customer. Plain storage services may be provided out of storage clouds using standardized protocols like CIFS (Common Internet File System) and NFS (Network File System) or proprietary implementations. Normally, application services are provided on application-specific protocols. Very often, operating systems in cloud service centers may not run directly on physical computing systems, but on hypervisors.
Key concerns of using and consuming cloud services are security insufficiencies. Consumers of cloud services want their data to be protected. Cloud customers also want a stable computing environment, such that a system once set-up may not be stopped by service personal maintaining hardware components within a cloud computing center.
In order to provide high standards for security in cloud computing centers, several state-of-the-art technologies have been developed. Patent Cooperation Treaty (PCT) Patent Publication WO2010/059673 discloses systems, methods and apparatus for tunneling in a cloud-based security system. Management of tunnels, such as data tunnels, between enterprises and processing nodes for a security service is facilitated by the use of virtual gateway nodes and migration fail-over to minimize traffic impacts, when a tunnel is migrated from one processing node to another processing node.
U.S. Patent Publication No. 2011/0072486 discloses a system comprising one or more processors coupled to a memory and execution logic. A policy life cycle component is configured to maintain a repository of security policies. The repository of security policies comprises policies governing access to a virtual host and to a plurality of virtual machines running on the virtual host. The policy life cycle component is also configured to issue a compound policy for an identified virtual operating system running on the virtual host.
However, known systems for managing secure maintenance in a cloud computing environment may typically rely on methods known from non-virtualized computing centers.