Methods, systems and computer program products for providing failure recovery of network secure communications in a cluster computing environment
First Claim
1. A method of recovering from a failure of a primary distribution processor which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the primary distribution processor by a common network address, the method comprising the steps of:
- providing to a backup distribution processor information sufficient to restart communications through the primary distribution processor utilizing network security;
detecting the failure of the primary distribution processor;
restarting the communications utilizing network security at the backup distribution processor utilizing the provided information;
routing both inbound and outbound communications with target hosts utilizing the common network address and which are associated with a secure network communication through the backup distribution processor; and
processing the inbound and outbound secure network communications at the backup distribution processor so as to provide network security processing of the inbound and outbound communications.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products provide for recovering from the failure of a primary distribution processor which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the primary distribution processor by a common network address. Information sufficient to restart communications through the primary distribution processor utilizing network security is provided to a backup distribution processor. Failure of the primary distribution processor is detected and the communications utilizing network security restarted at the backup distribution processor utilizing the provided information. Both inbound and outbound communications with target hosts utilizing the common network address and which are associated with a secure network communication are then routed through the backup distribution processor. Both inbound and outbound processing of secure network communications utilizing the common network address is performed at the backup distribution processor so as to provide network security processing of communications from the target host and network security processing of communications to the target host.
-
Citations
23 Claims
-
1. A method of recovering from a failure of a primary distribution processor which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the primary distribution processor by a common network address, the method comprising the steps of:
-
providing to a backup distribution processor information sufficient to restart communications through the primary distribution processor utilizing network security;
detecting the failure of the primary distribution processor;
restarting the communications utilizing network security at the backup distribution processor utilizing the provided information;
routing both inbound and outbound communications with target hosts utilizing the common network address and which are associated with a secure network communication through the backup distribution processor; and
processing the inbound and outbound secure network communications at the backup distribution processor so as to provide network security processing of the inbound and outbound communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of recovering from a failure of a first routing communication protocol stack which routes for Internet Protocol Security (IPSec) communications between a network and a plurality of application instances executing on a cluster of data processing systems utilizing a virtual Internet Protocol Address (VIPA) Distributor and which distributes communications for connections to at least one dynamically routable VIPA (DVIPA) to a plurality of target communication protocol stacks, the method comprising the steps of:
-
detecting failure of the first routing communication protocol stack at a second routing communication protocol stack;
reading ISPec information associated with the at least one DVIPA from a coupling facility of the cluster of data processing systems;
renegotiating IPSec SAs between the second routing communication protocol stack and remote IPSec peers utilizing the at least one DVIPA based on the IPSec information read from the coupling facility;
re-routing the connections to the at least one DVIPA utilizing IPSec through the second routing communication protocol stack; and
performing IPSec processing for the re-routed connections to the at least one DVIPA at the second routing communication protocol stack utilizing the renegotiated IPSec SAs. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for recovering from a failure of a primary distribution processor which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the primary distribution processor by a common network address, comprising:
-
means for providing to a backup distribution processor information sufficient to restart communications through the primary distribution processor utilizing network security;
means for detecting the failure of the primary distribution processor;
means for restarting the communications utilizing network security at the backup distribution processor utilizing the provided information;
means for routing both inbound and outbound communications with target hosts utilizing the common network address and which are associated with a secure network communication through the backup distribution processor; and
means for processing the inbound and outbound secure network communications at the backup distribution processor so as to provide network security processing of the inbound and outbound communications.
-
-
21. A system for recovering from a failure of a first routing communication protocol stack which routes for Internet Protocol Security (IPSec) communications between a network and a plurality of application instances executing on a cluster of data processing systems utilizing a virtual Internet Protocol Address (VIPA) Distributor and which distributes communications for connections to at least one dynamically routable VIPA (DVIPA) to a plurality of target communication protocol stacks, comprising:
-
means for detecting failure of the first routing communication protocol stack at a second routing communication protocol stack;
means for reading ISPec information associated with the at least one DVIPA from a coupling facility of the cluster of data processing systems;
means for renegotiating IPSec SAs between the second routing communication protocol stack and remote IPSec peers utilizing the at least one DVIPA based on the IPSec information read from the coupling facility;
means for re-routing the connections to the at least one DVIPA utilizing IPSec through the second routing communication protocol stack; and
means for performing IPSec processing for the rerouted connections to the at least one DVIPA at the second routing communication protocol stack utilizing the renegotiated IPSec SAs.
-
-
22. A computer program product for recovering from a failure of a primary distribution processor which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the primary distribution processor by a common network address, comprising:
a computer readable medium having computer readable program code embodied therein, the computer readable program code comprising;
computer readable program code which provides to a backup distribution processor information sufficient to restart communications through the primary distribution processor utilizing network security;
computer readable program code which detects the failure of the primary distribution processor;
computer readable program code which restarts the communications utilizing network security at the backup distribution processor utilizing the provided information;
computer readable program code which routes both inbound and outbound communications with target hosts utilizing the common network address and which are associated with a secure network communication through the backup distribution processor; and
computer readable program code which processes the inbound and outbound secure network communications at the backup distribution processor so as to provide network security processing of the inbound and outbound communications.
-
23. A computer program product for recovering from a failure of a first routing communication protocol stack which routes for Internet Protocol Security (IPSec) communications between a network and a plurality of application instances executing on a cluster of data processing systems utilizing a virtual Internet Protocol Address (VIPA) Distributor and which distributes communications for connections to at least one dynamically routable VIPA (DVIPA) to a plurality of target communication protocol stacks, comprising:
a computer readable medium having computer readable program code embodied therein, the computer readable program code comprising;
computer readable program code which detects failure of the first routing communication protocol stack at a second routing communication protocol stack;
computer readable program code which reads IPSec information associated with the at least one DVIPA from a coupling facility of the cluster of data processing systems;
computer readable program code which renegotiates IPSec SAs between the second routing communication protocol stack and remote IPSec peers utilizing the at least one DVIPA based on the IPSec information read from the coupling facility;
computer readable program code which re-routes the connections to the at least one DVIPA utilizing IPSec through the second routing communication protocol stack; and
computer readable program code which performs IPSec processing for the re-routed connections to the at least one DVIPA at the second routing communication protocol stack utilizing the renegotiated IPSec SAs.
Specification