Configure interconnections between networks hosted in datacenters
First Claim
Patent Images
1. A system for configuring communication between virtualized private networks, the system comprising:
- one or more datacenters comprising one or more computing devices configured to communicate with each other over network connections within the one or more datacenters;
the one or more computing devices further configured to host a first virtualized private network comprising a first compute instance hosted on the one or more computing devices, the first virtualized private network being associated with a first entity;
the one or more computing devices further configured to host a second virtualized private network comprising a second compute instance hosted on the one or more computing devices, the second virtualized private network associated with a second entity, wherein the second virtualized private network is isolated from the first virtualized private network and wherein the first entity is different from the second entity; and
one or more memories having stored therein computer-readable instructions that, upon execution on the system, cause the system to at least;
determine that the first entity has authorized the second entity to access the first compute instance;
provide the second compute instance with a network address associated with the first virtualized private network via the network connections; and
route a communication that is addressed with the network address from the second compute instance to the first compute instance via the network connections.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods and computer-readable media are described for connecting private networks that may otherwise be isolated. More particularly, the private networks may include private clouds that may be operated on a plurality of datacenters. A determination may be made as to whether network connections between the private clouds may be established and as to what compute resources of the private clouds may be exposed to the network connections. This determination may be used to generate virtual network paths that may be configured to route traffic between the private clouds.
139 Citations
23 Claims
-
1. A system for configuring communication between virtualized private networks, the system comprising:
-
one or more datacenters comprising one or more computing devices configured to communicate with each other over network connections within the one or more datacenters; the one or more computing devices further configured to host a first virtualized private network comprising a first compute instance hosted on the one or more computing devices, the first virtualized private network being associated with a first entity; the one or more computing devices further configured to host a second virtualized private network comprising a second compute instance hosted on the one or more computing devices, the second virtualized private network associated with a second entity, wherein the second virtualized private network is isolated from the first virtualized private network and wherein the first entity is different from the second entity; and one or more memories having stored therein computer-readable instructions that, upon execution on the system, cause the system to at least; determine that the first entity has authorized the second entity to access the first compute instance; provide the second compute instance with a network address associated with the first virtualized private network via the network connections; and route a communication that is addressed with the network address from the second compute instance to the first compute instance via the network connections. - View Dependent Claims (2, 3)
-
-
4. A method for connecting two or more networks hosted on a private network, the method comprising:
-
verifying that a second network has permission to access a first network by receiving information indicative of an authorization to access the first network from a computing node associated with a second entity, wherein the authorization is provided to the second entity from a first entity, the first and second entities being different from each other, the first network being associated with the first entity, the second network being associated with the second entity, and the first network and the second network being isolated from each other, wherein the first network is inaccessible to the second network except by way of the address of the first computing node; identifying a first computing node of the first network associated with the permission; and generating a network path between the first network and the second network by way of the private network, the network path being based at least in part on an address of the first computing node. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium comprising instructions that, upon execution on a system of a private network comprising a plurality of computing nodes, cause the system to perform operations comprising:
-
determining that a first entity associated with a first computing node of the plurality of computing nodes has allowed a second entity associated with a second computing node of the plurality of computing nodes to access the first computing node by way of the private network, wherein the first computing node is on a virtualized network that is isolated from the second computing node and wherein the first entity is different from the second entity, and wherein the virtualized network is inaccessible to the second computing node except by way of the address of the first computing node, the first computing node being previously inaccessible by the second computing node; identifying a compute resource of the first computing node that the first entity has allowed the second entity to access by way of the second computing node; and generating a network connection between the second computing node and the compute resource based at least in part on the identification of the compute resource, the network connection comprising a third computing node of the plurality of computing nodes. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification