Virtual private networks distributed across multiple cloud-computing facilities
First Claim
1. A cloud-connector subsystem that provides a virtual private cloud operation for creating virtual private clouds distributed across a first and a second cloud-computing facility, the cloud- connector subsystem comprising:
- cloud-connector nodes associated with each of the first and second cloud-computing facilities; and
a cloud-connector server that includes one or more processors, one or more memories, one or more data-storage devices, and computer instructions that, when executed on the one or more processors, control the cloud-connector server to provide, in cooperation with the cloud- connector nodes, a virtual-private-cloud-creation operation thatsecurely interconnects a first organization edge appliance associated with a first virtual organization network within the first cloud-computing facility to a second organization edge appliance associated with a second virtual organization network within the second cloud-computing facility using an Internet-protocol-secure tunnel or a secure-socket-layer secure tunnel between the first and second organization edge appliances, each of the first and second organization edge appliances perform the steps of;
receiving virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies from the cloud-connector server;
internally storing the received virtual-private-network IP addresses in routing tables;
distributing a portion of the virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies received from the cloud-connector server to additional edge appliances connected to the virtual organization network with which the organization edge appliance is associated; and
providing a firewall that isolates a sub-network within each respective cloud-computing facility from a network external to each respective cloud-computing facility;
distributes internal IP virtual-private-network addresses to the first and second cloud-computing facilities for use by two or more virtual-private-cloud members that execute within the first and second cloud-computing facilities to communicate over the virtual private network; and
configures organization-edge appliances and edge appliances associated with virtual appliances within the first and second cloud-computing facilities to route packets transmitted by the two or more virtual-private-cloud members through the virtual private network.
2 Assignments
0 Petitions
Accused Products
Abstract
The current document discloses methods and systems for extending an internal network within a first cloud-computing facility to a second cloud-computing facility and using the extended internal network as a basis for creating virtual private clouds distributed across multiple cloud-computing facilities. In one implementation, a pool of IP addresses is allocated and distributed to end appliances of the first and second cloud-computing facilities. In this implementation, the internal network is extended via a secure tunnel between end appliances in the first and second cloud-computing facilities and the end appliances of the extended internal network are configured to route messages transmitted by a first member of the virtual private cloud executing on a first cloud-computing facility to a second member of the virtual private cloud executing on a second cloud-computing facility through the secure tunnel.
22 Citations
16 Claims
-
1. A cloud-connector subsystem that provides a virtual private cloud operation for creating virtual private clouds distributed across a first and a second cloud-computing facility, the cloud- connector subsystem comprising:
-
cloud-connector nodes associated with each of the first and second cloud-computing facilities; and a cloud-connector server that includes one or more processors, one or more memories, one or more data-storage devices, and computer instructions that, when executed on the one or more processors, control the cloud-connector server to provide, in cooperation with the cloud- connector nodes, a virtual-private-cloud-creation operation that securely interconnects a first organization edge appliance associated with a first virtual organization network within the first cloud-computing facility to a second organization edge appliance associated with a second virtual organization network within the second cloud-computing facility using an Internet-protocol-secure tunnel or a secure-socket-layer secure tunnel between the first and second organization edge appliances, each of the first and second organization edge appliances perform the steps of; receiving virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies from the cloud-connector server; internally storing the received virtual-private-network IP addresses in routing tables; distributing a portion of the virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies received from the cloud-connector server to additional edge appliances connected to the virtual organization network with which the organization edge appliance is associated; and providing a firewall that isolates a sub-network within each respective cloud-computing facility from a network external to each respective cloud-computing facility; distributes internal IP virtual-private-network addresses to the first and second cloud-computing facilities for use by two or more virtual-private-cloud members that execute within the first and second cloud-computing facilities to communicate over the virtual private network; and configures organization-edge appliances and edge appliances associated with virtual appliances within the first and second cloud-computing facilities to route packets transmitted by the two or more virtual-private-cloud members through the virtual private network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method that creates a virtual private cloud distributed across a first and a second cloud- computing facility that include cloud-connector nodes associated with each of the first and second cloud-computing facilities and a cloud-connector server that includes one or more processors, one or more memories, one or more data-storage devices, and computer instructions that are executed on the one or more processors control the cloud-connector server to provide, in cooperation with the cloud-connector nodes, a virtual-private-cloud-creation operation, the method comprising:
-
securely interconnecting a first organization edge appliance associated with a first virtual organization network within the first cloud-computing facility to a second organization edge appliance associated with a second virtual organization network within the second cloud-computing facility using an Internet-protocol-secure tunnel or a secure-socket-layer secure tunnel between the first and second organization edge appliances, each of the first and second organization edge appliances perform the steps of; receiving virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies from the cloud-connector server; internally storing the received virtual-private-network IP addresses in routing labels; distributing a portion of the virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies received from the cloud-connector server to additional edge appliances connected to the virtual or organization network with which the organization edge appliance is associated; and providing a firewall that isolates a sub-network within each respective cloud-computing facility from a network external to each respective cloud-computing facility; distributing internal IP virtual-private-network addresses to the first and second cloud-computing facilities for use by two or more virtual-private-cloud members that execute within the first and second cloud-computing facilities to communicate over the virtual private network; and configuring organization-edge appliances and edge appliances associated with virtual appliances within the first and second cloud-computing facilities to route packets transmitted by virtual-private-cloud members through the virtual private network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Computer instructions stored on a memory device that, when executed one or more processors of a cloud-connector server that includes the one or more processors, one or more memories, and one or more data-storage devices that include the physical data-storage device, control the cloud-connector server to create a virtual private cloud distributed across a first and a second cloud-computing facility, carried out in a cloud-connector subsystem that includes cloud-connector nodes associated with each of the first and second cloud-computing facilities and the cloud-connector server, by:
-
securely interconnecting a first organization edge appliance associated with a first virtual organization network within the first cloud-computing facility to a second organization edge appliance associated with a second virtual organization network within the second cloud-computing facility using an Internet-protocol-secure tunnel or a secure-socket-layer secure tunnel between the first and second organization edge appliances, each of the first and second organization edge appliances perform the steps of; receiving virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies from the cloud-connector server; internally storing the received virtual-private-network IP addresses in routing tables; distributing a portion of the virtual-private-network IP addresses and virtual-private-network configuration information, rules, and policies received from the cloud-connector server to additional edge appliances connected to the virtual organization network with which the organization edge appliance is associated; and providing a firewall that isolates a sub-network within each respective cloud-computing facility from a network external to each respective cloud-computing facility; distributing internal IP virtual-private-network addresses to the first and second cloud-computing facilities for use by two or more virtual-private-cloud members that execute within the first and second cloud-computing facilities to communicate over the virtual private network; and configuring organization-edge appliances and edge appliances associated with virtual appliances within the first and second cloud-computing facilities to route packets transmitted by the two or more virtual-private-cloud members through the virtual private network. - View Dependent Claims (16)
-
Specification