Mechanism for providing external access to a secured networked virtualization environment

US 10,542,049 B2
Filed: 05/08/2015
Issued: 01/21/2020
Est. Priority Date: 05/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method for providing external access into a secured networked virtualization environment, comprising:

performing a first leadership election amongst nodes of the secured networked virtualization environment that elects a leader node that directs an external communication from an external entity to a node within the secured networked virtualization environment;

assigning a cluster virtual IP address to the leader node, wherein the cluster virtual IP address is a different IP address than an IP address of the leader node;

generating a reverse tunnel, using a processor of the leader node, based at least in part on the cluster virtual IP address, wherein the external communication from the external entity to the node within the secured networked virtualization environment is sent via the reverse tunnel associated with the cluster virtual IP address;

identifying failure of the leader node;

performing a second leadership election amongst the nodes of the secured networked virtualization environment to elect a new leader node;

assigning the cluster virtual IP address to the new leader node; and

generating another reverse tunnel by the new leader node to allow the external entity to communicate with the secured networked virtualization environment.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing external access into a secured networked virtualization environment, includes performing a leadership election amongst nodes of the secured networked virtualization environment to elect a leader node, assigning a cluster virtual IP address to the leader node and generating a reverse tunnel, using a processor, by the leader node to allow for an external entity to communicate with the secured networked virtualization environment.

Citations

37 Claims

1. A method for providing external access into a secured networked virtualization environment, comprising:
- performing a first leadership election amongst nodes of the secured networked virtualization environment that elects a leader node that directs an external communication from an external entity to a node within the secured networked virtualization environment;
  
  assigning a cluster virtual IP address to the leader node, wherein the cluster virtual IP address is a different IP address than an IP address of the leader node;
  
  generating a reverse tunnel, using a processor of the leader node, based at least in part on the cluster virtual IP address, wherein the external communication from the external entity to the node within the secured networked virtualization environment is sent via the reverse tunnel associated with the cluster virtual IP address;
  
  identifying failure of the leader node;
  
  performing a second leadership election amongst the nodes of the secured networked virtualization environment to elect a new leader node;
  
  assigning the cluster virtual IP address to the new leader node; and
  
  generating another reverse tunnel by the new leader node to allow the external entity to communicate with the secured networked virtualization environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein performing the first leadership election, comprises:
    - receiving a heartbeat response for at least one node from the secured networked virtualization environment;
      
      forming a queue with the at least one node that provide the heartbeat response, wherein the nodes that provide respective heartbeat responses are placed in the queue in an order that the nodes provide their respective heartbeat responses; and
      
      electing a first node in a first position in the queue as the leader node.
  - 3. The method of claim 2, wherein a node located in the queue that subsequently fails to provide a heartbeat response is removed from the queue.
  - 4. The method of claim 2, wherein a node not located in the queue that subsequently provides a heartbeat response is placed in the queue.
  - 5. The method of claim 1, wherein each node of the secured networked virtualization environment has a private IP address and internal communication amongst the nodes of the secured networked virtualization environment is made through private IP addresses.
  - 6. The method of claim 1, wherein generating the reverse tunnel comprises:
    - identifying, by the leader node, a port number at the external entity through which the external entity communicates with the leader node.
  - 7. The method of claim 6, wherein the port number is a statically determined port number.
  - 8. The method of claim 6, wherein the port number is a dynamically determined port number.
  - 9. The method of claim 8, wherein the dynamically determined port number is determined by:
    - requesting the external entity for an available port number;
      
      receiving the available port number from the external entity; and
      
      utilizing the available port number as the port number at the external entity through which the external entity communicates with the leader node.
  - 10. The method of claim 6, wherein the port number at the external entity through which the external entity communicates with the leader node is associated with the secured networked virtualization environment.
  - 11. The method of claim 6, wherein generating the reverse tunnel comprises performing a secured shell (SSH) command using the port number, the cluster virtual IP address and a public SSH key for the external entity.
  - 12. The method of claim 1, wherein the external entity is chosen by iterating over a list of external entities associated with the secured networked virtualization environment until the external entity is identified.
  - 13. The method of claim 12, wherein the external entity is identified based at least in part on an ability to establish communication with the secured networked virtualization environment.
  - 14. The method of claim 12, wherein the list of external entities is updated periodically.
  - 15. The method of claim 14, wherein the list of external entities is updated by:
    - requesting a current external entity from the list of external entities for an updated list of external entities;
      
      receiving the updated list of external entities; and
      
      modifying the list of external entities associated with the secured networked virtualization environment with the updated list of external entities.
  - 16. The method of claim 12, wherein the list of external entities associated with the secured networked virtualization environment is assigned to the secured networked virtualization environment based on a unique identifier for the secured networked virtualization environment.

17. A computer program product embodied on a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when executed by a processor causes the processor to execute a method for providing external access into a secured networked virtualization environment, comprising:
- performing a first leadership election amongst nodes of the secured networked virtualization environment that elects a leader node that directs an external communication from an external entity to a node within the secured networked virtualization environment;
  
  assigning a cluster virtual IP address to the leader node, wherein the cluster virtual IP address is a different IP address than an IP address of the leader node;
  
  generating a reverse tunnel, using a processor of the leader node, based at least in part on the cluster virtual IP address, wherein the external communication from the external entity to the node within the secured networked virtualization environment is sent via the reverse tunnel associated with the cluster virtual IP address;
  
  identifying failure of the leader node;
  
  performing a second leadership election amongst the nodes of the secured networked virtualization environment to elect a new leader node;
  
  assigning the cluster virtual IP address to the new leader node; and
  
  generating another reverse tunnel by the new leader node to allow the external entity to communicate with the secured networked virtualization environment.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The computer program product of claim 17, wherein performing the first leadership election, comprises:
    - receiving a heartbeat response for at least one node from the secured networked virtualization environment;
      
      forming a queue with the at least one node that provide the heartbeat response, wherein the nodes that provide respective heartbeat responses are placed in the queue in an order that the nodes provide their respective heartbeat responses; and
      
      electing a first node in a first position in the queue as the leader node.
  - 19. The computer program product of claim 18, wherein a node located in the queue that subsequently fails to provide a heartbeat response is removed from the queue.
  - 20. The computer program product of claim 18, wherein a node not located in the queue that subsequently provides a heartbeat response is placed in the queue.
  - 21. The computer program product of claim 17, wherein each node of the secured networked virtualization environment has a private IP address and internal communication amongst the nodes of the secured networked virtualization environment is made through private IP addresses.
  - 22. The computer program product of claim 17, wherein generating the reverse tunnel comprises:
    - identifying, by the leader node, a port number at the external entity through which the external entity communicates with the leader node.
  - 23. The computer program product of claim 22, wherein the port number is a statically determined port number.
  - 24. The computer program product of claim 22, wherein the port number is a dynamically determined port number.
  - 25. The computer program product of claim 24, wherein the dynamically determined port number is determined by:
    - requesting the external entity for an available port number;
      
      receiving the available port number from the external entity; and
      
      utilizing the available port number as the port number at the external entity through which the external entity communicates with the leader node.
  - 26. The computer program product of claim 22, wherein the port number at the external entity through which the external entity communicates with the leader node is associated with the secured networked virtualization environment.
  - 27. The computer program product of claim 22, wherein generating the reverse tunnel comprises performing a secured shell (SSH) command using the port number, the cluster virtual IP address and a public SSH key for the external entity.
  - 28. The computer program product of claim 17, wherein the external entity is chosen by iterating over a list of external entities associated with the secured networked virtualization environment until the external entity is identified.
  - 29. The computer program product of claim 28, wherein the external entity is identified based at least in part on an ability to establish communication with the secured networked virtualization environment.
  - 30. The computer program product of claim 28, wherein the list of external entities is updated periodically.
  - 31. The computer program product of claim 30, wherein the list of external entities is updated by:
    - requesting a current external entity from the list of external entities for an updated list of external entities;
      
      receiving the updated list of external entities; and
      
      modifying the list of external entities associated with the secured networked virtualization environment with the updated list of external entities.
  - 32. The computer program product of claim 28, wherein the list of external entities associated with the secured networked virtualization environment is assigned to the secured networked virtualization environment based on a unique identifier for the secured networked virtualization environment.

33. A system for providing external access into a secured networked virtualization environment, comprising:
- a computer processor to execute a set of program code instructions; and
  
  a memory to hold the set of program code instructions, in which the set of program code instructions comprises program code to perform;
  
  performing a first leadership election amongst nodes of the secured networked virtualization environment that elects a leader node that directs an external communication from an external entity to a node within the secured networked virtualization environment;
  
  assigning a cluster virtual IP address to the leader node, wherein the cluster virtual IP address is a different IP address than an IP address of the leader node;
  
  generating a reverse tunnel, using a processor of the leader node, based at least in part on the cluster virtual IP address, wherein the external communication from the external entity to the node within the secured networked virtualization environment is sent via the reverse tunnel associated with the cluster virtual IP address;
  
  identifying failure of the leader node;
  
  performing a second leadership election amongst the nodes of the secured networked virtualization environment to elect a new leader node;
  
  assigning the cluster virtual IP address to the new leader node; and
  
  generating another reverse tunnel by the new leader node to allow the external entity to communicate with the secured networked virtualization environment.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The system of claim 33, in which the set of program code instructions further comprise program code to perform the first leadership election by:
    - receiving a heartbeat response for at least one node from the secured networked virtualization environment;
      
      forming a queue with the at least one node that provide the heartbeat response, wherein the nodes that provide respective heartbeat responses are placed in the queue in an order that the nodes provide their respective heartbeat responses; and
      
      electing a first node in a first position in the queue as the leader node.
  - 35. The system of claim 34, wherein a node located in the queue that subsequently fails to provide a heartbeat response is removed from the queue.
  - 36. The system of claim 34, wherein a node not located in the queue that subsequently provides a heartbeat response is placed in the queue.
  - 37. The system of claim 33, wherein each node of the secured networked virtualization environment has a private IP address and internal communication amongst the nodes of the secured networked virtualization environment is made through private IP addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nutanix Incorporated
Original Assignee
Nutanix Incorporated
Inventors
Cui, Miao, Jain, Kshitiz, Kahlon, Vineet
Primary Examiner(s)
Bayou, Yonas A

Application Number

US14/708,091
Publication Number

US 20150326531A1
Time in Patent Office

1,719 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

Mechanism for providing external access to a secured networked virtualization environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for providing external access to a secured networked virtualization environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links