Browse Prior Art Database

MICRO-SEGMENTATION SECURITY FOR MICRO-SERVICES USING AN INTERACTION GRAPH

IP.com Disclosure Number: IPCOM000248167D
Publication Date: 2016-Nov-02
Document File: 16 page(s) / 2M

Publishing Venue

The IP.com Prior Art Database

Abstract

The present disclosure describes an analytic-driven, dynamic placement of micro-segmentation security in Software Defined Data Centers (SDDC), Software Defined Networking (SDN), Network Function Virtualization (NFV), and Software Containerization Platforms (SCP). The disclosure includes dynamically deriving a micro-services interaction graph by searching and analyzing structured log messages generated by the micro-services, micro-segmenting the micro-services based on the interaction graph, micro-segmenting the management plane between the micro-service and the physical Network Element based on the interaction graph, and micro-segmenting the micro-services by triggering actions (based on the interaction graph) in the SDDC, SDN, NFV, and SCP.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 18% of the total text.

MICRO-SEGMENTATION SECURITY FOR MICRO-SERVICES USING AN INTERACTION GRAPH

ABSTRACT

The present disclosure describes an analytic-driven, dynamic placement of micro-segmentation security in Software Defined Data Centers (SDDC), Software Defined Networking (SDN), Network Function Virtualization (NFV), and Software Containerization Platforms (SCP).    The disclosure includes dynamically deriving a micro-services interaction graph by searching and analyzing structured log messages generated by the micro-services, micro-segmenting the micro-services based on the interaction graph, micro-segmenting the management plane between the micro-service and the physical Network Element based on the interaction graph, and micro-segmenting the micro-services by triggering actions (based on the interaction graph) in the SDDC, SDN, NFV, and SCP.

DETAILED DESCRIPTION

Again, in various exemplary embodiments, the present disclosure describes an analytic-driven, dynamic placement of micro-segmentation security in Software Defined Data Centers (SDDC), Software Defined Networking (SDN), Network Function Virtualization (NFV), and Software Containerization Platforms (SCP).  The present disclosure is described with systems and methods to micro-segment the micro-services (http://martinfowler.com/articles/microservices.html) running in the data centers and network elements. 

The present disclosure provides:

-          System and method to dynamically derive a micro-services interaction graph by searching and analyzing structured log messages generated by the micro-services.

-          System and method to micro-segment the micro-services based on the interaction graph generated from the above micro-services interaction graph.

-          System and method to micro-segment the management plane between the micro-service and the physical Network Element based on the interaction graph generated from the above step.

-          System and method to micro-segment the micro-services by triggering actions (based on the above interaction graph) in the Software Defined Data Centers (SDDC), Software Defined Networking (SDN), Network Function Virtualization (NFV) and Software Containerization Platforms (SCP).

 

The exemplary micro-services described in this disclosure are a Network Orchestration Suite and Management Control Planning (MCP) components (FIG. 1). The exemplary software containerization platform described in this disclosure is Docker (https://www.docker.com/what-docker).  Other SDDC, SDN, NFV and SCP systems are also within the scope of this disclosure.

FIG. 1 Network Orchestration Suite

Enterprises like Amazon and Google are moving to micro-services in building their distributed applications for the cloud.  Companies need to build and operate their services at scale, faster delivery of features and to improve resource utilization. The downside of micro-services is the complex deployment, especially in the security management.

The systems and methods described herein intelligently place micro-segmented...