The present invention relates to the field of cloud computing, and, in particular embodiments, to a system and method for creating service chains and virtual networks in the cloud.
Typical cloud networks for cloud applications and services usually consist of multiple tiers, referred to as n-tiers. Each tier hosts computers or processors that run specific functions. In addition, network tiers are usually separated from each other by network components such as firewalls and load balancers among others. An example of n-tier networks is a 3-tier network that includes a web tier, an application tier, and a database tier, coupled in sequence to a public network, e.g., the Internet. Each of the tiers resides behind a firewall which protects one tier from another. Typically, n-tier cloud networks and services are created using, command lines, preconfigured input forms, or combinations of both. Web services such as Amazon EC2™ (Elastic Compute Cloud) and OpenStack™ are examples of such approaches to build n-tier cloud networks for cloud applications and services. These web services are available for customers to build their own cloud networks and services. This includes creating security groups (SGs), each comprising a set of access control lists (ACLs). The created SGs can be applied to virtual machines (VMs) at the physical network to virtualize n-tier networks. Using such web services and similar command line and form input formats to create n-tier cloud networks and services can be challenging and time/cost demanding. There is a need for a simpler system and method for creating n-tier or virtual cloud networks and service chains, which can resolve such issues.
In accordance with an embodiment of the disclosure, a method by a cloud processing component for creating virtual networks includes receiving, from a user via a graphical user interface, a network diagram for a virtual network. The network diagram comprises elements, each one of the elements representing a network component. The method further includes validating the network diagram, and upon successful validation of the network diagram, compiling the network diagram into application programming interface (API) calls. The API calls are then executed. Using the executed the API calls, the virtual network is established according to the network diagram. The virtual network comprises virtual network components corresponding to the elements of the network diagram.
In accordance with another embodiment of the disclosure, a method by a user for creating virtual networks includes entering, using a graphical user interface of a cloud computing platform, a network diagram representing a virtual network. The network diagram comprises elements, each one of the elements representing a network component. The network diagram enables the cloud computing platform to establish, using application programming interface (API) calls, the virtual network. The virtual network comprises virtual network components corresponding to the elements of the network diagram.
In accordance with yet another embodiment of the disclosure, a network component for creating virtual networks includes at least one processor and a non-transitory computer readable storage medium storing programming for execution by the at least one processor. The programming includes instructions to receive, from a user via a graphical user interface, a network diagram for a virtual network. The network diagram comprises elements, each one of the elements representing a physical network component. The programming includes further instructions to validate the network diagram, and upon successful validation of the network diagram, compile the network diagram into API calls. The network component is further configured to execute the API calls, and establish, using the executed the API calls, the virtual network according to the network diagram. The virtual network comprises virtual network components corresponding to the elements or the network diagram.
The foregoing has outlined rather broadly the features of an embodiment of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of embodiments of the invention will be described hereinafter, which form the subject of the claims of the invention. It should be appreciated by those skilled in the art that the conception and specific embodiments disclosed may be readily utilized as a basis for modifying or designing other structures or processes for carrying out the same purposes of the present invention. It should also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims.
For a more complete understanding of the present invention, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawing, in which:
Corresponding numerals and symbols in the different figures generally refer to corresponding parts unless otherwise indicated. The figures are drawn to clearly illustrate the relevant aspects of the embodiments and are not necessarily drawn to scale.
The making and using of the presently preferred embodiments are discussed in detail below. It should be appreciated, however, that the present invention provides many applicable inventive concepts that can be embodied in a wide variety of specific contexts. The specific embodiments discussed are merely illustrative of specific ways to make and use the invention, and do not limit the scope of the invention.
With the rapid adoption of cloud computing, customers need to be able to conveniently construct n-tier networks in the cloud to migrate or mimic their on-premise environment. However, current cloud computing platforms such as Amazon EC2™ and OpenStack™ include limited user interfaces for creating virtual networks, such as using input forms and line commands. Embodiments are provided herein for creating service chains and virtual networks, such as n-tier networks, in the cloud. The embodiments include systems and methods for building virtual networks in the cloud using user-friendly network diagram drawing methodology and user interface. Using the schemes herein, a cloud computing provider can provide a user-friendly self-service that allows its customers to easily create virtual networks in the cloud, which mimic their existing on-premise physical networks.
The network diagram is drawn using a graphical user interface (GUI) that is part of the cloud management platform/system. The GUI can be provided by a software tool or web service. After submitting the network diagram which represents the n-tier network, the system can validate the network diagram. If the network diagram passes the validation process, the system compiles the network diagram into application programming interface (API) calls. The API calls are then executed by the system to configure one or more underlying physical networks to establish a virtual n-tier network according to the network diagram of the user. Thus, the diagram components are mapped, essentially one-to-one, into corresponding virtual network components. The system is aware of each of the components or elements of the diagram and is capable to map the element to a corresponding virtual element. The virtual network provides network connectivity and also guarantees policy enforcement. The virtual network can be established according to the available virtualization technology provided by the system or the physical networks, such as a virtual local area network (VLAN).
In an embodiment, each user or a group of users (e.g., in an enterprise) initially get (e.g., via purchase) or is initially assigned a resource pool comprising a maximum quantity of available resources for the user or group to establish virtual or cloud based n-tier networks. For example, the resource pool can include a maximum number of VLANs, switch ports, forwarding entries, bandwidth, storage size, and/or other network resources which are available to the user or group. The total available resources in a resource pool assigned to a user or a group of users can also be divided (reassigned) to other individual users or groups. Accordingly, each user or group uses the corresponding designated resources for building corresponding virtual n-tier networks.
The CPU 510 may comprise any type of electronic data processor. The memory 520 may comprise any type of system memory such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), a combination thereof, or the like. In an embodiment, the memory 520 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs. The mass storage device 530 may comprise any type of storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus. The mass storage device 530 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, an optical disk drive, or the like.
The video adapter 540 and the I/O interface 590 provide interfaces to couple external input and output devices to the processing unit. As illustrated, examples of input and output devices include a display 560 coupled to the video adapter 540 and any combination of mouse/keyboard/printer 570 coupled to the I/O interface 590. Other devices may be coupled to the processing unit 501, and additional or fewer interface cards may be utilized. For example, a serial interface card (not shown) may be used to provide a serial interface for a printer.
The processing unit 501 also includes one or more network interfaces 550, which may comprise wired links, such as an Ethernet cable or the like, and/or wireless links to access nodes or one or more networks 580. The network interface 550 allows the processing unit 501 to communicate with remote units via the networks 580. For example, the network interface 550 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas. In an embodiment, the processing unit 501 is coupled to a local-area network or a wide-area network for data processing and communications with remote devices, such as other processing units, the Internet, remote storage facilities, or the like.
While several embodiments have been provided in the present disclosure, it should be understood that the disclosed systems and methods might be embodied in many other specific forms without departing from the spirit or scope of the present disclosure. The present examples are to be considered as illustrative and not restrictive, and the intention is not to be limited to the details given herein. For example, the various elements or components may be combined or integrated in another system or certain features may be omitted, or not implemented.
In addition, techniques, systems, subsystems, and methods described and illustrated in the various embodiments as discrete or separate may be combined or integrated with other systems, modules, techniques, or methods without departing from the scope of the present disclosure. Other items shown or discussed as coupled or directly coupled or communicating with each other may be indirectly coupled or communicating through some interface, device, or intermediate component whether electrically, mechanically, or otherwise. Other examples of changes, substitutions, and alterations are ascertainable by one skilled in the art and could be made without departing from the spirit and scope disclosed herein.