-
1.发明授权System and method for migrating application virtual machines in a network environment 有权在网络环境中迁移应用程序虚拟机的系统和方法公开(公告)号:US09201704B2
公开(公告)日:2015-12-01
申请号:US13440735
申请日:2012-04-05
申请人: David Wei-Shen Chang , Abhijit Patra , Nagaraj A. Bagepalli , Murali Anantha , Jason Zhen Zhang
发明人: David Wei-Shen Chang , Abhijit Patra , Nagaraj A. Bagepalli , Murali Anantha , Jason Zhen Zhang
IPC分类号: G06F15/16 , G06F15/177 , G06F9/50 , G06F9/455 , G06F9/48
CPC分类号: G06F9/5077 , G06F9/45558 , G06F9/4856 , G06F9/5072 , G06F2009/4557
摘要: A method includes managing a virtual machine (VM) in a cloud extension, where the VM is part of a distributed virtual switch (DVS) of an enterprise network, abstracting an interface that is transparent to a cloud infrastructure of the cloud extension, and intercepting network traffic from the VM, where the VM can communicate securely with the enterprise network. The cloud extension comprises a nested VM container (NVC) that includes an emulator configured to enable abstracting the interface, and dual transmission control protocol/Internet Protocol stacks for supporting a first routing domain for communication with the cloud extension, and a second routing domain for communication with the enterprise network. The NVC may be agnostic with respect to operating systems running on the VM. The method further includes migrating the VM from the enterprise network to the cloud extension through suitable methods.
摘要翻译: 一种方法包括管理云扩展中的虚拟机(VM),其中VM是企业网络的分布式虚拟交换机(DVS)的一部分,抽象出对云扩展的云基础架构透明的接口,并拦截 来自虚拟机的网络流量,VM可以与企业网络进行安全通信。 云扩展包括嵌套VM容器(NVC),其包括被配置为实现对接口进行抽象的仿真器,以及用于支持用于与云扩展通信的第一路由域的双传输控制协议/因特网协议栈,以及用于 与企业网络通信。 对于在VM上运行的操作系统,NVC可能是无关紧要的。 该方法还包括通过适当的方法将VM从企业网络迁移到云扩展。
-
公开(公告)号:US07623468B2
公开(公告)日:2009-11-24
申请号:US10927290
申请日:2004-08-25
申请人: Rina Panigrahy , Jackie Liu , Daniel Yu-Kwong Ng , Sanjay Jain , Nagaraj A. Bagepalli , Abhijit Patra
发明人: Rina Panigrahy , Jackie Liu , Daniel Yu-Kwong Ng , Sanjay Jain , Nagaraj A. Bagepalli , Abhijit Patra
IPC分类号: H04L12/56
CPC分类号: H04L63/0254 , H04L63/1408 , H04L69/22
摘要: The present invention provides a packet processing device and method. A parsing processor provides instruction-driven content inspection of network packets at 10-Gbps and above with a parsing engine that executes parsing instructions. A flow state unit maintains statefulness of packet flows to allow content inspection across several related network packets. A state-graph unit traces state-graph nodes to keyword indications and/or parsing instructions. The parsing instructions can be derived from a high-level application to emulate user-friendly parsing logic. The parsing processor sends parsed packets to a network processor unit for further processing.
-
公开(公告)号:US08639842B1
公开(公告)日:2014-01-28
申请号:US11479981
申请日:2006-06-30
申请人: Nagaraj A. Bagepalli , Abhijit Patra , Murali Bashyam , David Wei-Shen Chang , Mahesh Jethanandani
发明人: Nagaraj A. Bagepalli , Abhijit Patra , Murali Bashyam , David Wei-Shen Chang , Mahesh Jethanandani
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: G06F9/5033 , H04L63/0272 , H04L65/605 , H04L67/1027 , H04L67/1038
摘要: Systems and procedures are presented for communicating multiple data streams through an SSLVPN gateway. One implementation of a method includes receiving a plurality of incoming data streams and load balancing the incoming data streams. The load balancing includes assigning a first set of one or more incoming data streams to a first subprocessor, and responding to the first set of incoming data streams with outgoing data streams that include a first identifier that indicates the first subprocessor. One implementation of a network element includes a plurality of subprocessors and a dispatcher module. The dispatcher module is coupled to the plurality of subprocessors, and is configured to recognize an identifier in a received data stream. The dispatcher module dispatches the received data stream to a corresponding subprocessor of the plurality of processors in response to the identifier in the received data stream.
摘要翻译: 呈现系统和程序,用于通过SSLVPN网关传送多个数据流。 一种方法的实现包括接收多个输入数据流并负载平衡输入数据流。 负载平衡包括将第一组一个或多个输入数据流分配给第一子处理器,以及响应于包括指示第一子处理器的第一标识符的输出数据流的第一组输入数据流。 网元的一个实现包括多个子处理器和调度器模块。 调度器模块耦合到多个子处理器,并且被配置为识别接收的数据流中的标识符。 调度器模块响应于接收到的数据流中的标识符将接收到的数据流分派到多个处理器的对应的子处理器。
-
公开(公告)号:US20130283364A1
公开(公告)日:2013-10-24
申请号:US13454528
申请日:2012-04-24
IPC分类号: G06F21/00
CPC分类号: H04L49/70 , G06F9/45558 , G06F2009/4557 , G06F2009/45595 , H04L12/462 , H04L12/4625 , H04L12/4633 , H04L12/4641 , H04L2012/5617
摘要: In one embodiment, a secure transport layer tunnel may be established over a public network between a first cloud gateway in a private cloud and a second cloud gateway in a public cloud, where the secure transport layer tunnel is configured to provide a link layer network extension between the private cloud and the public cloud. In addition, a cloud virtual Ethernet module (cVEM) may be executed (instantiated) within the public cloud, where the cVEM is configured to switch inter-virtual-machine (VM) traffic between the private cloud and one or more private application VMs in the public cloud connected to the cVEM.
摘要翻译: 在一个实施例中,可以通过私有云中的第一云网关和公共云中的第二云网关之间的公共网络建立安全传输层隧道,其中安全传输层隧道被配置为提供链路层网络扩展 在私有云和公共云之间。 此外,云虚拟以太网模块(cVEM)可以在公共云内执行(实例化),其中cVEM被配置为在专用云和一个或多个私有应用VM之间切换虚拟机(VM)流量, 公共云连接到cVEM。
-
公开(公告)号:US07586851B2
公开(公告)日:2009-09-08
申请号:US10832796
申请日:2004-04-26
申请人: Rina Panigrahy , Jackie Liu , Daniel Yu-Kwong Ng , Sanjay Jain , Nagaraj A. Bagepalli , Abhijit Patra
发明人: Rina Panigrahy , Jackie Liu , Daniel Yu-Kwong Ng , Sanjay Jain , Nagaraj A. Bagepalli , Abhijit Patra
CPC分类号: H04L63/0254 , H04L63/1408 , H04L69/22
摘要: The present invention provides a packet processing device and method. A parsing processor provides instruction-driven content inspection of network packets at 10-Gbps and above with a parsing engine that executes parsing instructions. A flow state unit maintains statefulness of packet flows to allow content inspection across several related network packets. A state-graph unit traces state-graph nodes to keyword indications and/or parsing instructions. The parsing instructions can be derived from a high-level application to emulate user-friendly parsing logic. The parsing processor sends parsed packets to a network processor unit for further processing.
摘要翻译: 本发明提供一种分组处理装置和方法。 解析处理器使用执行解析指令的解析引擎,以10Gbps及以上的网络分组提供指令驱动的内容检查。 流状态单元保持分组流的状态,以允许跨多个相关网络分组的内容检查。 状态图单元将状态图节点跟踪到关键字指示和/或解析指令。 解析指令可以从高级应用程序导出,以模拟用户友好的解析逻辑。 解析处理器将解析的分组发送到网络处理器单元用于进一步处理。
-
公开(公告)号:US09203784B2
公开(公告)日:2015-12-01
申请号:US13454528
申请日:2012-04-24
IPC分类号: G06F21/00 , H04L12/931 , H04L12/70 , H04L12/46
CPC分类号: H04L49/70 , G06F9/45558 , G06F2009/4557 , G06F2009/45595 , H04L12/462 , H04L12/4625 , H04L12/4633 , H04L12/4641 , H04L2012/5617
摘要: In one embodiment, a secure transport layer tunnel may be established over a public network between a first cloud gateway in a private cloud and a second cloud gateway in a public cloud, where the secure transport layer tunnel is configured to provide a link layer network extension between the private cloud and the public cloud. In addition, a cloud virtual Ethernet module (cVEM) may be executed (instantiated) within the public cloud, where the cVEM is configured to switch inter-virtual-machine (VM) traffic between the private cloud and one or more private application VMs in the public cloud connected to the cVEM.
摘要翻译: 在一个实施例中,可以通过私有云中的第一云网关和公共云中的第二云网关之间的公共网络建立安全传输层隧道,其中安全传输层隧道被配置为提供链路层网络扩展 在私有云和公共云之间。 此外,云虚拟以太网模块(cVEM)可以在公共云内执行(实例化),其中cVEM被配置为在专用云和一个或多个私有应用VM之间切换虚拟机(VM)流量, 公共云连接到cVEM。
-
7.发明授权System and method for simulating virtual machine migration in a network environment 有权用于在网络环境中模拟虚拟机迁移的系统和方法公开(公告)号:US09223634B2
公开(公告)日:2015-12-29
申请号:US13462200
申请日:2012-05-02
CPC分类号: G06F9/5077 , G06F9/445 , G06F9/45558 , G06F17/50 , G06F2009/4557 , H04L41/145 , H04L67/34 , H04L67/38
摘要: A method includes simulating network resources of a portion of a cloud in a simulated cloud within a enterprise network, the cloud being communicable with the enterprise network over a first communication channel, which may be external to the enterprise network. The method can also include simulating network behavior of the first communication channel in a second communication channel within the enterprise network, and validating application performance in the simulated cloud. Simulating network resources includes providing a cloud resources abstraction layer in the enterprise network, and allocating enterprise network resources in the enterprise network to the simulated cloud by the cloud resources abstraction layer. The method further includes adding a virtual network service appliance to the simulated cloud, and determining a change to a network topology of the enterprise network to accommodate the virtual appliance without materially impacting application performance.
摘要翻译: 一种方法包括模拟企业网络内的模拟云中的云的一部分的网络资源,云可以通过可能在企业网络外部的第一通信信道与企业网络通信。 该方法还可以包括在企业网络内的第二通信信道中模拟第一通信信道的网络行为,以及验证模拟云中的应用性能。 模拟网络资源包括在企业网络中提供云资源抽象层,并通过云资源抽象层将企业网络中的企业网络资源分配给模拟云。 该方法还包括将虚拟网络服务设备添加到模拟云中,以及确定对企业网络的网络拓扑的改变以适应虚拟设备,而不会对应用程序性能造成重大影响。
-
公开(公告)号:US07657940B2
公开(公告)日:2010-02-02
申请号:US11124003
申请日:2005-05-06
申请人: Maurizio Portolani , Mauricio Arregoces , David W. Chang , Nagaraj A. Bagepalli , Stefano Testa
发明人: Maurizio Portolani , Mauricio Arregoces , David W. Chang , Nagaraj A. Bagepalli , Stefano Testa
CPC分类号: H04L63/0254 , H04L63/0464 , H04L63/166 , H04L67/1002 , H04L67/1006 , H04L67/101 , H04L67/1027
摘要: A data center provides secure handling of HTTPS traffic using backend SSL decryption and encryption in combination with a load balancer such as a content switch. The load balancer detects HTTPS traffic and redirects it to an SSL offloading device for decryption and return to the load balancer. The load balancer then uses the clear text traffic for load balancing purposes before it redirects the traffic back to the SSL offloading device for re-encryption. Thereafter, the re-encrypted traffic is sent to the destination servers in the data center. In one embodiment, the combination with the back-end SSL with an intrusion detection system improves security by performing intrusion detection on the decrypted HTTPS traffic.
摘要翻译: 数据中心使用后端SSL解密和加密以及诸如内容交换机之类的负载平衡器来提供对HTTPS流量的安全处理。 负载平衡器检测HTTPS流量并将其重定向到SSL卸载设备进行解密并返回到负载均衡器。 然后,负载平衡器在将流量重定向到SSL卸载设备以进行重新加密之前,使用明文流量进行负载平衡。 此后,重新加密的流量被发送到数据中心中的目的地服务器。 在一个实施例中,与具有入侵检测系统的后端SSL的组合通过对解密的HTTPS业务进行入侵检测来提高安全性。
-
9.发明申请SYSTEM AND METHOD FOR SIMULATING VIRTUAL MACHINE MIGRATION IN A NETWORK ENVIRONMENT 有权在网络环境中模拟虚拟机移动的系统和方法公开(公告)号:US20130297769A1
公开(公告)日:2013-11-07
申请号:US13462200
申请日:2012-05-02
IPC分类号: G06F15/173
CPC分类号: G06F9/5077 , G06F9/445 , G06F9/45558 , G06F17/50 , G06F2009/4557 , H04L41/145 , H04L67/34 , H04L67/38
摘要: A method includes simulating network resources of a portion of a cloud in a simulated cloud within a enterprise network, the cloud being communicable with the enterprise network over a first communication channel, which may be external to the enterprise network. The method can also include simulating network behavior of the first communication channel in a second communication channel within the enterprise network, and validating application performance in the simulated cloud. Simulating network resources includes providing a cloud resources abstraction layer in the enterprise network, and allocating enterprise network resources in the enterprise network to the simulated cloud by the cloud resources abstraction layer. The method further includes adding a virtual network service appliance to the simulated cloud, and determining a change to a network topology of the enterprise network to accommodate the virtual appliance without materially impacting application performance.
摘要翻译: 一种方法包括模拟企业网络内的模拟云中的云的一部分的网络资源,云可以通过可能在企业网络外部的第一通信信道与企业网络通信。 该方法还可以包括在企业网络内的第二通信信道中模拟第一通信信道的网络行为,以及验证模拟云中的应用性能。 模拟网络资源包括在企业网络中提供云资源抽象层,并通过云资源抽象层将企业网络中的企业网络资源分配给模拟云。 该方法还包括将虚拟网络服务设备添加到模拟云中,以及确定对企业网络的网络拓扑的改变以适应虚拟设备,而不会对应用程序性能造成重大影响。
-
10.发明申请SYSTEM AND METHOD FOR MIGRATING APPLICATION VIRTUAL MACHINES IN A NETWORK ENVIRONMENT 有权在网络环境中迁移应用虚拟机的系统和方法公开(公告)号:US20130268643A1
公开(公告)日:2013-10-10
申请号:US13440735
申请日:2012-04-05
申请人: David Wei-Shen Chang , Abhijit Patra , Nagaraj A. Bagepalli , Murali Anantha , Jason Zhen Zhang
发明人: David Wei-Shen Chang , Abhijit Patra , Nagaraj A. Bagepalli , Murali Anantha , Jason Zhen Zhang
IPC分类号: G06F15/173 , G06F9/455
CPC分类号: G06F9/5077 , G06F9/45558 , G06F9/4856 , G06F9/5072 , G06F2009/4557
摘要: A method includes managing a virtual machine (VM) in a cloud extension, where the VM is part of a distributed virtual switch (DVS) of an enterprise network, abstracting an interface that is transparent to a cloud infrastructure of the cloud extension, and intercepting network traffic from the VM, where the VM can communicate securely with the enterprise network. The cloud extension comprises a nested VM container (NVC) that includes an emulator configured to enable abstracting the interface, and dual transmission control protocol/Internet Protocol stacks for supporting a first routing domain for communication with the cloud extension, and a second routing domain for communication with the enterprise network. The NVC may be agnostic with respect to operating systems running on the VM. The method further includes migrating the VM from the enterprise network to the cloud extension through suitable methods.
摘要翻译: 一种方法包括管理云扩展中的虚拟机(VM),其中VM是企业网络的分布式虚拟交换机(DVS)的一部分,抽象出对云扩展的云基础架构透明的接口,并拦截 来自虚拟机的网络流量,VM可以与企业网络进行安全通信。 云扩展包括嵌套VM容器(NVC),其包括被配置为实现对接口进行抽象的仿真器,以及用于支持用于与云扩展通信的第一路由域的双传输控制协议/因特网协议栈,以及用于 与企业网络通信。 对于在VM上运行的操作系统,NVC可能是无关紧要的。 该方法还包括通过适当的方法将VM从企业网络迁移到云扩展。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.011 秒)
