Dynamically defined virtual private network tunnels in hybrid cloud environments
First Claim
1. A method comprising:
- in a first virtual private network (VPN) agent, managing a first VPN tunnel in a plurality of VPN tunnels, wherein the first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment;
receiving a request from a VPN manager, the request including a first set of requirements for a first cloud application for the first VPN tunnel in the plurality of VPN tunnels;
creating the first VPN tunnel according to the first set of requirements;
receiving a modification request from the VPN manager containing a second set of requirements for a second cloud application wherein a second VPN tunnel provides communication for the second cloud application; and
tuning the first VPN tunnel according to the second set of requirements, wherein the tuning includes merging the second VPN tunnel with the first VPN tunnel, wherein the modification request is based on a determination that the first and second sets of requirements are compatible, wherein the first VPN tunnel after merging continues to provide communication between the first node and the second node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and computer program product manage a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment. A method in a first VPN agent manages a first VPN tunnel in a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment. The VPN agent receives a request from a VPN manager. The request includes a first set of requirements for the first VPN tunnel in the plurality of VPN tunnels. The VPN agent creates the first VPN tunnel according to the first set of requirements. The VPN agent tunes the first VPN tunnel according to a second set of requirements. The tuning of the first VPN tunnel can include merging the first VPN tunnel with a second VPN tunnel, or splitting the first VPN tunnel into a first and second VPN tunnel.
-
Citations
20 Claims
-
1. A method comprising:
-
in a first virtual private network (VPN) agent, managing a first VPN tunnel in a plurality of VPN tunnels, wherein the first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment; receiving a request from a VPN manager, the request including a first set of requirements for a first cloud application for the first VPN tunnel in the plurality of VPN tunnels; creating the first VPN tunnel according to the first set of requirements; receiving a modification request from the VPN manager containing a second set of requirements for a second cloud application wherein a second VPN tunnel provides communication for the second cloud application; and tuning the first VPN tunnel according to the second set of requirements, wherein the tuning includes merging the second VPN tunnel with the first VPN tunnel, wherein the modification request is based on a determination that the first and second sets of requirements are compatible, wherein the first VPN tunnel after merging continues to provide communication between the first node and the second node. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to manage a first virtual private network (VPN) tunnel of a plurality of VPN tunnels, wherein the first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment, the computer program instructions comprising; program code, which causes the processor to receive a first request from a VPN manager, the request including a first set of requirements for the first VPN tunnel in the plurality of VPN tunnels; program code, which causes the processor to create the first VPN tunnel according to the first set of requirements; program code, which causes the processor to receive a second request from the VPN manager, the second request including a second set of requirements for a second VPN tunnel in the plurality of VPN tunnels; program code, which causes the processor to create the second VPN tunnel according to the second set of requirements; program code, which causes the processor to receive a merge request to merge the second VPN tunnel into the first VPN tunnel, wherein the merge request is based on a determination that the first and second set of requirements are compatible; program code, which causes the processor to merge the second VPN tunnel into the first VPN tunnel; and program code, which causes the processor to tune the first VPN tunnel according to the second set of requirements after the merge of the second and first VPN tunnels, wherein the first VPN tunnel after merging continues to provide communication between the first node and the second node. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the processor to manage a first virtual private network (VPN) tunnel of a plurality of VPN tunnels, wherein the first VPN tunnel provides communication between a first node in a first cloud and second node in a second cloud in a hybrid cloud environment, the computer program instructions comprising:
-
program code, which causes the processor to receive a first request from a VPN manager, the first request including a first set of requirements for a first VPN tunnel in the plurality of VPN tunnels; program code, which causes the processor to create the first VPN tunnel according to the first set of requirements; program code, which causes the processor to receive a second request from the VPN manager, the second request including a second set of requirements for a VPN tunnel in the plurality of VPN tunnels; program code, which causes the processor to modify the first VPN tunnel according to the second set of requirements, wherein the first set of requirements is for traffic from a first cloud application and the second set of requirements is for traffic from a second cloud application and the first VPN tunnel carries traffic from first and second cloud applications; program code, which causes the processor to receive a split request for the first VPN tunnel, wherein the split request is based on a determination that the first and second set of requirements are incompatible; and program code, which causes the processor to split the first VPN tunnel into the first VPN tunnel and a second VPN tunnel wherein the first and the second VPN tunnel provide communication between the first and second nodes, wherein the VPN agent tunes the first VPN tunnel according to the first set of requirements for traffic for the first cloud application and tunes the second VPN tunnel according to the second set of requirements for traffic for the second cloud application. - View Dependent Claims (16, 17, 18)
-
-
19. A method comprising:
-
in a first virtual private network (VPN) agent, managing a first VPN tunnel of a plurality of VPN tunnels, wherein the first VPN tunnel provides communication between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment; receiving a first request from a VPN manager, the first request including a first set of requirements for a first VPN tunnel in the plurality of VPN tunnels; creating the first VPN tunnel according to the first set of requirements; receiving a second request from the VPN manager, the second request including a second set of requirements for a VPN tunnel in the plurality of VPN tunnels; modifying the first VPN tunnel according to the second set of requirements, wherein the first set of requirements is for traffic from a first cloud application and the second set of requirements is for traffic from a second cloud application and the first VPN tunnel carries traffic from first and second cloud applications; splitting the first VPN tunnel based on a determination that the first and second set of requirements are incompatible, wherein the first VPN tunnel is split into the first VPN tunnel and a second VPN tunnel wherein the first and the second VPN tunnel provide communication between the first and second nodes, wherein the VPN agent tunes the first VPN tunnel according to the first set of requirements for traffic for the first cloud application and tunes the second VPN tunnel according to the second set of requirements for traffic for the second cloud application.
-
-
20. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program instructions comprising:
-
computer memory holding computer program instructions executed by the processor to manage a first virtual private network (VPN) tunnel of a plurality of VPN tunnels, wherein the first VPN tunnel provides communication for traffic between a first node in a first cloud and a second node in a second cloud in a hybrid cloud environment, the computer program instructions comprising; program code which causes the processor to receive a first request from a VPN manager, the request including a first set of requirements for the first VPN tunnel in the plurality of VPN tunnels; program code which causes the processor to create the first VPN tunnel according to the first set of requirements; program code which causes the processor to receive a second request from the VPN manager, the second request including a second set of requirements for a second VPN tunnel in the plurality of VPN tunnels; program code which causes the processor to create the second VPN tunnel according to the second set of requirements; program code which causes the processor to receive a merge request to merge the second VPN tunnel into the first VPN tunnel, wherein the merge request is based on a determination that the first and second set of requirements are compatible; program code which causes the processor to merge the second VPN tunnel into the first VPN tunnel; and program code which causes the processor to tune the first VPN tunnel according to the second set of requirements after the merge of the second and first VPN tunnels, wherein the first VPN tunnel after merging continues to provide communication between the first node and the second node.
-
Specification