Dynamic, load-based, auto-scaling network security microservices architecture

US 9,716,617 B1
Filed: 06/14/2016
Issued: 07/25/2017
Est. Priority Date: 06/14/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice;

configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane;

configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices;

configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and

processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy;

passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and

processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System, methods, and apparatuses used to monitor network traffic of a datacenter and report security threats are described. For example, one embodiment scales out a hierarchy of microservices in a security system. In particular, the embodiment calls for scaling out a hierarchy of microservices in such a security system, creating a new microservice of a first hierarchy, configuring data plane connectivity between the new microservice and a microservice of a second, higher-level hierarchy; configuring data plane connectivity between the new microservice and a microservice of a third, lower-level hierarchy; and configuring the microservices of the third level of hierarchy to include the new microservice in load balancing decisions to the first hierarchy.

Citations

16 Claims

1. A computer-implemented method comprising:
- creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice;
  
  configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane;
  
  configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices;
  
  configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and
  
  processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy;
  
  passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and
  
  processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1 wherein the first microservice is created by an existing microservice.
  - 3. The computer-implemented method of claim 2 wherein the existing microservice is a configuration microservice.
  - 4. The computer-implemented method of claim 2 wherein the first security and existing microservices communicate over a backplane.
  - 5. The computer-implemented method of claim 1 wherein the load balancing decision utilizes information from microservices of a higher-level hierarchy than the first hierarchy.
  - 6. The computer-implemented method of claim 1 wherein data plane connectivity is configured through communication on a backplane.
  - 7. The computer-implemented method of claim 1 wherein a backplane and data plane comprise managed networks.

8. A non-transitory computer-readable medium storing instructions, which when executed by a hardware processor cause the processor to perform a method, the method comprising:
- creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice;
  
  configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane;
  
  configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices;
  
  configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and
  
  processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy;
  
  passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and
  
  processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The non-transitory computer-readable medium of claim 8 wherein the first microservice is created by an existing microservice.
  - 10. The non-transitory computer-readable medium of claim 9 wherein the existing microservice is a configuration microservice.
  - 11. The non-transitory computer-readable medium of claim 9 wherein the first security and existing microservices communicate over a backplane.
  - 12. The non-transitory computer-readable medium of claim 8 wherein the load balancing decisions utilize information from microservices of a higher-level hierarchy than the first hierarchy.
  - 13. The non-transitory computer-readable medium of claim 8 wherein data plane connectivity is configured through communication on a backplane.

14. An apparatus comprising:
- a hardware processor to execute instructions; and
  
  memory coupled to the processor, the memory to store instructions which when executed by the processor cause;
  
  creating a first security microservice of a first level of a hierarchy of security microservices to scale up the first level of the hierarchy, wherein there exists, prior to a creation of the first security microservice, a microservice of a same hierarchy level as the first microservice;
  
  configuring data plane connectivity between the first security microservice and a second security microservice of a second, higher-level of a hierarchy of security microservices, wherein any new security microservice of the hierarchy is configured to use the data plane;
  
  configuring data plane connectivity between the first security microservice and a third security microservice of a third, lower-level of the hierarchy of security microservices;
  
  configuring at least one microservice of the third, lower-level of the hierarchy of security microservices to include information from the first microservice in load balancing decisions to the first level of the hierarchy of security microservices; and
  
  processing a packet from a flow of packets with a security microservice of the third, lower-level of the hierarchy;
  
  passing the processed packet from the security microservice of the third, lower-level of the hierarchy to the first security microservice; and
  
  processing a processed packet with the first security microservice, wherein each level of the hierarchy of security microservices performs a different security operation.
- View Dependent Claims (15, 16)
- - 15. The apparatus of claim 14, wherein the microservices communicate over a virtual backplane.
  - 16. The apparatus of claim 14, the load balancing decisions utilize information from microservices of a higher-level hierarchy than the first hierarchy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
ShieldX Networks, Inc. (Fortinet Inc.)
Inventors
Ahuja, Ratinder Paul Singh, Nedbal, Manuel
Primary Examiner(s)
Sall, El Hadji

Application Number

US15/182,573
Time in Patent Office

406 Days
Field of Search

709200, 709223, 709220
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 41/08   Configuration management of...

H04L 41/0803   Configuration setting

H04L 41/0816   the condition being an adap...

H04L 41/0895   Configuration of virtualise...

H04L 63/0227   Filtering policies mail mes...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04L 67/1001   for accessing one among a p...

H04L 67/1031   Controlling of the operatio...

H04L 67/51   Discovery or management the...

Dynamic, load-based, auto-scaling network security microservices architecture

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic, load-based, auto-scaling network security microservices architecture

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links