ALLOCATING ENFORCEMENT OF A SEGMENTATION POLICY BETWEEN HOST AND NETWORK DEVICES
First Claim
1. A method for configuring enforcement of a segmentation policy, the method comprising:
- obtaining a segmentation policy comprising a plurality of rules controlling communications between workloads;
generating, for a particular workload, a plurality of management instructions for enforcing the rules of the segmentation policy controlling communications to and from the particular workload;
obtaining, for the particular workload, a connectivity configuration indicating a network device upstream from the particular workload;
determining an allocation of the plurality of management instructions between enforcement on a host of a computing device on which the particular workload executes and enforcement on the network device upstream from the workload; and
sending configuration information based on the plurality of management instructions to at least one of the host and the network device in accordance with the allocation to enable enforcement of the plurality of management instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
A segmentation server configures enforcement of a segmentation policy by allocating enforcement of management instructions between network devices and hosts. The segmentation policy comprises rules that control communications between workloads. For a particular workload, the segmentation server generates management instructions for controlling communications to and from the particular workload in accordance with the rules. The segmentation server determines an allocation of management instructions between enforcement on a host on which the particular workload executes and enforcement on a network device upstream from the workload. The segmentation server sends configuration information to at least one of the host and the network device in accordance with the allocation to enable enforcement of the management instructions.
1 Citation
20 Claims
-
1. A method for configuring enforcement of a segmentation policy, the method comprising:
-
obtaining a segmentation policy comprising a plurality of rules controlling communications between workloads; generating, for a particular workload, a plurality of management instructions for enforcing the rules of the segmentation policy controlling communications to and from the particular workload; obtaining, for the particular workload, a connectivity configuration indicating a network device upstream from the particular workload; determining an allocation of the plurality of management instructions between enforcement on a host of a computing device on which the particular workload executes and enforcement on the network device upstream from the workload; and sending configuration information based on the plurality of management instructions to at least one of the host and the network device in accordance with the allocation to enable enforcement of the plurality of management instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium storing instructions for configuring enforcement of a segmentation policy, the instructions when executed by a processor cause the processor to perform steps including:
-
obtaining a segmentation policy comprising a plurality of rules controlling communications between workloads; generating, for a particular workload, a plurality of management instructions for enforcing the rules of the segmentation policy controlling communications to and from the particular workload; obtaining, for the particular workload, a connectivity configuration indicating a network device upstream from the particular workload; determining an allocation of the plurality of management instructions between enforcement on a host of a computing device on which the particular workload executes and enforcement on the network device upstream from the workload; and sending configuration information based on the plurality of management instructions to at least one of the host and the network device in accordance with the allocation to enable enforcement of the plurality of management instructions. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computing system comprising:
-
a processor; and a non-transitory computer-readable storage medium storing instructions for configuring enforcement of a segmentation policy, the instructions when executed by the processor cause the processor to perform steps including; obtaining a segmentation policy comprising a plurality of rules controlling communications between workloads; generating, for a particular workload, a plurality of management instructions for enforcing the rules of the segmentation policy controlling communications to and from the particular workload; obtaining, for the particular workload, a connectivity configuration indicating a network device upstream from the particular workload; determining an allocation of the plurality of management instructions between enforcement on a host of a computing device on which the particular workload executes and enforcement on the network device upstream from the workload; and sending configuration information based on the plurality of management instructions to at least one of the host and the network device in accordance with the allocation to enable enforcement of the plurality of management instructions. - View Dependent Claims (20)
-
Specification