Interconnecting external networks with overlay networks in a shared computing environment
First Claim
1. A computer-implemented method comprising:
- obtaining, by one or more processors, data from a first virtual network of a first tenant, a first identifier identifying the first tenant, data from a second virtual network of a second tenant, and a second identifier identifying the second tenant, wherein the first virtual network of the first tenant and the second virtual network of the second tenant are two of two or more virtual networks in a shared computing environment wherein the two or more virtual networks overlay a physical network, wherein each virtual network of the two or more virtual networks is a virtual network of a tenant;
based on obtaining the first identifier, setting, by the one or more processors, the first identifier in metadata of the data from the first virtual network;
based on obtaining the second identifier, setting, by the one or more processors, the second identifier in metadata of the data from the second virtual network;
based on the first identifier in the metadata, identifying, by the one or more processors, a network connection associated with the first tenant, and based on the second identifier in the metadata of the data from the second virtual network, identifying, by the one or more processors, the network connection associated with the second tenant, wherein the network connection associated with the first tenant and the network connection associated with the second tenant comprise a shared virtual private network tunnel over a public Internet connection, wherein the virtual private network tunnel is coupled to remote networks of at least two tenants of the two or more virtual networks, the remote networks of at least two tenants comprising a remote network of the first tenant and the remote network of the second tenant;
identifying, by the one or more processors, a policy of the network connection relevant to the first tenant and processing the data with the policy to create processed data from the first virtual network;
identifying, by the one or more processors, a policy of the network connection relevant to the second tenant and processing the data with the policy relevant to the second tenant to create processed data from the second virtual network; and
transmitting, by the one or more processors, the processed data from the first virtual network through the network connection to the remote network of the first tenant and the processed data from the second virtual network through the network connection to the remote network of the second tenant.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes obtaining, by one or more processor, data from a virtual network of a tenant and an identifier of the tenant, where the virtual network of the tenant is one of at least two virtual networks in a shared computing environment where the at least two virtual networks overlay a physical network. Based on obtaining the identifier of the tenant, the method includes setting, by one or more processor, the identifier in metadata of the data and based on the identifier in the metadata, identifying, by the one or more processor, a network connection associated with the tenant. The method also includes identifying, by the one or more processor, a policy of the network connection and processing the data with the policy to create processed data and transmitting, by the one or more processor, the processed data through the network connection.
23 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
obtaining, by one or more processors, data from a first virtual network of a first tenant, a first identifier identifying the first tenant, data from a second virtual network of a second tenant, and a second identifier identifying the second tenant, wherein the first virtual network of the first tenant and the second virtual network of the second tenant are two of two or more virtual networks in a shared computing environment wherein the two or more virtual networks overlay a physical network, wherein each virtual network of the two or more virtual networks is a virtual network of a tenant; based on obtaining the first identifier, setting, by the one or more processors, the first identifier in metadata of the data from the first virtual network; based on obtaining the second identifier, setting, by the one or more processors, the second identifier in metadata of the data from the second virtual network; based on the first identifier in the metadata, identifying, by the one or more processors, a network connection associated with the first tenant, and based on the second identifier in the metadata of the data from the second virtual network, identifying, by the one or more processors, the network connection associated with the second tenant, wherein the network connection associated with the first tenant and the network connection associated with the second tenant comprise a shared virtual private network tunnel over a public Internet connection, wherein the virtual private network tunnel is coupled to remote networks of at least two tenants of the two or more virtual networks, the remote networks of at least two tenants comprising a remote network of the first tenant and the remote network of the second tenant; identifying, by the one or more processors, a policy of the network connection relevant to the first tenant and processing the data with the policy to create processed data from the first virtual network; identifying, by the one or more processors, a policy of the network connection relevant to the second tenant and processing the data with the policy relevant to the second tenant to create processed data from the second virtual network; and transmitting, by the one or more processors, the processed data from the first virtual network through the network connection to the remote network of the first tenant and the processed data from the second virtual network through the network connection to the remote network of the second tenant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising:
a computer readable storage medium readable by one or more processors and storing instructions for execution by the one or more processors for performing a method comprising; obtaining, by the one or more processors, data from a first virtual network of a first tenant, a first identifier identifying the first tenant, data from a second virtual network of a second tenant, and a second identifier identifying the second tenant, wherein the first virtual network of the first tenant and the second virtual network of the second tenant are two of two or more virtual networks in a shared computing environment wherein the two or more virtual networks overlay a physical network, wherein each virtual network of the two or more virtual networks is a virtual network of a tenant; based on obtaining the first identifier, setting, by the one or more processors, the first identifier in metadata of the data from the first virtual network; based on obtaining the second identifier, setting, by the one or more processors, the second identifier in metadata of the data from the second virtual network; based on the first identifier in the metadata, identifying, by the one or more processors, a network connection associated with the first tenant, and based on the second identifier in the metadata of the data from the second virtual network, identifying, by the one or more processors, the network connection associated with the second tenant, wherein the network connection associated with the first tenant and the network connection associated with the second tenant comprise a shared virtual private network tunnel over a public Internet connection, wherein the virtual private network tunnel is coupled to remote networks of at least two tenants of the two or more virtual networks, the remote networks of at least two tenants comprising a remote network of the first tenant and the remote network of the second tenant; identifying, by the one or more processors, a policy of the network connection relevant to the first tenant and processing the data with the policy to create processed data from the first virtual network; identifying, by the one or more processors, a policy of the network connection relevant to the second tenant and processing the data with the policy relevant to the second tenant to create processed data from the second virtual network; and transmitting, by the one or more processors, the processed data from the first virtual network through the network connection to the remote network of the first tenant and the processed data from the second virtual network through the network connection to the remote network of the second tenant. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
19. A system comprising:
-
a memory; one or more processors in communication with the memory; and program instructions executable by the one or more processors via the memory to perform a method, the method comprising; obtaining, by the one or more processors, data from a first virtual network of a first tenant, a first identifier identifying the first tenant, data from a second virtual network of a second tenant, and a second identifier identifying the second tenant, wherein the first virtual network of the first tenant and the second virtual network of the second tenant are two of two or more virtual networks in a shared computing environment wherein the two or more virtual networks overlay a physical network, wherein each virtual network of the two or more virtual networks is a virtual network of a tenant; based on obtaining the first identifier, setting, by the one or more processors, the first identifier in metadata of the data from the first virtual network; based on obtaining the second identifier, setting, by the one or more processors, the second identifier in metadata of the data from the second virtual network; based on the first identifier in the metadata, identifying, by the one or more processors, a network connection associated with the first tenant, and based on the second identifier in the metadata of the data from the second virtual network, identifying, by the one or more processors, the network connection associated with the second tenant, wherein the network connection associated with the first tenant and the network connection associated with the second tenant comprise a shared virtual private network tunnel over a public Internet connection, wherein the virtual private network tunnel is coupled to remote networks of at least two tenants of the two or more virtual networks, the remote networks of at least two tenants comprising a remote network of the first tenant and the remote network of the second tenant; identifying, by the one or more processors, a policy of the network connection relevant to the first tenant and processing the data with the policy to create processed data from the first virtual network; identifying, by the one or more processors, a policy of the network connection relevant to the second tenant and processing the data with the policy relevant to the second tenant to create processed data from the second virtual network; and transmitting, by the one or more processors, the processed data from the first virtual network through the network connection to the remote network of the first tenant and the processed data from the second virtual network through the network connection to the remote network of the second tenant. - View Dependent Claims (20)
-
Specification