Envoy for multi-tenant compute infrastructure

US 10,168,949 B1
Filed: 06/14/2018
Issued: 01/01/2019
Est. Priority Date: 06/14/2018
Status: Active Grant

First Claim

Patent Images

1. A method for pulling a snapshot of data for a virtual machine of a tenant executing on a multi-tenant compute infrastructure, the method comprising:

establishing a connection between an envoy of the tenant and a data management and storage (DMS) cluster including peer DMS nodes, the envoy being connected with the virtual machine via a virtual tenant network of the multi-tenant compute infrastructure, the envoy providing the DMS cluster access to the virtual machine via the virtual tenant network;

generating the snapshot of the virtual machine; and

sending the snapshot from the virtual machine to a peer DMS node via the envoy;

wherein;

the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure;

the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;

the infrastructure network and the virtual tenant network use different network layers and share a physical layer;

the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and

the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data management and storage (DMS) cluster of peer DMS nodes manages data of a tenant of a multi-tenant compute infrastructure. The compute infrastructure includes an envoy connecting the DMS cluster to virtual machines of the tenant executing on the compute infrastructure. The envoy provides the DMS cluster with access to the virtual tenant network and the virtual machines of the tenant connected via the virtual tenant network for DMS services such as data fetch jobs to generate snapshots of the virtual machines. The envoy sends the snapshot from the virtual machine to a peer DMS node via the connection for storage within the DMS cluster. The envoy provides the DMS cluster with secure access to authorized tenants of the compute infrastructure while maintaining data isolation of tenants within the compute infrastructure.

9 Citations

View as Search Results

15 Claims

1. A method for pulling a snapshot of data for a virtual machine of a tenant executing on a multi-tenant compute infrastructure, the method comprising:
- establishing a connection between an envoy of the tenant and a data management and storage (DMS) cluster including peer DMS nodes, the envoy being connected with the virtual machine via a virtual tenant network of the multi-tenant compute infrastructure, the envoy providing the DMS cluster access to the virtual machine via the virtual tenant network;
  
  generating the snapshot of the virtual machine; and
  
  sending the snapshot from the virtual machine to a peer DMS node via the envoy;
  
  wherein;
  
  the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure;
  
  the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;
  
  the infrastructure network and the virtual tenant network use different network layers and share a physical layer;
  
  the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and
  
  the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the infrastructure network includes a first transmission control protocol (TCP) network and the virtual tenant network includes a second TCP network isolated from the first TCP network.
  - 3. The method of claim 1, wherein establishing the connection between the envoy and the DMS cluster includes sending a secure socket layer (SSL) certificate to the DMS cluster from the envoy.
  - 4. The method of claim 1, further comprising, prior to sending the snapshot from the virtual machine to at least one DMS cluster, encrypting the snapshot.
  - 5. The method of claim 1, wherein the DMS cluster includes a distributed data store implemented across the peer DMS nodes, and the method further includes storing the snapshot of the application in the distributed data store.
  - 6. The method of claim 1, further comprising allocating a computing resource of the multi-tenant compute infrastructure to the envoy.
  - 7. The method of claim 6, wherein the computing resource is allocated to the envoy while the virtual machine is executing on the multi-tenant compute infrastructure.
  - 8. The method of claim 6, wherein:
    - the compute resource includes a virtual disk;
      
      the method further includes storing the snapshot of the virtual machine in the virtual disk; and
      
      sending the snapshot to the peer DMS node via the envoy includes sending the snapshot from the virtual disk of the envoy to the peer DMS node via the connection.
  - 9. The method of claim 1, wherein the envoy sends the snapshot from the virtual machine to the peer DMS node without storing the snapshot in a local storage of the envoy.
  - 10. The method of claim 1, further comprising:
    - generating a data fetch job for the virtual machine;
      
      placing the data fetch job in a job queue accessible to the peer DMS nodes to schedule the data fetch job; and
      
      retrieving the data fetch job from the job queue to generate the snapshot of the virtual machine.
  - 11. The method of claim 10, wherein the envoy generates the data fetch job and places the data fetch job in the job queue stored in a distributed database of the DMS cluster.
  - 12. The method of claim 10, wherein the envoy retrieves the data fetch job from the job queue.
  - 13. The method of claim 10, wherein:
    - the peer DMS node retrieves the data fetch job from the job queue; and
      
      the method further includes, in response to retrieving the data fetch job sending a request from the peer DMS node to a virtualization module of the virtual machine via the envoy to generate the snapshot of the virtual machine.

14. A multi-tenant compute infrastructure, comprising:
- a virtual machine of a tenant of the compute infrastructure;
  
  a virtual tenant network; and
  
  an envoy connected to the virtual machine via the virtual tenant network, the envoy configured to;
  
  establish a connection with a data management and storage (DMS) cluster including peer DMS nodes to provide the DMS cluster access to the virtual machine via the virtual tenant network;
  
  generate a snapshot of the virtual machine; and
  
  send the snapshot from the virtual machine to a peer DMS node via the connection;
  
  wherein;
  
  the envoy is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure;
  
  the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;
  
  the infrastructure network and the virtual tenant network use different network layers and share a physical layer;
  
  the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and
  
  the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.

15. A non-transitory computer-readable medium comprising instructions that when executed by a processor configures the processor to:
- establish a connection with a data management and storage (DMS) cluster including peer DMS nodes to provide the DMS cluster access to a virtual machine of a tenant of a multi-tenant compute infrastructure via a virtual tenant network;
  
  generate a snapshot of the virtual machine; and
  
  send the snapshot from the virtual machine to a peer DMS node via the connection;
  
  wherein;
  
  the processor is a second virtual machine of the tenant executing on the multi-tenant compute infrastructure;
  
  the multi-tenant compute infrastructure restricts access by the DMS cluster to an infrastructure network connecting physical machines including a physical machine that executes the virtual machine;
  
  the infrastructure network and the virtual tenant network use different network layers and share a physical layer;
  
  the multi-tenant compute infrastructure restricts access by the DMS cluster to a second virtual tenant network of a second tenant of the multi-tenant compute infrastructure; and
  
  the virtual tenant network and the second virtual tenant network use different network layers and share the physical layer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rubrik, Inc.
Original Assignee
Rubrik, Inc.
Inventors
Abdul Rasheed, Abdul Jabbar, Mazumdar, Soham, Vohra, Hardik, Malpani, Mudit
Primary Examiner(s)
Teets, Bradley A

Application Number

US16/008,972
Time in Patent Office

201 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/14   Error detection or correcti...

G06F 11/1448   Management of the data invo...

G06F 11/1461   Backup scheduling policy

G06F 11/2094   Redundant storage or storag...

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45579   I/O management, e.g. provid...

G06F 2201/815   Virtual middleware or OS fu...

G06F 2201/84   Using snapshots, i.e. a log...

G06F 3/0619   in relation to data integri...

G06F 3/065   Replication mechanisms

G06F 3/0664   at device level, e.g. emula...

G06F 3/067   Distributed or networked st...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/4843   by program, e.g. task dispa...

G06F 9/5077   Logical partitioning of res...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

H04L 9/3268 : using certificate validatio...

View All

Envoy for multi-tenant compute infrastructure

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Envoy for multi-tenant compute infrastructure

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links