Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

An Electronic Method for Building a Secured Management Environment for Shared Cloud Disaster Recovery

IP.com Disclosure Number: IPCOM000239537D
Publication Date: 2014-Nov-13
Document File: 5 page(s) / 235K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to create a Secure Cloud Management Environment for Disaster Recovery within the short Recovery Time Objectives (RTOs) mandated by Managed Cloud Environments. The approach is to replace the dedicated management infrastructure with electronically replicated management components, including virtual and physical resources.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 5

An Electronic Method for Building a Secured Management Environment for Shared Cloud Disaster Recovery

Modern cloud workloads (especially shared) must be managed at all times to meet different types of requirements: access, regulatory, security, authentication, isolation, etc. This management capability must also be maintained after the workload has been transferred to a data recovery (DR) site after a disaster. The management environment can contain a lot of dynamic state and metadata (e.g., user IDs, firewall rules, etc.) that changes quickly and regularly and must be restored to the most recent state at the DR site. New management tools can be dynamically created on the production site, and these have to be made available at the DR site. In a shared cloud environment, the management environment must be created on a per-customer basis, although some management tools also have to be shared by all customers. In addition, in cloud, both the Recovery Point Objective (RPO) (counted in minutes) and the Recovery Time Objective (RTO) (counted in a small number of hours) are short; this management and security must be in place before the customer workload can run.

In prior DR solutions, little or no management environment is provided at the DR site, or it is reconstructed and manually reconfigured. In prior art, a dedicated management infrastructure must be provided and maintained at the DR site for both per-customer tools and the shared tools. This management infrastructure at the DR site requires frequent updates, and is difficult to keep fully up to date with the primary site, especially since keeping it up to date is manual and requires a large staff and cost. At DR time, restoration and reconfiguration of the management tools to the latest state is a manual process, which prevents meeting of the necessary RTO.

The novel contribution is a method to create a Secure Cloud Management Environment for Disaster Recovery within the short RTOs mandated by Managed Cloud Environments. The approach is to replace the dedicated management infrastructure (including Active Directory (AD), Lightweight Directory Access Protocol (LDAP), Domain Name Systems (DNS), Delivery Access Server for remote management, Secure Shell (SSH) connection encryption keys, Virtual LANs numbering plan, Security Rules, Load Balancers exploiting the MAC addresses, Workload specific management systems etc.) with electronically replicated management components, some of which can be virtual resources, such as virtual machines and virtual firewalls, and some of which can be physical resources, such as physical router appliances. This solution focuses on typical tools that are needed immediately to allow the workload to ru...