Secured transfer of data between datacenters
First Claim
Patent Images
1. A method, comprising:
- running, at a first datacenter, a first plurality of host programs and a first plurality of encryption units;
establishing, between the first datacenter and a second datacenter, secure communication connections between each of the first plurality of encryption units and a corresponding one of a second plurality of encryptions units running at the second datacenter;
monitoring one or more performance metrics of the first plurality of encryption units;
transferring, by the first datacenter, data from the first plurality of host programs to a second plurality of host programs running at the second datacenter, including by;
receiving, by the first plurality of host programs, information indicative of the one or more performance metrics of the first plurality of encryption units;
selecting, by the first plurality of host programs, a subset of the first plurality of encryption units to encrypt data from the first plurality of host programs, wherein the subset of the first plurality of encryption units is selected based on the information indicative of the one or more performance metrics of the first plurality of encryption units;
sending data from the first plurality of host programs to the subset of the first plurality of encryption units;
encrypting the data sent to the subset of the first plurality of encryption units to generate encrypted data; and
sending, via the secure communication connections, the encrypted data from the subset of the first plurality of encryption units to the second plurality of encryption units.
1 Assignment
0 Petitions
Accused Products
Abstract
In various embodiments, a method of transferring data between datacenters may be performed. The method may include running a first plurality of host programs and a first plurality of encryption units at a first datacenter. The method may further include establishing, between the first datacenter and a second datacenter, secure communication connections between each of the first plurality of encryption units and a corresponding one of a second plurality of encryption units running at the second datacenter. The method may further include transferring, by the first datacenter, data from the first plurality of host programs to a second plurality of host programs running at the second datacenter.
-
Citations
19 Claims
-
1. A method, comprising:
-
running, at a first datacenter, a first plurality of host programs and a first plurality of encryption units; establishing, between the first datacenter and a second datacenter, secure communication connections between each of the first plurality of encryption units and a corresponding one of a second plurality of encryptions units running at the second datacenter; monitoring one or more performance metrics of the first plurality of encryption units; transferring, by the first datacenter, data from the first plurality of host programs to a second plurality of host programs running at the second datacenter, including by; receiving, by the first plurality of host programs, information indicative of the one or more performance metrics of the first plurality of encryption units; selecting, by the first plurality of host programs, a subset of the first plurality of encryption units to encrypt data from the first plurality of host programs, wherein the subset of the first plurality of encryption units is selected based on the information indicative of the one or more performance metrics of the first plurality of encryption units; sending data from the first plurality of host programs to the subset of the first plurality of encryption units; encrypting the data sent to the subset of the first plurality of encryption units to generate encrypted data; and sending, via the secure communication connections, the encrypted data from the subset of the first plurality of encryption units to the second plurality of encryption units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory, computer-readable medium having computer instructions stored thereon that are capable of being executed by a computer system to cause operations comprising:
-
establishing secure communication connections between each of a first plurality of encryption units at a first datacenter and a corresponding one of a second plurality of encryption units at a second datacenter; providing, to a first plurality of host programs at the first datacenter, information indicative of one or more performance metrics of the first plurality of encryption units; transferring data from a first host program of the first plurality of host programs to a second host program of a second plurality of host programs at the second datacenter, wherein the transferring includes; receiving, at a first encryption unit of the first plurality of encryption units, data from the first host program, wherein the receiving is in response to the first host program selecting the first encryption unit to encrypt the data based on the information indicative of one or more performance metrics of the first encryption unit; encrypting, by the first encryption unit, the data to generate encrypted data; and sending, via a first secure communication connection of the secure communication connections, the encrypted data to a corresponding second encryption unit at the second datacenter; monitoring levels of usage of the first plurality of encryption units; and in response to a determination that the levels of usage exceed a particular threshold, sending a request to an orchestration host to add additional encryption units to the first plurality of encryption units. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system, comprising:
-
a datacenter facility that includes; a plurality of computer systems; a plurality of storage subsystems that are configured to store data for a plurality of entities; and a network interface configured to communicate with a second datacenter facility; wherein at least one of the plurality of computer systems includes a non-transitory, computer-readable medium having program instructions stored thereon that are capable of being executed by the plurality of computer systems to perform operations, comprising; establishing secure communication connections, via the network interface, between each of a first plurality of encryption units executing at the datacenter facility and a corresponding one of a second plurality of encryption units at the second datacenter facility; providing, to a first plurality of host programs executing on one or more of the plurality of computer systems, information indicative of one or more performance metrics of the first plurality of encryption units; monitoring one or more performance metrics of the first plurality of encryption units; transferring data from a first host program of the first plurality of host programs, via the network interface, to a second host program of a second plurality of host programs executing at the second datacenter facility, wherein the transferring includes; receiving, by the first host program, information indicative of the one or more performance metrics of the first plurality of encryption units; receiving, at a first encryption unit of the first plurality of encryption units, data from the first host program, wherein the receiving is in response to the first host program selecting the first encryption unit to encrypt the data based on the information indicative of one or more performance metrics of the first encryption unit; encrypting, by the first encryption unit, the data to generate encrypted data; and sending, via a first secure communication connection of the secure communication connections, the encrypted data to a corresponding second encryption unit at the second datacenter facility. - View Dependent Claims (16, 17, 18)
-
-
19. A method, comprising:
-
running, at a first datacenter, a first plurality of host programs and a first plurality of encryption units; establishing, between the first datacenter and a second datacenter, secure communication connections between each of the first plurality of encryption units and a corresponding one of a second plurality of encryptions units running at the second datacenter; transferring, by the first datacenter, data from the first plurality of host programs to a second plurality of host programs running at the second datacenter, including by; selecting a subset of the first plurality of encryption units to encrypt data from the first plurality of host programs, wherein the subset of the first plurality of encryption units is selected based on information indicative of one or more performance metrics of the first plurality of encryption units; sending data from the first plurality of host programs to the subset of the first plurality of encryption units; encrypting the data sent to the subset of the first plurality of encryption units to generate encrypted data; and sending, via the secure communication connections, the encrypted data from the subset of the first plurality of encryption units to the second plurality of encryption units; monitoring one or more levels of usage of the first plurality of encryption units; and modifying a number of encryption units in the first plurality of encryption units based on the one or more levels of usage.
-
Specification