Extension of a private cloud end-point group to a public cloud

US 10,142,346 B2
Filed: 07/28/2016
Issued: 11/27/2018
Est. Priority Date: 07/28/2016
Status: Active Grant

First Claim

Patent Images

1. A method of extending a private cloud to a public cloud, the method comprising:

establishing, by an orchestrator, a virtual private network between a private cloud and a public cloud, wherein the private cloud is behind a firewall;

receiving, by the orchestrator, one or more access control lists provisioned by the private cloud;

determining, by the orchestrator, contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists;

extending, by the orchestrator, the end point group of the private cloud to the end point group of the public cloud across the virtual private network; and

monitoring and troubleshooting, by the orchestrator, the end point group of the public clouds and associated public endpoints of the public cloud.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, methods and computer-readable storage medium for extending a private cloud to a public cloud. The private cloud can be extended to the public cloud by establishing a virtual private network between a private cloud and a public cloud, receiving one or more access control lists provisioned by the private cloud, determining contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists, and extending the end point group of the private cloud to the end point group of the public cloud across the virtual private network.

278 Citations

20 Claims

1. A method of extending a private cloud to a public cloud, the method comprising:
- establishing, by an orchestrator, a virtual private network between a private cloud and a public cloud, wherein the private cloud is behind a firewall;
  
  receiving, by the orchestrator, one or more access control lists provisioned by the private cloud;
  
  determining, by the orchestrator, contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists;
  
  extending, by the orchestrator, the end point group of the private cloud to the end point group of the public cloud across the virtual private network; and
  
  monitoring and troubleshooting, by the orchestrator, the end point group of the public clouds and associated public endpoints of the public cloud.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the extending further comprising:
    - enabling bi-directional communication between the end point group of the private cloud and the end point group of the public cloud.
  - 3. The method of claim 1, further comprising:
    - creating, by the orchestrator at the private cloud, a layer three connection bridge between the private cloud and the public cloud, wherein the layer three connection bridge is configured to enable communication from the end point group in the private cloud to the end point group in the public cloud.
  - 4. The method of claim 3, wherein the layer three connection bridge communicates with the end point group of the private network using a set of security and connectivity rules based on the contracts.
  - 5. The method of claim 1, wherein the end point groups of the private cloud and the public cloud are in a web network tier.
  - 6. The method of claim 1, wherein the orchestrator is at the private cloud.
  - 7. The method of claim 1, wherein the orchestrator is at the public cloud.

8. An orchestrator of a private cloud comprising:
- a processor device; and
  
  a computer-readable storage medium device having stored therein instructions which, when executed by the processor device, cause the processor device to;
  
  establish a virtual private network between a private cloud and a public cloud, wherein the private cloud is behind a firewall;
  
  receive one or more access control lists provisioned by the private cloud;
  
  determine contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists;
  
  extend the end point group of the private cloud to the end point group of the public cloud across the virtual private network; and
  
  monitoring and troubleshooting the end point group of the public cloud and associated public endpoints of the public cloud.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The orchestrator of claim 8, comprising further instructions which, when executed by the processor device, cause the processor to:
    - enable bi-directional communication between the end point group of the private cloud and the end point group of the public cloud.
  - 10. The orchestrator of claim 8, comprising further instructions which, when executed by the processor device, cause the processor device to:
    - create, at the private cloud, a layer three connection bridge between the private cloud and the public cloud, wherein the layer three connection bridge is configured to enable communication from the end point group in the private cloud to the end point group in the public cloud.
  - 11. The orchestrator of claim 10, wherein the layer three connection bridge communicates with the end point group of the virtual private network using a set of security and connectivity rules based on the contracts.
  - 12. The orchestrator of claim 8, wherein the end point groups of the private cloud and the public cloud are in a web network tier.
  - 13. The orchestrator of claim 8, wherein the orchestrator is at the private cloud.
  - 14. The orchestrator of claim 8, wherein the orchestrator is at the public cloud.

15. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor of an orchestrator, cause the processor to perform operations comprising:
- establish a virtual private network between a private cloud and a public cloud, wherein the private cloud is behind a firewall;
  
  receive one or more access control lists provisioned by the private cloud;
  
  determine contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists;
  
  extend the end point group of the private cloud to the end point group of the public cloud across the virtual private network; and
  
  monitor and troubleshoot, by the orchestrator, the end point group of the public cloud and associated public endpoints of the public cloud.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, the operations further comprising:
    - enable bi-directional communication between the end point group of the private cloud and the end point group of the public cloud.
  - 17. The non-transitory computer-readable storage medium of claim 15, the operation further comprising:
    - create, at the private cloud, a layer three connection bridge between the private cloud and the public cloud, wherein the layer three connection bridge is configured to enable communication from the end point group in the private cloud to the end point group in the public cloud.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the layer three connection bridge communicates with the end point group of the virtual private network using a set of security and connectivity rules based on the contracts.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the end point groups of the private cloud and the public cloud are in a web network tier.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the orchestrator is at the private cloud.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Basetty, Pavan, Banerjee, Subrata, Hakopian, Ruben
Primary Examiner(s)
Pyzocha, Michael

Application Number

US15/222,851
Publication Number

US 20180034821A1
Time in Patent Office

852 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/468   Specific access rights for ...

G06F 9/5072   Grid computing

H04L 12/4633   Interconnection of networks...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04L 67/12   specially adapted for propr...

Extension of a private cloud end-point group to a public cloud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

278 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Extension of a private cloud end-point group to a public cloud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

278 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links