Dynamic secured network in a cloud environment
First Claim
1. A method of managing an overlay network, performed by a management machine, comprising:
- determining that a server or gateway provided by a cloud provider is to be added to said overlay network;
generating a temporary machine authentication token for said server or gateway;
receiving said temporary machine authentication token from said server or gateway and authenticating said server or gateway;
receiving at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and
providing a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway,wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, andwherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure presents systems, methods and computer program products relating to an overlay network in a cloud environment. A management machine may manage an overlay network. Machine(s), which may be provided by cloud provider(s), may be added to or removed from the overlay network. Data relating to a machine may be gathered and configuration data may be determined, for example when the machine is being added to the overlay network. A device associated with a user authorized for the overlay network may connect to the overlay network. The overlay network may include one or more secure tunnels wherein a private IP address or public IP address may encapsulate an overlay IP address.
12 Citations
30 Claims
-
1. A method of managing an overlay network, performed by a management machine, comprising:
-
determining that a server or gateway provided by a cloud provider is to be added to said overlay network; generating a temporary machine authentication token for said server or gateway; receiving said temporary machine authentication token from said server or gateway and authenticating said server or gateway; receiving at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and providing a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway, wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A management machine for managing an overlay network, said management machine comprising a processor and a non-transitory memory, the processor configured to execute instructions stored in the memory to:
-
determine that a server or gateway provided by a cloud provider is to be added to said overlay network; generate a temporary machine authentication token for said server or gateway; receive said temporary machine authentication token from said server or gateway and authenticating said server or gateway; receive at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway, wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product comprising a non-transitory machine useable medium having machine readable program code embodied therein for managing an overlay network, the computer program product comprising:
-
machine readable program code for causing a machine to determine that a server or gateway provided by a cloud provider is to be added to said overlay network; machine readable program code for causing the machine to generate a temporary machine authentication token for said server or gateway; machine readable program code for causing the machine to receive said temporary machine authentication token from said server or gateway and to authenticate said server or gateway; machine readable program code for causing the machine to receive at least one parameter associated with said server or gateway from said server or gateway, each of said at least one parameter being received when receiving said temporary token or after receiving said temporary token; and machine readable program code for causing the machine to provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server or gateway to said server or gateway, wherein after said replacement token has been provided, said server or gateway connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method of adding a server provided by a cloud provider to an overlay network, comprising:
a device accessing management software in a management machine and indicating that a server provided by a cloud provider is to be added to an overlay network, thereby enabling the management machine to generate a temporary machine authentication token for said server, and the management machine to provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server to said server after receiving the temporary token from said server, after receiving at least one parameter associated with said server from said server, and after authenticating said server, wherein after said replacement token has been provided, said server connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server is used to encapsulate an overlay IP address that was allocated to said server. - View Dependent Claims (17)
-
18. A device comprising a processor and a non-transitory memory, the processor configured to execute instructions stored in the memory to:
-
access management software in a management machine and indicate that a server provided by a cloud provider is to be added to an overlay network, thereby causing the management machine, responsive to receipt of the indication from the device that the server is to be added, to generate a temporary machine authentication token for said server, and to provide a replacement longer expiration machine authentication token to said server that includes at least one received parameter associated with said server after receiving the temporary token from said server, after receiving at least one parameter associated with said server from said server, and after authenticating said server, wherein after said replacement token has been provided to said server, said server connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server is used to encapsulate an overlay IP address that was allocated to said server. - View Dependent Claims (19)
-
-
20. A computer program product comprising a non-transitory machine useable medium having machine readable program code embodied therein for adding a server provided by a cloud provider to an overlay network, the computer program product comprising:
- machine readable program code for causing a machine to access management software in a management machine and indicate that a server provided by a cloud provider is to be added to an overlay network, thereby enabling the management machine to generate a temporary machine authentication token for said server, and the management machine to provide a replacement longer expiration machine authentication token that includes at least one received parameter associated with said server to said server after receiving the temporary token from said server, after receiving at least one parameter associated with said server from said server, and after authenticating said server, wherein after said replacement token has been provided, said server connects to the overlay network, including establishing at least one secure tunnel, and wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server is used to encapsulate an overlay IP address that was allocated to said server.
- View Dependent Claims (21)
-
22. A method of adding a server or gateway provided by a cloud provider to an overlay network, performed by said server or gateway, comprising:
-
receiving a temporary machine authentication token generated by a management machine for said server or gateway, after said management machine has determined that said server or gateway is to be added to said overlay network; providing the temporary machine authentication token to the management machine; providing at least one parameter associated with said server or gateway to the management machine, each of said at least one parameter associated with said server or gateway being provided when providing said temporary token or after providing said temporary token; receiving a replacement longer expiration machine authentication token that includes at least one provided parameter associated with said server or gateway from said management machine; and connecting to the overlay network, including establishing at least one secure tunnel, herein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway. - View Dependent Claims (23, 24)
-
-
25. A server or gateway comprising a processor and a non-transitory memory, provided by a cloud provider, the processor configured to execute instructions stored in the memory to:
-
receive a temporary machine authentication token generated by a management machine for said server or gateway after said management machine has determined that said server or gateway is to be added to an overlay network; provide the temporary machine authentication token to the management machine; provide at least one parameter associated with said server or gateway to the management machine, each of said at least one parameter being provided when providing said temporary token or after providing said temporary token; provide a replacement longer expiration machine authentication token that includes at least one provided parameter associated with said server or gateway from said management machine; and connect to the overlay network, including establishing at least one secure tunnel, wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said server or gateway is used to encapsulate an overlay IP address that was allocated to said server or gateway. - View Dependent Claims (26, 27)
-
-
28. A computer program product comprising a non-transitory machine useable medium having machine readable program code embodied therein for adding a machine provided by a cloud provider to an overlay network, the computer program product comprising:
-
machine readable program code for causing a machine to receive a temporary machine authentication token generated by a management machine for said machine after said management machine has determined that said machine is to be added to an overlay network; machine readable program code for causing the machine to provide the temporary machine authentication token to said management machine for authentication; machine readable program code for causing the machine to provide at least one parameter associated with said machine to said management machine, each of said at least one parameter being provided when providing said temporary token or after providing said temporary token; machine readable program code for causing the machine to receive a replacement longer expiration machine authentication token that includes at least one provided parameter associated with said machine from said management machine; and machine readable program code for causing the machine to connect to the overlay network, including establishing at least one secure tunnel, wherein for any secure tunnel a private Internet Protocol (IP) address or a public IP address of said machine is used to encapsulate an overlay IP address that was allocated to said machine. - View Dependent Claims (29, 30)
-
Specification