ENFORCING MICRO-SEGMENTATION POLICIES FOR PHYSICAL AND VIRTUAL APPLICATION COMPONENTS IN DATA CENTERS
1 Assignment
0 Petitions
Accused Products
Abstract
A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A device, comprising:
-
a communication interface; and one or more processors to; receive network topology information associated with a network; identify a first application component as a physical application component of the network based on the network topology information; identify a second application component as a virtual application component of the network based on the network topology information; provide, to a virtual network device of the network, a first policy to permit the virtual network device to implement the first policy in association with network traffic transferred using the virtual application component, the first policy being provided to the virtual network device based on the virtual network device being a virtual device type and being connected to the virtual application component; and provide, to a physical network device of the network, a second policy to permit the physical network device to implement the second policy in association with network traffic transferred using the physical application component, the second policy being provided to the physical network device based on the physical network device being a physical device type and being connected to the physical application component. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive network topology information associated with a network; identify a first application component as a physical application component of the network based on the network topology information; identify a second application component as a virtual application component of the network based on the network topology information; provide, to a virtual network device of the network, a first policy to permit the virtual network device to implement the first policy in association with network traffic transferred using the virtual application component, the first policy being provided to the virtual network device based on the virtual network device being a virtual device type and being connected to the virtual application component; and provide, to a physical network device of the network, a second policy to permit the physical network device to implement the second policy in association with network traffic transferred using the physical application component, the second policy being provided to the physical network device based on the physical network device being a physical device type and being connected to the physical application component. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
35. A method, comprising:
-
receiving, by a device, network topology information associated with a network; identifying, by the device, a first application component as a physical application component of the network based on the network topology information; identifying, by the device, a second application component as a virtual application component of the network based on the network topology information; providing, by the device and to a virtual network device of the network, a first policy to permit the virtual network device to implement the first policy in association with network traffic transferred using the virtual application component, the first policy being provided to the virtual network device based on the virtual network device being a virtual device type and being connected to the virtual application component; and providing, by the device and to a physical network device of the network, a second policy to permit the physical network device to implement the second policy in association with network traffic transferred using the physical application component, the second policy being provided to the physical network device based on the physical network device being a physical device type and being connected to the physical application component. - View Dependent Claims (36, 37, 38, 39, 40)
-
Specification