DYNAMIC SECURED NETWORK IN A CLOUD ENVIRONMENT
First Claim
1. A method of adding a machine provided by a cloud provider to an overlay network, the method performed by the machine and comprising:
- gathering data relating to the machine, including a private internet protocol (IP) address of the machine within a network of the cloud provider;
receiving or determining configuration data for connecting the machine to the overlay network, including an overlay IP address for the machine in the overlay network, said configuration data being at least partly dependent on said gathered data; and
connecting the machine to the overlay network in accordance with at least part of said configuration data, including establishing at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said machine is used to encapsulate said overlay address.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure presents systems, methods and computer program products relating to an overlay network in a cloud environment. A management machine may manage an overlay network. Machine(s), which may be provided by cloud provider(s), may be added to or removed from the overlay network. Data relating to a machine may be gathered and configuration data may be determined, for example when the machine is being added to the overlay network. A device associated with a user authorized for the overlay network may connect to the overlay network. The overlay network may include one or more secure tunnels wherein a private IP address or public IP address may encapsulate an overlay IP address.
-
Citations
45 Claims
-
1. A method of adding a machine provided by a cloud provider to an overlay network, the method performed by the machine and comprising:
-
gathering data relating to the machine, including a private internet protocol (IP) address of the machine within a network of the cloud provider; receiving or determining configuration data for connecting the machine to the overlay network, including an overlay IP address for the machine in the overlay network, said configuration data being at least partly dependent on said gathered data; and connecting the machine to the overlay network in accordance with at least part of said configuration data, including establishing at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said machine is used to encapsulate said overlay address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of connecting a device to an overlay network, said overlay network including at least one server provided by at least one cloud provider, comprising:
-
determining that the device is attempting connection to the overlay network; verifying that a user associated with the device is authorized for the overlay network; assigning an overlay IP to the device from a pool of overlay IP addresses; and connecting the device to the overlay network by establishing at least one secure tunnel between the device and a gateway in the overlay network. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A method of managing an overlay network, performed by a management machine, comprising:
-
determining that a server or gateway provided by a cloud provider is to be added to said overlay network; generating a temporary machine authentication token for said server or gateway; receiving said temporary machine authentication token from said server or gateway and authenticating said server or gateway; and providing a replacement longer expiration machine authentication token to said server or gateway; wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private IP address or a public IP address of said server or gateway is used to encapsulate an overlay address that was allocated to said server or gateway. - View Dependent Claims (22, 23)
-
-
24. A method of managing an overlay network, performed by a management machine, comprising:
-
determining that a server or gateway provided by a cloud provider is to be added to said overlay network; receiving data from said server or gateway relating to said server or gateway, including a private internet protocol (IP) address of the server or gateway within a network of the cloud provider; determining configuration data for connecting the server or gateway to the overlay network, including an overlay IP address for the server or gateway in the overlay network, said configuration data being at least partly dependent on said gathered data; and providing said configuration data at least to said server or gateway, thereby enabling said server or gateway to connect to the overlay network in accordance with at least part of said configuration data, including to establish at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said server or gateway is used to encapsulate said overlay address. - View Dependent Claims (25, 26)
-
-
27. A method of adding a server to or removing a server from an overlay network, comprising:
-
a device accessing management software in a management machine; and the device indicating that a server provided by a cloud provider is to be added or removed from an overlay network; thereby enabling said server to connect to the overlay network, including to establish at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said server is used to encapsulate an overlay address which was allocated to said server, or thereby enabling said server to disconnect from said overlay network. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A method of adding at least one gateway provided by at least one cloud provider to an overlay network, comprising:
-
a device accessing management software in a management machine; and a device providing program code generated by the management software to at least one gateway provided by the at least one cloud provider; thereby enabling allocation of at least one overlay IP address to the at least one gateway, and allocation of a pool of overlay IP addresses from which an overlay IP address is to be assigned by a gateway to a device connecting to the overlay network which is associated with a user authorized for the overlay network, so that the overlay address of the device will be encapsulated by a public IP address of the device in a secure tunnel established between the gateway and the connecting device. - View Dependent Claims (33, 34)
-
-
35. A method of managing an overlay network, performed by a management machine, comprising:
-
receiving data from at least one machine provided by at least one cloud provider, which is included in the overlay network; and providing configuration data determined at least partly based on said received data, to at least one machine provided by at least one cloud provider, which is in the overlay network; thereby enabling addition of, removal of, or change in at least one secure tunnel comprised in said overlay network.
-
-
36. A system for adding a machine provided by a cloud provider to an overlay network, the system including the machine capable of:
-
gathering data relating to the machine, including a private internet protocol (IP) address of the machine within a network of the cloud provider; receiving or determining configuration data for connecting the machine to the overlay network, including an overlay IP address for the machine in the overlay network, said configuration data being at least partly dependent on said gathered data; and connecting the machine to the overlay network in accordance with at least part of said configuration data, including establishing at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said machine is used to encapsulate said overlay address.
-
-
37. A system for connecting a device to an overlay network, said overlay network including at least one server provided by at least one cloud provider, said system comprising a gateway capable of:
-
determining that the device is attempting connection to the overlay network; verifying that a user associated with the device is authorized for the overlay network; assigning an overlay IP to the device from a pool of overlay IP addresses; and connecting the device to the overlay network by establishing at least one secure tunnel between the device and the gateway.
-
-
38. A system for managing an overlay network, comprising a management machine capable of:
-
determining that a server or gateway provided by a cloud provider is to be added to said overlay network; generating a temporary machine authentication token for said server or gateway; receiving said temporary machine authentication token from said server or gateway and authenticating said server or gateway; and providing a replacement longer expiration machine authentication token to said server or gateway; wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private IP address or a public IP address of said server or gateway is used to encapsulate an overlay address that was allocated to said server or gateway.
-
-
39. A system for managing an overlay network, comprising a management machine, capable of:
-
determining that a server or gateway provided by a cloud provider is to be added to said overlay network; receiving data from said server or gateway relating to said server or gateway, including a private internet protocol (IP) address of the server or gateway within a network of the cloud provider; determining configuration data for connecting the server or gateway to the overlay network, including an overlay IP address for the server or gateway in the overlay network, said configuration data being at least partly dependent on said gathered data; and providing said configuration data at least to said server or gateway, thereby enabling said server or gateway to connect to the overlay network in accordance with at least part of said configuration data, including to establish at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said server or gateway is used to encapsulate said overlay address.
-
-
40. A system for managing an overlay network, comprising a management machine, capable of:
-
receiving data from at least one machine provided by at least one cloud provider, which is included in the overlay network; and providing configuration data determined at least partly based on said received data, to at least one machine provided by at least one cloud provider, which is in the overlay network; thereby enabling addition of, removal of, or change in at least one secure tunnel comprised in said overlay network.
-
-
41. A computer program product comprising a machine useable medium having machine readable program code embodied therein for adding a machine provided by a cloud provider to an overlay network, the computer program product comprising:
-
machine readable program code for causing the machine to gather data relating to the machine, including a private internet protocol (IP) address of the machine within a network of the cloud provider; machine readable program code for causing the machine to receive or determine configuration data for connecting the machine to the overlay network, including an overlay IP address for the machine in the overlay network, said configuration data being at least partly dependent on said gathered data; and computer readable program code for causing the machine to connect the machine to the overlay network in accordance with at least part of said configuration data, including establishing at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said machine is used to encapsulate said overlay address.
-
-
42. A computer program product comprising a machine useable medium having machine readable program code embodied therein for connecting a device to an overlay network, said overlay network including at least one server provided by at least one cloud provider, the computer program product comprising:
-
machine readable program code for causing a machine to determine that the device is attempting connection to the overlay network; machine readable program code for causing the machine to verify that a user associated with the device is authorized for the overlay network; machine readable program code for causing the machine to assign an overlay IP to the device from a pool of overlay IP addresses; and machine readable program code for causing the machine to connect the device to the overlay network by establishing at least one secure tunnel between the device and the machine.
-
-
43. A computer program product comprising a machine useable medium having machine readable program code embodied therein for managing an overlay network, the computer program product comprising:
-
machine readable program code for causing a machine to determine that a server or gateway provided by a cloud provider is to be added to said overlay network; machine readable program code for causing the machine to generate a temporary machine authentication token for said server or gateway; machine readable program code for causing the machine to receive said temporary machine authentication token from said server or gateway and to authenticate said server or gateway; and machine readable program code for causing the machine to provide a replacement longer expiration machine authentication token to said server or gateway; wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private IP address or a public IP address of said server or gateway is used to encapsulate an overlay address that was allocated to said server or gateway.
-
-
44. A computer program product comprising a machine useable medium having machine readable program code embodied therein for managing an overlay network, the computer program product comprising:
-
machine readable program code for causing a machine to determine that a server or gateway provided by a cloud provider is to be added to said overlay network; machine readable program code for causing the machine to receive data from said server or gateway relating to said server or gateway, including a private internet protocol (IP) address of the server or gateway within a network of the cloud provider; machine readable program code for causing the machine to determine configuration data for connecting the server or gateway to the overlay network, including an overlay IP address for the server or gateway in the overlay network, said configuration data being at least partly dependent on said gathered data; and machine readable program code for causing the machine to provide said configuration data at least to said server or gateway, thereby enabling said server or gateway to connect to the overlay network in accordance with at least part of said configuration data, including to establish at least one secure tunnel, wherein for any secure tunnel a private IP address or a public IP address of said server or gateway is used to encapsulate said overlay address.
-
-
45. A computer program product comprising a machine useable medium having machine readable program code embodied therein for managing an overlay network, the computer program product comprising:
-
machine readable program code for causing a machine to receive data from at least one machine provided by at least one cloud provider, which is included in the overlay network; and machine readable program code for causing the machine to provide configuration data determined at least partly based on said received data, to at least one machine provided by at least one cloud provider, which is in the overlay network; thereby enabling addition of, removal of, or change in at least one secure tunnel comprised in said overlay network.
-
Specification