Methods and apparatus for providing a secure overlay network between clouds
First Claim
1. A communication network having a plurality of virtual machines (“
- VMs”
), comprising;
a first private cloud configured to provide network services to a plurality of users, the first private cloud comprising a first edge input and output (“
I/O”
) port into and out of the first private cloud, the first private cloud further comprising a first server inside the first private cloud, the first server having a first interior I/O port;
a public cloud configured to provide cloud computing service to users, the public cloud comprising a second edge I/O port into and out of the public cloud, the public cloud further comprising a second server inside the public cloud, the second server having a second interior I/O port;
a communications network connecting the first edge I/O port of the first private cloud to the second edge I/O port of the public cloud;
an orchestrator coupled to the first private cloud and the public cloud, wherein the orchestrator is configured to establish a first point-to-point connection laid over the communications network for logically direct communication between the first interior I/O port of the first server inside the first private cloud and the second interior I/O port of the second server inside the public cloud in accordance with a network security protocol, wherein the orchestrator comprises a computer processor; and
a second private cloud coupled to the first private cloud and configured to provide network services to a plurality of users, wherein the orchestrator is configured to generate a second point-to-point connection between a first I/O port of the first server and a third I/O port of a third server in the second private cloud, wherein the orchestrator is configured to generate a third point-to-point connection between a second I/O port of the second server in the public cloud and the third I/O port of the third server in the second private cloud.
6 Assignments
0 Petitions
Accused Products
Abstract
A process capable of automatically establishing a secure overlay network (“SON”) across different clouds is disclosed. The process, in one aspect, receives a first request from a first node in a first cloud for establishing a SON. After receiving a second request for connecting to the SON from a second node in a second cloud, a first connection is established connecting between the first node and the second node utilizing a network security protocol such as Internet Protocol Security (“IPSec”). After receiving a third request for connecting to the SON from a third node in a third cloud, a second connection is used to connect between the first node and the third node. A third connection is used to connect between the second node and the third node. Each subsequent request for connecting to the SON from a new node results in new connections between the new node and each existing node in the SON forming a full-mesh.
-
Citations
14 Claims
-
1. A communication network having a plurality of virtual machines (“
- VMs”
), comprising;a first private cloud configured to provide network services to a plurality of users, the first private cloud comprising a first edge input and output (“
I/O”
) port into and out of the first private cloud, the first private cloud further comprising a first server inside the first private cloud, the first server having a first interior I/O port;a public cloud configured to provide cloud computing service to users, the public cloud comprising a second edge I/O port into and out of the public cloud, the public cloud further comprising a second server inside the public cloud, the second server having a second interior I/O port; a communications network connecting the first edge I/O port of the first private cloud to the second edge I/O port of the public cloud; an orchestrator coupled to the first private cloud and the public cloud, wherein the orchestrator is configured to establish a first point-to-point connection laid over the communications network for logically direct communication between the first interior I/O port of the first server inside the first private cloud and the second interior I/O port of the second server inside the public cloud in accordance with a network security protocol, wherein the orchestrator comprises a computer processor; and a second private cloud coupled to the first private cloud and configured to provide network services to a plurality of users, wherein the orchestrator is configured to generate a second point-to-point connection between a first I/O port of the first server and a third I/O port of a third server in the second private cloud, wherein the orchestrator is configured to generate a third point-to-point connection between a second I/O port of the second server in the public cloud and the third I/O port of the third server in the second private cloud. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- VMs”
-
10. A method for generating network connections between cloud computing managed by an orchestrator, comprising:
-
presenting a dashboard including an option of creating a secure overlay network (“
SON”
) to a user by the orchestrator via a communication network, wherein the orchestrator comprises a computer processor;receiving over the communication network a first selection requesting a first SON for a point-to-point connection from a first interior input and output (“
I/O”
) port of a first virtual server inside a first cloud;receiving over the communication network a second selection requesting the first SON and a second SON from a second interior I/O port of a second virtual server inside a second cloud; establishing a first point-to-point logically direct connection laid over an existing network between the first interior I/O port of the first virtual server and the second interior I/O port of the second virtual server in accordance with the first SON utilizing a network security protocol, wherein the existing network connects a first edge I/O port of the first cloud to a second edge I/O port of the second cloud; receiving a third selection requesting the second SON from a third virtual server in a third cloud and establishing a second point-to-point connection between the second virtual server in the second cloud and the third virtual server in the third cloud in accordance with the second SON utilizing Internet Protocol Security (“
IPsec”
); andreceiving a fourth selection requesting the first SON and the second SON from a fourth virtual server in a fourth cloud and establishing a third point-to-point connection between the fourth virtual server in the fourth cloud and the third virtual server in the third cloud in accordance with the second SON utilizing Internet Protocol Security (“
IPsec”
). - View Dependent Claims (11, 12, 13, 14)
-
Specification