MANAGING COMMUNICATIONS BETWEEN COMPUTING NODES
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for managing communications between multiple intercommunicating computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, users may specify groups of computing nodes and optionally associated access policies for use in the managing of the communications for those groups, such as by specifying which source nodes are allowed to transmit data to particular destinations nodes. In addition, determinations of whether initiated data transmissions from source nodes to destination nodes are authorized may be dynamically negotiated for and recorded for later use in automatically authorizing future such data transmissions without negotiation. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.
50 Citations
58 Claims
-
1-9. -9. (canceled)
-
10. A computer-implemented method for managing outgoing data transmissions from multiple virtual machine nodes, the method comprising:
-
receiving multiple indications of outgoing transmissions of data being initiated by multiple source nodes that are each one of multiple virtual machines hosted by a host computing system, each indicated data transmission being from one of the source nodes to a remote destination node; and for each initiated outgoing transmission of data from a source node to a remote destination node, automatically determining if authorization already exists for transmissions from the source node to the destination node, the automatic determining being performed by the host computing system; if authorization does not already exist for transmissions from the source node to the destination node, attempting to obtain authorization by automatically initiating a negotiation for authorization to transmit to the destination node, the automatic initiating being performed by the host computing system and including sending a request with information regarding the source node to a recipient associated with the destination node; and if the authorization is obtained from the negotiation, transmitting the data to the destination node on behalf of the source node and storing an indication of the obtained authorization for use in authorizing future transmissions of data from the source node to the destination node without negotiation. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
20-21. -21. (canceled)
-
47. A non-transitory computer-readable medium whose contents configure a computing device to manage data transmissions for a node, by performing a method comprising:
-
receiving an indication of a transmission of data initiated from a sending node to a remote destination node; preventing the data from being transmitted to the destination node while automatically determining whether the data transmission is authorized, the automatic determining being performed by the configured computing device and including initiating a negotiation for authorization with another computing device associated with the remote destination node; and if the negotiated authorization is obtained, allowing data to be transmitted to the destination node. - View Dependent Claims (48, 49, 50, 52)
-
-
51. (canceled)
-
53. A computing system configured to manage data transmissions from multiple computing nodes, the computing system comprising:
-
a memory; and multiple hosted virtual machines that each act as an independent computing node and execute at least one application program in a portion of the memory allocated to that virtual machine, one of the hosted virtual machine computing nodes being configured to manage data transmissions from the other hosted virtual machine computing nodes by; detecting indications of transmissions of data sent from the other hosted virtual machine computing nodes to other destination computing nodes that are not hosted by the computing system; for each detected indication of a data transmission sent by one of the other hosted virtual machine computing nodes to a destination computing node, preventing the data transmission until authorization is obtained for the one other hosted virtual machine computing node to send the indicated data transmission to the destination computing node; sending a request to the destination computing node for the authorization; and after receiving a reply indicating the authorization, allowing one or more data transmissions to be sent to the destination computing node from the one other hosted virtual machine computing node. - View Dependent Claims (54, 55, 56, 57, 58)
-
Specification