Hybrid firewall for data center security

US 9,275,004 B2
Filed: 12/11/2012
Issued: 03/01/2016
Est. Priority Date: 12/11/2012
Status: Active Grant

First Claim

Patent Images

1. A method for managing firewall requirements related to avirtualized application by a cloud management entity having a processing engine, comprising:

responsive to determining, by the processing engine, that a virtualized application, associated with a first plurality of application virtual machines and a second plurality of firewall virtual machines, requires an increased number of application virtual machines in the first plurality, instantiating an application virtual machine;

comparing a bandwidth capacity of the required increased number of application virtual machines in the first plurality to a bandwidth capacity of the firewall virtual machines in the second plurality to determine whether a firewall ratio is exceeded by the increased number of application virtual machines; and

responsive to determining, by the processing engine, that the firewall ratio is exceeded, instantiating a firewall virtual machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing a hybrid firewall solution, employing both hardware and software firewall components, for a cloud computing data center is provided. A virtual application is hosted by a first plurality of application virtual machines and a second plurality of firewall virtual machines provides firewalling services for traffic associated with the virtual application. A cloud management entity determines that the virtual application requires an increased number of application virtual machines. A security profile for the virtual application is verified to determine if an increased number of firewall virtual machines is required by the increased number of application virtual machines. The cloud management entity can instantiate additional application virtual machines and firewall virtual machines as required.

15 Citations

View as Search Results

16 Claims

1. A method for managing firewall requirements related to avirtualized application by a cloud management entity having a processing engine, comprising:
- responsive to determining, by the processing engine, that a virtualized application, associated with a first plurality of application virtual machines and a second plurality of firewall virtual machines, requires an increased number of application virtual machines in the first plurality, instantiating an application virtual machine;
  
  comparing a bandwidth capacity of the required increased number of application virtual machines in the first plurality to a bandwidth capacity of the firewall virtual machines in the second plurality to determine whether a firewall ratio is exceeded by the increased number of application virtual machines; and
  
  responsive to determining, by the processing engine, that the firewall ratio is exceeded, instantiating a firewall virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the firewall ratio threshold is included in an application profile configured at deployment of the virtualized application.
  - 3. The method of claim 1, further including the step of comparing the required increased number of application virtual machines to the number of firewall virtual machines in the second plurality.
  - 4. The method of claim 1, further including the steps of:
    - computing a ratio of the required increased number of application virtual machines to the number of firewall virtual machines in the second plurality; and
      
      comparing the computed ratio with a firewall ratio requirement associated with the virtualized application.
  - 5. The method of claim 1, further including the step of comparing a bandwidth capacity of the required increased number of application virtual machines in the first plurality to a sum of a bandwidth capacity of the firewall virtual machines in the second plurality and a bandwidth of a hardware firewall provisioned for use by the virtualized application.
  - 6. The method of claim 1, wherein the virtualized application is hosted on the first plurality of application virtual machines and the second plurality of firewall virtual machines provide firewalling services for traffic associated with the virtualized application.
  - 7. The method of claim 1, further including the steps of adding the instantiated application virtual machine to the first plurality;
    - and adding the instantiated firewall virtual machine to the second plurality.
  - 8. The method of claim 1, further including responsive to determining that an increased number of load balancing virtual machines is required by the increased number of application virtual machines, instantiating a load balancing virtual machine.
  - 9. The method of claim 1, further including the steps of:
    - determining that the virtualized application requires a decreased number of application virtual machines in the first plurality;
      
      determining that a decreased number of firewall virtual machines is required by the decreased number of application virtual machines;
      
      shutting down an application virtual machine; and
      
      shutting down a firewall virtual machine.

10. A cloud management entity, comprising:
- a memory for storing instructions; and
  
  a processing engine, configured to execute the instructions, for, responsive todetermining that a virtualized application, associated with a first plurality of application virtual machines and a second plurality of firewall virtual machines, requires an increased number of application virtual machines in the first plurality, instantiating an application virtual machine;
  
  for comparing a bandwidth capacity of the required increased number of application virtual machines in the first plurality to a bandwidth capacity of the firewall virtual machines in the second plurality to determine whether a firewall ratio is exceeded by the increased number of application virtual machines; and
  
  for, responsive to determining that the firewall ratio is exceeded, instantiating a firewall virtual machine.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The cloud management entity of claim 10, further comprising a communication interface for communicating with the first plurality of application virtual machines and the second plurality of firewall virtual machines.
  - 12. The cloud management entity of claim 10, wherein the firewall ratio threshold is included in an application profile configured at deployment of the virtualized application by the processing engine.
  - 13. The cloud management entity of claim 10, wherein the processing engine compares the required increased number of application virtual machines in the first plurality to the number of firewall virtual machines in the second plurality.
  - 14. The cloud management entity of claim 10, wherein the processing engine computes a ratio of the required increased number of application virtual machines in the first plurality to the number of firewall virtual machines in the second plurality;
    - and compares the computed ratio to a firewall ratio threshold associated with the virtualized application.
  - 15. The cloud management entity of claim 10, wherein the processing engine compares a bandwidth capacity of the increased number of application virtual machines in the first plurality to a sum of a bandwidth capacity of the firewall virtual machines in the second plurality and a bandwidth capacity of a hardware firewall provisioned for use by the virtualized application.
  - 16. The cloud management entity of claim 10, wherein the virtualized application is hosted on the first plurality of application virtual machines and the second plurality of firewall virtual machines provide firewalling services for traffic associated with the virtualized application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Zhu, Zhongwen, Pourzandi, Makan
Primary Examiner(s)
BUI, JONATHAN A

Application Number

US13/710,642
Publication Number

US 20140164619A1
Time in Patent Office

1,176 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 15/177   Initialisation or configura...

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5077   Logical partitioning of res...

G06F 9/5083   Techniques for rebalancing ...

H04L 63/0227   Filtering policies mail mes...

Hybrid firewall for data center security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid firewall for data center security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links