Dynamic secured network in a cloud environment

US 9,331,998 B2
Filed: 03/14/2013
Issued: 05/03/2016
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method of managing an overlay network, performed by a management machine, comprising:

determining that a server or gateway provided by a cloud provider is to be added to said overlay network;

generating a temporary machine authentication token for said server or gateway;

receiving said temporary machine authentication token from said server or gateway and authenticating said server or gateway;

receiving at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and

providing a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway,wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, andwherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure presents systems, methods and computer program products relating to an overlay network in a cloud environment. A management machine may manage an overlay network. Machine(s), which may be provided by cloud provider(s), may be added to or removed from the overlay network. Data relating to a machine may be gathered and configuration data may be determined, for example when the machine is being added to the overlay network. A device associated with a user authorized for the overlay network may connect to the overlay network. The overlay network may include one or more secure tunnels wherein a private IP address or public IP address may encapsulate an overlay IP address.

12 Citations

View as Search Results

30 Claims

1. A method of managing an overlay network, performed by a management machine, comprising:
- determining that a server or gateway provided by a cloud provider is to be added to said overlay network;
  
  generating a temporary machine authentication token for said server or gateway;
  
  receiving said temporary machine authentication token from said server or gateway and authenticating said server or gateway;
  
  receiving at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and
  
  providing a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway,wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, andwherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - receiving said longer expiration machine authentication token from a different machine;
      
      determining that said longer expiration machine authentication token does not match said different machine; and
      
      acting in accordance with a procedure regarding a non-matching token.
  - 3. The method of claim 1, further comprising:
    - generating program code for requesting software for said server or gateway.
  - 4. The method of claim 1, wherein said at least one parameter associated with said server or gateway was gathered by said server or gateway and includes at least one of said private IP Address or said public IP address.
  - 5. The method of claim 1, further comprising:
    - receiving said replacement token during interaction with the server or gateway;
      
      comparing the at least one parameter included in said replacement token with at least one parameter of said server or gateway; and
      
      authenticating said server or gateway.

6. A management machine for managing an overlay network, said management machine comprising a processor and a non-transitory memory, the processor configured to execute instructions stored in the memory to:
- determine that a server or gateway provided by a cloud provider is to be added to said overlay network;
  
  generate a temporary machine authentication token for said server or gateway;
  
  receive said temporary machine authentication token from said server or gateway and authenticating said server or gateway;
  
  receive at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and
  
  provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway,wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, andwherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The management machine of claim 6, wherein said processor is further configured to execute instructions stored in the memory to:
    - receive said longer expiration machine authentication token from a different machine;
      
      determine that said longer expiration machine authentication token does not match said different machine; and
      
      act in accordance with a procedure regarding a non-matching token.
  - 8. The management machine of claim 6, wherein said processor is further configured to generate program code for requesting software for said server or gateway.
  - 9. The management machine of claim 6, wherein said at least one parameter associated with said server or gateway was gathered by said server or gateway and includes at least one of said private IP Address or said public IP address.
  - 10. The management machine of claim 6, wherein the processor is further configured to execute instructions to:
    - receive said replacement token during interaction with the server or gateway;
      
      compare the at least one parameter included in said replacement token with at least one parameter of said server or gateway; and
      
      authenticate said server or gateway.

11. A computer program product comprising a non-transitory machine useable medium having machine readable program code embodied therein for managing an overlay network, the computer program product comprising:
- machine readable program code for causing a machine to determine that a server or gateway provided by a cloud provider is to be added to said overlay network;
  
  machine readable program code for causing the machine to generate a temporary machine authentication token for said server or gateway;
  
  machine readable program code for causing the machine to receive said temporary machine authentication token from said server or gateway and to authenticate said server or gateway;
  
  machine readable program code for causing the machine to receive at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and
  
  machine readable program code for causing the machine to provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway,wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, andwherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11, further comprising:
    - machine readable program code for causing the machine to receive said longer expiration machine authentication token from a different server or gateway;
      
      machine readable program code for causing the machine to determine that said longer expiration machine authentication token does not match said different server or gateway; and
      
      machine readable program code for causing the machine to act in accordance with a procedure regarding a non-matching token.
  - 13. The computer program product of claim 11, further comprising:
    - machine readable program code for causing the machine to generate program code for requesting software for said server or gateway.
  - 14. The computer program product of claim 11, wherein said at least one parameter associated with said server or gateway was gathered by said server or gateway and includes at least one of said private IP Address or said public IP address.
  - 15. The computer program product of claim 11, further comprising:
    - machine readable program code for causing the machine to receive said replacement token during interaction with the server or gateway;
      
      machine readable program code for causing the machine to compare the at least one parameter included in said replacement token with at least one parameter of said server or gateway; and
      
      machine readable program code for causing the machine to authenticate said server or gateway.

16. A method of adding a server provided by a cloud provider to an overlay network, comprising:
- a device accessing management software in a management machine and indicating that a server provided by a cloud provider is to be added to an overlay network, thereby enabling the management machine to generate a temporary machine authentication token for said server, and the management machine to provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server to said server after receiving the temporary token from said server, after receiving at least one parameter associated with said server from said server, and after authenticating said server, wherein after said replacement token has been provided, said server connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server is used to encapsulate an overlay IP address that was allocated to said server.
- View Dependent Claims (17)
- - 17. The method of claim 16, further comprising:
    - the device providing the temporary token generated by the management machine to the server.

18. A device comprising a processor and a non-transitory memory, the processor configured to execute instructions stored in the memory to:
- access management software in a management machine andindicate that a server provided by a cloud provider is to be added to an overlay network, thereby causing the management machine, responsive to receipt of the indication from the device that the server is to be added,to generate a temporary machine authentication token for said server, andto provide a replacement longer expiration machine authentication token to said server that includes at least one received parameter associated with said server after receiving the temporary token from said server, after receiving at least one parameter associated with said server from said server, and after authenticating said server,wherein after said replacement token has been provided to said server, said server connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server is used to encapsulate an overlay IP address that was allocated to said server.
- View Dependent Claims (19)
- - 19. The device of claim 18, wherein said processor is further configured to execute instructions to provide the temporary token generated by the management machine to the server.

20. A computer program product comprising a non-transitory machine useable medium having machine readable program code embodied therein for adding a server provided by a cloud provider to an overlay network, the computer program product comprising:
- machine readable program code for causing a machine to access management software in a management machine and indicate that a server provided by a cloud provider is to be added to an overlay network, thereby enabling the management machine to generate a temporary machine authentication token for said server, and the management machine to provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server to said server after receiving the temporary token from said server, after receiving at least one parameter associated with said server from said server, and after authenticating said server, wherein after said replacement token has been provided, said server connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server is used to encapsulate an overlay IP address that was allocated to said server.
- View Dependent Claims (21)
- - 21. The computer program product of claim 20, further comprising:
    - machine readable program code for causing the machine to provide the temporary token generated by the management machine to the server.

22. A method of adding a server or gateway provided by a cloud provider to an overlay network, performed by said server or gateway, comprising:
- receiving a temporary machine authentication token generated by a management machine for said server or gateway, after said management machine has determined that said server or gateway is to be added to said overlay network;
  
  providing the temporary machine authentication token to the management machine;
  
  providing at least one parameter associated with said server or gateway to the management machine, each of said at least one parameter associated with said server or gateway being provided when providing said temporary token or after providing said temporary token;
  
  receiving a replacement longer expiration machine authentication token that includes at least one provided parameter associated with said server or gateway from said management machine; and
  
  connecting to the overlay network, including establishing at least one secure tunnel,herein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, further comprising:
    - providing said replacement token to the management machine during interaction with the management machine, thereby enabling the management machine to compare the at least one parameter included in said replacement token with at least one parameter of the server or gateway and authenticate the server or gateway.
  - 24. The method of claim 22, wherein said at least one parameter associated with said server or gateway was gathered by said server or gateway and includes at least one of said private IP Address or said public IP address.

25. A server or gateway comprising a processor and a non-transitory memory, provided by a cloud provider, the processor configured to execute instructions stored in the memory to:
- receive a temporary machine authentication token generated by a management machine for said server or gateway after said management machine has determined that said server or gateway is to be added to an overlay network;
  
  provide the temporary machine authentication token to the management machine;
  
  provide at least one parameter associated with said server or gateway to the management machine, each of said at least one parameter being provided when providing said temporary token or after providing said temporary token;
  
  provide a replacement longer expiration machine authentication token that includes at least one provided parameter associated with said server or gateway from said management machine; and
  
  connect to the overlay network, including establishing at least one secure tunnel, wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.
- View Dependent Claims (26, 27)
- - 26. The server or gateway of claim 25, wherein said server or gateway is further configured to:
    - provide said replacement token to the management machine during interaction with the management machine, thereby causing the management machine to compare the at least one parameter included in said replacement token with at least one parameter of said server or gateway and authenticate said server or gateway.
  - 27. The server or gateway of claim 25, wherein said at least one parameter associated with said server or gateway was gathered by said server or gateway and includes at least one of said private IP Address or said public IP address.

28. A computer program product comprising a non-transitory machine useable medium having machine readable program code embodied therein for adding a machine provided by a cloud provider to an overlay network, the computer program product comprising:
- machine readable program code for causing a machine to receive a temporary machine authentication token generated by a management machine for said machine after said management machine has determined that said machine is to be added to an overlay network;
  
  machine readable program code for causing the machine to provide the temporary machine authentication token to said management machine for authentication;
  
  machine readable program code for causing the machine to provide at least one parameter associated with said machine to said management machine, each of said at least one parameter being provided when providing said temporary token or after providing said temporary token;
  
  machine readable program code for causing the machine to receive a replacement longer expiration machine authentication token that includes at least one provided parameter associated with said machine from said management machine; and
  
  machine readable program code for causing the machine to connect to the overlay network, including establishing at least one secure tunnel, wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said machine is used to encapsulate an overlay IP address that was allocated to said machine.
- View Dependent Claims (29, 30)
- - 29. The computer program product of claim 28, further comprising:
    - machine readable program code for causing the machine to provide said replacement token to the management machine during interaction with the management machine, thereby enabling the management machine to compare the at least one parameter included in said replacement token with at least one parameter of said machine and authenticate said machine.
  - 30. The computer program product of claim 28, wherein said at least one parameter associated with said machine was gathered by said machine and includes at least one of said private IP Address or said public IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FortyCloud Ltd. (FireMon, LLC)
Original Assignee
FortyCloud Ltd. (FireMon, LLC)
Inventors
Singer, Noam, Naftali, Amir
Primary Examiner(s)
Patel, Nirav B

Application Number

US13/827,251
Publication Number

US 20140282817A1
Time in Patent Office

1,146 Days
Field of Search

726/9, 726/10, 726/12, 713/150
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 45/64   using an overlay routing layer

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/164   at the network layer

H04L 67/02   based on web technology, e....

H04L 67/56   Provisioning of proxy servi...

H04L 9/3213   using tickets or tokens, e....

Dynamic secured network in a cloud environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic secured network in a cloud environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links