Methods and systems for providing security to distributed microservices
First Claim
1. A system providing secure virtual boundaries for microservices, the system comprising:
- a plurality of hardware processors, anda plurality of memories to process;
a microservice, the microservice comprising a plurality of distributed microservice components, each of the plurality of distributed microservice components communicating with others of the plurality of distributed microservice components, the plurality of distributed microservice components operating collectively to provide a service, the service being at least one of a game, a media service, and an e-commerce application, the plurality of distributed microservice components including;
a first microservice component being at least one of a first web service, a first application, and a first database, the first microservice component associated with a first workload, the first workload being executed on at least one of a first physical server and a first virtual machine; and
a second microservice component being at least one of a second web service, a second application, and a second database, the second microservice component associated with a second workload, the second workload being executed on at least one of a second physical server and a second virtual machine;
a plurality of enforcement points positioned in association with the plurality of distributed microservice components to define a secure virtual boundary around the plurality of distributed microservice components, the plurality of enforcement points including;
a first enforcement point communicatively coupled to the first microservice component, the first enforcement point performing a first analysis on first network traffic associated with the first microservice component and throttling at least some of the first network traffic using the first analysis; and
a second enforcement point communicatively coupled to the second microservice component, the second enforcement point performing a second analysis on second network traffic associated with the second microservice component and throttling at least some of the second network traffic using the second analysis; and
a director module that manages sessions and settings of the plurality of distributed microservice components within the secure virtual boundary.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems for providing security to distributed microservices are provided herein. In some embodiments, a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. At least a portion of the distributed microservice components execute on different physical or virtual servers in a data center or a cloud. The system also includes a plurality of logical security boundaries, with each of the plurality of logical security boundaries being created by a plurality of enforcement points positioned in association with the plurality of distributed microservice components. Each of plurality of microservices is bounded by one of the plurality of logical security boundaries.
166 Citations
16 Claims
-
1. A system providing secure virtual boundaries for microservices, the system comprising:
-
a plurality of hardware processors, and a plurality of memories to process; a microservice, the microservice comprising a plurality of distributed microservice components, each of the plurality of distributed microservice components communicating with others of the plurality of distributed microservice components, the plurality of distributed microservice components operating collectively to provide a service, the service being at least one of a game, a media service, and an e-commerce application, the plurality of distributed microservice components including; a first microservice component being at least one of a first web service, a first application, and a first database, the first microservice component associated with a first workload, the first workload being executed on at least one of a first physical server and a first virtual machine; and a second microservice component being at least one of a second web service, a second application, and a second database, the second microservice component associated with a second workload, the second workload being executed on at least one of a second physical server and a second virtual machine; a plurality of enforcement points positioned in association with the plurality of distributed microservice components to define a secure virtual boundary around the plurality of distributed microservice components, the plurality of enforcement points including; a first enforcement point communicatively coupled to the first microservice component, the first enforcement point performing a first analysis on first network traffic associated with the first microservice component and throttling at least some of the first network traffic using the first analysis; and a second enforcement point communicatively coupled to the second microservice component, the second enforcement point performing a second analysis on second network traffic associated with the second microservice component and throttling at least some of the second network traffic using the second analysis; and a director module that manages sessions and settings of the plurality of distributed microservice components within the secure virtual boundary. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for providing a logical security boundary for microservices using a plurality of hardware processors executing instructions stored in a plurality of memories, the method comprising:
-
locating a plurality of distributed microservice components that belong to associated with a microservice, each of the plurality of distributed microservice components communicating with others of the plurality of distributed microservice components, the plurality of distributed microservice components operating collectively to provide a service, the service being at least one of a game, a media service, and an e-commerce application, the plurality of distributed microservice components including; a first microservice component being at least one of a first web service, a first application, and a first database, the first microservice component associated with a first workload, the first workload being executed on at least one of a first physical server and a first virtual machine; and a second microservice component being at least one of a second web service, a second application, and a second database, the second microservice component associated with a second workload, the second workload being executed on at least one of a second physical server and a second virtual machine; provisioning a plurality of logical enforcement points around the plurality of distributed microservice components, the plurality of logical enforcement points including; a first logical enforcement point communicatively coupled to the first microservice component, the first logical enforcement point performing a first analysis on first network traffic associated with the first microservice component and throttling at least some of the first network traffic using the first analysis; and a second logical enforcement point communicatively coupled to the second microservice component, the second logical enforcement point performing a second analysis on second network traffic associated with the second microservice component and throttling at least some of the second network traffic using the second analysis; and forming a logical security boundary using the plurality of logical enforcement points. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification