A method for establishing a communication coupling within a cloud computing environment between a first gateway of a first virtual private cloud network deployed behind a firewall and a second gateway of a second virtual private cloud network is disclosed. The method includes operations of receiving, by the first gateway, a first controller message from a controller deployed within the cloud computing environment, the first controller message instructing the first gateway to transmit a first gateway message to the second gateway, transmitting, by the first gateway, the first gateway message to the second gateway, receiving, by the first gateway, a second gateway message from the second gateway, the second gateway message initiating a negotiation to establish a first tunnel between the first gateway and the second gateway in accordance with a first security protocol, and completing, by the first gateway, the negotiation thereby causing establishment of the first tunnel.
A cloud computing system built in accordance with a repeatable network architecture is disclosed that includes a controller, a first set of spoke gateways and a first transit gateway. The controller is configured to deploy the first set of spoke gateways in a first cloud thereby forming an applications layer of the repeatable network architecture, deploy the first transit gateway in the first cloud thereby forming a global transit layer of the repeatable network architecture, and establish communicative couplings between each of the first set of spoke gateways and the first transit gateway. The controller is also configured to deploy a first set of spoke VPCs within the first cloud, wherein each of the spoke VPCs has deployed therein one of the first set of spoke gateways, and a first transit VPC within the first cloud, wherein the first transit gateway is deployed in the first transit VPC.
A controller configured to maintain a global virtual private cloud network (global VPC), which comprises a plurality of regions including a first region and a second region. The first region features at least a first workload and a first spoke subnetwork including a first set of spoke gateways. The second region features at least a second workload and a second spoke subnetwork including a second set of spoke gateways. These sets of spoke gateways are part of the cloud overlay network. Responsive to the first workload operating as a source for transmission of a first message to a first destination external to the global VPC, the logic is configured to (i) direct the first message from the first workload to a spoke gateway of the first set of spoke gateways residing withing the first region and (ii) preclude transmission of the first message to the second spoke subnetwork.
A multi-cloud overlay network for supporting communications between a first public cloud network and a second public cloud network. The overlay network features a management virtual private network, which includes a network load balancing (NLB) component and a controller registered as a target on a port of the NLB component. The overlay network further includes one or more spoke or transit gateways and a multi-cloud access virtual private cloud (VPC) operating within the first public cloud network, and a remote cloud load balancer component operating the second public cloud network. The remote cloud load balancer component is communicatively coupled between the multi-cloud access VPC and one or more remote spoke or transit gateways. The multi-cloud access VPC includes a VPC endpoint that is assigned a private IP address and communicatively coupled to the NLB component and a virtual private network (VPN) gateway communicatively coupled to a private transport.
H04L 41/044 - Architectures ou dispositions de gestion de réseau comprenant des structures de gestion hiérarchisées
H04L 41/08 - Gestion de la configuration des réseaux ou des éléments de réseau
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 45/64 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données à l'aide d'une couche de routage superposée
In one embodiment, a controller features a first data store, a second data store and route determination logic. The first data store is configured to store current routing information from a source transit gateway within at least a first transit cloud network to a destination transit gateway within at least a second transit cloud network of the cloud network. Each of the source transit gateway and the destination transit gateway being one of a plurality of transit gateways associated with the cloud network. The second data store is configured to store alternative routing information between the source transit gateway and the destination transit gateway. The route determination logic is configured to (i) conduct analytics on all available route paths for a message intended to be sent from the source transit gateway to the destination transit gateway and (ii) select a best route path for the message.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and a topology system logic, stored on non-transitory, computer-medium, and comprising a topology snapshot logic. Upon execution by one or more processors, the topology system logic causes performance of operations that includes periodically saving states of a plurality of constructs at first and second time states, receiving user input corresponding to a selection of one or more constructs of the plurality of constructs, generating a topology mapping visualization that illustrates differences between the first and second states of the selection of one or more constructs of the plurality of constructs, and causing rendering of the topology mapping visualization on a display screen of a network device.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 61/5007 - Adresses de protocole Internet [IP]
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
7.
System and method for increased throughput and scalability
A network architecture including a layered transit virtual private cloud network and interface logic that controls the egress and ingress of messages between the transit VPC and an on-premises network. First, the layered transit VPC includes a first transit gateway cluster communicatively coupled to one or more spoke VPCs for receipt of messages from cloud instances and a second transit gateway cluster communicatively coupled to the on-premises network. The layered transit VPC supports increased scalability for the spoke VPCs. Second, the interface logic is configured to operate in concert with a gateway cluster that controls operability of a router by at least controlling propagation of messages into or from the on-premises network via one or more selected gateways forming the gateway cluster.
A distributed cloud computing system further includes logic, stored on non-transitory, computer-medium, that, upon execution by one or more processors, causes performance of operations including generating a first fingerprint for the first VPC being a statistical measure of a plurality of network metrics during a learning phase, generating a second fingerprint for the second VPC being a statistical measure of the plurality of network metrics during the learning phase, receiving, from the controller, metadata pertaining to each of the first gateway and the second gateway, receiving, from each of the first gateway and the second gateway, network data, wherein the metadata and the network data identify each of the plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, detecting an anomaly in one or more network traffic metrics of either the first VPC or the second VPC based on a comparison of received network traffic and a corresponding fingerprint, and generating an alert that the anomaly was detected.
H04L 41/0681 - Configuration des conditions de déclenchement
H04L 41/069 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant des journaux de notificationsPost-traitement des notifications
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
9.
SYSTEM AND METHOD FOR NON-DISRUPTIVE MIGRATION OF SOFTWARE COMPONENTS TO A PUBLIC CLOUD SYSTEM
A system supporting transferring content between an on-premises network and a public cloud network includes a first cloud computing platform comprising a first software instance having a first IP address, a subnet configured to extend across on-premises network and a public cloud network, a first gateway associated with the on-premises network, a second gateway associate with the public cloud network, a secure communication path between the first and second gateways. The subnet comprises a shared IP address range between the public cloud network and the on-premises network, and the first IP address of the first software instance is the same as an IP address of the first software instance that resided on the on-premises network.
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
H04L 61/5007 - Adresses de protocole Internet [IP]
H04L 101/622 - Adresses de couche 2, p. ex. adresses de contrôle d'accès au support [MAC]
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
In one embodiment, a secure exchange system is described. The secure exchange system includes a virtual private cloud network and a controller. The virtual private cloud network includes a plurality of gateways, each gateway of the plurality of gateways is configured to generate one or more local directories. Each local directory of the one or more local directories representing one or more stored objects within a public cloud storage element. The controller is configured to authenticate a user prior to granting the user access to the virtual private cloud network. The gateways are accessible by the user over AWS Direct Connect, where the public cloud storage element is a S3 bucket.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/1036 - Répartition de la charge des demandes adressées aux serveurs pour des services autres que la fourniture de contenu à utilisateur, p. ex. répartition des charges entre serveurs de noms de domaine
In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic that, upon execution by one or more processors, causes performance of operations including: obtaining metadata pertaining to each of the first gateway and the second gateway, obtaining network data, wherein a combination of the metadata and the network data identify each of a plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, generating an elliptical layout of a network topology graph illustrating a first segment including the first gateway representing deployment in the first cloud network and a second segment including the second gateway representing deployment in the second cloud computing network, and causing rendering of the visualization on a network device display screen.
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
A distributed cloud computing system is disclosed that includes a controller configured to deploy a transit gateway and a first gateway in a security virtual private cloud (VPC) in a cloud computing network, wherein the first gateway is configured to connect to a first firewall instance deployed within the security VPC, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving network traffic at the transit gateway from an originating VPC deployed within the cloud computing network, routing the network traffic from the transit gateway to the first gateway, providing the network traffic to the first firewall instance for inspection, and routing the network traffic to a destination VPC deployed within the cloud computing network. In embodiments, the first gateway is connected to a plurality of firewall instances, where each instance of the plurality of firewall instances is an active firewall instance.
A non-transitory storage medium featuring logic to obtain construct metadata and network data spanning multiple cloud networks includes a path determination logic, upon execution by one or more processors, configured to perform operations including: generate a topology mapping including a plurality of constructs and connections between the plurality of constructs extending across a multi-cloud network including a first cloud network and a second cloud network different than the first cloud network; receive user input corresponding to a selection of a source construct operating in the first cloud network and a destination construct operating in the second cloud network; analyze metadata and network data regarding the source construct and the destination construct to determine a data transmission path between the source and destination constructs; and determine a shortest path between the source construct and the destination constructs. An interface generation logic generates a visualization illustrating the data transmission path extending between the source construct and the destination construct.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A system for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
G01M 3/32 - Examen de l'étanchéité des structures ou ouvrages vis-à-vis d'un fluide par utilisation d'un fluide ou en faisant le vide par mesure du taux de perte ou de gain d'un fluide, p. ex. avec des dispositifs réagissant à la pression, avec des indicateurs de débit pour récipients, p. ex. radiateurs
H04L 61/103 - Correspondance entre adresses de types différents à travers les couches réseau, p. ex. résolution d’adresse de la couche réseau dans la couche physique ou protocole de résolution d'adresse [ARP]
H04L 101/622 - Adresses de couche 2, p. ex. adresses de contrôle d'accès au support [MAC]
In one embodiment, a controller features a first data store, a second data store and route determination logic. The first data store is configured to store current routing information from a source transit gateway within at least a first transit cloud network to a destination transit gateway within at least a second transit cloud network of the cloud network. Each of the source transit gateway and the destination transit gateway being one of a plurality of transit gateways associated with the cloud network. The second data store is configured to store alternative routing information between the source transit gateway and the destination transit gateway. The route determination logic is configured to (i) conduct analytics on all available route paths for a message intended to be sent from the source transit gateway to the destination transit gateway and (ii) select a best route path for the message.
A computerized method for providing network policy-based routing of a data flow is described. After obtaining attributes associated with an incoming data flow, a first gateway is configured to determine one or more network policies based on the attributes associated with the incoming data flow and assign a classification identifier based on the one or more network policies. The classification identifier is configured to influence routing paths through at least one cloud network, where the classification identifier is encapsulated into content of the incoming data flow to generate a classified data flow for routing from a source to a destination through the at least one cloud network.
H04L 47/2441 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS en s'appuyant sur la classification des flux, p. ex. en utilisant des services intégrés [IntServ]
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
20.
SYSTEM AND METHOD FOR ENABLING COMMUNICATION BETWEEN NETWORKS WITH OVERLAPPING IP ADDRESS RANGES
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.
H04L 61/106 - Correspondance entre adresses de types différents à travers les réseaux, p. ex. correspondance entre numéros de téléphone et adresses de réseaux de données
H04L 45/586 - Association de routeurs de routeurs virtuels
H04L 45/745 - Recherche de table d'adressesFiltrage d'adresses
H04L 61/4535 - Répertoires de réseauCorrespondance nom-adresse en utilisant une plate-forme d'échange d'adresses qui établit une session entre deux nœuds, p. ex. des serveurs de rendez-vous, des gardes-barrières de protocoles d'initiation de session [SIP] ou contrôleurs d’accès H.323
In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.
A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic that, upon execution by one or more processors, causes performance of operations including: obtaining metadata pertaining to each of the first gateway and the second gateway, obtaining network data, wherein a combination of the metadata and the network data identify each of a plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, generating an elliptical layout of a network topology graph illustrating a first segment including the first gateway representing deployment in the first cloud network and a second segment including the second gateway representing deployment in the second cloud computing network, and causing rendering of the visualization on a network device display screen.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
A computerized method for avoiding cross-region communications when utilizing a cloud overlay network is described. The method involves an operation of deploying one or more spoke gateways within at least a first region and a second region of a first virtual private cloud network. Thereafter, a region and a virtual private cloud network associated with a source and a destination of a communication are determined. Upon determining that the destination of the communication resides within a second virtual private cloud network, which is different than the first virtual private cloud network, the routing of the communication between the source and the destination is controlled by one or more spoke gateways solely residing within the region in which the source.
A computerized method for providing network policy-based routing of a data flow is described. After obtaining attributes associated with an incoming data flow, a first gateway is configured to determine one or more network policies based on the attributes associated with the incoming data flow and assign a classification identifier based on the one or more network policies. The classification identifier is configured to influence routing paths through at least one cloud network, where the classification identifier is encapsulated into content of the incoming data flow to generate a classified data flow for routing from a source to a destination through the at least one cloud network.
H04L 47/2441 - Trafic caractérisé par des attributs spécifiques, p. ex. la priorité ou QoS en s'appuyant sur la classification des flux, p. ex. en utilisant des services intégrés [IntServ]
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
26.
Systems and methods for firewall deployment in a transit virtual private cloud network deployed in a cloud computing environment
A distributed cloud computing system is statistics logic a controller configured to deploy a first gateway in a spoke virtual private cloud network (VPC) and a second gateway in a transit VPC, wherein the second gateway is configured to connect to a first firewall instance deployed within the transit VPC. The spoke VPC and the transit VPC are both located within a cloud computing network. The logic, upon execution by one or more processors, causes performance of operations including receiving network traffic by the second gateway from the first gateway, providing the network traffic to the first firewall instance for inspection, and routing the network traffic to a destination VPC deployed within the cloud computing network. In some embodiments, the first gateway is attached to a first interface of the second gateway and the first firewall instance is connected to a second interface.
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
G06F 9/48 - Lancement de programmes Commutation de programmes, p. ex. par interruption
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
H04L 12/26 - Dispositions de surveillance; Dispositions de test
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. The method features receiving a first address mapping query message from a first intermediary device and returning a first private IP address map. The first private IP address map includes at least a first plurality of private IP addresses each uniquely assigned to a computing device residing in the first network. In response to a triggering event, recovering a second private IP address map by a second intermediary device. Herein, the second private IP address map includes at least a second plurality of private IP addresses each uniquely assigned to a computing device residing in the second network. Thereafter, the source IP address for a private IP address associated with the computing device is substituted prior to transmission of a message from the first intermediary device to the second intermediary device upon determining that the first network and the second network include overlapping private IP address ranges.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 45/586 - Association de routeurs de routeurs virtuels
H04L 45/745 - Recherche de table d'adressesFiltrage d'adresses
H04L 61/106 - Correspondance entre adresses de types différents à travers les réseaux, p. ex. correspondance entre numéros de téléphone et adresses de réseaux de données
H04L 61/4535 - Répertoires de réseauCorrespondance nom-adresse en utilisant une plate-forme d'échange d'adresses qui établit une session entre deux nœuds, p. ex. des serveurs de rendez-vous, des gardes-barrières de protocoles d'initiation de session [SIP] ou contrôleurs d’accès H.323
29.
System for scaling network address translation (NAT) and firewall functions
According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demultiplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.
A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.
A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.
In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.
A computerized method for avoiding cross-region communications when utilizing a cloud overlay network is described. The method involves an operation of deploying one or more spoke gateways within at least a first region and a second region of a first virtual private cloud network. Thereafter, a region and a virtual private cloud network associated with a source and a destination of a communication are determined. Upon determining that the destination of the communication resides within a second virtual private cloud network, which is different than the first virtual private cloud network, the routing of the communication between the source and the destination is controlled by one or more spoke gateways solely residing within the region in which the source.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
H04L 45/76 - Routage dans des topologies définies par logiciel, p. ex. l’acheminement entre des machines virtuelles
34.
Systems and methods for virtual private network authentication
A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token. The method includes operations of the network gateway of receiving a secure connection request from the VPN client that includes the authentication token, validating the authentication token by querying the controller, in response to validation of the authentication token, establishing the secure connection with VPN client, and providing the VPN client with access to resources via the secure connection.
An edge gateway deployed within an overlay network interconnecting a first public cloud network with an on-premises network is described. Coupled to a controller, the edge gateway is configured to receive a configuration file and attestation data from a controller, analyze the configuration file to obtain at least a first network address being used as an interface for secure communications with the controller, establish a secure interconnect with the controller based on the attestation data, and conduct a provisioning operation to initiate a request to the controller for edge gateway software thereby automated provisioning the edge gateway without human intervention. The edge gateway experiences automated provisioning based on a configuration file and attestation data upload.
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
36.
SYSTEMS AND METHODS FOR LOAD BALANCING NETWORK TRAFFIC AT FIREWALLS DEPLOYED IN A CLOUD COMPUTING ENVIRONMENT
A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed. The computerized method includes operations of receiving, by a receiving gateway instance deployed within the distributed cloud computing system, the data packet, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, and when the session is not found via the session lookup, creating a tentative forward session and forwarding the data packet to a peer gateway instance. In some instances, the data packet is a User Datagram Protocol (UDP) packet. In some instances, the data packet is received from either of a spoke gateway instance or a transit gateway instance, and wherein the spoke gateway instance or the transit gateway instance is deployed within the distributed cloud computing system.
According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demuliplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.
A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.
In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.
H04L 67/025 - Protocoles basés sur la technologie du Web, p. ex. protocole de transfert hypertexte [HTTP] pour la commande à distance ou la surveillance à distance des applications
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 67/141 - Configuration des sessions d'application
H04L 69/00 - Dispositions, protocoles ou services de réseau indépendants de la charge utile de l'application et non couverts dans un des autres groupes de la présente sous-classe
40.
System and method for segmenting transit capabilities within a multi-cloud architecture
In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.
In one embodiment, a secure exchange system is described. The secure exchange system includes a virtual private cloud network and a controller. The virtual private cloud network includes a plurality of gateways, each gateway of the plurality of gateways is configured to generate one or more local directories. Each local directory of the one or more local directories representing one or more stored objects within a public cloud storage element. The controller is configured to authenticate a user prior to granting the user access to the virtual private cloud network. The gateways are accessible by the user over AWS Direct Connect, where the public cloud storage element is a S3 bucket.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
H04L 61/103 - Correspondance entre adresses de types différents à travers les couches réseau, p. ex. résolution d’adresse de la couche réseau dans la couche physique ou protocole de résolution d'adresse [ARP]
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token. The method includes operations of the network gateway of receiving a secure connection request from the VPN client that includes the authentication token, validating the authentication token by querying the controller, in response to validation of the authentication token, establishing the secure connection with VPN client, and providing the VPN client with access to resources via the secure connection.
A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed that includes receiving the data packet by a receiving gateway instance deployed within the distributed cloud computing system, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, when the session is not found via the session lookup, determining whether one least one peer firewall instance is available, and when a first peer firewall instance is available and the data packet is a synchronize packet, forwarding the data packet to the first peer firewall instance. In some instances, the data packet is a TCP packet and in others, the data packet is received from either of a spoke gateway or a transit gateway that is deployed within the distributed cloud computing system.
A system supporting transferring content between an on-premises network and a public cloud network includes a first cloud computing platform comprising a first software instance having a first IP address, a subnet configured to extend across on-premises network and a public cloud network, a first gateway associated with the on-premises network, a second gateway associate with the public cloud network, a secure communication path between the first and second gateways. The subnet comprises a shared IP address range between the public cloud network and the on-premises network, and the first IP address of the first software instance is the same as an IP address of the first software instance that resided on the on-premises network.
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
H04L 61/5007 - Adresses de protocole Internet [IP]
H04L 101/622 - Adresses de couche 2, p. ex. adresses de contrôle d'accès au support [MAC]
47.
System, method and apparatus for generating and searching a topology of resources among multiple cloud computing environments
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: transmitting one or more requests to the controller for metadata of at least the first gateway and the second gateway; receiving, from at least one of the first gateway and the second gateway, network data of the corresponding gateway; generating a visualization illustrating the metadata and the network data, wherein the metadata and the network data pertain to multiple cloud computing networks; and causing rendering of the visualization on a display screen of a network device.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 61/5007 - Adresses de protocole Internet [IP]
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
48.
System and method for determination of network operation metrics and generation of network operation metrics visualizations
A non-transitory storage medium featuring logic to obtain construct metadata and network data spanning multiple cloud networks includes a path determination logic, upon execution by one or more processors, configured to perform operations including: generate a topology mapping including a plurality of constructs and connections between the plurality of constructs extending across a multi-cloud network including a first cloud network and a second cloud network different than the first cloud network; receive user input corresponding to a selection of a source construct operating in the first cloud network and a destination construct operating in the second cloud network; analyze metadata and network data regarding the source construct and the destination construct to determine a data transmission path between the source and destination constructs; and determine a shortest path between the source construct and the destination constructs. An interface generation logic generates a visualization illustrating the data transmission path extending between the source construct and the destination construct.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed. The computerized method includes operations of receiving, by a receiving gateway instance deployed within the distributed cloud computing system, the data packet, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, and when the session is not found via the session lookup, creating a tentative forward session and forwarding the data packet to a peer gateway instance. In some instances, the data packet is a User Datagram Protocol (UDP) packet. In some instances, the data packet is received from either of a spoke gateway instance or a transit gateway instance, and wherein the spoke gateway instance or the transit gateway instance is deployed within the distributed cloud computing system.
A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.
H04L 45/00 - Routage ou recherche de routes de paquets dans les réseaux de commutation de données
H04L 45/125 - Évaluation de la route la plus courte basée sur le débit ou la bande passante
H04L 45/7453 - Recherche de table d'adressesFiltrage d'adresses en utilisant le hachage
H04L 61/2592 - Traduction d'adresses de protocole Internet [IP] en utilisant la tunnelisation ou l'encapsulation
H04L 61/5007 - Adresses de protocole Internet [IP]
51.
System and method for deploying a distributed cloud management system configured for generating interactive user interfaces of the state of a multi-cloud environment over time
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.
H04L 69/00 - Dispositions, protocoles ou services de réseau indépendants de la charge utile de l'application et non couverts dans un des autres groupes de la présente sous-classe
H04L 67/025 - Protocoles basés sur la technologie du Web, p. ex. protocole de transfert hypertexte [HTTP] pour la commande à distance ou la surveillance à distance des applications
H04L 67/141 - Configuration des sessions d'application
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
53.
Systems and methods for deploying a cloud management system configured for tagging constructs deployed in a multi-cloud environment
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and a topology system logic, stored on non-transitory, computer-medium, and comprising a topology snapshot logic. Upon execution by one or more processors, the topology system logic causes performance of operations that includes periodically saving states of a plurality of constructs at first and second time states, receiving user input corresponding to a selection of one or more constructs of the plurality of constructs, generating a topology mapping visualization that illustrates differences between the first and second states of the selection of one or more constructs of the plurality of constructs, and causing rendering of the topology mapping visualization on a display screen of a network device.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
G01M 3/32 - Examen de l'étanchéité des structures ou ouvrages vis-à-vis d'un fluide par utilisation d'un fluide ou en faisant le vide par mesure du taux de perte ou de gain d'un fluide, p. ex. avec des dispositifs réagissant à la pression, avec des indicateurs de débit pour récipients, p. ex. radiateurs
In one embodiment, a secure exchange system is described. The secure exchange system includes a virtual private cloud network and a controller. The virtual private cloud network includes a plurality of gateways, each gateway of the plurality of gateways is configured to generate one or more local directories. Each local directory of the one or more local directories representing one or more stored objects within a public cloud storage element. The controller is configured to authenticate a user prior to granting the user access to the virtual private cloud network. The gateways are accessible by the user over AWS Direct Connect, where the public cloud storage element is a S3 bucket.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
H04L 67/51 - Découverte ou gestion de ceux-ci, p. ex. protocole de localisation de service [SLP] ou services du Web
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
Logic for generating virtualization(s) based on metadata and network data for at least constructs spanning multiple cloud networks is described. The logic is configured to (i) generate a topology mapping including a plurality of constructs and connections extending across a multi-cloud network including a first cloud network and a second cloud network different than the first cloud network, (ii) receive input corresponding to a selection of a source construct and a destination construct, and (iii) determine a data transmission path between the source construct and the destination construct. Also, the logic is configured to generate a visualization illustrating the data transmission path extending between the source constraint operating in the first cloud network and the destination construct operating in the second cloud network. Lastly, the logic is configured to perform operations including a computation of latency periods between a pair of constructs included in the data transmission path.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
One embodiment of the invention features a system that includes a first virtual appliance and a second virtual appliance that support a transfer of content between an on-premises network and a public cloud network. Deployed as part of the on-premises network, the first virtual appliance translates a network address assigned to the content stored within a first non-transitory storage medium, which is associated with on-premises host residing within a first subnetwork of the on-premises network, to a temporary address associated with a second subnetwork. Deployed as part of the public cloud network, the second virtual appliance translates the temporary address back to the network address. The content, such as a software instance, is stored within a second non-transitory storage medium of the public cloud network with a network address identical to the network address used when stored within the first non-transitory storage medium pertaining to the on-premises network.
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
H04L 61/5007 - Adresses de protocole Internet [IP]
H04L 101/622 - Adresses de couche 2, p. ex. adresses de contrôle d'accès au support [MAC]
59.
Systems and methods for improving packet forwarding throughput for encapsulated tunnels
A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes performance of operations including generating a topology mapping visualization illustrating a plurality of constructs and communication paths therebetween, wherein a first subset of the plurality of constructs are deployed in the first cloud computing network and a second subset of the plurality of constructs are deployed in the second cloud computing network, receiving user input corresponding to (i) a selection of one or more constructs and (ii) an identifier for the selection, generating a filtered topology mapping visualization of the selection of the one or more constructs and any connections therebetween, and causing rendering of the filtered topology mapping visualization on a display screen.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p. ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 43/028 - Capture des données de surveillance en filtrant
61.
Systems and methods for controlling accessing and storing objects between on-prem data center and cloud
In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/1036 - Répartition de la charge des demandes adressées aux serveurs pour des services autres que la fourniture de contenu à utilisateur, p. ex. répartition des charges entre serveurs de noms de domaine
62.
SYSTEM AND METHOD FOR GENERATING A NETWORK HEALTH DASHBOARD FOR A MULTI-CLOUD ENVIRONMENT
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving gateway metrics spanning multiple cloud computing networks including at least the first and second cloud computing networks, wherein the deriving is based on at least the metadata and the network data of each of the first and second gateways, generating a dashboard visualization illustrating the gateway metrics, wherein the gateway metrics pertain to characteristics of each gateway and deployed constructs associated with each gateway, and causing rendering of the dashboard visualization on a display screen.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
In one embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.
H04L 67/1036 - Répartition de la charge des demandes adressées aux serveurs pour des services autres que la fourniture de contenu à utilisateur, p. ex. répartition des charges entre serveurs de noms de domaine
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways of the first plurality of gateways in accordance with a first tunnel protocol. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways in accordance with a second security protocol to provide redundant routing.
H04L 67/1029 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués en utilisant des données liées à l'état des serveurs par un répartiteur de charge
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
H04L 67/1087 - Réseaux de pairs [P2P] en utilisant les aspects inter-fonctionnels d’établissement de réseau
66.
Scaling network address translation (NAT) and firewall functionality to support public cloud networks
According to one embodiment, a computerized method conducted by logic deployed within a network device implemented within a virtual private cloud network for supporting network address translations within a public cloud network is described. Herein, after receipt of a message, based on content within the message, a network address translation (NAT) control logic unit from a plurality of NAT control logic units is selected. The selected NAT control logic unit is configured to perform address translations on information within the message to produce a translated message. Thereafter, the translated message is routed to a destination network device located on the public network.
According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.
A distributed cloud computing system is disclosed that includes a controller configured to deploy a plurality of gateways in a first cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: generating a topology mapping of the first cloud computing network including a plurality of constructs and connections therebetween, wherein the plurality of constructs includes the plurality of gateways, receiving input corresponding to a selection of a source construct and a destination construct, determining a data transmission path between the source construct and the destination construct, generating a visualization illustrating the data transmission path, and causing rendering of the visualization on a display screen of a network device.
H04L 12/26 - Dispositions de surveillance; Dispositions de test
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
H04L 12/24 - Dispositions pour la maintenance ou la gestion
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 61/5007 - Adresses de protocole Internet [IP]
69.
System, method and apparatus for generating and searching a topology of resources among multiple cloud computing environments
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: transmitting one or more requests to the controller for metadata of at least the first gateway and the second gateway; receiving, from at least one of the first gateway and the second gateway, network data of the corresponding gateway; generating a visualization illustrating the metadata and the network data, wherein the metadata and the network data pertain to multiple cloud computing networks; and causing rendering of the visualization on a display screen of a network device.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving gateway metrics spanning multiple cloud computing networks including at least the first and second cloud computing networks, wherein the deriving is based on at least the metadata and the network data of each of the first and second gateways, generating a dashboard visualization illustrating the gateway metrics, wherein the gateway metrics pertain to characteristics of each gateway and deployed constructs associated with each gateway, and causing rendering of the dashboard visualization on a display screen.
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A distributed cloud computing system is disclosed that includes a controller configured to manage a plurality of constructs, wherein a first subset are deployed in a first cloud computing network and a second subset are deployed in a second cloud computing network, and logic. The logic, upon execution by a processor, causes operations including receiving, from the controller, metadata pertaining to the plurality of constructs, receiving, from one or more gateways, network data associated with the one or more gateways, receiving network data, wherein the metadata and the network data identify each of the plurality of constructs, the communication paths between each construct, and in which cloud computing network each construct is deployed, deriving network traffic metrics from the metadata and the network data, generating a visualization illustrating the network traffic metrics, and causing rendering of the visualization on a display screen of a network device.
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving heat map information detailing a density of network traffic at a plurality of geographic locations, wherein the network traffic is transmitted across multiple cloud computing networks, generating a heat map visualization illustrating the density of the network traffic that includes a map of a geographic region as well as an overlay of visual indicators representing the density of the network traffic, and causing rendering of the heat map visualization on a display screen of a network device.
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
H04L 61/5007 - Adresses de protocole Internet [IP]
73.
Systems and methods for deploying a cloud management system configured for tagging constructs deployed in a multi-cloud environment
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes performance of operations including generating a topology mapping visualization illustrating a plurality of constructs and communication paths therebetween, wherein a first subset of the plurality of constructs are deployed in the first cloud computing network and a second subset of the plurality of constructs are deployed in the second cloud computing network, receiving user input corresponding to (i) a selection of one or more constructs and (ii) an identifier for the selection, generating a filtered topology mapping visualization of the selection of the one or more constructs and any connections therebetween, and causing rendering of the filtered topology mapping visualization on a display screen.
H04L 12/24 - Dispositions pour la maintenance ou la gestion
H04L 12/26 - Dispositions de surveillance; Dispositions de test
74.
System and method for deploying a distributed cloud management system configured for generating interactive user interfaces of the state of a multi-cloud environment over time
A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 43/045 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux pour la visualisation graphique des données de surveillance
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 12/66 - Dispositions pour la connexion entre des réseaux ayant différents types de systèmes de commutation, p. ex. passerelles
H04L 67/10 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau
H04L 41/12 - Découverte ou gestion des topologies de réseau
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 43/0876 - Utilisation du réseau, p. ex. volume de charge ou niveau de congestion
G06F 3/04817 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p. ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comportement ou d’aspect utilisant des icônes
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 12/741 - Traitement de l'adressage d’en-tête pour le routage, p.ex. table de correspondance
H04L 12/713 - Prévention ou récupération du défaut de routage, p.ex. reroutage, redondance de route "virtual router redundancy protocol" [VRRP] ou "hot standby router protocol" [HSRP] par redondances de nœud, p.ex. VRRP
76.
System and method for selecting virtual appliances in communications with virtual private cloud networks
A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.
G01M 3/32 - Examen de l'étanchéité des structures ou ouvrages vis-à-vis d'un fluide par utilisation d'un fluide ou en faisant le vide par mesure du taux de perte ou de gain d'un fluide, p. ex. avec des dispositifs réagissant à la pression, avec des indicateurs de débit pour récipients, p. ex. radiateurs
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
77.
System and method for non-disruptive migration of software components to a public cloud system
One embodiment of the invention features a system including a first gateway and a second gateway that operate in concert to support a migration of a software component from an on-premises network to a public cloud network while preserving an Internet Protocol (IP) address assigned to the software component. The first gateway deployed as part of the on-premises network, and the second gateway deployed as part of the public cloud network. The first and second gateways are in communication via a secure communication path. To support migration of the software component to the public cloud network while retaining its IP address, the second gateway is configured to resolve a media access control (MAC) address for an on-premises host connected to the on-premises network. Similarly, the first gateway is configured to resolve a MAC address for a cloud host connected to the public cloud network.
A computerized method for increasing throughput of encapsulated data through tunnels, the computerized method including receiving data at a first network device for transmission over a network to a second network device. Then determining at the first network device the number of available processing cores on the second network device and generating a plurality of tunneling sessions between the first network device and the second device. Associating the received data with a particular tunneling session and then generating translation data unique to the associated tunneling session prior to encapsulating the received data with the translation data. Finally, transmitting the encapsulated data to the second network device and processing the transmitted encapsulated data received at the second network device with a particular processing core based on the received translation data.
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 12/729 - Sélection d’un chemin avec bande passante ou débit adéquat
H04L 12/721 - Procédures de routage, p.ex. routage par le chemin le plus court, routage par la source, routage à état de lien ou routage par vecteur de distance
H04L 12/743 - Traitement de l'adressage d’en-tête pour le routage, p.ex. table de correspondance par des techniques de hachage
79.
System for scaling network address translation (NAT) and firewall functions
According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demuliplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.
A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 12/713 - Prévention ou récupération du défaut de routage, p.ex. reroutage, redondance de route "virtual router redundancy protocol" [VRRP] ou "hot standby router protocol" [HSRP] par redondances de nœud, p.ex. VRRP
H04L 12/741 - Traitement de l'adressage d’en-tête pour le routage, p.ex. table de correspondance
81.
System and method for interconnecting local systems and cloud systems to provide seamless communications
A system with a local network and a set of remote networks is described herein. A subnet address range associated with the local network is subdivided into sub-segment address ranges. Each remote network is assigned a sub-segment address range for communicating with the local network. Each sub-segment address range is a smaller part of the original subnet range and each sub-segment range does not overlap with other sub-segment address ranges. Using an intermediate-local function device of the local network and intermediate-remote function devices of the remote networks, client stations in both the local and remote networks may seamlessly communicate using their native private addresses as destination addresses and without indirect address mapping. Further, the intermediate-local and the intermediate-remote function devices allow client stations in the local and remote networks to communicate without installation of corresponding agents or knowledge of the location of the client stations in separate physical networks.
A system with a local network and a set of remote networks is described herein. A subnet address range associated with the local network is subdivided into sub-segment address ranges. Each remote network is assigned a sub-segment address range for communicating with the local network. Each sub-segment address range is a smaller part of the original subnet range and each sub-segment range does not overlap with other sub-segment address ranges. Using an intermediate-local function device of the local network and intermediate-remote function devices of the remote networks, client stations in both the local and remote networks may seamlessly communicate using their native private addresses as destination addresses and without indirect address mapping. Further, the intermediate-local and the intermediate-remote function devices allow client stations in the local and remote networks to communicate without installation of corresponding agents or knowledge of the location of the client stations in separate physical networks.
brevets
