Managing communications between computing nodes
First Claim
1. A computer-implemented method for managing outgoing data transmissions, the method comprising:
- receiving, by a transmission manager associated with a host computing system, an indication of an outgoing transmissions of data being initiated by a virtual machines hosted by the host computing system, the outgoing transmission of data indicating a destination node;
determining, by the transmission manager, if authorization already exists for transmissions from the virtual machine to the destination node;
if authorization does not already exist for transmissions from the virtual machine to the destination node, initiating, by the transmission manager, a negotiation for authorization to transmit to the destination node, the initiating including sending a request with information regarding the virtual machine to a recipient associated with the destination node; and
if the authorization is obtained, transmitting the data to the destination node on behalf of the virtual machine and storing an indication of the obtained authorization for use in authorizing future transmissions of data from the virtual machine to the destination node.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for managing communications between multiple intercommunicating computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, users may specify groups of computing nodes and optionally associated access policies for use in the managing of the communications for those groups, such as by specifying which source nodes are allowed to transmit data to particular destinations nodes. In addition, determinations of whether initiated data transmissions from source nodes to destination nodes are authorized may be dynamically negotiated for and recorded for later use in automatically authorizing future such data transmissions without negotiation. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.
35 Citations
46 Claims
-
1. A computer-implemented method for managing outgoing data transmissions, the method comprising:
-
receiving, by a transmission manager associated with a host computing system, an indication of an outgoing transmissions of data being initiated by a virtual machines hosted by the host computing system, the outgoing transmission of data indicating a destination node; determining, by the transmission manager, if authorization already exists for transmissions from the virtual machine to the destination node; if authorization does not already exist for transmissions from the virtual machine to the destination node, initiating, by the transmission manager, a negotiation for authorization to transmit to the destination node, the initiating including sending a request with information regarding the virtual machine to a recipient associated with the destination node; and if the authorization is obtained, transmitting the data to the destination node on behalf of the virtual machine and storing an indication of the obtained authorization for use in authorizing future transmissions of data from the virtual machine to the destination node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A non-transitory computer-readable medium whose contents configure a computing device to manage data transmissions for a node, by performing a method comprising:
-
receiving an indication of an outgoing transmission of data being initiated by a virtual machine hosted by the computing device, the outgoing transmission of data indicating a destination node; determining if authorization already exists for transmissions from the virtual machine to the destination node; if authorization does not already exist for transmissions from the virtual machine to the destination node, initiating a negotiation for authorization to transmit to the destination node, the initiating including sending a request with information regarding the virtual machine to a recipient associated with the destination node; and if the authorization is obtained, transmitting the data to the destination node on behalf of the virtual machine and storing an indication of the obtained authorization for use in authorizing future transmissions of data from the virtual machine to the destination node. - View Dependent Claims (37, 38, 39, 40)
-
-
41. A computing system comprising:
-
a processor; and a memory including instructions that upon execution cause the computer system to host multiple virtual machines that are each configured to execute at least one application program in a portion of the memory allocated to that virtual machine; and execute, on a first of the multiple virtual machines, a transmission manager that is configured to manage data transmissions from the other of the hosted virtual machines, the managing of the data transmissions including; detecting an indication of a data transmission sent from one of the other hosted virtual machines to a destination computing node; preventing the data transmission until authorization is obtained for the one other hosted virtual machine to send the indicated data transmission to the destination computing node; sending a request to the destination computing node for the authorization; and after receiving a reply indicating the authorization, allowing the data transmission to be sent to the destination computing node from the one other hosted virtual machine. - View Dependent Claims (42, 43, 44, 45, 46)
-
Specification