Employing Overlays for Securing Connections Across Networks
First Claim
1. One or more computer-readable media having computer-executable instructions embodied thereon that, when executed, perform a method for communicating across a virtual network overlay between a plurality of endpoints residing in distinct locations within a physical network, the method comprising:
- identifying a first endpoint residing in a data center of a cloud computing platform, wherein the first endpoint is reachable by a first physical internet protocol (IP) address;
identifying a second endpoint residing in a resource of an enterprise private network, wherein the second endpoint is reachable by a second physical IP address; and
instantiating virtual presences of the first endpoint and the second endpoint within the virtual network overlay established for a service application, wherein instantiating comprises;
(a) assigning the first endpoint a first virtual IP address;
(b) maintaining in a map an association between the first physical IP address and the first virtual IP address;
(c) assigning the second endpoint a second virtual IP address; and
(d) maintaining in the map an association between the second physical IP address and the second virtual IP address, wherein the map instructs where to route packets between the first endpoint and the second endpoint based on communications exchanged within the virtual network overlay.
2 Assignments
0 Petitions
Accused Products
Abstract
Computerized methods, systems, and computer-storage media for establishing and managing a virtual network overlay (“overlay”) are provided. The overlay spans between a data center and a private enterprise network and includes endpoints, of a service application, that reside in each location. The service-application endpoints residing in the data center and in the enterprise private network are reachable by data packets at physical IP addresses. Virtual presences of the service-application endpoints are instantiated within the overlay by assigning the service-application endpoints respective virtual IP addresses and maintaining an association between the virtual IP addresses and the physical IP addresses. This association facilitates routing the data packets between the service-application endpoints, based on communications exchanged between their virtual presences within the overlay. Also, the association secures a connection between the service-application endpoints within the overlay that blocks communications from other endpoints without a virtual presence in the overlay.
-
Citations
20 Claims
-
1. One or more computer-readable media having computer-executable instructions embodied thereon that, when executed, perform a method for communicating across a virtual network overlay between a plurality of endpoints residing in distinct locations within a physical network, the method comprising:
-
identifying a first endpoint residing in a data center of a cloud computing platform, wherein the first endpoint is reachable by a first physical internet protocol (IP) address; identifying a second endpoint residing in a resource of an enterprise private network, wherein the second endpoint is reachable by a second physical IP address; and instantiating virtual presences of the first endpoint and the second endpoint within the virtual network overlay established for a service application, wherein instantiating comprises; (a) assigning the first endpoint a first virtual IP address; (b) maintaining in a map an association between the first physical IP address and the first virtual IP address; (c) assigning the second endpoint a second virtual IP address; and (d) maintaining in the map an association between the second physical IP address and the second virtual IP address, wherein the map instructs where to route packets between the first endpoint and the second endpoint based on communications exchanged within the virtual network overlay. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system for instantiating in a virtual network overlay a virtual presence of a candidate endpoint residing in a physical network, the computer system comprising:
-
a data center within a cloud computing platform that hosts the candidate endpoint having a physical IP address; and a hosting name server that identifies a range of virtual IP addresses assigned to the virtual network overlay, that assigns to the candidate endpoint a virtual IP address that is selected from the range, and that maintains in a map the assigned virtual IP address in association with the physical IP address of the candidate endpoint. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computerized method for facilitating communication between a source endpoint and a destination endpoint across a virtual network overlay, the method comprising:
-
binding a source virtual IP address to a source physical IP address in a map, wherein the source physical IP address indicates a location of the source endpoint within a data center of a cloud computing platform; binding a destination virtual IP address to a destination physical IP address in the map, wherein the destination physical IP address indicates a location of the destination endpoint within a resource of an enterprise private network; sending a packet from the source endpoint to the destination endpoint utilizing the virtual network overlay, wherein the source virtual IP address and the destination virtual IP address indicate a virtual presence of the source endpoint and the destination endpoint, respectively, in the virtual network overlay, and wherein sending the packet comprises; (a) identifying the packet that is designated to be delivered to the destination virtual IP address; (b) employing the map to adjust the designation from the destination virtual IP address to the destination physical IP address; and (c) based on the destination physical IP address, routing the packet to the destination endpoint within the resource. - View Dependent Claims (19, 20)
-
Specification