Patent Application
20130132948
Cloud computing is used for providing computing capabilities as a service. Computing resources such as software and information are shared among those accessing the cloud.
One reason why cloud computing is considered useful is that it lessens the burden on an entity that does not have the corresponding hardware or software that would otherwise be necessary for realizing desired computing capabilities. Rather than having to make a substantial investment in such resources, the same computing capabilities can be used by paying for access to those capabilities offered by a cloud service provider.
Another reason that cloud computing is recognized as beneficial is that it allows an entity that has unused computing capacity to realize the full potential of the equipment it currently has. For example, many businesses have computer networks that are over-provisioned with excess capacity to handle an occasional spike in activity or as a backup, for example. Most of the time that capacity remains idle and the owner does not realize any tangible benefit from that capacity (other than having it available if the need for it arises). Cloud computing can allow such capacity to be made available to others for a fee.
While several cloud architectures have been proposed and used, there has not been any suggested way to manage edge computing resources owned by an individual, for example, that could be offered to others for cloud computing.
An exemplary cloud computing apparatus includes at least one compute device controller. A digital data storage of the controller includes a chief management virtual machine program for running a chief management virtual machine. A processor associated with the digital data storage is configured to run the chief management virtual machine. The chief management virtual machine is useful to control first user communications between at least one first user and a first virtual machine and to control second user communications between at least one second user and a second virtual machine. The first virtual machine and the second virtual machine are run by at least one compute resource distinct from the compute device controller. The chief management virtual machine is also useful for isolating the first user communications from the second user communications.
Another exemplary cloud computing system includes at least one compute resource provided with a virtual machine program for running a first virtual machine that is available to at least one remotely located first user and running a second virtual machine that is available to at least one remotely located second user. A compute device controller is provided with a chief management virtual machine program for running a chief management virtual machine for controlling first user communications between the first virtual machine and the first user and controlling second user communications between the second virtual machine and the second user. The chief virtual management machine is also useful for isolating the first user communications from the second user communications.
An exemplary method of cloud computing includes providing a plurality of compute device controllers with respective chief management virtual machine programs for running respective chief management virtual machines. The chief management virtual machine of a compute device controller is used for controlling first user communications between at least one first user and a first virtual machine and controlling second user communications between at least one second user and a second virtual machine. The first virtual machine and the second virtual machine are run by at least one compute resource distinct from the compute device controller. The chief management virtual machine is also used for isolating the first user communications from the second user communications.
Another exemplary method of cloud computing includes providing at least one compute resource with a virtual machine program for running a first virtual machine that is available to at least one remotely located first user and running a second virtual machine that is available to at least one remotely located second user. A compute device controller is provided with a chief management virtual machine program for running a chief management virtual machine. The chief management virtual machine is used for controlling first user communications between the first virtual machine and the first user and for controlling second user communications between the second virtual machine and the second user. The chief management virtual machine is also used for isolating the first user communications from the second user communications.
The various features and advantages of disclosed examples will become apparent to those skilled in the art from the following detailed description. The drawings that accompany the detailed description can be briefly described as follows.
The following description introduces a personal cloud arrangement and various techniques for sharing edge compute resources across the Internet. The personal cloud arrangement makes it possible for sharing compute resources over the
Internet among peers. The personal cloud may also be part of a virtual, distributed cloud that is managed by a service provider utilizing the resources of an aggregate of multiple personal clouds. The virtual, distributed cloud does not require its own infrastructure but, instead, takes advantage of the compute resources available in the personal clouds.
For discussion purposes, the term “personal cloud” is used to indicate a cloud that is established using equipment that is owned or controlled by a single entity. For example, equipment that is owned or controlled by an individual, small business or another identifiable entity. It is possible for a “personal” cloud consistent with disclosed examples to be established using equipment that is owned by a small business or another entity, for example.
The disclosed examples facilitate using otherwise underutilized edge compute resources such as those owned by an individual or another entity that can be considered an endpoint of the Internet. Examples of such resources include unused computers, CPUs and bandwidth. Such resources could be shared with others to provide datacenter services, backup services, applications or website operation services, for example. The term “compute resource” as used in this description is intended to refer to any of these as appropriate in a given context. For discussion purposes computers are selected as example compute resources.
One of the challenges presented by attempting to share edge compute resources is providing a framework for exporting the resources (e.g., CPU, network and storage) from individual nodes in a secure and scalable fashion. Disclosed examples include virtual machines (VMs) that effectively package such resources for use by remote users.
Another challenge is associated with setting up a personal cloud. Many people or entities that may offer compute resources to remote users in a manner consistent with the disclosed examples do not have sufficient expertise or experience to be able to configure the personal cloud. As will become apparent from the following description, the disclosed examples include an auto-configuring approach that minimizes user-driven configuration for setting up and managing the resource sharing.
Additionally, the disclosed examples include features that ensure that the resource shared VMs do not interfere with each other or any other computers that a personal cloud provider is using for their own purposes within the same environment as the resources offered to remote users.
The disclosed examples also facilitate multiple VMs sharing a single Internet Protocol (IP) address.
An example personal cloud arrangement is described followed by a description of a virtual, distributed cloud that is based on an aggregated plurality of personal clouds.
In this example, the compute device 28 comprises a router that facilitates wireless communications within the network 22 on behalf of computers 30 and 32. The compute device 28 also facilitates communications on behalf of computers 34, 36 and 38.
The computers 36 and 38 are each included in a personal cloud 40. The computers 36 and 38 are, in one example, computers that are otherwise not being used by the owner of the network 22. Those computers in this example are each provided with a virtual machine program for running a virtual machine (VM) that is available to one or more remote users that communicate with the VM. In the illustrated example, the computer 36 includes at least one virtual machine program that facilitates the computer 36 having four VMs 42, 44, 46 and 48 (i.e., four instances of the at least one virtual machine program). The illustrated computer 38 includes at least one virtual machine program that facilitates the computer 38 having three VMs 52, 54 and 56 (i.e., three instances of the at least one virtual machine program). Each of those VMs is useful for providing computing services or capabilities accessible by at least one authorized remote user. The term “remote” may refer to a user that is remote from the computers 36 and 38, remote from the network 22 or remote from both.
In one example, the virtual machine program or software can be installed on the computers 36 and 38 using known software installation techniques. One example virtual machine program installs a hypervisor, such as a known Type 1 native hypervisor, into the computer(s) to be included as part of the personal cloud. The computers 36 and 38 are dedicated exclusively to cloud computing use in this example.
In this example, the personal cloud 40 allows users to utilize the computing resources available through the computers 36 and 38 without having to own or maintain control over them. In one example, the computers 36 and 38 comprise x86 based computers dedicated to resource sharing through the cloud 40. They are powered on and connected to the network 22 whenever the cloud 40 is to be available to potential users. In this example, the VMs within the cloud 40 are exclusively used by authorized users that are remote from the computers 36 and 38 and outside of the network 22.
The illustrated example includes the capability to manage communications between remote users and the VMs associated with the personal cloud 40.
A compute device controller is provided with a chief management virtual machine program for running a chief management virtual machine at 86. This example includes using the chief management virtual machine for controlling first user communications between the first VM and the first user at 88. The chief management virtual machine is used at 90 for controlling second user communications between the second VM and the second user. The example method also includes using the chief management virtual machine at 92 for isolating the first user communications from the second user communications.
At 94 this example includes isolating the first user communications and the second user communications from any other traffic within the private network 22. This ensures that any use of the computers 30, 32 or 34 will not be compromised or interfered with by the communications between remote users and the VMs in the personal cloud 40.
As shown in
Each computer in
In this example the MVM 60 is a chief MVM that acts as a gateway for controlling all communications between the cloud 40 and the external network 26. The chief MVM 60 controls all first user communications between a first user and any of the VMs provided by the computer 36. The chief MVM 60 controls all second user communications between a second user and any of the VMs provided by the computer 38. The chief MVM 60 ensures that the first user communications are isolated from the second user communications and any communications of users within the network 22.
One example includes managing incoming traffic by forwarding it to the chief MVM 60, which maps the incoming communication to the appropriate VM. One example includes using TCP and UDP port forwarding at the router 28 to forward a selected set of ports (e.g., corresponding to SSH and web traffic such at TCP ports 22, 80 and 443) to a management portal running in the chief MVM 60. There are known techniques that allow users to set up port forwarding on a home router.
Another example includes UPnP protocols like the IGD to programatically create network address translation (NAT) pinholes and port forwarding rules in UPnP compliant routers. In one example all SSH and web traffic is routed to the chief MVM 60. In some examples, all incoming traffic to the network 22 from the network 26 is routed to the chief MVM 60.
One example includes a two stage approach facilitated by the chief MVM 60 for providing users access to the individual VMs within the cloud 40. In the first stage, a potential cloud user provides trigger packets that indicate the source address of the user. In the example of
The example chief MVM 60 includes a NAT module 66 for translating between addresses so that user communications are properly directed between a user and the appropriate VM. For example, a communication from a remote user will be directed to the IP address of the interface device (e.g., modem) 24. That communication gets routed to the chief MVM 60 by the router 28. The chief MVM 60 translates from the IP address of the interface device 24 to a private IP address of the appropriate VM based on the source address and protocol information mentioned above. For communications that originate from one of the VMs 52, 54 or 56, those will be directed to the chief MVM 60 from the MVM 62 using the internal IP address of the chief MVM 60. In some embodiments, the NAT module 66 translates from that address to the appropriate user address based on information regarding the source VM and the protocol for that communication.
In another example, each VM is accessed only over the Internet. The portal 64 is this example runs as a web router. Each web access (HTTP) request uniquely identifies the hostname to which it is addressed. Since each VM can have a different name while sharing the same IP address, this example allows for one stage demultiplexing at the portal 64 in the chief MVM 60.
The chief MVM 60 in this example is responsible for personal cloud automation including instantiating and deleting VMs, assigning VMs to users, assigning VMs to virtual networks, isolating and ensuring the security of traffic between VMs, ensuring quality of service for network traffic to and from the personal cloud 40, IP address sharing and application proxying across multiple VMs.
Controlling the first user communications between a first user and any of the VMs 52-56 includes using the MVM 62 to rate limit such traffic to regulate the bandwidth usage inside the network 22 and through the interface device 24 into the external network 26. The MVM 62 includes a traffic conditioning module 70 for regulating all traffic to or from any of the VMs 52-56 run by the computer 38. In one example, every computer in the cloud 40 has its own MVM and every MVM includes such a traffic conditioning module. Only the chief MVM 60 has the NAT module 66 and the portal 64 because all communications between VMs in the cloud 40 and the external network 26 pass through the chief MVM 60.
As mentioned above, personal cloud configurations consistent with the disclosed examples may be aggregated and used as a virtual, distributed cloud that allows a service provider to provide cloud computing without having to own or control the infrastructure needed for such a cloud.
The illustrated example allows a service provider to offer cloud computing services without having to obtain or maintain the necessary infrastructure. Instead, the service provider utilizes the endpoint or edge compute resources available within the personal clouds 40.
In the illustrated example a compute device controller 140 runs the chief MVM 142. The device 140 is within the personal network 22 and in this example comprises a router with sufficient processor capacity for running the chief MVM 142. For example, the compute device controller 140 includes digital data storage 144 and a processor 146 associated with the digital data storage 144 for accessing programs and information in the storage and to alter contents of the storage as appropriate. When processor-executable programs such as the chief management virtual machine program are implemented on the processor 146, the program code segments combine with the processor 146 to provide a unique device that operates analogously to specific logic circuits.
In some such examples, the compute device controller 140 (e.g., a home router) is provided by and managed by the service provider that facilitates the virtual, distributed cloud. In another example the compute device controller 140 and the chief MVM 142 are centrally located remotely from the computers included in each of the personal clouds and operated by the service provider.
Having a chief MVM outside of the computers in the personal clouds 40 allows for centralized control over each personal cloud that is part of the virtual cloud. This type of arrangement allows for aggregating the resources of a plurality of distributed personal clouds for offering cloud computing services to users without having to purchase or maintain the infrastructure that is needed for the virtual cloud. The service provider or other entity that facilitates the virtual, distributed cloud may share revenue obtained from offering cloud computing as a service to those who make computers available within personal clouds to be part of the aggregate cloud. Alternatively, the service provider may provide a discount on other services provided to those who make a personal cloud available to be part of such a cloud that is an aggregate of a plurality of personal clouds 40. Such an arrangement allows individuals, for example, to realize some financial benefit from otherwise unused computers or other computing resources. A benefit to the service provider is that the service provider can offer more cloud computing services without investing in or maintaining the additional infrastructure that is needed.
In this example each computer 36 and 38 runs a MVM 60′ and 62′, respectively. Each of those MVMs communicates with the chief MVM 142, which manages all communications between the users and the VMs. None of the computers in the personal cloud 40 has to run a chief MVM in this example.
The operator of the chief MVM 142 verifies the personal network owners who participate in providing the resources for the aggregated cloud based on a pre-existing relationship between those individuals and the service provider in one example. The service provider enables the connectivity between the chief MVM 142, the personal clouds and any authorized users.
In the example of
As the chief MVM functionality is removed from the computers 36 and 38 in this example, there is no need for any port forwarding to extend incoming traffic to the chief MVM 142.
Incoming communications intended for a VM in one example are handled using the two-stage approach described above. One difference is that the remote user contacts a portal located in the service provider's equipment in the first stage rather than in the home router associated with the VM. The service provider equipment programs the NAT module in the chief MVM 142 remotely.
The service provider in this example handles IP address management and bandwidth usage for traffic into each cloud. The MVMs 60′ and 62′ need only be responsible for regulating traffic or bandwidth usage within the personal cloud 40 and outgoing tunneled L2 traffic from the corresponding computer 36 or 38 to the compute device controller 140 over the L2 tunnel connections between them.
Differences between the examples of
In one example, the service provider sets up L2 or layer 3 networking (L3) tunnels between the compute device controller 140 and a designated IP address for each customer. This allows virtual private network (VPN) access to the virtual network allocated to the customer. The VPN connection is connected to the L2 network allocated for the customer thereby sealing the L2 network from any other customer traffic or home network traffic. In this case the customer is responsible for allocating addresses to the VMs inside the VPN-based virtual private cloud (VPC) but since all remote access to the customer VMs is over the VPN connection, the service provider has no concern regarding access restrictions.
Several example uses of a personal cloud are disclosed above. Each may have features that are unique to that example but implementations of this invention are not necessarily so limited. It is possible to combine one or more features of one of the examples with one or more features of another. The disclosed examples provide personal cloud computing with appropriate resource management and communication confidentiality for realizing the benefits of cloud computing within a personal cloud environment.
The preceding description is exemplary rather than limiting in nature. The scope of legal protection given to this invention can only be determined by studying the following claims.
