Replicating firewall policy across multiple data centers
First Claim
1. A method of replicating firewall rules across a plurality of data centers, each data center comprising a set of hosts and a network manager, each host configured to host a set of data compute nodes (DCNs), the method comprising:
- identifying a first DCN on a host in a primary data center, the first DCN associated with a set of global firewall rules utilizing unique identifiers recognized by the network manager of each data center;
allocating storage for a second DCN on a host in a secondary data center to replicate the first DCN;
prior to the second DCN being powered on, replicating the set of global firewall rules associated with the first DCN into the storage allocated for the second DCN; and
in response to receiving an indication that the second DCN is powered on, and enforcing the set of global firewall rules for the second DCN using the replicated set of global firewall rules.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of replicating firewall rules across a group of data centers. Each data center includes a set of hosts and a network manager. Each host is configured to host a set of data compute nodes (DCNs). The method identifies a first DCN on a host in a primary data center. The first DCN is associated with a set of global firewall rules utilizing unique identifiers recognized by the network manager of each data center. The method allocates storage for a second DCN on a host in a secondary data center to replicate the first DCN. The method replicates the set of global firewall rules associated with the first DCN into the storage allocated for the second DCN. The method receives an indication that the second DCN is powered on. The method enforces the set of global firewall rules for the second DCN by using the replicated global firewall rules.
-
Citations
22 Claims
-
1. A method of replicating firewall rules across a plurality of data centers, each data center comprising a set of hosts and a network manager, each host configured to host a set of data compute nodes (DCNs), the method comprising:
-
identifying a first DCN on a host in a primary data center, the first DCN associated with a set of global firewall rules utilizing unique identifiers recognized by the network manager of each data center; allocating storage for a second DCN on a host in a secondary data center to replicate the first DCN; prior to the second DCN being powered on, replicating the set of global firewall rules associated with the first DCN into the storage allocated for the second DCN; and in response to receiving an indication that the second DCN is powered on, and enforcing the set of global firewall rules for the second DCN using the replicated set of global firewall rules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory machine readable medium storing a program that when executed by at least one processing unit replicates firewall rules across a plurality of data centers, each data center comprising a set of hosts and a network manager, each host configured to host a set of data compute nodes (DCNs), the program comprising sets of instructions for:
-
identifying a first DCN on a host in a primary data center, the first DCN associated with a set of global firewall rules utilizing unique identifiers recognized by the network manager of each data center; allocating storage for a second DCN on a host in a secondary data center to replicate the first DCN; replicating, prior to the second DCN being powered on, the set of global firewall rules associated with the first DCN into the storage allocated for the second DCN; and enforcing, in response to receiving an indication that the second DCN is powered on, the set of global firewall rules for the second DCN using the replicated set of global firewall rules. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
a plurality of data centers, each data center comprising; a network manager; a set of hosts configured to host a set of data compute nodes (DCN); and a site recovery manager configured to; identify a first DCN on a host in a primary data center, the first DCN associated with a set of global firewall rules utilizing unique identifiers recognized by the network manager of each data center; allocate storage for a second DCN on a host in a secondary data center to replicate the first DCN; replicate, prior to powering on the second DCN, the set of global firewall rules associated with the first DCN into the storage allocated for the second DCN; and enforce, in response to receiving an indication that the second DCN is powered on, the set of global firewall rules for the second DCN using the replicated set of global firewall rules. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
Specification