System and method for reducing cloud IP address utilization using a distributor registry
First Claim
1. A system for providing cloud computing services, the system comprising:
- a cloud computing environment comprising a cloud infrastructure including a hardware layer having storage assets, processing assets and network assets for supporting cloud workloads and a routing system, each cloud workload having associated therewith an internal cloud address, wherein the routing system is disposed within the cloud infrastructure of the cloud computing environment, the routing system comprising;
a virtual router disposed within a first cloud of the cloud computing environment and configured to function as a network address translator (“
NAT”
);
a distributor disposed within a second cloud of the cloud computing environment different from the first cloud and connected between the virtual router and the cloud workloads, wherein the distributor receives cryptographic keys from the external workloads based on attestation by the virtual router of the first cloud and uses the cryptographic keys to establish a secure connection to route traffic between the external workloads and the cloud workloads; and
a distributor registry accessible by the distributor for maintaining information comprising port mappings, cloud address mappings, and cloud workload configuration information, wherein each of the cloud workloads communicates information comprising its internal cloud address and at least one port designation to the distributor, which logs the information in the distributor registry.
15 Assignments
0 Petitions
Accused Products
Abstract
System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information.
-
Citations
14 Claims
-
1. A system for providing cloud computing services, the system comprising:
a cloud computing environment comprising a cloud infrastructure including a hardware layer having storage assets, processing assets and network assets for supporting cloud workloads and a routing system, each cloud workload having associated therewith an internal cloud address, wherein the routing system is disposed within the cloud infrastructure of the cloud computing environment, the routing system comprising; a virtual router disposed within a first cloud of the cloud computing environment and configured to function as a network address translator (“
NAT”
);a distributor disposed within a second cloud of the cloud computing environment different from the first cloud and connected between the virtual router and the cloud workloads, wherein the distributor receives cryptographic keys from the external workloads based on attestation by the virtual router of the first cloud and uses the cryptographic keys to establish a secure connection to route traffic between the external workloads and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising port mappings, cloud address mappings, and cloud workload configuration information, wherein each of the cloud workloads communicates information comprising its internal cloud address and at least one port designation to the distributor, which logs the information in the distributor registry. - View Dependent Claims (2, 3, 4, 5)
-
6. A system for providing cloud computing services, the system comprising:
-
a cloud computing environment comprising a cloud infrastructure including a hardware layer having storage assets and processing assets for supporting cloud workloads each having associated therewith an internal cloud address; and a routing system disposed within the cloud infrastructure of the cloud computing environment, the routing system comprising; a virtual router disposed within a first cloud of the cloud computing environment and configured to function as a network address translator (“
NAT”
);a distributor disposed within a second cloud of the cloud computing environment different from the first cloud and connected between virtual router of the first cloud and the cloud workloads, wherein the distributor of the second cloud receives cryptographic keys from the external workloads based on attestation by the virtual router of the first cloud; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, address mappings, and configuration information for each of the cloud workloads, wherein the distributor of the second cloud uses the cryptographic keys to establish a secure connection to route traffic between the external workloads and the cloud workloads, and wherein each of the cloud workloads communicates information comprising its internal address and at least one port designation to the distributor, which logs the information in the distributor registry. - View Dependent Claims (7, 8, 9)
-
-
10. A method of providing cloud computing services, the method comprising:
-
providing a cloud computing environment comprising a first cloud, a second cloud, and resources for supporting cloud workloads of the first cloud, each cloud workload of the first cloud having associated therewith an internal address; and routing traffic between external workloads of an external computing environment to the cloud workloads of the first cloud, the routing comprising directing traffic from an external address to the internal cloud addresses and further comprising; providing a virtual router disposed within the first cloud and configured to function as a network address translator (“
NAT”
);providing a distributor disposed within the second cloud and connected between the virtual router and the cloud workloads of the first cloud, wherein the distributor of the second cloud establishes secure connections with the external workloads based on attestation by the virtual router of the first cloud to the validity of the distributor of the second cloud, and wherein the distributor of the second cloud establishes secure connections with the cloud workloads of the first cloud based on attestation by the virtual router of the first cloud to the validity of the cloud workloads of the first cloud; providing a distributor registry accessible by the distributor of the second cloud for maintaining at least one of port mappings, address mappings, and cloud workload configuration information. - View Dependent Claims (11, 12, 13, 14)
-
Specification