TREA

METHOD AND APPARATUS FOR AUTOMATIC ENABLEMENT OF NETWORK SERVICES FOR ENTERPRISES

Follow

Information

  • Patent Application
  • 20150263885
  • Publication Number
    20150263885
  • Date Filed
    March 15, 2014
    10 years ago
  • Date Published
    September 17, 2015
    8 years ago
Information
Abstract
A network enablement engine includes a configuration engine operable to seamless integrate with different cloud management platforms and manage configuration for applications, servers, virtual machines, network services, or a combination thereof employing multiple methods and a stitching manager operable to automatically and dynamically stitch instances of one or more clouds based on a user's criteria.
Description
FIELD OF THE INVENTION

Various embodiments of the invention relate generally to a multi-cloud fabric and particularly to a Multi-cloud fabric with distributed application delivery.


BACKGROUND

Data centers refer to facilities used to house computer systems and associated components, such as telecommunications (networking equipment) and storage systems. They generally include redundancy, such as redundant data communications connections and power supplies. These computer systems and associated components generally make up the Internet. A metaphor for the Internet is cloud.


A large number of computers connected through a real-time communication network such as the Internet generally form a cloud. Cloud computing refers to distributed computing over a network, and the ability to run a program or application on many connected computers of one or more clouds at the same time.


The cloud has become one of the, or perhaps even the, most desirable platform for storage and networking. A data center with one or more clouds may have real server hardware, and in fact served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up or down on the fly without affecting the end user, somewhat like a cloud becoming larger or smaller without being a physical object. Cloud bursting refers to a cloud becoming larger or smaller.


The cloud also focuses on maximizing the effectiveness of shared resources, resources referring to machines or hardware such as storage systems and/or networking equipment. Sometimes, these resources are referred to as instances. Cloud resources are usually not only shared by multiple users but are also dynamically reallocated per demand. This can work for allocating resources to users. For example, a cloud computer facility, or a data center, that serves Australian users during Australian business hours with a specific application (e.g., email) may reallocate the same resources to serve North American users during North America's business hours with a different application (e.g., a web server). With cloud computing, multiple users can access a single server to retrieve and update their data without purchasing licenses for different applications.


Cloud computing allows companies to avoid upfront infrastructure costs, and focus on projects that differentiate their businesses instead of infrastructure. It further allows enterprises to get their applications up and running faster, with improved manageability and less maintenance, and enables information technology (IT) to more rapidly adjust resources to meet fluctuating and unpredictable business demands.


Fabric computing or unified computing involves the creation of a computing fabric consisting of interconnected nodes that look like a ‘weave’ or a ‘fabric’ when viewed collectively from a distance. Usually this refers to a consolidated high-performance computing system consisting of loosely coupled storage, networking and parallel processing functions linked by high bandwidth interconnects.


The fundamental components of fabrics are “nodes” (processor(s), memory, and/or peripherals) and “links” (functional connection between nodes). Manufacturers of fabrics include IBM and Brocade. The latter are examples of fabrics made of hardware. Fabrics are also made of software or a combination of hardware and software.


A data center employed with a cloud currently suffers from latency, crashes due to underestimated usage, inefficiently uses of storage and networking systems of the cloud, and perhaps most importantly of all, manually deploys applications. Application deployment services are performed, in large part, manually with elaborate infrastructure, numerous teams of professionals, and potential failures due to unexpected bottlenecks. Some of the foregoing translates to high costs. Lack of automation results in delays in launching business applications. It is estimated that application delivery services currently consumes approximately thirty percent of the time required for deployment operations. Additionally, scalability of applications across multiple clouds is nearly nonexistent.


There is therefore a need for a method and apparatus to decrease bottleneck, latency, infrastructure, and costs while increasing efficiency and scalability of a data center.


SUMMARY

Briefly, an embodiment of the invention includes a network enablement engine having a configuration engine operable to seamless integrate with different cloud management platforms and manage configuration for applications, servers, virtual machines, network services, or a combination thereof employing multiple methods and a stitching manager operable to automatically and dynamically stitch instances of one or more clouds based on a user's criteria.


A further understanding of the nature and the advantages of particular embodiments disclosed herein may be realized by reference of the remaining portions of the specification and the attached drawings.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 shows a data center 100, in accordance with an embodiment of the invention.



FIG. 2 shows further details of relevant portions of the data center 100 and in particular, the fabric 106 of FIG. 1.



FIG. 3 shows conceptually various features of the data center 300, in accordance with an embodiment of the invention.



FIG. 4 shows, in conceptual form, relevant portion of a multi-cloud data center 400, in accordance with another embodiment of the invention.



FIGS. 4
a-c show exemplary data centers configured using embodiments and methods of the invention.



FIG. 5 shows, in conceptual form, further details of the data center 100.



FIG. 6 shows an exemplary system, such as a data center, in which the engine 203 is employed.



FIG. 7 shows a flow chart of relevant steps for performing various functions by the engine 203.



FIGS. 8-10 show various stitchings by the engine 203, in accordance with exemplary methods and apparatus of the invention.





DETAILED DESCRIPTION OF EMBODIMENTS

The following description describes a multi-cloud fabric. The multi-cloud fabric has a controller and spans homogeneously and seamlessly across the same or different types of clouds, as discussed below.


Particular embodiments and methods of the invention disclose a virtual multi-cloud fabric. Still other embodiments and methods disclose automation of application delivery by use of the multi-cloud fabric.


In other embodiments, a data center includes a plug-in, application layer, multi-cloud fabric, network, and one or more the same or different types of clouds.


Referring now to FIG. 1, a data center 100 is shown, in accordance with an embodiment of the invention. The data center 100 is shown to include a private cloud 102 and a hybrid cloud 104. A hybrid cloud is a combination public and private cloud. The data center 100 is further shown to include a plug-in unit 108 and an multi-cloud fabric 106 spanning across the clouds 102 and 104. Each of the clouds 102 and 104 are shown to include a respective application layer 110, a network 112, and resources 114.


The network 112 includes switches and the like and the resources 114 are router, servers, and other networking and/or storage equipment.


The application layers 110 are each shown to include applications 118 and the resources 114 further include machines, such as servers, storage systems, switches, servers, routers, or any combination thereof.


The plug-in unit 108 is shown to include various plug-ins. As an example, in the embodiment of FIG. 1, the plug-in unit 108 is shown to include several distinct plug-ins 116, such as one made by Opensource, another made by Microsoft, Inc., and yet another made by VMware, Inc. Each of the foregoing plug-ins typically have different formats. The plug-in unit 108 converts all of the various formats of the applications into one or more native-format application for use by the multi-cloud fabric 106. The native-format application(s) is passed through the application layer 110 to the multi-cloud fabric 106.


The multi-cloud fabric 106 is shown to include various nodes 106a and links 106b connected together in a weave-like fashion.


In some embodiments of the invention, the plug-in unit 108 and the multi-cloud fabric 106 do not span across clouds and the data center 100 includes a single cloud. In embodiments with the plug-in unit 108 and multi-cloud fabric 106 spanning across clouds, such as that of FIG. 1, resources of the two clouds 102 and 104 are treated as resources of a single unit. For example, an application may be distributed across the resources of both clouds 102 and 104 homogeneously thereby making the clouds seamless. This allows use of analytics, searches, monitoring, reporting, displaying and otherwise data crunching thereby optimizing services and use of resources of clouds 102 and 104 collectively.


While two clouds are shown in the embodiment of FIG. 1, it is understood that any number of clouds, including one cloud, may be employed. Furthermore, any combination of private, public and hybrid clouds may be employed. Alternatively, one or more of the same type of cloud may be employed.


In an embodiment of the invention, the multi-cloud fabric 106 is a Layer (L) 4-7 fabric. Those skilled in the art appreciate data centers with various layers of networking. As earlier noted, Multi-cloud fabric 106 is made of nodes 106a and connections (or “links”) 106b. In an embodiment of the invention, the nodes 106a are devices, such as but not limited to L4-L7 devices. In some embodiments, the multi-cloud fabric 106 is implemented in software and in other embodiments, it is made with hardware and in still others, it is made with hardware and software.


The multi-cloud fabric 106 sends the application to the resources 114 through the networks 112.


In an SLA engine, as will be discussed relative to a subsequent figure, data is acted upon in real-time. Further, the data center 100 dynamically and automatically delivers applications, virtually or in physical reality, in a single or multi-cloud of either the same or different types of clouds.


The data center 100, in accordance with some embodiments and methods of the invention, serves as a service (Software as a Service (SAAS) model, a software package through existing cloud management platforms, or a physical appliance for high scale requirements. Further, licensing can be throughput or flow-based and can be enabled with network services only, network services with SLA and elasticity engine (as will be further evident below), network service enablement engine, and/or multi-cloud engine.


As will be further discussed below, the data center 100 may be driven by representational state transfer (REST) application programming interface (API).


The data center 100, with the use of the multi-cloud fabric 106, eliminates the need for an expensive infrastructure, manual and static configuration of resources, limitation of a single cloud, and delays in configuring the resources, among other advantages. Rather than a team of professionals configuring the resources for delivery of applications over months of time, the data center 100 automatically and dynamically does the same, in real-time. Additionally, more features and capabilities are realized with the data center 100 over that of prior art. For example, due to multi-cloud and virtual delivery capabilities, cloud bursting to existing clouds is possible and utilized only when required to save resources and therefore expenses.


Moreover, the data center 100 effectively has a feedback loop in the sense that results from monitoring traffic, performance, usage, time, resource limitations and the like, i.e. the configuration of the resources can be dynamically altered based on the monitored information. A log of information pertaining to configuration, resources, the environment, and the like allow the data center 100 to provide a user with pertinent information to enable the user to adjust and substantially optimize its usage of resources and clouds. Similarly, the data center 100 itself can optimize resources based on the foregoing information.



FIG. 2 shows further details of relevant portions of the data center 100 and in particular, the fabric 106 of FIG. 1. The fabric 106 is shown to be in communication with a applications unit 202 and a network 204, which is shown to include a number of Software Defined Networking (SDN)-enabled controllers and switches 208. The network 204 is analogous to the network 112 of FIG. 1.


The applications unit 202 is shown to include a number of applications 206, for instance, for an enterprise. These applications are analyzed, monitored, searched, and otherwise crunched just like the applications from the plug-ins of the fabric 106 for ultimate delivery to resources through the network 204.


The data center 100 is shown to include five units (or planes), the management unit 210, the value-added services (VAS) unit 214, the controller unit 212, the service unit 216 and the data unit (or network) 204. Accordingly and advantageously, control, data, VAS, network services and management are provided separately. Each of the planes is an agent and the data from each of the agents is crunched by the controller 212 and the VAS unit 214.


The fabric 106 is shown to include the management unit 210, the VAS unit 214, the controller unit 212 and the service unit 216. The management unit 210 is shown to include a user interface (UI) plug-in 222, an orchestrator compatibility framework 224, and applications 226. The management unit 210 is analogous to the plug-in 108. The UI plug-in 222 and the applications 226 receive applications of various formats and the framework 224 translates the various formatted application into native-format applications. Examples of plug-ins 116, located in the applications 226, are VMware ICenter, by VMware, Inc. and System Center by Microsoft, Inc. While two plug-ins are shown in FIG. 2, it is understood that any number may be employed.


The controller unit (also referred to herein as “multi-cloud master controller”) 212 serves as the master or brain of the data center 100 in that it controls the flow of data throughout the data center and timing of various events, to name a couple of many other functions it performs as the mastermind of the data center. It is shown to include a services controller 218 and a SDN controller 220. The services controller 218 is shown to include a multi-cloud master controller 232, an application delivery services stitching engine or network enablement engine 230, a SLA engine 228, and a controller compatibility abstraction 234.


Typically, one of the clouds of a multi-cloud network is the master of the clouds and includes a multi-cloud master controller that talks to local cloud controllers (or managers) to help configure the topology among other functions. The master cloud includes the SLA engine 228 whereas other clouds need not to but all clouds include a SLA agent and a SLA aggregator with the former typically being a part of the virtual services platform 244 and the latter being a part of the search and analytics 238.


The controller compatibility abstraction 234 provides abstraction to enable handling of different types of controllers (SDN controllers) in a uniform manner to offload traffic in the switches and routers of the network 204. This increases response time and performance as well as allowing more efficient use of the network.


The network enablement engine 230 performs stitching where an application or network services (such as configuring load balance) is automatically enabled. This eliminates the need for the user to work on meeting, for instance, a load balance policy. Moreover, it allows scaling out automatically when violating a policy.


The flex cloud engine 232 handles multi-cloud configurations such as determining, for instance, which cloud is less costly, or whether an application must go onto more than one cloud based on a particular policy, or the number and type of cloud that is best suited for a particular scenario.


The SLA engine 228 monitors various parameters in real-time and decides if policies are met. Exemplary parameters include different types of SLAs and application parameters. Examples of different types of SLAs include network SLAs and application SLAs. The SLA engine 228, besides monitoring allows for acting on the data, such as service plane (L4-L7), application, network data and the like, in real-time.


The practice of service assurance enables Data Centers (DCs) and (or) Cloud Service Providers (CSPs) to identify faults in the network and resolve these issues in a timely manner so as to minimize service downtime. The practice also includes policies and processes to proactively pinpoint, diagnose and resolve service quality degradations or device malfunctions before subscribers (users) are impacted.


Service assurance encompasses the following:

    • Fault and event management
      • Performance management
      • Probe monitoring
      • Quality of service (QoS) management
      • Network and service testing
      • Network traffic management
      • Customer experience management
      • Real-time SLA monitoring and assurance
      • Service and Application availability
      • Trouble ticket management


The structures shown included in the controller unit 212 are implemented using one or more processors executing software (or code) and in this sense, the controller unit 212 may be a processor. Alternatively, any other structures in FIG. 2 may be implemented as one or more processors executing software. In other embodiments, the controller unit 212 and perhaps some or all of the remaining structures of FIG. 2 may be implemented in hardware or a combination of hardware and software.


VAS unit 214 uses its search and analytics unit 238 to search analytics based on distributed large data engine and crunches data and displays analytics. The search and analytics unit 238 can filter all of the logs the distributed logging unit 240 of the VAS unit 214 logs, based on the customer's (user's) desires. Examples of analytics include events and logs. The VAS unit 214 also determines configurations such as who needs SLA, who is violating SLA, and the like.


The SDN controller 220, which includes software defined network programmability, such as those made by Floodlight, Open Daylight, PDX, and other manufacturers, receives all the data from the network 204 and allows for programmability of a network switch/router.


The service plane 216 is shown to include an API based, Network Function Virtualization (NFV), Application Delivery Network (ADN) 242 and on a Distributed virtual services platform 244. The service plane 216 activates the right components based on rules. It includes ADC, web-application firewall, DPI, VPN, DNS and other L4-L7 services and configures based on policy (it is completely distributed). It can also include any application or L4-L7 network services.


The distributed virtual services platform contains an Application Delivery Controller (ADC), Web Application Firewall (Firewall), L2-L3 Zonal Firewall (ZFW), Virtual Private Network (VPN), Deep Packet Inspection (DPI), and various other services that can be enabled as a single-pass architecture. The service plane contains a Configuration agent, Stats/Analytics reporting agent, Zero-copy driver to send and receive packets in a fast manner, Memory mapping engine that maps memory via TLB to any virtualized platform/hypervisor, SSL offload engine, etc.



FIG. 3 shows conceptually various features of the data center 300, in accordance with an embodiment of the invention. The data center 300 is analogous to the data center 100 except some of the features/structures of the data center 300 are in addition to those shown in the data center 100. The data center 300 is shown to include plug-ins 116, flow-through orchestration 302, cloud management platform 304, controller 306, and public and private clouds 308 and 310, respectively.


The controller 306 is analogous to the controller 212 of FIG. 2. In FIG. 3, the controller 306 is shown to include a REST APIs-based invocations for self-discovery, platform services 318, data services 316, infrastructure services 314, profiler 320, service controller 322, and SLA manager 324.


The flow-through orchestration 302 is analogous to the framework 224 of FIG. 2. Plug-ins 116 and orchestration 302 provide applications to the cloud management platform 304, which converts the formats of the applications to native format. The native-formatted applications are processed by the controller 306, which is analogous to the controller 212 of FIG. 2. The RESI APIs 312 drive the controller 306. The platform services 318 is for services such as licensing, Role Based Access and Control (RBAC), jobs, log, and search. The data services 316 is to store data of various components, services, applications, databases such as Search and Query Language (SQL), NoSQL, data in memory. The infrastructure services 314 is for services such as node and health.


The profiler 320 is a test engine. Service controller 322 is analogous to the controller 220 and SLA manager 324 is analogous to the SLA engine 228 of FIG. 2. During testing by the profiler 320, simulated traffic is run through the data center 300 to test for proper operability as well as adjustment of parameters such as response time, resource and cloud requirements, and processing usage.


In the exemplary embodiment of FIG. 3, the controller 306 interacts with public clouds 308 and private clouds 310. Each of the clouds 308 and 310 include multiple clouds and communicate not only with the controller 306 but also with each other. Benefits of the clouds communicating with one another is optimization of traffic path, dynamic traffic steering, and/or reduction of costs, among perhaps others.


The plug-ins 116 and the flow-through orchestration 302 are the clients 310 of the data center 300, the controller 306 is the infrastructure of the data center 300, and the clouds 308 and 310 are the virtual machines and SLA agents 305 of the data center 300.



FIG. 4 shows, in conceptual form, relevant portion of a multi-cloud data center 400, in accordance with another embodiment of the invention. A client (or user) 401 is shown to use the data center 400, which is shown to include plug-in units 108, cloud providers 1-N 402, distributed elastic analytics engine (or “VAS unit”) 214, distributed elastic controller (of clouds 1-N) (also known herein as “flex cloud engine” or “multi-cloud master controller”) 232, tiers 1-N, underlying physical NW 416, such as Servers, Storage, Network elements, etc. and SDN controller 220.


Each of the tiers 1-N is shown to include distributed elastic 1-N, 408-410, respectively, elastic applications 412, and storage 414. The distributed elastic 1-N 408-410 and elastic applications 412 communicate bidirectional with the underlying physical NW 416 and the latter unilaterally provides information to the SDN controller 220. A part of each of the tiers 1-N are included in the service plane 216 of FIG. 2.


The cloud providers 402 are providers of the clouds shown and/or discussed herein. The distributed elastic controllers 1-N each service a cloud from the cloud providers 402, as discussed previously except that in FIG. 4, there are N number of clouds, “N” being an integer value.


As previously discussed, the distributed elastic analytics engine 214 includes multiple VAS units, one for each of the clouds, and the analytics are provided to the controller 232 for various reasons, one of which is the feedback feature discussed earlier. The controllers 232 also provide information to the engine 214, as discussed above.


The distributed elastic services 1-N are analogous to the services 318, 316, and 314 of FIG. 3 except that in FIG. 4, the services are shown to be distributed, as are the controllers 232 and the distributed elastic analytics engine 214. Such distribution allows flexibility in the use of resource allocation therefore minimizing costs to the user among other advantages.


The underlying physical NW 416 is analogous to the resources 114 of FIG. 1 and that of other figures herein. The underlying network and resources include servers for running any applications, storage, network elements such as routers, switches, etc. The storage 414 is also a part of the resources.


The tiers 406 are deployed across multiple clouds and are enablement. Enablement refers to evaluation of applications for L4 through L7. An example of enablement is stitching.


In summary, the data center of an embodiment of the invention, is multi-cloud and capable of application deployment, application orchestration, and application delivery.


In operation, the user (or “client”) 401 interacts with the UI 404 and through the UI 404, with the plug-in unit 108. Alternatively, the user 401 interacts directly with the plug-in unit 108. The plug-in unit 108 receives applications from the user with perhaps certain specifications. Orchestration and discover take place between the plug-in unit 108, the controllers 232 and between the providers 402 and the controllers 232. A management interface (also known herein as “management unit” 210) manages the interactions between the controllers 232 and the plug-in unit 108.


The distributed elastic analytics engine 214 and the tiers 406 perform monitoring of various applications, application delivery services and network elements and the controllers 232 effectuate service change.


In accordance with various embodiments and methods of the invention, some of which are shown and discussed herein, an Multi-cloud fabric is disclosed. The Multi-cloud fabric includes an application management unit responsive to one or more applications from an application layer. The Multi-cloud fabric further includes a controller in communication with resources of a cloud, the controller is responsive to the received application and includes a processor operable to analyze the received application relative to the resources to cause delivery of the one or more applications to the resources dynamically and automatically.


The multi-cloud fabric, in some embodiments of the invention, is virtual. In some embodiments of the invention, the multi-cloud fabric is operable to deploy the one or more native-format applications automatically and/or dynamically. In still other embodiments of the invention, the controller is in communication with resources of more than one cloud.


The processor of the multi-cloud fabric is operable to analyze applications relative to resources of more than one cloud.


In an embodiment of the invention, the Value Added Services (VAS) unit is in communication with the controller and the application management unit and the VAS unit is operable to provide analytics to the controller. The VAS unit is operable to perform a search of data provided by the controller and filters the searched data based on the user's specifications (or desire).


In an embodiment of the invention, the Multi-cloud fabric includes a service unit that is in communication with the controller and operative to configure data of a network based on rules from the user or otherwise.


In some embodiments, the controller includes a cloud engine that assesses multiple clouds relative to an application and resources. In an embodiment of the invention, the controller includes a network enablement engine.


In some embodiments of the invention, the application deployment fabric includes a plug-in unit responsive to applications with different format applications and operable to convert the different format applications to a native-format application. The application deployment fabric can report configuration and analytics related to the resources to the user. The application deployment fabric can have multiple clouds including one or more private clouds, one or more public clouds, or one or more hybrid clouds. A hybrid cloud is private and public.


The application deployment fabric configures the resources and monitors traffic of the resources, in real-time, and based at least on the monitored traffic, re-configure the resources, in real-time.


In an embodiment of the invention, the Multi-cloud fabric can stitch end-to-end, i.e. an application to the cloud, automatically.


In an embodiment of the invention, the SLA engine of the Multi-cloud fabric sets the parameters of different types of SLA in real-time.


In some embodiments, the Multi-cloud fabric automatically scales in or scales out the resources. For example, upon an underestimation of resources or unforeseen circumstances requiring addition resources, such as during a super bowl game with subscribers exceeding an estimated and planned for number, the resources are scaled out and perhaps use existing resources, such as those offered by Amazon, Inc. Similarly, resources can be scaled down.


The following are some, but not all, various alternative embodiments. The Multi-cloud fabric is operable to stitch across the cloud and at least one more cloud and to stitch network services, in real-time.


The multi-cloud fabric is operable to burst across clouds other than the cloud and access existing resources.


The controller of the Multi-cloud fabric receives test traffic and configures resources based on the test traffic.


Upon violation of a policy, the Multi-cloud fabric automatically scales the resources.


The SLA engine of the controller monitors parameters of different types of SLA in real-time.


The SLA includes application SLA and networking SLA, among other types of SLA contemplated by those skilled in the art.


The Multi-cloud fabric may be distributed and it may be capable of receiving more than one application with different formats and to generate native-format applications from the more than one application.


The resources may include storage systems, servers, routers, switches, or any combination thereof.


The analytics of the Multi-cloud fabric include but not limited to traffic, response time, connections/sec, throughput, network characteristics, disk I/O or any combination thereof.


In accordance with various alternative methods, of delivering an application by the multi-cloud fabric, the multi-cloud fabric receives at least one application, determines resources of one or more clouds, and automatically and dynamically delivers the at least one application to the one or more clouds based on the determined resources. Analytics related to the resources are displayed on a dashboard or otherwise and the analytics help cause the Multi-cloud fabric to substantially optimally deliver the at least one application.



FIGS. 4
a-c show exemplary data centers configured using embodiments and methods of the invention. FIG. 4a shows the example of a work flow of a 3-tier application development and deployment. At 422 is shown a developer's development environment including a web tier 424, an application tier 426 and a database 428, each used by a user for different purposes typically and perhaps requiring its own security measure. For example, a company like Yahoo, Inc. may use the web tier 424 for its web and the application tier 426 for its applications and the database 428 for its sensitive data. Accordingly, the database 428 may be a part of a private rather than a public cloud. The tiers 424 and 426 and database 420 are all linked together.


At 420, development testing and production environment is shown. At 422, an optional deployment is shown with a firewall (FW), ADC, a web tier (such as the tier 404), another ADC, an application tier (such as the tier 406), and a virtual database (same as the database 428). ADC is essentially a load balancer. This deployment may not be optimal and actually far from it because it is an initial pass and without the use of some of the optimizations done by various methods and embodiments of the invention. The instances of this deployment are stitched together (or orchestrated).


At 424, another optional deployment is shown with perhaps greater optimization. A FW is followed by a web-application FW (WFW), which is followed by an ADC and so on. Accordingly, the instances shown at 424 are stitched together.


Accordingly, consistent development/production environments are realized. Automated discovery, automatic stitching, test and verify, real-time SLA, automatic scaling up/down capabilities of the various methods and embodiments of the invention may be employed for the three-tier (web, application, and database) application development and deployment of FIG. 4a. Further, deployment can be done in minutes due to automation and other features. Deployment can be to a private cloud, public cloud, or a hybrid cloud or multi-clouds.



FIG. 4
b shows an exemplary multi-cloud having a public, private, or hybrid cloud 460 and another public or private or hybrid cloud 464 communication through a secure access 464. The cloud 460 is shown to include the master controller whereas the cloud 462 is the slave or local cloud controller. Accordingly, the SLA engine resides in the cloud 460.



FIG. 4
c shows a virtualized multi-cloud fabric spanning across multiple clouds with a single point of control and management.



FIG. 5 shows, in conceptual form, further details of the data center 100. The data center 100 is shown to have, in addition to plug-in unit 108, network 204, and the network enablement engine 230, web tier (or “service”) 502, web tier 510, application (“app”) tier 512, database (DB) tier 514, a firewall (FW) 506, a load balancer (also referred to herein as “ADC”) 508, and a number of combinations of firewall and load balancer, i.e. 516-520. The engine 230 is shown to include a configuration management 504 and an application-network service stitching manager 524.


As discussed above, relative to FIGS. 1 and 2, the network enablement engine 230 is in communication with the plug-in unit 108. It is further in communication with the firewall 506 and the web tier 502, which is in communication with the plug-in unit 108. The load balancer 508 is shown communicating with the firewall 506 and the web tier 502. The web tier 502 is also in communication with the network enablement engine 230. The network enablement engine 230 includes the configuration manager 504, which manages the configuration of applications, servers, virtual machines, network services and other instances. An example of the foregoing are the firewall 506, the web tier 502, and the load balancer 508 and their configuration as shown in FIG. 5. In accordance with various methods of the invention, the manager 504 uses various types of methods for managing configuration, some of which are salt, chef, puppet, among others.


The manager 524 of the engine 230, automatically stitches the configuration aspects between application and network services. An example of the foregoing is shown by the application service 512 and the web service 510, which are both along with the database 514 to be in communication with the network 204. Automatic stitching is based on the user's criteria, factors such as location, time-of-day, power, cost, among others. In an embodiment of the invention, automatic stitching is done across clouds.


Initially, the engine 230 might stitch a particular configuration that is non-optimal but it adjusts the stitching to ultimately reach substantially optimal stitching. Every time an instance is added, stitching is re-performed. Among other benefits, this allows for dynamically stitching while maintaining substantial optimal configuration.


The plug-in unit 108 seamlessly integrates with various cloud management platform such as Openstack, Cloudstack, Vcenter, among others.


In accordance with various embodiments and methods of the invention, the engine 230 provides seamless enablement of network services for any applications—enterprise web applications, gateways, and the like. Additionally, it provides network services such as load balancing, application firewall, zonal firewall, etc. to any application. Further, as earlier indicated, it seamlessly integrates with various cloud management platforms such as Openstack, Cloudstack, Vcenter, etc.


The engine 230 further manages configuration for applications/servers/virtual machines/network services via multiple methods such as salt, chef, puppet, etc. and manages configuration by stitching in a harmonic manner for an application including network services. In some embodiments of the invention, stitching is done automatically and dynamically. For example, server selection techniques are performed automatically and based on proximity, load, cost, time-of-day, among others, to provide optimization of configuration. In essence, the engine 230 takes a holistic view of the entire tier/application to provide elasticity of applications/servers/network services in a harmonious manner.


The built-in application discovery manager, the manager 524, discovers when an application comes-up and notifies appropriate dependent network services such as load balancing and application firewall, etc. Further, the manager 524 automatically and dynamically stitches the configuration aspects between application and network services.


In yet another methods and apparatus of the invention, the engine 230 provides a service chaining framework for any user to create a tier or an application, which can be multi-tiered, with any services in any manner.


In yet another method, application discovery manager, the manager 524, can detect applications in a running system and dynamically attach network services and provide seamless traffic migration to the detected applications.


In yet another method and apparatus of the invention, the engine 203 provides automatic elasticity of applications by sending triggers to the cloud management platform, or plug-in unit 108. Triggers can be any suitable indicator, interrupt, signal, setting and the like.


Additionally, in another method and apparatus of the invention, the engine 203 can provide support for rolling upgrades of deployed applications without disruption to existing sessions by consolidating and redirection of traffic using the network services.


In still another apparatus and method of the invention, the engine 203 can integrate with existing SDN controllers, such as those made by Floodlight, Open Daylight, and PDX, among others, to provide service chaining using SDN flows.


In another method and apparatus of the invention, the engine 230 can provide an interface to take configuration snapshots of all networking services for easy restoration and rollback.


In another method and apparatus of the invention, the engine 230 can recognize an application being deployed and optimize networking services for that application.


In another method and apparatus of the invention, the engine 230 provides an interface applications to explicitly request network service and deployment changes, such as reservation, traffic blocking, elasticity triggers, and the like.


In another method and apparatus of the invention, the engine 230 can provide a method for consolidation session in deployed servers/virtual machines based on application priority and other rules.


In another method and apparatus of the invention, the engine 230 can provide a method for freeing up compute and other resources by consolidation of low priority applications to allow high priority applications to scale up in case of resource crunch.


In another method and apparatus of the invention, the engine 230 can support snap-shotting entire application tiers for easy replication and future deployment.



FIG. 6 shows an exemplary system, such as a data center, in which the engine 203 is employed. The user 408 is shown using a browser 606 with a user interface 604 and a mobile application 602. The browser 606, user interface 604 and mobile application 602 are employed by the engine 203, which is shown to perform a number of functions in FIG. 6, such as discovery, deployment and configuration. It is also shown to including integrated configuration management system (CMS) and application directory with definition of applications and interfaces. It communicates with an existing CMS, configures an existing network service, deploys and configures another network service and applications. Examples of the certified management protocol (CMP) are Open Stack, Vernier, and Cloud Stack. The engine 203 can configure internally or externally.



FIG. 7 shows a flow chart of relevant steps for performing various functions by the engine 203. At 702, the engine 203 waits for an existing instance or new instances to be come up and at 704, if the instance is a network service, the process continues to step 710 and if the instance is an application, the process goes to step 706. At step 706, configuration is generated for the application and the configuration is pushed meaning it is an added instance that affects stitching, therefore, stitching is re-done with the application. At step 710, the network service is updated, configured and pushed as in step 706. At 708, the application and/or network service stitching information is updated to the step 710 so that the network service is updated and configured using the stitching information.



FIGS. 8-10 show various stitchings by the engine 203, in accordance with exemplary methods and apparatus of the invention. FIG. 8 shows an end-to-end stitching from L4-L7 starting with L4 to three secure socket layers (SSLs), to L7 (two connections) from each SSL to an L7, to tier (t) 1 servers to tier 2 servers.



FIG. 9 shows the example of a stitched configuration with zone firewall, L4, SSLs, L7, application firewall, API Gateway (GW) and servers. FIG. 10 shows two domain virtual internet protocol (vip) 1 and 2, each shown to L4, SSLs, L7s and servers with the output being domain2.vip1, which also undergoes a stitched configuration of L4, SSLs, L7s and servers. Domain.vip represents the domain name and IP of a user.


Although the description has been described with respect to particular embodiments thereof, these particular embodiments are merely illustrative, and not restrictive.


As used in the description herein and throughout the claims that follow, “a”, “an”, and “the” includes plural references unless the context clearly dictates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.


Thus, while particular embodiments have been described herein, latitudes of modification, various changes, and substitutions are intended in the foregoing disclosures, and it will be appreciated that in some instances some features of particular embodiments will be employed without a corresponding use of other features without departing from the scope and spirit as set forth. Therefore, many modifications may be made to adapt a particular situation or material to the essential scope and spirit.

Claims
  • 1. A system comprising: a controller unit responsive to applications and configured to control one or more network switches, the controller including a network enablement engine being in communication with at least one firewall through which the network enablement engine communicates with a load balancer and a server, the server responsive to input from a user, the user having one or more criterion communicated to the network enablement engine through the server, the network enablement engine including, a configuration engine configured to, discover an existing instance or to bring up a new instance,generate an application configuration in the event a new instance is brought up, the application configuration, at least in part, defining the configuration of the new instance,update the application configuration of the existing instance using stitching information, anda stitching manager configured to generate the stitching information and to cause stitching of the new instance and re-stitching of the existing instances of one or more clouds using the at least one firewall based on the user's one or more criterion,wherein the new and existing instances are stitched automatically and dynamically.
  • 2. The network enablement engine of claim 1, wherein the stitch is end-to-end.
  • 3. (canceled)
  • 4. The network enablement engine of claim 2, wherein the configuration engine is further configured to deploy network services.
  • 5. The network enablement engine of claim 4, wherein the stitching manager is configured to stitch from L4 through L7 and from L7 to other servers.
  • 6. The network enablement engine of claim 4, wherein the server is tier 1.
  • 7. The network enablement engine of claim 6, wherein the stitching manager is configured to stitch from the tier 1 to at least one tier 2 server.
  • 8. The network enablement engine of claim 6, wherein the stitching manager is configured to stitch from L4 to secure socket layers (SSLs) before stitching to L7.
  • 9. The network enablement engine of claim 8, wherein the stitching manager is configured to stitch the at least one firewall or at least one gateway after stitching through the SSLs.
  • 10. The network enablement engine of claim 8, wherein the stitching manager is configured to stitch from one domain name utilized by the user from L4 through the L7 and the servers and the servers outputting another domain name and the stitching manager being configured to stitch through another L4 through L7 and other servers.
  • 11. The network enablement engine of claim 8, wherein the stitching manager is configured to stitch within one of the one or more cloud.
  • 12. The network enablement engine of claim 8, wherein the stitching manager is configured to stitch between the one ore more clouds.
  • 13. The network enablement engine of claim 8, wherein the one or more clouds includes a public cloud and a private cloud.
  • 14. A method of managing networking-comprising: receiving applications by a controller unit, the controller unit controlling one or more network switches including a network enablement engine in communication with the one or more firewalls or the one or more gateways through which the network enablement engine communicates with a load balancer and a web server;receiving input from a user, the user having one or more criterion;discovering an existing instance or bringing up a new instance by the network enablement engine including;generating an application configuration in the event a new instance is brought up;updating the application configuration of the existing instance using stitching information;stitching the new instance and re-stitching the existing instance of the one or more clouds based on the user's criterion, by a stitching manager, wherein the stitching is performed dynamically and automatically for instances.
  • 15. The method of managing of claim 14, further including the configuration engine deploying network services.
  • 16. The method of managing of claim 14, further including the stitching manager stitching from L4 through L7 and from L7 to other servers.
  • 17. The method of managing of claim 16, wherein the stitching manager stitching from tier 1 servers to tier 2 servers.
  • 18. The method of managing of claim 16, further including stitching from L4 to secure socket layers (SSLs) before being stitching to L7.
  • 19. The network enablement engine of claim 18, further including the stitching manager stitching one or more firewalls or one or more gateways after stitching through the SSLs.
  • 20. The method of managing of claim 19, wherein the stitching is performed between the one or more clouds.
CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent application Ser. No. 14/214,612, filed on Mar. 14, 2014, by Kasturi et al., and entitled “METHOD AND APPARATUS FOR RAPID INSTANCE DEPLOYMENT ON A CLOUD USING A MULTI-CLOUD CONTROLLER”, which is a continuation-in-part of U.S. patent application Ser. No. 14/214,572, filed on Mar. 14, 2014, by Kasturi et al., and entitled “METHOD AND APPARATUS FOR ENSURING APPLICATION AND NETWORK SERVICE PERFORMANCE IN AN AUTOMATED MANNER”, which is a continuation-in-part of U.S. patent application Ser. No. 14/214,472, filed on Mar. 14, 2014, by Kasturi et al., and entitled “PROCESSES FOR A HIGHLY SCALABLE, DISTRIBUTED, MULTI-CLOUD SERVICE DEPLOYMENT, ORCHESTRATION AND DELIVERY FABRIC”, which is a continuation-in-part of U.S. patent application Ser. No. 14/214,326, filed on Mar. 14, 2014, by Kasturi et al., and entitled “METHOD AND APPARATUS FOR A HIGHLY SCALABLE, MULTI-CLOUD SERVICE DEPLOYMENT, ORCHESTRATION AND DELIVERY”, which are incorporated herein by reference as though set forth in full.

Continuation in Parts (4)
Number Date Country
Parent 14214612 Mar 2014 US
Child 14214666 US
Parent 14214572 Mar 2014 US
Child 14214612 US
Parent 14214472 Mar 2014 US
Child 14214572 US
Parent 14214326 Mar 2014 US
Child 14214472 US