NETWORK ISOLATION AND IDENTITY MANAGEMENT OF CLONED VIRTUAL MACHINES

US 20100174811A1
Filed: 01/05/2009
Published: 07/08/2010
Est. Priority Date: 01/05/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method for establishing a multi-network configuration comprising:

creating a fence upon a physical host to isolate a virtual computing environment comprising at least one virtual computing system, the at least one virtual computing system comprising an internal virtual network adapter;

adding an external virtual network adapter to respective virtual computing systems;

creating an internal virtual network within the fenced virtual computing environment;

creating an external virtual network within the fenced virtual computing environment configured to map physical external addresses on a physical external network to virtual external addresses on the virtual external network;

connecting the internal virtual network adapter to the internal virtual network;

connecting the external virtual network adapter to the external virtual network; and

applying a routing scheme to the physical host.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual computing environment comprising virtual machines may be created to clone a computing environment for testing purposes. To provide an accurate testing environment, the network configuration of the cloned computing environment may be preserved in the virtual computing environment. However, deploying the virtual computing environment on a physical network that comprises the cloned computing environment may create addressing conflicts. Accordingly, a technique for preserving network configuration data without creating addressing conflicts is provided herein. A virtual computing environment comprising an internal virtual network and external virtual network is fenced off to isolate the virtual computing environment from a physical external network. The virtual computing systems are connected to the internal virtual network for communication, using the preserved network configuration, between virtual computing environments. The virtual computing systems are separately connected to the external virtual network for communication through the physical external network.

191 Citations

20 Claims

1. A method for establishing a multi-network configuration comprising:
- creating a fence upon a physical host to isolate a virtual computing environment comprising at least one virtual computing system, the at least one virtual computing system comprising an internal virtual network adapter;
  
  adding an external virtual network adapter to respective virtual computing systems;
  
  creating an internal virtual network within the fenced virtual computing environment;
  
  creating an external virtual network within the fenced virtual computing environment configured to map physical external addresses on a physical external network to virtual external addresses on the virtual external network;
  
  connecting the internal virtual network adapter to the internal virtual network;
  
  connecting the external virtual network adapter to the external virtual network; and
  
  applying a routing scheme to the physical host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, the applying the routing scheme comprising:
    - establishing a TCP/IP endpoint, on the physical host, connected to the external virtual network;
      
      registering the at least one virtual computing system, in the fenced virtual computing environment, with the physical host using a proxy address resolution protocol; and
      
      configuring a routing table on the physical host.
  - 3. The method of claim 1, comprising:
    - receiving a packet of data from an external computing system on the physical external network; and
      
      routing the packet of data across the external virtual network to a virtual computing system.
  - 4. The method of claim 3, the routing comprising at least one of:
    - routing the packet of data across the external virtual network to the virtual computing system based upon an external DNS name; and
      
      routing the packet of data across the external virtual network to the virtual computing system based upon a proxy address resolution protocol.
  - 5. The method of claim 1, comprising:
    - receiving a set of external network configuration data comprising at least one ofan external IP address;
      
      an external MAC address; and
      
      an external DNS name; and
      
      configuring an external virtual network configuration of a virtual computing system based upon the set of external network configuration data.
  - 6. The method of claim 5, the set of external network configuration data comprising address data distinct from physical external addresses on the physical external network.
  - 7. The method of claim 5, comprising:
    - registering an external alias a virtual computing system with an external DNS server associated with the physical external network.
  - 8. The method of claim 1, comprising:
    - receiving a set of internal network configuration data comprising at least one of;
      
      an internal IP address;
      
      an internal MAC address; and
      
      an internal DNS name; and
      
      configuring an internal virtual network configuration of a virtual computing system based upon the set of internal network configuration data.
  - 9. The method of claim 8, comprising:
    - creating at least one internal DNS registration, corresponding to a virtual computing system in the fenced virtual computing environment, upon at least one of;
      
      a virtual DNS server within the fenced virtual computing environment, andan individual resolver file on the virtual computing system.

10. A system for establishing a multi-network configuration comprising:
- a physical host configured to host at least one fenced virtual computing environment, the physical host comprising;
  
  at least one fenced virtual computing environment comprising;
  
  at least one virtual computing system comprising;
  
  an internal virtual network adapter connected to an internal virtual network;
  
  an external virtual network adapter connected to an external virtual network; and
  
  a fence agent configured to configure an internal virtual network configuration and an external network configuration of the virtual computing system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, the physical host comprising:
    - a fence manager configured to perform at least one of;
      
      establish a TCP/IP endpoint, on the physical host, connected to the external virtual network;
      
      register a virtual computing system, in the fenced virtual computing environment, with the physical host using a proxy address resolution protocol; and
      
      configure a routing table on the physical host.
  - 12. The system of claim 10, comprising:
    - a lab controller configured to manage the at least one virtual computing system, the lab controller comprising;
      
      a fence orchestrator configured to;
      
      invoke initiation of the at least one fenced virtual computing environment;
      
      determine a set of external network configuration data and a set of internal network configuration data; and
      
      send the set of external network configuration data and the set of internal network configuration data to the fence agent.
  - 13. The system of claim 12, the set of external network configuration data and the set of internal network configuration data comprising at least one of:
    - an internal IP address;
      
      an external IP address;
      
      an internal MAC address;
      
      an external MAC address;
      
      an internal DNS name; and
      
      an external DNS name;
  - 14. The system of claim 12, the fence orchestrator configured to:
    - reserve a set of IP addresses corresponding to a virtual computing system;
      
      assign an IP address from the set of IP addresses to the internal virtual network adapter of the virtual computing system; and
      
      assign an IP address from the set of IP addresses to the external virtual network adapter of the virtual computing system.
  - 15. The system of claim 10, the external virtual network configured to:
    - map physical external addresses on a physical external network to virtual external addresses on the virtual external network.
  - 16. The system of claim 15, the fence agent configured to:
    - register an external alias with an external DNS server on the physical external network; and
      
      register an internal DNS name with at least one of;
      
      a virtual DNS server within the fenced virtual computing environment, andan individual resolver file on the virtual computing system.
  - 17. The system of claim 15, comprising:
    - a firewall on the physical host configured for communication between the fenced virtual computing environment and physical computing systems on the physical external network.
  - 18. The system of claim 15, the physical host comprising:
    - a PARP routing component configured to;
      
      receive a packet of data from an external physical computing system on the physical external network; and
      
      route the packet of data across the external virtual network to a virtual computing system based upon a proxy address resolution protocol.
  - 19. The system of claim 10, the virtual computing environment configured to route packets of data across the internal virtual network from a first virtual computing system within the virtual computing environment to a second virtual computing system within the virtual computing environment.

20. A system for establishing a multi-network configuration comprising:
- a plurality of physical hosts configured to host a fenced virtual computing environment, a physical host within the plurality of physical hosts comprising;
  
  a sub-environment corresponding to a fenced virtual computing environment comprising;
  
  at least one virtual computing system comprising;
  
  an internal virtual network adapter connected to an internal virtual network;
  
  an external virtual network adapter connected to an external virtual network; and
  
  a fence agent configured to configure an internal virtual network configuration and an external network configuration of the virtual computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shrivastava, Sunita, Musiri, Sriram Srivathsan, Sudhakar, N.

Application Number

US12/348,436
Publication Number

US 20100174811A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

G06F 15/173   using an interconnection ne...

H04L 43/50   Testing arrangements

H04L 63/00   Network architectures or ne...

H04L 63/0272   Virtual private networks

NETWORK ISOLATION AND IDENTITY MANAGEMENT OF CLONED VIRTUAL MACHINES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

191 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

NETWORK ISOLATION AND IDENTITY MANAGEMENT OF CLONED VIRTUAL MACHINES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

191 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others