Surety is performing system maintenance this weekend. Electronic date stamps on new Prior Art Database disclosures may be delayed.
Browse Prior Art Database

Mechanism and Process for Trusted and Untrusted Zones in a Cloud

IP.com Disclosure Number: IPCOM000250185D
Publication Date: 2017-Jun-08
Document File: 3 page(s) / 65K

Publishing Venue

The IP.com Prior Art Database

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Method and System for Utilizing a Sub-Container as a Means of Providing Physical Network and Compute Isolation within a Container

In a private cloud, there may be a requirement to physically isolate a compute pool and network resources of virtual machines (VM) that are Internet facing such as VMs in untrusted zone from VMs that are not internet facing. Physical isolation provides improved security for the VMs that are not Internet facing such as VMs in trusted zone.

Disclosed is a method and system for utilizing a sub-container as a means of providing physical network and compute isolation within a container.

In accordance with the method and system, sub-container is a layer-2 boundary and is built with its own firewalls, switch fabric and routers. There can be more than one sub- containers in a container. The sub-containers may be housed in a same facility or in different facilities. At a sub-container level, separate physical networks with different routes are configured for all VMs during onboarding. In addition, security zones from same pool per container with segregated buckets are provided for each physical network. A sub-container contains one or more compute pools with one or more managers for the compute pools. A high availability configuration is built with the compute pools straddling fire-compartments or building block. Separate compute pools per physical network are provided with distinct virtualization manager per pool. Separate security zones exist for a sub-container and shared storage devices, switches, and backup with distinct logical storage and backup pools are provided per compute pool.

In accordance with the method and system, trusted and non-trusted zones are accommodated in Cloud Managed Services (CMS) as illustrated in the Figure.


The trusted and the non-trusted zone possess physically separate...