This invention relates to verifying the geographic location of an executing virtual disk image or workload, and more particularly to verifying the geographical location of an executing workload on a server in a cloud computing environment.
In several cases, it is desirable for a customer to verify the exact physical location where their workload executes. This may be because of regulatory requirements, for example certain data may only be processed by applications executing within certain jurisdictions (countries, states, etc.), or because of the need to verify that workloads are executing in data centers that satisfy compliance standards, including those for physical security. If workloads migrate outside such geographical locations or compliant data centers, weak physical security or IT security could lead to compromise and/or data loss.
Prior work in the area of determining the geographical location of a server is based on one of four approaches:
1. Using the server's IP address: Each geographical area in the world is assigned a unique block of IP addresses to enable hierarchical routing tables to be used for efficiency purposes. Hence, it is possible to use the IP address of a server to determine its approximate geographical location. Such services are available for general use on the Internet (e.g. services advertised by http://www.ipaddresslocation.org/).
2. Using measurements of delay times for example through traceroute or ping commands: It possible to determine the geographical location of a server by measuring the traceroute or ping times to that server from multiple hosts on the Internet with known geographical locations.
3. Using radio receiver embedded in server: A server may be able to determine its geographical location if is equipped with a radio receiver that can receive signals from radio beacons with known geographical locations, or from cell phone towers or GPS satellites. The server can then communicate its geographical location to the client.
4. Direct human observation: Upon receiving a request to identify its physical location, the server generates a human perceivable signal that enables the cloud provider to locate the server. The cloud provider then provides this location information to the client.
All of the above techniques assume that the operator or administrator of the server whose location is to be determined is trusted to not subvert the operation of the technique being used.