Network secure communications in a cluster computing environment

US 8,972,475 B2
Filed: 12/21/2007
Issued: 03/03/2015
Est. Priority Date: 01/17/2001
Status: Active Grant

First Claim

Patent Images

1. A secure network communications system in a distributed workload environment having target hosts which are accessed through a distribution processor by a common network address, comprising:

a computer memory configured to store program instructions;

means for receiving at the distribution processor, network communications directed to the common network address;

a processor configured to execute the program instructions in order to create;

means for determining whether the network communications are secure network communications;

means for processing secure network communications having;

means for routing both inbound and outbound communications with target hosts which are associated with an end-to-end secure network communication through the distribution processor;

means for processing both inbound and outbound end-to-end secure network communications at the distribution processor so as to provide endpoint network security processing of communications from the target host to the distribution processor and endpoint network security processing of communications from the distribution processor to the target host such that the distribution processor serves as an endpoint for the end-to-end secure network communication; and

means for distributing the received secure network communications that are directed to the common network address among selected ones of the target hosts so as to distribute workload associated with the network communications among the target hosts including means for encapsulating communications between the distribution processor and the selected ones of the plurality of target hosts which are associated with end-to-end secure network communications so as to distinguish communications between the distribution processor and the selected ones of the plurality of target hosts which are associated with secure network communications from other communications; and

means for processing non-secure communications by distributing the received network communications that are directed to the common network address among the target hosts so as to distribute workload associated with the network communications among the target hosts.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure communications are provided over a network in a distributed workload environment having target hosts which are accessed through a distribution processor by a common network address. Secure communications are provided by routing both inbound and outbound communications with target hosts which are associated with a secure network communication through the distribution processor. Both inbound and outbound secure network communications are processed at the distribution processor so as to provide network security processing of communications from the target host and network security processing of communications to the target host.

38 Citations

10 Claims

1. A secure network communications system in a distributed workload environment having target hosts which are accessed through a distribution processor by a common network address, comprising:
- a computer memory configured to store program instructions;
  
  means for receiving at the distribution processor, network communications directed to the common network address;
  
  a processor configured to execute the program instructions in order to create;
  
  means for determining whether the network communications are secure network communications;
  
  means for processing secure network communications having;
  
  means for routing both inbound and outbound communications with target hosts which are associated with an end-to-end secure network communication through the distribution processor;
  
  means for processing both inbound and outbound end-to-end secure network communications at the distribution processor so as to provide endpoint network security processing of communications from the target host to the distribution processor and endpoint network security processing of communications from the distribution processor to the target host such that the distribution processor serves as an endpoint for the end-to-end secure network communication; and
  
  means for distributing the received secure network communications that are directed to the common network address among selected ones of the target hosts so as to distribute workload associated with the network communications among the target hosts including means for encapsulating communications between the distribution processor and the selected ones of the plurality of target hosts which are associated with end-to-end secure network communications so as to distinguish communications between the distribution processor and the selected ones of the plurality of target hosts which are associated with secure network communications from other communications; and
  
  means for processing non-secure communications by distributing the received network communications that are directed to the common network address among the target hosts so as to distribute workload associated with the network communications among the target hosts.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, further comprising:
    - means for determining if the received network communications are end-to-end secure network communications which are to be distributed to ones of the target hosts;
      
      wherein the means for encapsulating communications between the distribution processor and selected ones of the plurality of target hosts which are associated with end-to-end secure network communications comprises a means for processing the received network communications so as to provide encapsulated generic communications to the ones of the plurality of target hosts if the received network communications are end-to-end secure network communications which are distributed to ones of the target hosts and means to not provide encapsulated generic communications to the ones of the plurality of target hosts if the received network communications are not end-to-end secure network communications.
  - 3. The system according to claim 1, wherein the means for encapsulating communications between the distribution processor and selected ones of the plurality of target hosts which are associated with end-to-end secure network communications comprises means to encapsulate the communications in a generic routing format.
  - 4. The system according to claim 3, wherein generic communications are encapsulated in a generic routing format having sufficient information in a header of the generic routing format so as to authenticate the source of the communication between the distributing processor and ones of the plurality of target hosts.
  - 5. The system according to claim 3, further comprising means for establishing common IP filters for communications at the distributing processor and the plurality of target hosts.
  - 6. The system according to claim 5, wherein the common IP filters bypass IP filtering for inbound communications encapsulated in the generic routing format.
  - 7. The system according to claim 1, wherein the communications received from the target hosts at the distribution processor and the encapsulated communications to ones of the plurality of target hosts from the distribution processor are communicated over trusted communication links
  - 8. The system according to claim 1, further comprising:
    - means for receiving at a target host, an encapsulated communication;
      
      means for comparing a physical link corresponding to said distributor to a source of encapsulation; and
      
      means for ignoring the encapsulated communication if said physical link does not match to said source of encapsulation.
  - 9. The system according to claim 1, wherein the means for distributing the received network communications that are directed to the common network address among selected ones of the target hosts distribution processor comprises distributing the received network communications using a sysplex distributor.
  - 10. The system according to claim 1, wherein the end-to-end secure network communication comprises a communication using the IPSEC communication protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Godwin, James Russell, Herr, David Anthony, Overby, Linwood H. Jr.
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
Chang, Julian

Application Number

US11/962,551
Publication Number

US 20080098126A1
Time in Patent Office

2,629 Days
Field of Search

709201-203, 709238-244, 726 11- 15
US Class Current

709/201
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/102   Entity profiles

H04L 63/16   Implementing security featu...

H04L 63/20   for managing network securi...

H04L 67/1001   for accessing one among a p...

Network secure communications in a cluster computing environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

Network secure communications in a cluster computing environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others