Dynamic, load-based, auto-scaling network security microservices architecture
First Claim
Patent Images
1. A method performed by a security system, the method comprising:
- configuring a segment microservice to route network data to and from a datacenter, and a plurality of servers on which to run multiple instances of each of a hierarchy of security microservices, each level of which performs a different security operation;
using a configuration microservice to set security policies of the security microservices, a scaler to determine when to scale microservices in or out, and a database to store state information and security polices;
configuring microservice connectivity via a backplane;
processing flows of packets received from the datacenter; and
in response to a failure of a first server, moving a microservice from the first server to a second server at the same level of the hierarchy, and configuring the second server with state information and a security policy of the first server.
3 Assignments
0 Petitions
Accused Products
Abstract
System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment selects a first microservice of a first hierarchy, configures the microservices of a second lower-level hierarchy to remove the first microservice from load balancing decisions to the first hierarchy, moves the first microservice to another server, configures data plane connectivity to the first microservice to reflect a change in server, and configures the microservices of the second hierarchy to include the first microservice in load balancing decisions to the first hierarchy.
10 Citations
20 Claims
-
1. A method performed by a security system, the method comprising:
-
configuring a segment microservice to route network data to and from a datacenter, and a plurality of servers on which to run multiple instances of each of a hierarchy of security microservices, each level of which performs a different security operation; using a configuration microservice to set security policies of the security microservices, a scaler to determine when to scale microservices in or out, and a database to store state information and security polices; configuring microservice connectivity via a backplane; processing flows of packets received from the datacenter; and in response to a failure of a first server, moving a microservice from the first server to a second server at the same level of the hierarchy, and configuring the second server with state information and a security policy of the first server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable medium containing instructions to which a security system is to respond by:
-
configuring a segment microservice to route network data to and from a datacenter, and a plurality of servers on which to run multiple instances of each of a hierarchy of security microservices, each level of which performs a different security operation; using a configuration microservice to set security policies of the security microservices, a scaler to determine when to scale microservices in or out, and a database to store state information and security polices; configuring microservice connectivity via a backplane; processing flows of packets received from the datacenter; and in response to a failure of a first server, moving a microservice from the first server to a second server at the same level of the hierarchy, and configuring the second server with state information and a security policy of the first server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A security system comprising:
-
a data plane comprising a segment microservice to route network data to and from a datacenter, and a plurality of servers on which to run multiple instances of each of a hierarchy of security microservices, each level of which performs a different security operation; a management plane comprising a configuration microservice to set security policies of the security microservices, a scaler to determine when to scale microservices in or out, and a database to store state information and security polices; and a backplane to provide microservice connectivity via a backplane; the security system to; process flows of packets received from the datacenter; and in response to a failure of a first server, move a microservice from the first server to a second server at the same level of the hierarchy, and configure the second server with state information and a security policy of the first server. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification