METHODS AND APPARATUS FOR PROVIDING A SECURE OVERLAY NETWORK BETWEEN CLOUDS

US 20160164914A1
Filed: 12/05/2014
Published: 06/09/2016
Est. Priority Date: 12/05/2014
Status: Active Grant

First Claim

Patent Images

1. A method for providing network communication, comprising:

receiving a first request from a dashboard managed by an orchestrator for establishing a secure overlay network (“

SON”

) able to facilitate a point-to-point connection from a first node in a first cloud over a communication network;

receiving a second request for connecting to the SON from a second node in a second cloud over the communication network; and

establishing a first connection between a first port of the first node and the second port of the second node utilizing a network security protocol.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process capable of automatically establishing a secure overlay network (“SON”) across different clouds is disclosed. The process, in one aspect, receives a first request from a first node in a first cloud for establishing a SON. After receiving a second request for connecting to the SON from a second node in a second cloud, a first connection is established connecting between the first node and the second node utilizing a network security protocol such as Internet Protocol Security (“IPSec”). After receiving a third request for connecting to the SON from a third node in a third cloud, a second connection is used to connect between the first node and the third node. A third connection is used to connect between the second node and the third node. Each subsequent request for connecting to the SON from a new node results in new connections between the new node and each existing node in the SON forming a full-mesh.

163 Citations

21 Claims

1. A method for providing network communication, comprising:
- receiving a first request from a dashboard managed by an orchestrator for establishing a secure overlay network (“
  
  SON”
  
  ) able to facilitate a point-to-point connection from a first node in a first cloud over a communication network;
  
  receiving a second request for connecting to the SON from a second node in a second cloud over the communication network; and
  
  establishing a first connection between a first port of the first node and the second port of the second node utilizing a network security protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving a third request for connecting to the SON from a third node in a third cloud over the communication network; and
      
      establishing a second connection between the first port of the first node and the third node of the third cloud.
  - 3. The method of claim 2, further comprising establishing a third connection between the second node of the second cloud and the third node of the third cloud.
  - 4. The method of claim 1, further comprising providing a dashboard to interact with a user for facilitating a plurality of user selections before launching a virtual machine (“
    - VM”
      
      ).
  - 5. The method of claim 1, wherein receiving a first request from a dashboard managed by an orchestrator for establishing the SON includes receiving an option selected by a first user via a dashboard facilitated by the orchestrator for launching a virtual network.
  - 6. The method of claim 1, wherein receiving a first request from a dashboard managed by an orchestrator for establishing the SON includes receiving a SON selection from a dashboard managed by the orchestrator from a first user via the first node from a private cloud.
  - 7. The method of claim 1, wherein receiving a second request for connecting to the SON includes receiving a SON selection from a dashboard managed by the orchestrator from a second user via a node from a public cloud.
  - 8. The method of claim 1, wherein establishing a first connection between a first port of the first node and the second port of the second node includes creating a logical link between the first port and the second port utilizing Internet Protocol Security (“
    - IPsec”
      
      ) to build a secure packet exchange tunnel at IP layer.
  - 9. The method of claim 1, wherein establishing a first connection between a first port of the first node and the second port of the second node includes generating a direct connection between a port of a server in a private cloud and a port of virtual machine (“
    - VM”
      
      ) in a public cloud utilizing an Internet Protocol Security (“
      
      IPSec”
      
      ).

10. A communication network having a plurality of virtual machines (“
- VMs”
  
  ), comprising;
  
  a first private cloud able to provide network services to a plurality of users, the first private cloud configured to contain at least a first server having a first input and output (“
  
  I/O”
  
  ) port;
  
  a public cloud coupled to the first private network cloud via a communication network and configured to provide cloud computing service to users; and
  
  an orchestrator coupled to the first private cloud and the public cloud, wherein the orchestrator is able to establish a first point-to-point connection between the first I/O port of the first server and a second I/O port of a second server in the public cloud in accordance with network security protocol.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The network of claim 10, further comprising a second private cloud coupled to the first private cloud and configured to provide network services to a plurality of users, wherein the orchestrator is able to generate a second point-to-point connection between the first I/O port of the first server and a third I/O port of a third server in the second private cloud.
  - 12. The network of claim 11, wherein the orchestrator is able to generate a third point-to-point connection between the second I/O port of the second server in the public cloud and the third I/O port of the third server in the second private cloud.
  - 13. The network of claim 10, wherein the orchestrator is able to establish a secure overlay network (“
    - SON”
      
      ) over an existing network to establish point-to-point connections in accordance with Internet Protocol Security (“
      
      IPSec”
      
      ).
  - 14. The network of claim 13, wherein the orchestrator is able to utilize a plurality of icons on the dashboards, wherein one of the plurality of icons is a selectable option for establishing SON.
  - 15. The network of claim 14, wherein the orchestrator is able to manage a cluster of point-to-point links generated in accordance with SON.

16. A method for generating network connections, comprising:
- presenting a dashboard including an option of creating a secure overlay network (“
  
  SON”
  
  ) to a user by an orchestrator via a communication network;
  
  receiving a first selection requesting a first SON for point-to-point connections from a first virtual server in a first cloud over the communication network;
  
  receiving a second selection requesting the first SON and a second SON from a second virtual server in a second cloud over the communication network; and
  
  establishing a first point-to-point connection between the first virtual server and the second virtual server in accordance with the first SON utilizing a network security protocol.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The network of claim 16, further comprising:
    - receiving a third selection requesting the second SON from a third virtual server in a third cloud; and
      
      establishing a second point-to-point connection between the second virtual server in the second cloud and the third virtual server in the third cloud in accordance with the second SON utilizing Internet Protocol Security (“
      
      IPsec”
      
      ).
  - 18. The network of claim 17, further comprising:
    - receiving a fourth selection requesting the first SON and the second SON from a fourth virtual server in a fourth cloud; and
      
      establishing a third point-to-point connection between the fourth virtual server in the fourth cloud and the third virtual server in the third cloud in accordance with the second SON utilizing Internet Protocol Security (“
      
      IPsec”
      
      ).
  - 19. The network of claim 18, further comprising establishing a fourth point-to-point connection between the fourth virtual server in the fourth cloud and the first virtual server in the first cloud in accordance with the first SON utilizing Internet Protocol Security (“
    - IPsec”
      
      ).
  - 20. The network of claim 19, further comprising establishing a fifth point-to-point connection between the fourth virtual server in the fourth cloud and the second virtual server in the second cloud in accordance with the first and the second SONs utilizing Internet Protocol Security (“
    - IPsec”
      
      ).
  - 21. The network of claim 18, further comprising establishing a third point-to-point connection between the first server and third server via IPsec.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
Engreen, Inc. (ViaSat Incorporated)
Inventors
MADHAV, PRAVEEN, Uberoy, Pawan

Granted Patent

US 9,602,544 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04L 67/141   Setup of application sessio...

METHODS AND APPARATUS FOR PROVIDING A SECURE OVERLAY NETWORK BETWEEN CLOUDS

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

163 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUS FOR PROVIDING A SECURE OVERLAY NETWORK BETWEEN CLOUDS

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links