Global object definition and management for distributed firewalls
US11128600B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 21, 2016 |
| Grant date | Sep 21, 2021 |
| Priority date | — |
| Expiry date | May 22, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2212/62
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method of defining distributed firewall rules in a group of datacenters is provided. Each datacenter includes a group of data compute nodes (DCNs). The method sends a set of security tags from a particular datacenter to other datacenters. The method, at each datacenter, associates a unique identifier of one or more DCNs of the datacenter to each security tag. The method associates one or more security tags to each of a set of security group at the particular datacenter and defines a set of distributed firewall rules at the particular datacenter based on the security tags. The method sends the set of distributed firewall rules from the particular datacenter to other datacenters. The method, at each datacenter, translates the firewall rules by mapping the unique identifier of each DCN in a distributed firewall rule to a corresponding static address associated with the DCN.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.