Methods and apparatus for providing a secure overlay network between clouds

US 10,154,010 B2
Filed: 02/08/2017
Issued: 12/11/2018
Est. Priority Date: 12/05/2014
Status: Active Grant

First Claim

Patent Images

1. A method of interconnecting nodes in different clouds, the method comprising:

receiving at an orchestrator a request for a secure overlay network (SON) from a first internal node inside a first cloud to a second internal node inside a second cloud, wherein;

the first internal node being connected by a first pre-existing connection path in the first cloud to a first port of the first cloud,the second internal node being connected by a second pre-existing connection path in the second cloud to a second port of the second cloud, andthe first port of the first cloud being connected to the second port of the second cloud by a pre-existing network; and

creating by the orchestrator the requested SON as an overlay on the pre-existing network, the SON being a point-to-point logically direct connection from the first internal node in the first cloud to the second internal node in the second cloud.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process capable of automatically establishing a secure overlay network (“SON”) across different clouds is disclosed. The process, in one aspect, receives a first request from a first node in a first cloud for establishing a SON. After receiving a second request for connecting to the SON from a second node in a second cloud, a first connection is established connecting between the first node and the second node utilizing a network security protocol such as Internet Protocol Security (“IPSec”). After receiving a third request for connecting to the SON from a third node in a third cloud, a second connection is used to connect between the first node and the third node. A third connection is used to connect between the second node and the third node. Each subsequent request for connecting to the SON from a new node results in new connections between the new node and each existing node in the SON forming a full-mesh.

19 Citations

25 Claims

1. A method of interconnecting nodes in different clouds, the method comprising:
- receiving at an orchestrator a request for a secure overlay network (SON) from a first internal node inside a first cloud to a second internal node inside a second cloud, wherein;
  
  the first internal node being connected by a first pre-existing connection path in the first cloud to a first port of the first cloud,the second internal node being connected by a second pre-existing connection path in the second cloud to a second port of the second cloud, andthe first port of the first cloud being connected to the second port of the second cloud by a pre-existing network; and
  
  creating by the orchestrator the requested SON as an overlay on the pre-existing network, the SON being a point-to-point logically direct connection from the first internal node in the first cloud to the second internal node in the second cloud.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the pre-existing network is a virtual private network.
  - 3. The method of claim 1, wherein the pre-existing network is entirely external to the first cloud.
  - 4. The method of claim 3, wherein the pre-existing network is also entirely external to the second cloud.
  - 5. The method of claim 1, wherein:
    - the first port is at an edge of the first cloud,the first connection path is entirely within the first cloud,the second port is at an edge of the second cloud, andthe second connection path is entirely within the second cloud.
  - 6. The method of claim 1, wherein:
    - the first connection path comprises a link and a network both entirely within the first cloud, andthe second connection path comprises a link and a network both entirely within the second cloud.
  - 7. The method of claim 1, wherein creating the SON comprises creating the SON in accordance with a network security protocol.
  - 8. The method of claim 7, wherein the network security protocol is IPSec.
  - 9. The method of claim 1 wherein:
    - one of the first cloud or the second cloud is a private cloud, andthe other of the first cloud or the second cloud is a public cloud.
  - 10. The method of claim 1, wherein the first cloud and the second cloud are both private clouds.
  - 11. The method of claim 1, wherein the first internal node is a server.
  - 12. The method of claim 1, wherein the first internal node is a virtual machine.
  - 13. The method of claim 1, wherein the request for a SON comprises:
    - a first message identifying the first internal node, anda second message identifying the second internal node.
  - 14. The method of claim 13 further comprising providing by the orchestrator a dashboard for display to a human user, wherein the first message is received from the dashboard.
  - 15. The method of claim 1, wherein the first cloud and the second cloud are located in different geographical locations.

16. An orchestrator device comprising:
- a web server containing at least one computing device configured to receive a request for a secure overlay network (SON) from a first internal node inside a first cloud to a second internal node inside a second cloud, wherein;
  
  the first internal node is connected by a first pre-existing connection path in the first cloud to a first port of the first cloud,the second internal node is connected by a second pre-existing connection path in the second cloud to a second port of the second cloud, andthe first port of the first cloud is connected to the second port of the second cloud by a pre-existing network; and
  
  a SON manager coupling with an application server configured to facilitate creating the requested SON as an overlay on the pre-existing network, the SON being a point-to-point logically direct connection from the first internal node in the first cloud to the second internal node in the second cloud.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The orchestrator device of claim 16, wherein the pre-existing network is a virtual private network.
  - 18. The orchestrator device of claim 16, wherein the pre-existing network is entirely external to the first cloud.
  - 19. The orchestrator device of claim 18, wherein the pre-existing network is also entirely external to the second cloud.
  - 20. The orchestrator device of claim 16, wherein:
    - the first port is at an edge of the first cloud,the first connection path is entirely within the first cloud,the second port is at an edge of the second cloud, andthe second connection path is entirely within the second cloud.
  - 21. The orchestrator device of claim 16, wherein:
    - the first connection path comprises a link and a network both entirely within the first cloud, andthe second connection path comprises a link and a network both entirely within the second cloud.
  - 22. The orchestrator device of claim 16, wherein the SON manager is further configured to create the SON in accordance with a network security protocol.
  - 23. The orchestrator device of claim 22, wherein the network security protocol is IPSec.
  - 24. The orchestrator device of claim 16, wherein the request for a SON comprises:
    - a first message identifying the first internal node, anda second message identifying the second internal node.
  - 25. The orchestrator device of claim 16, wherein the first cloud and the second cloud are located in different geographical locations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
ViaSat Incorporated
Inventors
Madhav, Praveen, Uberoy, Pawan
Primary Examiner(s)
Le, Chau

Application Number

US15/427,997
Publication Number

US 20170214659A1
Time in Patent Office

671 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04L 67/141   Setup of application sessio...

Methods and apparatus for providing a secure overlay network between clouds

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for providing a secure overlay network between clouds

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links