System and method for supporting secured communication by an aliased cluster
First Claim
Patent Images
1. A method comprising:
- implementing cluster aliasing for a cluster of a plurality of computer-based members; and
supporting, by the aliased cluster, secured communication with a non-member node, wherein the cluster aliasing provides an appearance to said non-member node of a common network address for the plurality of members, and wherein said supporting the secured communication comprises;
assigning a first of the plurality of members to process secure inbound data directed to the common network address from the non-member node; and
assigning a second, different of the plurality of members to send secure outbound data from the common network address to the non-member node.
2 Assignments
0 Petitions
Accused Products
Abstract
Cluster aliasing is implemented for a cluster of a plurality of computer-based members. The aliased cluster supports secured communication with a non-member node. The cluster aliasing provides an appearance to the non-member node of a common network address for the plurality of members. In supporting the secured communication, a first of the plurality of members is assigned to process secure inbound data directed to the common network address from the non-member node, and a second, different of the plurality of members is assigned to send secure outbound data from the common network address to the non-member node.
35 Citations
56 Claims
-
1. A method comprising:
-
implementing cluster aliasing for a cluster of a plurality of computer-based members; and supporting, by the aliased cluster, secured communication with a non-member node, wherein the cluster aliasing provides an appearance to said non-member node of a common network address for the plurality of members, and wherein said supporting the secured communication comprises; assigning a first of the plurality of members to process secure inbound data directed to the common network address from the non-member node; and assigning a second, different of the plurality of members to send secure outbound data from the common network address to the non-member node. - View Dependent Claims (2, 3, 4, 49, 50, 51)
-
-
5. A method comprising:
-
implementing cluster aliasing for a cluster of a plurality of computer-based members; and using distributed processing among the plurality of members for supporting secured communication with a non-member node, wherein the cluster aliasing provides an appearance to said non-member node of a common network address for the plurality of members, and wherein using distributed processing among the plurality of members for supporting the secured communication comprises; assigning a first of the plurality of members to process secure inbound data directed to the common network address from the non-member node; assigning a second, different of the plurality of members to send secure outbound data from the common network address to the non-member node; and assigning a third, different of the members to negotiate a security association for the secured communication using the common network address. - View Dependent Claims (6, 52)
-
-
7. A method comprising:
-
implementing cluster aliasing for a cluster of a plurality of computer-based members, wherein the cluster appearance to a non-member node of a common network address for the plurality of members; performing, by the aliased cluster, negotiation of security for a secured communication using the common network address with said non-member node, wherein the negotiation is performed by a first of the plurality of members; and processing secure inbound data addressed to the common network address by a second, different one of the plurality of members. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 53)
-
-
20. A method comprising:
-
implementing cluster aliasing to generate an aliased network address for a cluster of a plurality of computer-based members; and supporting, by the aliased cluster, secured communication with a non-member node, wherein said supporting includes (a) creating an inbound Security Association (SA) for use in processing, by a first one of the plurality of members, secured data addressed to the aliased network address received from said non-member node and (b) creating an outbound SA for use in securing data to be sent, by a second, different one of the plurality of members, from the aliased network address to said non-member node. - View Dependent Claims (21, 22, 23, 24)
-
-
25. Computer-executable software code stored to a computer-readable storage device, said computer-executable software code comprising:
code for supporting secured communication between an aliased cluster having a plurality of members and a non-member node, wherein the aliased cluster is associated with an aliased network address, wherein said code for supporting includes (a) code for assigning to a first member of the aliased cluster a role of Inbound-Processor for the secured communication involving the aliased network address, (b) code for assigning to a second, different member of the aliased cluster a role of Outbound-Processor for the secured communication involving the aliased network address, (c) code for publishing to the cluster the identity of said Inbound-Processor member for the secured communication, and (d) code for publishing to the cluster the identity of said Outbound-Processor member for the secured communication. - View Dependent Claims (26, 27, 28, 29)
-
30. A system comprising:
-
an aliased cluster having a plurality of processor-based devices as members, wherein said aliased cluster supports communication protocol level secured communication with a non-member node, and wherein the aliased cluster is associated with a common network address, wherein a first of the plurality of members is assigned to process secure inbound data sent to the common network address from the non-member node, and wherein a second, different of the plurality of members is assigned to send secure outbound data from the common network address to the non-member node. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 54, 55)
-
-
40. A method of supporting Internet Protocol security (IPsec) secured communication by an aliased cluster, the method comprising:
-
assigning, for a given IPsec secured communication session with a node that is not a member of said cluster, a role of Inbound-Processor to a first member of the aliased cluster for processing secure inbound data addressed to an aliased network address of the aliased cluster; assigning, for the given IPsec secured communication session, a role of Outbound-Processor to a second different member of the aliased cluster to send secure outbound data from the aliased network address; publishing the identity of the first member assigned the role of Inbound-Processor in a directory that is accessible by all members of the aliased cluster; and publishing the identity of the second member assigned the role of Outbound-Processor in a directory that is accessible by all members of the aliased cluster. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 56)
-
Specification