( 12 ) United States Patent
`(12) United States Patent
`Doctor et al .
`Doctor et al.
`
`( 10 ) Patent No .:
`US 10,944,811 B2
`(10) Patent No.: US 10,944,811 B2
`( 45 ) Date of Patent :
`Mar. 9 , 2021
`Mar. 9, 2021
`(45) Date of Patent:
`
`USO10944811B2
`
`( 54 ) HYBRID CLOUD NETWORK MONITORING
`(54)
`HYBRID CLOUD NETWORK MONITORING
`SYSTEM FOR TENANT USE
`SYSTEM FOR TENANT USE
`( 71 ) Applicant : VMware , Inc. , Palo Alto , CA ( US )
`(71)
`Applicant: VMware, Inc., Palo Alto, CA (US)
`( 72 ) Inventors : Brad Doctor , Broomfield , CO ( US ) ;
`(72)
`Inventors: Brad Doctor, Broomfield, CO (US);
`Matt Probst , Orem , UT ( US )
`Matt Probst, Orem, UT (US)
`( 73 ) Assignee : VMware , Inc. , Palo Alto , CA ( US )
`(73)
`Assignee: VMware, Inc., Palo Alto, CA (US)
`Subject to any disclaimer , the term of this
`( * ) Notice :
`Notice:
`Subject to any disclaimer, the term of this
`*)
`patent is extended or adjusted under 35
`patent is extended or adjusted under 35
`U.S.C. 154 ( b ) by 46 days .
`U.S.C. 154(b) by 46 days.
`( 21 ) Appl . No .: 15 / 846,133
`Appl. No.: 15/846,133
`(21)
`( 22 ) Filed :
`Dec. 18 , 2017
`Filed:
`(22)
`Dec. 18, 2017
`( 65 )
`(65)
`
`Prior Publication Data
`Prior Publication Data
`Apr. 19 , 2018
`US 2018/0109602 A1
`US 2018/0109602 Al
`Apr. 19, 2018
`
`Related U.S. Application Data
`Related U.S. Application Data
`( 63 ) Continuation of application No. 14 / 579,911 , filed on
`Continuation of application No. 14/579,911, filed on
`(63)
`Dec. 22 , 2014 , now Pat . No. 9,860,309 .
`Dec. 22, 2014, now Pat. No. 9,860,309.
`( 51 ) Int . Cl .
`(51)
`Int. Cl.
`H04L 29/08
`H04L 29/08
`H04L 12/46
`H04L 12/46
`H04L 12/26
`H04L 12/26
`( 52 ) U.S. CI .
`U.S. Cl.
`(52)
`CPC
`CPC
`
`( 2006.01 )
`(2006.01)
`( 2006.01 )
`(2006.01)
`( 2006.01 )
`(2006.01)
`
`H04L 67/10 ( 2013.01 ) ; H04L 12/4633
`H04L 67/10 (2013.01); H04L 12/4633
`( 2013.01 ) ; H04L 43/062 ( 2013.01 ) ; H04L
`(2013.01); H04L 43/062 (2013.01); H04L
`43/12 ( 2013.01 )
`43/12 (2013.01)
`Field of Classification Search
`Field of Classification Search
`CPC ... HO4L 67/10 ; H04L 12/4633 ; HO4L 43/062 ;
`CPC ... H04L 67/10; H04L 12/4633; H04L 43/062;
`HO4L 43/12
`H04L 43/12
`USPC
`709/224
` 709/224
`USPC
`See application file for complete search history .
`See application file for complete search history.
`
`( 58 )
`(58)
`
`( 56 )
`(56)
`
`References Cited
`References Cited
`U.S. PATENT DOCUMENTS
`U.S. PATENT DOCUMENTS
`
`3/2011 Walker
`7,899,048 B1 *
`3/2011 Walker
`7,899,048 B1*
`8,547,972 B2 * 10/2013 Mahdavi
`8,547,972 B2 * 10/2013 Mandavi
`8,645,952 B2 *
`2/2014 Biswas
`8,645,952 B2 * 2/2014 Biswas
`
`8,665,747 B2 *
`8,665,747 B2 *
`
`3/2014 Elsen
`3/2014 Elsen
`
`8,879,554 B2 * 11/2014 Emmadi
`8,879,554 B2* 11/2014 Emmadi
`8,996,691 B1 *
`3/2015 Stickle
`8,996,691 B1 *
`3/2015 Stickle
`
`H04L 43/18
`H04L 43/18
`370/390
`370/390
`GO6F 9/455
`G06F 9/455
`370/389
`370/389
`H04L 49/208
`H04L 49/208
`718/1
`718/1
`HO4L 45/18
`H04L 45/18
`370/254
`370/254
`HO4L 49/30
`H04L 49/30
`370/389
`370/389
`H04L 12/40071
`H04L 12/40071
`709/224
`709/224
`H04L 49/355
`H04L 49/355
`
`9,397,960 B2 *
`9,397,960 B2 *
`
`7/2016 Arad
`7/2016 Arad
`( Continued )
`(Continued)
`Primary Examiner Esther B. Henderson
`Primary Examiner — Esther B. Henderson
`Assistant Examiner Nazia Naoreen
`Assistant Examiner — Nazia Naoreen
`( 74 ) Attorney , Agent , or Firm — Loza & Loza , LLP
`(74) Attorney, Agent, or Firm — Loza & Loza, LLP
`( 57 )
`ABSTRACT
`ABSTRACT
`(57)
`Network traffic in a cloud computing system is monitored in
`Network traffic in a cloud computing system is monitored in
`response to a request to capture network traffic of a tenant
`response to a request to capture network traffic of a tenant
`port of a first virtual machine ( VM ) executing in the cloud
`port of a first virtual machine (VM) executing in the cloud
`computing system , wherein the first VM is associated with
`computing system, wherein the first VM is associated with
`a first tenant organization different from a second organiza
`a first tenant organization different from a second organiza-
`tion managing the cloud computing system . A decapsulating
`tion managing the cloud computing system. A decapsulating
`VM having a first network interface and a second network
`VM having a first network interface and a second network
`interface is instantiated , wherein the decapsulating VM is
`interface is instantiated, wherein the decapsulating VM is
`inaccessible to the first tenant organization . An encapsulated
`inaccessible to the first tenant organization. An encapsulated
`port mirroring session from the tenant port of the first VM
`port mirroring session from the tenant port of the first VM
`to the first network interface of the decapsulating VM is then
`to the first network interface of the decapsulating VM is then
`established . A plurality of packets comprising captured
`established. A plurality of packets comprising captured
`network traffic received via the encapsulated port mirroring
`network traffic received via the encapsulated port mirroring
`session are decapsulated , and the captured network traffic is
`session are decapsulated, and the captured network traffic is
`forwarded via the second network interface of the decapsu
`forwarded via the second network interface of the decapsu-
`lating VM to a sniffer VM .
`lating VM to a sniffer VM.
`14 Claims , 4 Drawing Sheets
`14 Claims, 4 Drawing Sheets
`
`Packet Capture Module 280
`Packet Capture Module 280
`Start
`Start
`
`Receive data packet
`Receive data packet
`from network
`from network
`
`Transmit data packet to
`Transmit data packet to
`destination VM
`destination VM
`
`Data packet
`Data packet
`to be monitored ?
`to be monitored?
`
`Yes
`Ye
`
`405
`405
`
`410
`410
`
`415
`415
`
`No
`No
`
`420
`420
`
`425
`425
`
`Encapsulate data packet
`Encapsulate data packet
`
`Transmit encapsulated
`packet to tunnel
`packet to tunnel
`
`Transmit encapsulated r
`
`430
`430
`
`Continue
`Continue
`receiving packets ?
`receinng pack
`
`Yes
`Ye
`
`No
`
`400
`400
`Decapsulator VM 240
`DecapsulatorVM 240
`
`406
`406
`
`407
`407
`
`435
`435
`
`440
`440
`
`445
`445
`
`450
`450
`
`-.
`
`455
`455
`
`Read mapping of
`Read mapping of
`tenants to sniffer VMS
`tenants to sniffer VMs
`
`Start sending thread for
`Start sending thread for
`each sniffer VM
`each sniffer VM
`
`I
`Receive encapsulated
`J Receive encapsulated
`packet from tunnel
`packet from tunnel
`
`Extract data packet from
`Extract data packet from
`encapsulated packet
`
`encapsulated packet
`
`Determine address of
`Determine address of
`target sniffer VM
`target sniffer VM
`
`Update data packet to
`Update data packet to
`include address of target
`include address of target
`sniffer VM
`sniffer VM
`
`Transmit updated data
`Transmit updated data
`packet to target sniffer
`packet to target sniffer
`VM
`VM
`
`End
`End
`
`460
`460
`
`No
`
`Continue
`Continue
`receiving packets ?
`receiving
`
`Yes
`Ye
`
`WIZ, Inc. EXHIBIT - 1012
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1012
`WIZ, Inc. v. Orca Security LTD.
`
`

`

`US 10,944,811 B2
`US 10,944,811 B2
`Page 2
`Page 2
`
`( 56 )
`(56)
`
`References Cited
`References Cited
`U.S. PATENT DOCUMENTS
`U.S. PATENT DOCUMENTS
`
`2014/0185616 A1 *
`7/2014 Bloch
`2014/0185616 A1* 7/2014 Bloch
`
`2014/0279885 A1 *
`9/2014 Anantharam
`2014/0279885 Al * 9/2014 Anantharam
`5/2015 Yalagandula
`2015/0139232 A1 *
`2015/0139232 Al* 5/2015 Yalagandula
`
`* cited by examiner
`* cited by examiner
`
`HO4L 12/4633
`H04L 12/4633
`370/392
`370/392
`HO4L 5/0055
`H04L 5/0055
`707/622
`707/622
`G06F 9/45558
`G06F 9/45558
`370/392
`370/392
`
`

`

`U.S. Patent
`lualud °S11
`
`Mar. 9 , 2021
`
`Sheet 1 of 4
`17 JO I PaliS
`
`US 10,944,811 B2
`Zll II81717611I Sf1
`
`I I
`I
`I
`I I
`I I
`I
`I
`I I
`I
`I
`I
`I I
`
`Cloud
`Computing
`System 150
`
`Cloud Computing System 150
`
`Catalog
`166
`
`Catalog 166
`
`Cloud
`Director 152
`
`Cloud Director 152
`
`180
`
`---
`Cloud Computing Environment(s) 170
`
`Cloud
`Computing
`Environment ( s ) 170
`Hybridity Director 174
`
`VM
`172
`
`182
`VM 172
`
`182
`
`VM 172
`
`VM
`172
`
`VM 172
`
`VM
`172
`
`Hybridity
`Director
`174
`
`186
`
`186
`
`e -1-
`1
`VM
`172
`
`VM 172
`
`VM
`172
`
`VM 172
`
`Gateway
`
`'Gateway
`184
`
`184
`
`Infrastructure Platform 15_4
`
`Infrastructure
`Platform
`154
`
`Virtualization
`Environment 156
`
`Orchestration Component
`158
`Environment 156
`Virtualization
`
`Orchestration
`Component 158
`
`1
`
`Hardware Resources 160
`
`Hardware
`Resources 160
`
`Storage Array
`Network 114
`
`Storage
`Array Network 164
`
`Host
`162m
`
`Host 162M
`
`Ill
`
`Host
`1621
`
`Host 1621
`
`1 | |
`
`122
`
`122
`
`1
`
`-
`-
`
`FIG. 1
`
`FIG . 1
`
`100—i
`
`100
`
`Virtualization
`Manager 130
`
`Virtualization Manager
`
`130
`
`w
`
`126
`
`126
`
`40"
`
`Virtualized Computing System 102
`
`I Virtualized
`Computing
`System 102
`
`[Gateway
`.124
`
`Gateway 124
`
`1
`
`
`
`VM
`aQ2
`
`Host(s) 104
`
`Host ( s ) 104
`
`VM
`
`VM 1201
`
`VM 120N
`:
`VM 1202
`
`vm
`aQN
`
`II
`
`II
`
`Hypervisor 116
`
`Hypervisor
`116
`
`Hardware Platform 106
`
`Hardware
`Platform
`106
`
`CPU
`108
`
`Mem
`L' i()
`
`NIC
`112
`
`Stor . 114
`NIC 112
`Mem 110
`CPU 108
`
`Stor.
`114
`
`142
`
`142
`
`Hybrid
`Cloud
`Manager
`n2
`
`Hybrid Cloud Manager 132
`
`Network
`140
`
`Network 140
`
`r-
`
`
`
`

`

`U.S. Patent
`lualud °S11
`
`Mar. 9 , 2021
`
`Sheet 2 of 4
` JO Z JaM1S
`
`17
`
`US 10,944,811 B2
`Zll II81717611I Sf1
`
`oc- - - 200
`
`200
`
`Hybridity director
`174
`
`Hybridity
`director 174
`
`Host 1 623
`
`Host
`1623
`
`-
`•
`•
`-
`•
`•
`Sniffer VM
`2502
`
`Sniffer VM : 2502
`
`'Sniffer VIVPiii
`2501
`
`Sniffer VM 2501
`
`Packet
`Capture
`Module
`280
`
`Packet Capture Module 280
`
`Host 1622
`
`Host
`1622
`
`Decapsulator VM 240
`
`Decapsulator VM 240
`
`Packet processor
`242
`
`Packet
`processor 242
`
`vNIC
`278
`
`VNIC 278
`VNIC 276
`
`vN IC
`276
`
`Tenant
`VM 1723
`
`Host 1621
`
`Host
`1621
`
`iliTenant VW,
`721
`
`Tenant
`VM 1722
`
`Tenant VM 1723
`Tenant : VM 1722
`Tenant VM 1721
`
`Distributed Virtual Switch 290
`
`Distributed
`Virtual
`Switch 290
`
`U
`
`•
`Distributed Virtual Switch 2Z
`
`Distributed
`Virtual
`Switch 270
`
`272
`v7
`
`272
`
`Hypervisor 2163
`
`Hypervisor
`2163
`
`Hypervisor 2162
`
`Hypervisor
`2162
`
`274
`
`274
`
`Hypervisor 2161
`
`Hypervisor
`2161
`
`FIG. 2
`
`FIG . 2
`
`•
`
`140
`
`140
`
`

`

`U.S. Patent
`lualud °S11
`
`4
`rt
`, ,,z
`IN
`0
`IN
`
`Mar. 9 , 2021
`
`Sheet 3 of 4
`17 JO £ PaMS
`
`US 10,944,811 B2
`Zll II81717611I Sf1
`
`Updates from hybrid cloud
`manager 132
`4 ------------
`
`cloud manager
`132
`Updates
`from
`hybrid
`
`Tenant
`Monitoring
`List 310
`
`Tenant Monitoring List 310
`
`Tenant addr Payload
`
`Payload
`Tenant
`addr
`
`From
`network 140
`
`From network
`140
`
`Decapsulator VM 240
`
`DecapsulatorVM 240
`
`Packet
`processor 242
`
`Packet processor 242
`
`
`
`Tunnel header Tenant addr
`
`Tunnel
`header
`
`Payload
`Tenant
`addr
`
`Payload
`
`274
`
`274
`
`To tenant
`VM 172
`
`To tenant VM 172
`
`Payload
`
`Payload
`
`Tenant/
`Sniffer
`Mapping 300
`
`Tenant Sniffer Mapping
`300
`
`Updates from hybrid cloud
`manager 132
`
`cloud manager
`132
`Updates
`from
`hybrid
`
`Tenant addr I Payload
`
`Payload
`Tenant
`addr
`
`
`
`Tunnel header Tenant addr
`
`Tunnel
`header
`Tenant
`addr
`
`Distributed virtual switch 270
`
`Distributed
`virtual
`switch 270
`
` - extract
`
`extract
`
`Tenant addr Payload
`
`Payload
`Tenant
`addr
`
`replace
`address
`
`replace address
`
`
`
`
`v
`Sniffer addr Payload
`
`Payload
`Sniffer
`addr
`
`Sending
`thread n
`
`Sending thread n
`
`Sending
`thread 1
`
`Sending thread 1
`
`To sniffer
`VMs 250
`
`To sniffer VMs 250
`
`FIG. 3
`
`FIG . 3
`
`

`

`U.S. Patent
`U.S. Patent
`
`Mar. 9 , 2021
`Mar. 9, 2021
`
`Sheet 4 of 4
`Sheet 4 of 4
`
`US 10,944,811 B2
`B2
`10,944,811
`US
`
`400
`400
`
`Decapsulator VM 240
`240
`DecapsulatorVM
`
`406
`406
`
`407
`407
`
`435
`435
`
`440
`440
`
`445
`445
`
`450
`450
`
`455
`455
`
`Read mapping of
`Read mapping of
`tenants to sniffer VMS
`tenants to sniffer VMs
`
`Start sending thread for
`Start sending thread for
`each sniffer VM
`each sniffer VM
`
`Receive encapsulated
`Receive encapsulated
`packet from tunnel
`packet from tunnel
`
`Extract data packet from
`Extract data packet from
`encapsulated packet
`encapsulated packet
`
`Determine address of
`Determine address of
`target sniffer VM
`target sniffer VM
`
`Update data packet to
`Update data packet to
`include address of target
`include address of target
`sniffer VM
`sniffer VM
`
`Transmit updated data
`Transmit updated data
`packet to target sniffer
`packet to target sniffer
`VM
`VM
`
`Packet Capture Module 280
`Packet Capture Module 280
`
`405
`405
`
` 7
`
`
`
`Start
`Start
`
`♦
`
`Receive data packet
`Receive data packet
`from network
`from network
`
`•
`Transmit data packet to
`Transmit data packet to
`destination VM
`destination VM
`
`7
`
`410
`410
`
`Data packet
`Data packet
`to be monitored ?
`to be monitored?
`
`Yes
`Yes
`
`415
`415
`
`No
`
`420
`420
`
`Encapsulate data packet
`Encapsulate data packe
`
`7
`
`425
`425
`
`•
`Transmit encapsulated
`Transmit encapsulated
`packet to tunnel
`packet to tunnel
`
`430
`430
`
`Continue
`Continue
`receiving packets ?
`receiving packets?
`
`Yes
`Yes
`
`No
`
`460
`460
`
`No
`No
`
`Continue
`Continue
`receiving packets ?
`receiving packets?
`
`Yes
`Yes
`
`D.(
`
`End
`End
`
`FIG . 4
`FIG. 4
`
`

`

`1
`1
`HYBRID CLOUD NETWORK MONITORING
`HYBRID CLOUD NETWORK MONITORING
`SYSTEM FOR TENANT USE
`SYSTEM FOR TENANT USE
`
`US 10,944,811 B2
`US 10,944,811 B2
`
`2
`2
`level network interfaces and network configuration data ,
`level network interfaces and network configuration data,
`which cloud computing systems typically abstract or hide
`which cloud computing systems typically abstract or hide
`from tenant organizations .
`from tenant organizations.
`SUMMARY
`SUMMARY
`
`5
`5
`
`CROSS - REFERENCE TO RELATED
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`APPLICATIONS
`This application claims priority to U.S. application Ser .
`This application claims priority to U.S. application Ser.
`No. 14 / 579,911 , filed Dec. 22 , 2014 ( now U.S. Pat . No.
`No. 14/579,911, filed Dec. 22, 2014 (now U.S. Pat. No.
`9,860,309 ) , which is incorporated by reference herein in its
`9,860,309), which is incorporated by reference herein in its
`entirety .
`entirety.
`
`In one embodiment , a method for monitoring network
`In one embodiment, a method for monitoring network
`traffic in a cloud computing system is provide . The method
`traffic in a cloud computing system is provide. The method
`comprises receiving a request to capture network traffic of a
`comprises receiving a request to capture network traffic of a
`10 tenant port of a first virtual machine ( VM ) executing in the
`10 tenant port of a first virtual machine (VM) executing in the
`cloud computing system , wherein the first VM is associated
`cloud computing system, wherein the first VM is associated
`with a first tenant organization different from a second
`with a first tenant organization different from a second
`BACKGROUND
`BACKGROUND
`organization managing the cloud computing system . The
`organization managing the cloud computing system. The
`method further comprises instantiating a decapsulating VM
`Commercial enterprises are frequently turning to public
`method further comprises instantiating a decapsulating VM
`Commercial enterprises are frequently turning to public
`cloud providers to meet their computing needs . The benefits 15 having a first network interface and a second network
`15 having a first network interface and a second network
`cloud providers to meet their computing needs. The benefits
`interface , wherein the decapsulating VM is inaccessible to
`interface, wherein the decapsulating VM is inaccessible to
`of cloud computing are numerous . Among the benefits are
`of cloud computing are numerous. Among the benefits are
`the first tenant organization . The method further comprises
`the first tenant organization. The method further comprises
`lower operating costs , due to reduced spending on comput
`lower operating costs, due to reduced spending on comput-
`establishing an encapsulated port mirroring session from the
`establishing an encapsulated port mirroring session from the
`ing hardware , software , and support . In addition , since
`ing hardware, software, and support. In addition, since
`tenant port of the first VM to the first network interface of
`tenant port of the first VM to the first network interface of
`public clouds are generally accessible from any network- 20 the decapsulating VM , and decapsulating , by execution of
`public clouds are generally accessible from any network-
`20 the decapsulating VM, and decapsulating, by execution of
`connected device , applications deployed to the cloud are
`the decapsulating VM , a plurality of packets comprising
`connected device, applications deployed to the cloud are
`the decapsulating VM, a plurality of packets comprising
`more easily distributed to a diverse and global workforce .
`captured network traffic received via the encapsulated port
`more easily distributed to a diverse and global workforce.
`captured network traffic received via the encapsulated port
`Cloud architectures are used in cloud computing and
`Cloud architectures are used in cloud computing and
`mirroring session . The method further comprises forwarding
`mirroring session. The method further comprises forwarding
`cloud storage systems for offering infrastructure - as - a - ser
`cloud storage systems for offering infrastructure-as-a-ser-
`the captured network traffic via the second network interface
`the captured network traffic via the second network interface
`vice ( IaaS ) cloud services . Examples of cloud architectures 25 of the decapsulating VM to a sniffer VM .
`vice (IaaS) cloud services. Examples of cloud architectures
`25 of the decapsulating VM to a sniffer VM.
`include the VMware vCloudTM Director cloud architecture
`Further embodiments provide a non - transitory computer
`include the VMware vCloudTM Director cloud architecture
`Further embodiments provide a non-transitory computer-
`software , Amazon EC2TM web service , and OpenStackTM
`readable medium that includes instructions that , when
`software, Amazon EC2TM web service, and OpenStackTM
`readable medium that includes instructions that, when
`open source cloud computing service . IaaS cloud service is
`executed , enable one or more computer hosts to implement
`open source cloud computing service. IaaS cloud service is
`executed, enable one or more computer hosts to implement
`a type of cloud service that provides access to physical
`one or more aspects of the above method , and a cloud - based
`a type of cloud service that provides access to physical
`one or more aspects of the above method, and a cloud-based
`and / or virtual resources in a cloud environment . These 30 computing system that includes one or more computer hosts
`30 computing system that includes one or more computer hosts
`and/or virtual resources in a cloud environment. These
`services provide a tenant application programming interface
`programmed to implement one or more aspects of the above
`programmed to implement one or more aspects of the above
`services provide a tenant application programming interface
`( API ) that supports operations for manipulating IaaS con
`method .
`method.
`(API) that supports operations for manipulating IaaS con-
`structs such as virtual machines ( VMs ) and logical net
`structs such as virtual machines (VMs) and logical net-
`BRIEF DESCRIPTION OF THE DRAWINGS
`BRIEF DESCRIPTION OF THE DRAWINGS
`works . However , the use of such public cloud services is
`works. However, the use of such public cloud services is
`typically kept separate from the use of existing computing
`typically kept separate from the use of existing computing
`FIG . 1 is a block diagram of a hybrid cloud computing
`FIG. 1 is a block diagram of a hybrid cloud computing
`resources in data centers managed by an enterprise .
`resources in data centers managed by an enterprise.
`system in which one or more embodiments of the present
`system in which one or more embodiments of the present
`Customers of cloud computing services are often referred
`Customers of cloud computing services are often referred
`disclosure may be utilized .
`disclosure may be utilized.
`to as " tenants , " as the customers more or less " rent " com
`to as "tenants," as the customers more or less "rent" com-
`FIG . 2 is a block diagram depicting a public cloud - based
`FIG. 2 is a block diagram depicting a public cloud-based
`puting hardware and software services from the cloud pro- 40 computing system , according to one or more embodiments .
`puting hardware and software services from the cloud pro-
`40 computing system, according to one or more embodiments.
`vider . Since a single public cloud can host many clients
`FIG . 3 is a conceptual diagram depicting components that
`vider. Since a single public cloud can host many clients
`FIG. 3 is a conceptual diagram depicting components that
`simultaneously in an isolated manner , public clouds are
`simultaneously in an isolated manner, public clouds are
`facilitate monitoring of network traffic for public cloud
`facilitate monitoring of network traffic for public cloud-
`referred to
`multi - tenant mputing environments . In order
`based tenants , according to one or more embodiments .
`referred to as multi-tenant computing environments. In order
`based tenants, according to one or more embodiments.
`to provide a level of isolation between applications deployed
`FIG . 4 is a flow diagram that depicts one embodiment of
`to provide a level of isolation between applications deployed
`FIG. 4 is a flow diagram that depicts one embodiment of
`in the cloud by different tenants , cloud providers often 45 a method for receiving and routing data packets to public
`in the cloud by different tenants, cloud providers often
`45 a method for receiving and routing data packets to public
`provision virtual machines for their tenants . Each tenant
`cloud - based monitoring devices , each monitoring device
`provision virtual machines for their tenants. Each tenant
`cloud-based monitoring devices, each monitoring device
`virtual machine is capable of executing one or more client
`corresponding to a public cloud - based tenant .
`virtual machine is capable of executing one or more client
`corresponding to a public cloud-based tenant.
`applications . The tenant virtual machine runs on top of a
`To facilitate understanding , identical reference numerals
`applications. The tenant virtual machine runs on top of a
`To facilitate understanding, identical reference numerals
`virtualized computing platform provided by the cloud , and ,
`have been used , where possible , to designate identical
`virtualized computing platform provided by the cloud, and,
`have been used, where possible, to designate identical
`using the virtualized computing platform , communicates 50 elements that are common to the figures . It is contemplated
`using the virtualized computing platform, communicates
`50 elements that are common to the figures. It is contemplated
`with other cloud tenants , as well as with external entities
`that elements disclosed in one embodiment may be benefi
`with other cloud tenants, as well as with external entities
`that elements disclosed in one embodiment may be benefi-
`outside of the cloud . The tenant virtual machine is designed
`cially utilized on other embodiments without specific reci
`outside of the cloud. The tenant virtual machine is designed
`cially utilized on other embodiments without specific reci-
`to give the individual tenant a reasonable level of control
`tation .
`to give the individual tenant a reasonable level of control
`tation.
`over computing services provided by the tenant , without
`over computing services provided by the tenant, without
`having an undue effect on other tenants .
`DETAILED DESCRIPTION
`DETAILED DESCRIPTION
`having an undue effect on other tenants.
`Among the tasks that tenants seek to perform is the
`Among the tasks that tenants seek to perform is the
`FIG . 1 is a block diagram of a hybrid cloud computing
`monitoring of network traffic that is transmitted to and from
`FIG. 1 is a block diagram of a hybrid cloud computing
`monitoring of network traffic that is transmitted to and from
`system 100 in which one or more embodiments of the
`virtual machines managed by a tenant and that may be
`system 100 in which one or more embodiments of the
`virtual machines managed by a tenant and that may be
`present disclosure may be utilized . Hybrid cloud computing
`executing virtual workloads . Monitoring network traffic
`present disclosure may be utilized. Hybrid cloud computing
`executing virtual workloads. Monitoring network traffic
`enables tenant organizations to , for example , troubleshoot 60 system 100 includes a virtualized computing system 102 and
`60 system 100 includes a virtualized computing system 102 and
`enables tenant organizations to, for example, troubleshoot
`problems with that virtual machine , gauge future capacity
`a cloud computing system 150 , and is configured to provide
`a cloud computing system 150, and is configured to provide
`problems with that virtual machine, gauge future capacity
`requirements , or to track down the source of malicious
`a common platform for managing and executing virtual
`a common platform for managing and executing virtual
`requirements, or to track down the source of malicious
`network requests ( such as those experienced in a denial of
`workloads seamlessly between virtualized computing sys
`workloads seamlessly between virtualized computing sys-
`network requests (such as those experienced in a denial of
`service attack on the tenant virtual machine ) . However , there
`tem 102 and cloud computing system 150. In one embodi
`tem 102 and cloud computing system 150. In one embodi-
`service attack on the tenant virtual machine). However, there
`are challenges to using traffic monitoring devices ( often 65 ment , virtualized computing system 102 may be a data
`65 ment, virtualized computing system 102 may be a data
`are challenges to using traffic monitoring devices (often
`referred to as network " sniffers ” ) in a cloud computing
`center controlled and administrated by a particular enterprise
`center controlled and administrated by a particular enterprise
`referred to as network "sniffers") in a cloud computing
`system . Sniffer applications rely on special access to low
`or business organization , while cloud computing system 150
`or business organization, while cloud computing system 150
`system. Sniffer applications rely on special access to low
`
`35
`35
`
`55
`55
`
`

`

`US 10,944,811 B2
`US 10,944,811 B2
`
`4
`3
`4
`3
`Virtualized computing system 102 includes a virtualiza
`is operated by a cloud computing service provider and
`Virtualized computing system 102 includes a virtualiza-
`is operated by a cloud computing service provider and
`tion management module ( depicted in FIG . 1 as virtualiza
`exposed as a service available to account holders , such as the
`tion management module (depicted in FIG. 1 as virtualiza-
`exposed as a service available to account holders, such as the
`tion manager 130 ) that may communicate to the plurality of
`particular enterprise in addition to other enterprises . As such ,
`tion manager 130) that may communicate to the plurality of
`particular enterprise in addition to other enterprises. As such,
`hosts 104 via a network , sometimes referred to as a man
`virtualized computing system 102 may sometimes be
`hosts 104 via a network, sometimes referred to as a man-
`virtualized computing system 102 may sometimes be
`referred to as an on - premise data center ( s ) , and cloud 5 agement network 126. In one embodiment , virtualization
`5 agement network 126. In one embodiment, virtualization
`referred to as an on-premise data center(s), and cloud
`computing system 150 may be referred to as a “ public ”
`manager 130 is a computer program that resides and
`manager 130 is a computer program that resides and
`computing system 150 may be referred to as a "public"
`cloud service . In some embodiments , virtualized computing
`executes in a central server , which may reside in virtualized
`executes in a central server, which may reside in virtualized
`cloud service. In some embodiments, virtualized computing
`system 102 itself may be configured as a private cloud
`computing system 102 , or alternatively , running as a VM in
`computing system 102, or alternatively, running as a VM in
`system 102 itself may be configured as a private cloud
`service provided by the enterprise .
`one of hosts 104. One example of a virtualization manage
`one of hosts 104. One example of a virtualization manage-
`service provided by the enterprise.
`As used herein , an internal cloud or “ private ” cloud is a 10 ment module is the vCenter® Server product made available
`10 ment module is the vCenter® Server product made available
`As used herein, an internal cloud or "private" cloud is a
`cloud in which a tenant and a cloud service provider are part
`from VMware , Inc. Virtualization manager 130 is config
`from VMware, Inc. Virtualization manager 130 is config-
`cloud in which a tenant and a cloud service provider are part
`of the same organization , while an external or “ public ” cloud
`ured to carry out administrative tasks for virtualized com
`ured to carry out administrative tasks for virtualized com-
`of the same organization, while an external or "public" cloud
`is a cloud that is provided by an organization that is separate
`puting system 102 , including managing hosts 104 , managing
`puting system 102, including managing hosts 104, managing
`is a cloud that is provided by an organization that is separate
`from a tenant that accesses the external cloud . For example ,
`VMs 120 running within each host 104 , provisioning VMs ,
`VMs 120 running within each host 104, provisioning VMs,
`from a tenant that accesses the external cloud. For example,
`the tenant may be part of an enterprise , and the external 15 migrating VMs from one host to another host , and load
`15 migrating VMs from one host to another host, and load
`the tenant may be part of an enterprise, and the external
`cloud may be part of a cloud service provider that is separate
`balancing between hosts 104 .
`balancing between hosts 104.
`cloud may be part of a cloud service provider that is separate
`from the enterprise of the tenant and that provides cloud
`In one embodiment , virtualization manager 130 includes
`In one embodiment, virtualization manager 130 includes
`from the enterprise of the tenant and that provides cloud
`services to different enterprises and / or individuals . In
`a hybrid cloud management module ( depicted as hybrid
`a hybrid cloud management module (depicted as hybrid
`services to different enterprises and/or individuals. In
`embodiments disclosed herein , a hybrid cloud is a cloud
`cloud manager 132 ) configured to manage and integrate
`cloud manager 132) configured to manage and integrate
`embodiments disclosed herein, a hybrid cloud is a cloud
`architecture in which a tenant is provided with seamless 20 virtualized computing resources provided by cloud comput
`20 virtualized computing resources provided by cloud comput-
`architecture in which a tenant is provided with seamless
`access to both private cloud resources and public cloud
`ing system 150 with virtualized computing resources of
`ing system 150 with virtualized computing resources of
`access to both private cloud resources and public cloud
`virtualized computing system 102 to form a unified “ hybrid ”
`virtualized computing system 102 to form a unified "hybrid"
`resources.
`resources .
`Virtualized computing system 102 includes one or more
`computing platform . Hybrid cloud manager 132 is config
`computing platform. Hybrid cloud manager 132 is config-
`Virtualized computing system 102 includes one or more
`ured to deploy VMs in cloud computing system 150 , transfer
`host computer systems 104. Hosts 104 may be constructed
`ured to deploy VMs in cloud computing system 150, transfer
`host computer systems 104. Hosts 104 may be constructed
`on a server grade hardware platform 106 , such as an x86 25 VMs from virtualized computing system 102 to cloud com
`25 VMs from virtualized computing system 102 to cloud com-
`on a server grade hardware platform 106, such as an x86
`architecture platform , a desktop , and a laptop . As shown ,
`puting system 150 , and perform other “ cross - cloud ” admin
`puting system 150, and perform other "cross-cloud" admin-
`architecture platform, a desktop, and a laptop. As shown,
`hardware platform 106 of each host 104 may include con-
`istrative task , as described in greater detail later . In one
`istrative task, as described in greater detail later. In one
`hardware platform 106 of each host 104 may include con-
`ventional components of a computing device , such as one or
`implementation , hybrid cloud manager 132 is a module or
`im