A system for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
G01M 3/32 - Investigating fluid tightness of structures by using fluid or vacuum by measuring rate of loss or gain of fluid, e.g. by pressure-responsive devices, by flow detectors for containers, e.g. radiators
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 101/622 - Layer-2 addresses, e.g. medium access control [MAC] addresses
In one embodiment, a controller features a first data store, a second data store and route determination logic. The first data store is configured to store current routing information from a source transit gateway within at least a first transit cloud network to a destination transit gateway within at least a second transit cloud network of the cloud network. Each of the source transit gateway and the destination transit gateway being one of a plurality of transit gateways associated with the cloud network. The second data store is configured to store alternative routing information between the source transit gateway and the destination transit gateway. The route determination logic is configured to (i) conduct analytics on all available route paths for a message intended to be sent from the source transit gateway to the destination transit gateway and (ii) select a best route path for the message.
A computerized method for providing network policy-based routing of a data flow is described. After obtaining attributes associated with an incoming data flow, a first gateway is configured to determine one or more network policies based on the attributes associated with the incoming data flow and assign a classification identifier based on the one or more network policies. The classification identifier is configured to influence routing paths through at least one cloud network, where the classification identifier is encapsulated into content of the incoming data flow to generate a classified data flow for routing from a source to a destination through the at least one cloud network.
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 45/00 - Routing or path finding of packets in data switching networks
4.
SYSTEM AND METHOD FOR ENABLING COMMUNICATION BETWEEN NETWORKS WITH OVERLAPPING IP ADDRESS RANGES
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.
H04L 61/4535 - Network directoriesName-to-address mapping using an address exchange platform which sets up a session between two nodes, e.g. rendezvous servers, session initiation protocols [SIP] registrars or H.323 gatekeepers
In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.
A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing temporary use of on-line non-downloadable software for cloud infrastructure management and automation; Providing temporary use of on-line non-downloadable cloud computing software for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing; Providing temporary use of nondownloadable software for public, private or hybrid cloud networks for enterprise-grade connection to, within and between clouds and enterprise applications; Providing temporary use of on-line nondownloadable software for monitoring and managing API traffic across private, public and hybrid clouds; Hybrid cloud infrastructure as a service (IaaS), namely, providing software, software platforms and infrastructure services in the nature of hosting virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters and in hybrid on premise private cloud and public cloud environments; Infrastructure as a service (IaaS), namely, hosting software for infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenter, cloud and edge environments and applications; providing temporary use of on-line non-downloadable cloud computing software in combination with data science, machine learning (ML) and artificial intelligence (AI) for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing temporary use of on-line non-downloadable software for cloud infrastructure management and automation; Providing temporary use of on-line non-downloadable cloud computing software for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing; Providing temporary use of nondownloadable software for public, private or hybrid cloud networks for enterprise-grade connection to, within and between clouds and enterprise applications; Providing temporary use of online nondownloadable software for monitoring and managing API traffic across private, public and hybrid clouds; Hybrid cloud infrastructure as a service (IaaS), namely, providing software, software platforms and infrastructure services in the nature of hosting virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters and in hybrid on premise private cloud and public cloud environments; Infrastructure as a service (IaaS), namely, hosting software for infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenter, cloud and edge environments and applications; providing temporary use of on-line non-downloadable cloud computing software in combination with data science, machine learning (ML) and artificial intelligence (AI) for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing temporary use of on-line non-downloadable software for cloud infrastructure management and automation; Providing temporary use of on-line non-downloadable cloud computing software for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing; Providing temporary use of non-downloadable software for public, private or hybrid cloud networks for enterprise-grade connection to, within and between clouds and enterprise applications; Providing temporary use of on-line non-downloadable software for monitoring and managing API traffic across private, public and hybrid clouds; Hybrid cloud infrastructure as a service (IaaS), namely, providing software, software platforms and infrastructure services in the nature of hosting virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters and in hybrid on premise private cloud and public cloud environments; Infrastructure as a service (IaaS), namely, hosting software for infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenter, cloud and edge environments and applications; providing temporary use of on-line non-downloadable cloud computing software in combination with data science, machine learning (ML) and artificial intelligence (AI) for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing
10.
Systems and methods for monitoring of a network topology through graphical user interfaces
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic that, upon execution by one or more processors, causes performance of operations including: obtaining metadata pertaining to each of the first gateway and the second gateway, obtaining network data, wherein a combination of the metadata and the network data identify each of a plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, generating an elliptical layout of a network topology graph illustrating a first segment including the first gateway representing deployment in the first cloud network and a second segment including the second gateway representing deployment in the second cloud computing network, and causing rendering of the visualization on a network device display screen.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
A computerized method for avoiding cross-region communications when utilizing a cloud overlay network is described. The method involves an operation of deploying one or more spoke gateways within at least a first region and a second region of a first virtual private cloud network. Thereafter, a region and a virtual private cloud network associated with a source and a destination of a communication are determined. Upon determining that the destination of the communication resides within a second virtual private cloud network, which is different than the first virtual private cloud network, the routing of the communication between the source and the destination is controlled by one or more spoke gateways solely residing within the region in which the source.
A computerized method for providing network policy-based routing of a data flow is described. After obtaining attributes associated with an incoming data flow, a first gateway is configured to determine one or more network policies based on the attributes associated with the incoming data flow and assign a classification identifier based on the one or more network policies. The classification identifier is configured to influence routing paths through at least one cloud network, where the classification identifier is encapsulated into content of the incoming data flow to generate a classified data flow for routing from a source to a destination through the at least one cloud network.
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 45/00 - Routing or path finding of packets in data switching networks
13.
Systems and methods for firewall deployment in a transit virtual private cloud network deployed in a cloud computing environment
A distributed cloud computing system is statistics logic a controller configured to deploy a first gateway in a spoke virtual private cloud network (VPC) and a second gateway in a transit VPC, wherein the second gateway is configured to connect to a first firewall instance deployed within the transit VPC. The spoke VPC and the transit VPC are both located within a cloud computing network. The logic, upon execution by one or more processors, causes performance of operations including receiving network traffic by the second gateway from the first gateway, providing the network traffic to the first firewall instance for inspection, and routing the network traffic to a destination VPC deployed within the cloud computing network. In some embodiments, the first gateway is attached to a first interface of the second gateway and the first firewall instance is connected to a second interface.
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
G06F 9/48 - Program initiatingProgram switching, e.g. by interrupt
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. The method features receiving a first address mapping query message from a first intermediary device and returning a first private IP address map. The first private IP address map includes at least a first plurality of private IP addresses each uniquely assigned to a computing device residing in the first network. In response to a triggering event, recovering a second private IP address map by a second intermediary device. Herein, the second private IP address map includes at least a second plurality of private IP addresses each uniquely assigned to a computing device residing in the second network. Thereafter, the source IP address for a private IP address associated with the computing device is substituted prior to transmission of a message from the first intermediary device to the second intermediary device upon determining that the first network and the second network include overlapping private IP address ranges.
H04L 61/106 - Mapping addresses of different types across networks, e.g. mapping telephone numbers to data network addresses
H04L 61/4535 - Network directoriesName-to-address mapping using an address exchange platform which sets up a session between two nodes, e.g. rendezvous servers, session initiation protocols [SIP] registrars or H.323 gatekeepers
16.
SYSTEM FOR SCALING NETWORK ADDRESS TRANSLATION (NAT) AND FIREWALL FUNCTIONS
According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demultiplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.
A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.
A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.
In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.
A computerized method for avoiding cross-region communications when utilizing a cloud overlay network is described. The method involves an operation of deploying one or more spoke gateways within at least a first region and a second region of a first virtual private cloud network. Thereafter, a region and a virtual private cloud network associated with a source and a destination of a communication are determined. Upon determining that the destination of the communication resides within a second virtual private cloud network, which is different than the first virtual private cloud network, the routing of the communication between the source and the destination is controlled by one or more spoke gateways solely residing within the region in which the source.
A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token. The method includes operations of the network gateway of receiving a secure connection request from the VPN client that includes the authentication token, validating the authentication token by querying the controller, in response to validation of the authentication token, establishing the secure connection with VPN client, and providing the VPN client with access to resources via the secure connection.
In some aspects, a system for maintaining segmentation of network traffic includes a first shared service domain comprising a first VPC, a first edge domain comprising a first transit gateway, a second edge domain comprising a second transit gateway communicatively coupled to the first transit gateway, and a second shared service domain comprising a second VPC. A first gateway connects the first shared service domain and the first edge domain, and a second gateway connects the second edge domain and the second shared service domain.
A two-tier firewall system includes a primary' and a secondary firewall gateway. The primary firewall gateway includes at least one spoke and a plurality of firewalls communicatively coupled to the at least one spoke. The secondary firewall gateway includes at least one spoke. The secondary firewall gateway is communicatively coupled to the primary firewall gateway.
An edge gateway deployed within an overlay network interconnecting a first public cloud network with an on-premises network is described. Coupled to a controller, the edge gateway is configured to receive a configuration file and attestation data from a controller, analyze the configuration file to obtain at least a first network address being used as an interface for secure communications with the controller, establish a secure interconnect with the controller based on the attestation data, and conduct a provisioning operation to initiate a request to the controller for edge gateway software thereby automated provisioning the edge gateway without human intervention. The edge gateway experiences automated provisioning based on a configuration file and attestation data upload.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
25.
SYSTEM AND METHOD FOR ZERO TRUST ORCHESTRATION OF AN EDGE GATEWAY WITHIN A CLOUD OR MULTI-CLOUD NETWORK
An edge gateway deployed within an overlay network interconnecting a first public cloud network with an on-premises network is described. Coupled to a controller, the edge gateway is configured to receive a configuration file and attestation data from a controller, analyze the configuration file to obtain at least a first network address being used as an interface for secure communications with the controller, establish a secure interconnect with the controller based on the attestation data, and conduct a provisioning operation to initiate a request to the controller for edge gateway software thereby automated provisioning the edge gateway without human intervention. The edge gateway experiences automated provisioning based on a configuration file and attestation data upload.
In an embodiment, the present disclosure pertains to a method for creating a policy. In general, the method includes: (1) displaying a user interface to a user; (2) receiving, from the user, a policy type; (3) receiving a selection of at least one resource within a network; (4) receiving a resource operating parameter relative to the at least one resource within the network; (5) displaying previous data based, at least in part, on the resource operating parameter relative to the at least one resource responsive to a query by the user; (6) determining a recommended operation based, at least in part, on the previous data; and (7) displaying the recommended operation to the user via the user interface.
In an embodiment, the present disclosure pertains to method for autonomous network scaling. In general, the method includes; (1) monitoring at least one resource within a network; (2) determining an operational load of the at least one resource; (3) comparing the operation load to a resource operating parameter of the at least one resource; determining a recommended operation based, at least in part, on the comparison of the operational load to the resource operating parameter of the at least one resource; and (4) modifying network topology of the network by performing at least one action including, but not limited to, adding or removing an additional resource response to the determining of the recommended operation. In some embodiments, the network includes a plurality of resources.
A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed. The computerized method includes operations of receiving, by a receiving gateway instance deployed within the distributed cloud computing system, the data packet, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, and when the session is not found via the session lookup, creating a tentative forward session and forwarding the data packet to a peer gateway instance. In some instances, the data packet is a User Datagram Protocol (UDP) packet. In some instances, the data packet is received from either of a spoke gateway instance or a transit gateway instance, and wherein the spoke gateway instance or the transit gateway instance is deployed within the distributed cloud computing system.
A distributed cloud computing system is disclosed that includes a. controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network. The system includes logic stored on non-transitory, computer-medium, that, upon execution by one or more processors, causes performance of operations including: receiving, from a controller, metadata pertaining to a plurality of constructs; receiving, from each of the first gateway and the second gateway, network data, wherein a combination of the metadata and the network data identify each of the plurality' of constructs and in which cloud computing network each construct is deployed: generating a visualization illustrating a cost analysis of at least one construct of the plurality of constructs, and causing rendering of the visualization on a display' screen of a network device.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 67/75 - Indicating network or usage conditions on the user display
H04L 41/0826 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network costs
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
H04L 43/20 - Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
30.
System for scaling network address translation (NAT) and firewall functions
According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demuliplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.
A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.
In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.
H04L 69/00 - Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
33.
CONTROLLER FOR COORDINATING FLOW SEPARATION OF INTRA-VPC OR INTER-VPC COMMUNICATIONS
A system and method for controlling the handling of intra- VPC and inter- VPC communications is described. First, a destination of a communication is determined it resides within a first virtual private cloud network (VPC) of a source of the communication. If so, filtering communications between the destination and the source is controlled by native cloud constructs associated with a cloud service provider (CSP) underlay network for the first public cloud network. Otherwise, filtering communication between the destination and the source is controlled by a spoke gateway. The spoke gateway is part of a cloud overlay network configured to provide a communication path between the first virtual private cloud network and the second private cloud network.
In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.
In one embodiment, a secure exchange system is described. The secure exchange system includes a virtual private cloud network and a controller. The virtual private cloud network includes a plurality of gateways, each gateway of the plurality of gateways is configured to generate one or more local directories. Each local directory of the one or more local directories representing one or more stored objects within a public cloud storage element. The controller is configured to authenticate a user prior to granting the user access to the virtual private cloud network. The gateways are accessible by the user over AWS Direct Connect, where the public cloud storage element is a S3 bucket.
H04L 67/1001 - Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic that, upon execution by one or more processors, causes performance of operations including: obtaining metadata pertaining to each of the first gateway and the second gateway, obtaining network data, wherein a combination of the metadata and the network data identify each of a plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, generating an elliptical layout of a network topology graph illustrating a first segment including the first gateway representing deployment in the first cloud network and a second segment including the second gateway representing deployment in the second cloud computing network, and causing rendering of the visualization on a network device display screen.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
37.
SYSTEMS AND METHODS FOR GENERATION OF A NETWORK TOPOLOGY AND CORRESPONDING USER INTERFACES
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic that, upon execution by one or more processors, causes performance of operations including: obtaining metadata pertaining to each of the first gateway and the second gateway, obtaining network data, wherein a combination of the metadata and the network data identify each of a plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, generating an elliptical layout of a network topology graph illustrating a first segment including the first gateway representing deployment in the first cloud network and a second segment including the second gateway representing deployment in the second cloud computing network, and causing rendering of the visualization on a network device display screen.
G06F 8/75 - Structural analysis for program understanding
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/065 - Generation of reports related to network devices
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
G06F 3/04842 - Selection of displayed objects or displayed text elements
G06F 8/71 - Version control Configuration management
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 41/0266 - Exchanging or transporting network management information using the InternetEmbedding network management web servers in network elementsWeb-services-based protocols using meta-data, objects or commands for formatting management information, e.g. using eXtensible markup language [XML]
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
H04L 41/0853 - Retrieval of network configurationTracking network configuration history by actively collecting configuration information or by backing up configuration information
38.
System and method for selecting virtual appliances in communications with virtual private cloud networks
A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
A distributed cloud computing system includes a controller configured to (i) deploy and manage a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and (ii) manage a plurality of constructs; and logic, stored on non- transitory, computer-readable medium, that, upon execution by one or more processors, causes performance of operations. The operations include: receiving, from each of the first gateway and the second gateway, network data, generating an expected network traffic based upon the network data, generating a visualization illustrating an anomaly that deviates from the expected network traffic, and causing rendering of the visualization on a display screen of a network device.
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
40.
SYSTEMS AND METHODS FOR GENERATION OF A NETWORK TOPOLOGY AND CORRESPONDING USER INTERFACES
A distributed cloud computing system is disclosed that includes a controller configured to deploy network constructs including any of transit gateways, spoke gateways, subnets, or private networks and logic that, upon execution by one or more processors, causes performance of operations including: causing rendering of a graphical user interface that includes a display panel configured to display progress of a build process for a network topology graph, receiving first user input through the graphical user interface indicating selection of a first cloud service provider, a first access account, and a first cloud region, receiving second user input through the graphical user interface indicating selection of one or more of the network constructs to be deployed in the first cloud region, instructing the controller to deploy the one or more of the network constructs in the first cloud region according to the first user input and the second user input.
H04L 41/0895 - Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token. The method includes operations of the network gateway of receiving a secure connection request from the VPN client that includes the authentication token, validating the authentication token by querying the controller, in response to validation of the authentication token, establishing the secure connection with VPN client, and providing the VPN client with access to resources via the secure connection.
A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed that includes receiving the data packet by a receiving gateway instance deployed within the distributed cloud computing system, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, when the session is not found via the session lookup, determining whether one least one peer firewall instance is available, and when a first peer firewall instance is available and the data packet is a synchronize packet, forwarding the data packet to the first peer firewall instance. In some instances, the data packet is a TCP packet and in others, the data packet is received from either of a spoke gateway or a transit gateway that is deployed within the distributed cloud computing system.
A system supporting transferring content between an on-premises network and a public cloud network includes a first cloud computing platform comprising a first software instance having a first IP address, a subnet configured to extend across on-premises network and a public cloud network, a first gateway associated with the on-premises network, a second gateway associate with the public cloud network, a secure communication path between the first and second gateways. The subnet comprises a shared IP address range between the public cloud network and the on-premises network, and the first IP address of the first software instance is the same as an IP address of the first software instance that resided on the on-premises network.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Embodiments of the disclosure relate to a secure, high-performance communication link that relies on single network, multiple logical port addressing. Embodiments of an infrastructure are associated with a high-performance communication link that allows for distribution of network traffic across multiple interconnects using a single network address with different logical network port addressing. This high-performance communication link supports data traffic across different processing logic units residing within a destination computing device.
A non-transitory storage medium featuring logic to obtain construct metadata and network data spanning multiple cloud networks includes a path determination logic, upon execution by one or more processors, configured to perform operations including: generate a topology mapping including a plurality of constructs and connections between the plurality of constructs extending across a multi-cloud network including a first cloud network and a second cloud network different than the first cloud network; receive user input corresponding to a selection of a source construct operating in the first cloud network and a destination construct operating in the second cloud network; analyze metadata and network data regarding the source construct and the destination construct to determine a data transmission path between the source and destination constructs; and determine a shortest path between the source construct and the destination constructs. An interface generation logic generates a visualization illustrating the data transmission path extending between the source construct and the destination construct.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 41/12 - Discovery or management of network topologies
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/028 - Capturing of monitoring data by filtering
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: transmitting one or more requests to the controller for metadata of at least the first gateway and the second gateway; receiving, from at least one of the first gateway and the second gateway, network data of the corresponding gateway; generating a visualization illustrating the metadata and the network data, wherein the metadata and the network data pertain to multiple cloud computing networks; and causing rendering of the visualization on a display screen of a network device.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed. The computerized method includes operations of receiving, by a receiving gateway instance deployed within the distributed cloud computing system, the data packet, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, and when the session is not found via the session lookup, creating a tentative forward session and forwarding the data packet to a peer gateway instance. In some instances, the data packet is a User Datagram Protocol (UDP) packet. In some instances, the data packet is received from either of a spoke gateway instance or a transit gateway instance, and wherein the spoke gateway instance or the transit gateway instance is deployed within the distributed cloud computing system.
A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.
SYSTEM AND METHOD FOR DEPLOYING A DISTRIBUTED CLOUD MANAGEMENT SYSTEM CONFIGURED FOR GENERATING INTERACTIVE USER INTERFACES OF THE STATE OF A MULTI-CLOUD ENVIRONMENT OVER TIME
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.
H04L 69/00 - Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and a topology system logic, stored on non-transitory, computer-medium, and comprising a topology snapshot logic. Upon execution by one or more processors, the topology system logic causes performance of operations that includes periodically saving states of a plurality of constructs at first and second time states, receiving user input corresponding to a selection of one or more constructs of the plurality of constructs, generating a topology mapping visualization that illustrates differences between the first and second states of the selection of one or more constructs of the plurality of constructs, and causing rendering of the topology mapping visualization on a display screen of a network device.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 41/12 - Discovery or management of network topologies
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/028 - Capturing of monitoring data by filtering
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
A system and method for controlling the handling of intra- VPC and inter-VPC communications is described. First, a destination of a communication is determined it resides within a first virtual private cloud network (VPC) of a source of the communication. If so, filtering communications between the destination and the source is controlled by native cloud constructs associated with a cloud service provider (CSP) underlay network for the first public cloud network. Otherwise, filtering communication between the destination and the source is controlled by a spoke gateway. The spoke gateway is part of a cloud overlay network configured to provide a communication path between the first virtual private cloud network and the second private cloud network and using micro-segmentation to set and manage security policies.
A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
G01M 3/32 - Investigating fluid tightness of structures by using fluid or vacuum by measuring rate of loss or gain of fluid, e.g. by pressure-responsive devices, by flow detectors for containers, e.g. radiators
In one embodiment, a secure exchange system is described. The secure exchange system includes a virtual private cloud network and a controller. The virtual private cloud network includes a plurality of gateways, each gateway of the plurality of gateways is configured to generate one or more local directories. Each local directory of the one or more local directories representing one or more stored objects within a public cloud storage element. The controller is configured to authenticate a user prior to granting the user access to the virtual private cloud network. The gateways are accessible by the user over AWS Direct Connect, where the public cloud storage element is a S3 bucket.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
H04L 67/51 - Discovery or management thereof, e.g. service location protocol [SLP] or web services
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
A distributed cloud computing system further includes logic, stored on non-transitory, computer-medium, that, upon execution by one or more processors, causes performance of operations including generating a first fingerprint for the first VPC being a statistical measure of a plurality of network metrics during a learning phase, generating a second fingerprint for the second VPC being a statistical measure of the plurality of network metrics during the learning phase, receiving, from the controller, metadata pertaining to each of the first gateway and the second gateway, receiving, from each of the first gateway and the second gateway, network data, wherein the metadata and the network data identify each of the plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, detecting an anomaly in one or more network traffic metrics of either the first VPC or the second VPC based on a comparison of received network traffic and a corresponding fingerprint, and generating an alert that the anomaly was detected.
Logic for generating virtualization(s) based on metadata and network data for at least constructs spanning multiple cloud networks is described. The logic is configured to (i) generate a topology mapping including a plurality of constructs and connections extending across a multi-cloud network including a first cloud network and a second cloud network different than the first cloud network, (ii) receive input corresponding to a selection of a source construct and a destination construct, and (iii) determine a data transmission path between the source construct and the destination construct. Also, the logic is configured to generate a visualization illustrating the data transmission path extending between the source constraint operating in the first cloud network and the destination construct operating in the second cloud network. Lastly, the logic is configured to perform operations including a computation of latency periods between a pair of constructs included in the data transmission path.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
One embodiment of the invention features a system that includes a first virtual appliance and a second virtual appliance that support a transfer of content between an on-premises network and a public cloud network. Deployed as part of the on-premises network, the first virtual appliance translates a network address assigned to the content stored within a first non-transitory storage medium, which is associated with on-premises host residing within a first subnetwork of the on-premises network, to a temporary address associated with a second subnetwork. Deployed as part of the public cloud network, the second virtual appliance translates the temporary address back to the network address. The content, such as a software instance, is stored within a second non-transitory storage medium of the public cloud network with a network address identical to the network address used when stored within the first non-transitory storage medium pertaining to the on-premises network.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes performance of operations including generating a topology mapping visualization illustrating a plurality of constructs and communication paths therebetween, wherein a first subset of the plurality of constructs are deployed in the first cloud computing network and a second subset of the plurality of constructs are deployed in the second cloud computing network, receiving user input corresponding to (i) a selection of one or more constructs and (ii) an identifier for the selection, generating a filtered topology mapping visualization of the selection of the one or more constructs and any connections therebetween, and causing rendering of the filtered topology mapping visualization on a display screen.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 41/12 - Discovery or management of network topologies
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 43/028 - Capturing of monitoring data by filtering
62.
Systems and methods for controlling accessing and storing objects between on-prem data center and cloud
In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/1036 - Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers
63.
SYSTEM AND METHOD FOR CLOUD-BASED FILTERING AND MODIFICATION OF MESSAGES WITH OVERLAPPING ADDRESSES
A network traffic filter system operates to detect network address overlapping conditions and, in response, preclude continued propagation over a cloud platform. Implemented with a controller, the network traffic filter system is configured to determine whether an incoming message is associated with a network address overlapping condition. This condition is detected when the incoming message received from a first tenant resource includes a subnetwork address that overlaps a subnetwork address relied upon by either (a) a component within the cloud platform or (b) a component associated with a second tenant resource different from the first tenant resource. Upon detecting the network address overlapping condition, the network traffic filter system signals a gateway, being a cloud component in communication with the first tenant resource, to either prevent messages associated with the subnetwork address from being routed over the cloud platform or substitute the subnetwork address with a non-overlapping, virtual subnetwork address.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 45/64 - Routing or path finding of packets in data switching networks using an overlay routing layer
H04L 61/2503 - Translation of Internet protocol [IP] addresses
H04L 61/4535 - Network directoriesName-to-address mapping using an address exchange platform which sets up a session between two nodes, e.g. rendezvous servers, session initiation protocols [SIP] registrars or H.323 gatekeepers
H04L 61/5046 - Resolving address allocation conflictsTesting of addresses
64.
CONTROLLER-BASED TRAFFIC FILTERING AND ADDRESS MODIFICATION
In communication with components of a cloud platform, namely a software-defined network constructed to overlay at least one public cloud network, a controller features a virtual processor and a data store. The data store includes network address translation (NAT) processing logic configured to determine whether a control plane message from tenant resources is associated with a network address overlapping condition, which represents a first network address included in the control plane message overlaps a network address range relied upon by either (a) at least one of the components of the cloud platform or (b) a component associated with other tenant resources. The NAT processing logic is further configured to alter routing data stores that maintain routing information for each of the components of the cloud platform to substitute the first network address with a first virtual network address for subsequent data message routing.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving gateway metrics spanning multiple cloud computing networks including at least the first and second cloud computing networks, wherein the deriving is based on at least the metadata and the network data of each of the first and second gateways, generating a dashboard visualization illustrating the gateway metrics, wherein the gateway metrics pertain to characteristics of each gateway and deployed constructs associated with each gateway, and causing rendering of the dashboard visualization on a display screen.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A multi-cloud overlay network for supporting communications between a first public cloud network and a second public cloud network. The overlay network features a management virtual private network, which includes a network load balancing (NLB) component and a controller registered as a target on a port of the NLB component. The overlay network further includes one or more spoke or transit gateways and a multi-cloud access virtual private cloud (VPC) operating within the first public cloud network, and a remote cloud load balancer component operating the second public cloud network. The remote cloud load balancer component is communicatively coupled between the multi-cloud access VPC and one or more remote spoke or transit gateways. The multi-cloud access VPC includes a VPC endpoint that is assigned a private IP address and communicatively coupled to the NLB component and a virtual private network (VPN) gateway communicatively coupled to a private transport.
A computerized method for avoiding cross-region communications when utilizing a cloud overlay network is described. The method involves an operation of deploying one or more spoke gateways within at least a first region and a second region of a first virtual private cloud network. Thereafter, a region and a virtual private cloud network associated with a source and a destination of a communication are determined. Upon determining that the destination of the communication resides within a second virtual private cloud network, which is different than the first virtual private cloud network, the routing of the communication between the source and the destination is controlled by one or more spoke gateways solely residing within the region in which the source.
In one embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.
H04L 67/1036 - Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers
G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
70.
A MULTI-CLOUD ACTIVE MESH NETWORK SYSTEM AND METHOD
In one embodiment, a controller features a first data store, a second data store and route determination logic. The first data store is configured to store current routing information from a source transit gateway within at least a first transit cloud network to a destination transit gateway within at least a second transit cloud network of the cloud network. Each of the source transit gateway and the destination transit gateway being one of a plurality of transit gateways associated with the cloud network. The second data store is configured to store alternative routing information between the source transit gateway and the destination transit gateway. The route determination logic is configured to (i) conduct analytics on all available route paths for a message intended to be sent from the source transit gateway to the destination transit gateway and (ii) select a best route path for the message.
In one embodiment, a cloud connection appliance features a processor and a non- transitory storage medium. The non -transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways of the first plurality of gateways in accordance with a first tunnel protocol. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways in accordance with a second security protocol to provide redundant routing.
H04L 67/1029 - Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers using data related to the state of servers by a load balancer
G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
H04L 67/1087 - Peer-to-peer [P2P] networks using cross-functional networking aspects
73.
INGRESS GATEWAY WITH DATA FLOW CLASSIFICATION FUNCTIONALITY
A computerized method for providing network policy-based routing of a data flow is described. After obtaining attributes associated with an incoming data flow, a first gateway is configured to determine one or more network policies based on the attributes associated with the incoming data flow and assign a classification identifier based on the one or more network policies. The classification identifier is configured to influence routing paths through at least one cloud network, where the classification identifier is encapsulated into content of the incoming data flow to generate a classified data flow for routing from a source to a destination through the at least one cloud network.
A system features classification architectures for policy-based, data traffic management. A first architecture type is a controller and nodes operating as a Kubernetes cluster. The cluster includes a master node and an ingress node configured to access the master node to obtain attribute(s) for a data flow received by the ingress node, determine a network policy applicable to the data flow based on the attribute(s), and determine a classification identifier, based on the network policy, to provide context associated with the data flow and reliable association. The second architecture type features an ingress gateway including data analytic logic and message reconfiguration logic. The data analytic logic determines a network policy applicable to the data flow and assigns the classification identifier to influence routing paths. The message reconfiguration logic encapsulates the classification identifier into data flow content to generate a classified data flow for routing through a cloud or multi-cloud network.
According to one embodiment, a computerized method conducted by logic deployed within a network device implemented within a virtual private cloud network for supporting network address translations within a public cloud network is described. Herein, after receipt of a message, based on content within the message, a network address translation (NAT) control logic unit from a plurality of NAT control logic units is selected. The selected NAT control logic unit is configured to perform address translations on information within the message to produce a translated message. Thereafter, the translated message is routed to a destination network device located on the public network.
A network architecture including a layered transit virtual private cloud network and interface logic that controls the egress and ingress of messages between the transit VPC and an on- premises network. First, the layered transit VPC includes a first transit gateway cluster communicatively coupled to one or more spoke VPCs for receipt of messages from cloud instances and a second transit gateway cluster communicatively coupled to the on-premises network. The layered transit VPC supports increased scalability for the spoke VPCs. Second, the interface logic is configured to operate in concert with a gateway cluster that controls operability of a router by at least controlling propagation of messages into or from the on- premises network via one or more selected gateways forming the gateway cluster.
A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
G06F 15/173 - Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star or snowflake
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
78.
SYSTEM AND METHOD FOR SEGMENTING TRANSIT CAPABILITIES WITHIN A MULTI-CLOUD ARCHITECTURE
In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.
In one embodiment, a computing platform featuring a controller and a first virtual private cloud network, which is communicatively coupled to the controller. The first virtual private cloud network includes at least a first gateway including egress filtering logic. The egress filtering logic is configured to (i) filter messages routed from the first gateway in accordance with a first set of filtering rules maintained by the first gateway and (ii) bypass the filtering of messages directed to or originating from one or more subnetworks in accordance with the first set of filtering rules.
In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing temporary use of on-line non-downloadable software for cloud infrastructure management and automation; Providing temporary use of on-line non-downloadable cloud computing software for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing; Providing temporary use of non-downloadable software for public, private or hybrid cloud networks for enterprise-grade connection to, within and between clouds and enterprise applications; Providing temporary use of on-line non-downloadable software for monitoring and managing API traffic across private, public and hybrid clouds; Hybrid cloud infrastructure as a service (IaaS), namely, providing software, software platforms and infrastructure services in the nature of hosting virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters and in hybrid on premise private cloud and public cloud environments; Infrastructure as a service (IaaS), namely, hosting software for infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenter, cloud and edge environments and applications; providing temporary use of on-line non-downloadable cloud computing software in combination with data science, machine learning (ML) and artificial intelligence (AI) for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing temporary use of on-line non-downloadable software for cloud infrastructure management and automation; Providing temporary use of on-line non-downloadable cloud computing software for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing; Providing temporary use of non-downloadable software for public, private or hybrid cloud networks for enterprise-grade connection to, within and between clouds and enterprise applications; Providing temporary use of on-line non-downloadable software for monitoring and managing API traffic across private, public and hybrid clouds; Hybrid cloud infrastructure as a service (IaaS), namely, providing software, software platforms and infrastructure services in the nature of hosting virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters and in hybrid on premise private cloud and public cloud environments; Infrastructure as a service (IaaS), namely, hosting software for infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenter, cloud and edge environments and applications; providing temporary use of on-line non-downloadable cloud computing software in combination with data science, machine learning (ML) and artificial intelligence (AI) for use in managing network connections, facilitating automation, troubleshooting network and security issues, and providing analytics in the field of cloud computing
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving heat map information detailing a density of network traffic at a plurality of geographic locations, wherein the network traffic is transmitted across multiple cloud computing networks, generating a heat map visualization illustrating the density of the network traffic that includes a map of a geographic region as well as an overlay of visual indicators representing the density of the network traffic, and causing rendering of the heat map visualization on a display screen of a network device.
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
86.
SYSTEM AND METHOD FOR GENERATING A NETWORK HEALTH DATA AND OTHER ANALYTICS FOR A MULTI-CLOUD ENVIRONMENT
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving heat map information detailing a density of network traffic at a plurality of geographic locations, wherein the network traffic is transmitted across multiple cloud computing networks, generating a heat map visualization illustrating the density of the network traffic that includes a map of a geographic region as well as an overlay of visual indicators representing the density of the network traffic, and causing rendering of the heat map visualization on a display screen of a network device.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: transmitting one or more requests to the controller for metadata of at least the first gateway and the second gateway; receiving, from at least one of the first gateway and the second gateway, network data of the corresponding gateway; generating a visualization illustrating the metadata and the network data, wherein the metadata and the network data pertain to multiple cloud computing networks; and causing rendering of the visualization on a display screen of a network device.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving gateway metrics spanning multiple cloud computing networks including at least the first and second cloud computing networks, wherein the deriving is based on at least the metadata and the network data of each of the first and second gateways, generating a dashboard visualization illustrating the gateway metrics, wherein the gateway metrics pertain to characteristics of each gateway and deployed constructs associated with each gateway, and causing rendering of the dashboard visualization on a display screen.
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 41/12 - Discovery or management of network topologies
A distributed cloud computing system is disclosed that includes a controller configured to manage a plurality of constructs, wherein a first subset are deployed in a first cloud computing network and a second subset are deployed in a second cloud computing network, and logic. The logic, upon execution by a processor, causes operations including receiving, from the controller, metadata pertaining to the plurality of constructs, receiving, from one or more gateways, network data associated with the one or more gateways, receiving network data, wherein the metadata and the network data identify each of the plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, deriving network traffic metrics from the metadata and the network data, generating a visualization illustrating the network traffic metrics, and causing rendering of the visualization on a display screen of a network device.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A distributed cloud computing system is disclosed that includes a controller configured to deploy a plurality of gateways in a first cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: generating a topology mapping of the first cloud computing network including a plurality of constructs and connections therebetween, wherein the plurality of constructs includes the plurality of gateways, receiving input corresponding to a selection of a source construct and a destination construct, determining a data transmission path between the source construct and the destination construct, generating a visualization illustrating the data transmission path, and causing rendering of the visualization on a display screen of a network device.
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
H04L 12/24 - Arrangements for maintenance or administration
G06F 3/0481 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving heat map information detailing a density of network traffic at a plurality of geographic locations, wherein the network traffic is transmitted across multiple cloud computing networks, generating a heat map visualization illustrating the density of the network traffic that includes a map of a geographic region as well as an overlay of visual indicators representing the density of the network traffic, and causing rendering of the heat map visualization on a display screen of a network device.
H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes performance of operations including generating a topology mapping visualization illustrating a plurality of constructs and communication paths therebetween, wherein a first subset of the plurality of constructs are deployed in the first cloud computing network and a second subset of the plurality of constructs are deployed in the second cloud computing network, receiving user input corresponding to (i) a selection of one or more constructs and (ii) an identifier for the selection, generating a filtered topology mapping visualization of the selection of the one or more constructs and any connections therebetween, and causing rendering of the filtered topology mapping visualization on a display screen.
System and method for deploying a distributed cloud management system configured for generating interactive user interfaces of the state of a multi-cloud environment over time
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/028 - Capturing of monitoring data by filtering
H04L 12/66 - Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 41/12 - Discovery or management of network topologies
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/0876 - Network utilisation, e.g. volume of load or congestion level
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.
H04L 12/28 - Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
H04L 12/741 - Header address processing for routing, e.g. table lookup
H04L 12/713 - Route fault prevention or recovery, e.g. rerouting, route redundancy, virtual router redundancy protocol [VRRP] or hot standby router protocol [HSRP] using node redundancy, e.g. VRRP
95.
System and method for selecting virtual appliances in communications with virtual private cloud networks
A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
G01M 3/32 - Investigating fluid tightness of structures by using fluid or vacuum by measuring rate of loss or gain of fluid, e.g. by pressure-responsive devices, by flow detectors for containers, e.g. radiators
H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
96.
System and method for non-disruptive migration of software components to a public cloud system
One embodiment of the invention features a system including a first gateway and a second gateway that operate in concert to support a migration of a software component from an on-premises network to a public cloud network while preserving an Internet Protocol (IP) address assigned to the software component. The first gateway deployed as part of the on-premises network, and the second gateway deployed as part of the public cloud network. The first and second gateways are in communication via a secure communication path. To support migration of the software component to the public cloud network while retaining its IP address, the second gateway is configured to resolve a media access control (MAC) address for an on-premises host connected to the on-premises network. Similarly, the first gateway is configured to resolve a MAC address for a cloud host connected to the public cloud network.
A computerized method for increasing throughput of encapsulated data through tunnels, the computerized method including receiving data at a first network device for transmission over a network to a second network device. Then determining at the first network device the number of available processing cores on the second network device and generating a plurality of tunneling sessions between the first network device and the second device. Associating the received data with a particular tunneling session and then generating translation data unique to the associated tunneling session prior to encapsulating the received data with the translation data. Finally, transmitting the encapsulated data to the second network device and processing the transmitted encapsulated data received at the second network device with a particular processing core based on the received translation data.
According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demuliplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.
H04L 12/28 - Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal
H04L 12/713 - Route fault prevention or recovery, e.g. rerouting, route redundancy, virtual router redundancy protocol [VRRP] or hot standby router protocol [HSRP] using node redundancy, e.g. VRRP
H04L 12/741 - Header address processing for routing, e.g. table lookup
42 - Scientific, technological and industrial services, research and design
Goods & Services
Providing temporary use of on-line non-downloadable software for cloud infrastructure management and automation; Providing temporary use of on-line non-downloadable cloud computing software for use in managing network connections, facilitating automation, troubleshooting hardware issues, and providing analytics in the field of cloud computing; Providing temporary use of non-downloadable software for public, private or hybrid cloud networks for enterprise-grade connection to cloud and enterprise applications; Providing temporary use of on-line non-downloadable software for monitoring and managing API traffic across private and hybrid clouds; Hybrid cloud infrastructure as a service (IaaS), namely, providing software, software platforms and infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters and in hybrid "on premise" private cloud and public cloud environments; Infrastructure as a service (IAAS), namely, providing temporary use of non-downloadable software, software platforms and infrastructure services in the nature of providing virtual computer systems and virtual computer environments through cloud computing to manage and deploy business applications and data applications in the field of datacenters
