Auto Migration of Services Within a Virtual Data Center

US 20130074181A1
Filed: 09/19/2011
Published: 03/21/2013
Est. Priority Date: 09/19/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

detecting that virtual data center services provided to one of the at least two customers of are being subjected to an attack, wherein the virtual data center services are provided to the least two customers using a same first set of physical servers via a first network element; and

responsive to detecting that virtual data center services provided to the one of the at least two customers are being subjected to an attack, causing the virtual data center services provided to the one of the at least two customers to be migrated to a second set of physical servers that is not accessible via the first network element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided herein for detecting that virtual data center services provided to one of at least two customers are being subjected to an attack, wherein the virtual data center services are provided to the least two customers using a same first set of physical servers via a first network element such as a physical access switch, and responsive to detecting that virtual data center services provided to the one of the at least two customers are being subjected to an attack (e.g., a virus or denial of service attack), the technique causes the virtual data center services provided to the one of the at least two customers to be migrated to, e.g., instantiated on, a second set of physical servers that is not accessible via the first network element.

Citations

20 Claims

1. A method comprising:
- detecting that virtual data center services provided to one of the at least two customers of are being subjected to an attack, wherein the virtual data center services are provided to the least two customers using a same first set of physical servers via a first network element; and
  
  responsive to detecting that virtual data center services provided to the one of the at least two customers are being subjected to an attack, causing the virtual data center services provided to the one of the at least two customers to be migrated to a second set of physical servers that is not accessible via the first network element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising detecting, at the first network element, that the virtual data center services are being subjected to the attack.
  - 3. The method of claim 1, further comprising detecting that the attack is a denial of service attack.
  - 4. The method of claim 1, further comprising designating a quarantine area within the physical data center and causing the virtual data center services provided to the one of the at least two customers to be migrated to the quarantine area.
  - 5. The method of claim 4, further comprising analyzing the virtual data center services provided to the one of the at least two customers while in the quarantine area, and migrating the virtual data center services provided to the one of the at least two customers back to the first set physical servers when it is determined that the virtual data center services provided to the one of the at least two customers are no longer under attack.
  - 6. The method of claim 1, wherein causing the virtual data center services provided to the one of the at least two customers to be migrated is initiated when the attack is impacting virtual data center services being provided to the other one of the at least two customers.
  - 7. The method of claim 1, further comprising controlling a resource manager that controls an allocation of the physical servers for the virtual data center services to cause the virtual data center services provided to the one of the at least two customers to be migrated to the second set of physical servers that is not accessible via the first network element.
  - 8. The method of claim 1, further comprising providing virtual data center services to a plurality of customers, wherein a number of the plurality of customers being provided with virtual data center services is substantially greater than a number of individual assignable quality of service levels.
  - 9. The method of claim 1, further comprising detecting that the attack is emanating from outside of the physical data center.

10. A computer-readable memory medium storing instructions that, when executed by a processor, cause the processor to:
- detect that virtual data center services provided to one of at least two customers are being subjected to an attack, wherein the virtual data center services are provided to the least two customers using a same first set of physical servers via a first network element; and
  
  responsive to detecting that the virtual data center services provided to the one of the at least two customers are being subjected to an attack, cause the virtual data center services provided to the one of the at least two customers to be migrated to a second set of physical servers that is not accessible via the first network element.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The computer-readable memory medium of claim 10, wherein the instructions that cause the processor to detect that virtual data center services provided to one of at least two customers are being subjected to an attack cause the processor to detect that the attack is a denial of service attack.
  - 12. The computer-readable memory medium of claim 10, wherein the instructions are further configured to designate a quarantine area within the physical data center and to cause the virtual data center services provided to the one of the at least two customers to be migrated to the quarantine area.
  - 13. The computer-readable memory medium of claim 12, wherein the instructions are configured to analyze the virtual data center services provided to the one of the at least two customers while in the quarantine area, and to cause the virtual data center services provided to the one of the at least two customers to be migrated back to the first set physical servers when it is determined that the virtual data center services provided to the one of the at least two customers are no longer under attack.
  - 14. The computer-readable memory medium of claim 10, wherein the instructions are configured to cause the virtual data center services provided to the one of the at least two customers to be migrated when the attack is impacting virtual data center services being provided to the other one of the at least two customers.
  - 15. The computer-readable memory medium of claim 10, wherein the instructions are configured to control a resource manager that controls an allocation of the physical servers for the virtual data center services to cause the virtual data center services provided to the one of the at least two customers to be migrated to a second set of physical servers that is not accessible via the first network element.

16. An apparatus comprising:
- a network interface unit configured to communications over a network with at least a resource manager; and
  
  a processor circuit configured to be coupled to the network interface unit, wherein the processor is configured to;
  
  detect that virtual data center services provided to one of at least two customers are being subjected to an attack, wherein the virtual data center services are provided to the least two customers using a same first set of physical servers via a first network element; and
  
  responsive to detecting that virtual data center services provided to the one of the at least two customers are being subjected to an attack, cause, via the network interface unit communicating with the resource manager, the virtual data center services provided to the one of the at least two customers to be migrated to a second set of physical servers that is not accessible via the first network element.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, wherein the processor circuit is configured to designate a quarantine area within the physical data center and to cause the virtual data center services provided to the one of the at least two customers to be migrated to the quarantine area.
  - 18. The apparatus of claim 17, wherein the processor circuit is configured to analyze the virtual data center services provided to the one of the at least two customers while in the quarantine area, and to cause the virtual data center services provided to the one of the at least two customers to be migrated back to the first set physical servers when it is determined that the virtual data center services provided to the one of the at least two customers are no longer under attack.
  - 19. The apparatus of claim 16, wherein the processor circuit is configured to cause the virtual data center services provided to the one of the at least two customers to be migrated when the attack is impacting virtual data center services being provided to the other one of the at least two customers.
  - 20. The apparatus of claim 16, wherein the processor circuit is configured to detect that the attack is emanating from outside of the physical data center.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Singh, Sumeet

Application Number

US13/235,818
Publication Number

US 20130074181A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 41/0668   by dynamic selection of rec...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

H04L 67/10   in which an application is ...

Auto Migration of Services Within a Virtual Data Center

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Auto Migration of Services Within a Virtual Data Center

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links