Abstract: A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes performance of operations including generating a topology mapping visualization illustrating a plurality of constructs and communication paths therebetween, wherein a first subset of the plurality of constructs are deployed in the first cloud computing network and a second subset of the plurality of constructs are deployed in the second cloud computing network, receiving user input corresponding to (i) a selection of one or more constructs and (ii) an identifier for the selection, generating a filtered topology mapping visualization of the selection of the one or more constructs and any connections therebetween, and causing rendering of the filtered topology mapping visualization on a display screen.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: transmitting one or more requests to the controller for metadata of at least the first gateway and the second gateway; receiving, from at least one of the first gateway and the second gateway, network data of the corresponding gateway; generating a visualization illustrating the metadata and the network data, wherein the metadata and the network data pertain to multiple cloud computing networks; and causing rendering of the visualization on a display screen of a network device.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.

Abstract: In one embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.

Abstract: According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways of the first plurality of gateways in accordance with a first tunnel protocol. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways in accordance with a second security protocol to provide redundant routing.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving gateway metrics spanning multiple cloud computing networks including at least the first and second cloud computing networks, wherein the deriving is based on at least the metadata and the network data of each of the first and second gateways, generating a dashboard visualization illustrating the gateway metrics, wherein the gateway metrics pertain to characteristics of each gateway and deployed constructs associated with each gateway, and causing rendering of the dashboard visualization on a display screen.

Abstract: According to one embodiment, a computerized method conducted by logic deployed within a network device implemented within a virtual private cloud network for supporting network address translations within a public cloud network is described. Herein, after receipt of a message, based on content within the message, a network address translation (NAT) control logic unit from a plurality of NAT control logic units is selected. The selected NAT control logic unit is configured to perform address translations on information within the message to produce a translated message. Thereafter, the translated message is routed to a destination network device located on the public network.

Abstract: According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving, from the controller, metadata pertaining to a plurality of constructs corresponding to a plurality of time instances, receiving, from each of the first and second gateways, network data corresponding to the plurality of time instances, wherein the metadata and the network data identify each of the plurality of constructs, communication paths between each construct, and in which cloud computing network each construct is deployed, generating a visualization illustrating differences between the plurality of constructs and communication paths at the first time instance and at the second time instance, and causing rendering of the visualization on a display screen.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a plurality of gateways in a first cloud computing network and logic, stored on non-transitory, computer-medium. The logic, upon execution by one or more processors, causes performance of operations including: generating a topology mapping of the first cloud computing network including a plurality of constructs and connections therebetween, wherein the plurality of constructs includes the plurality of gateways, receiving input corresponding to a selection of a source construct and a destination construct, determining a data transmission path between the source construct and the destination construct, generating a visualization illustrating the data transmission path, and causing rendering of the visualization on a display screen of a network device.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes operations including receiving, from the controller, metadata pertaining to a plurality of constructs, receiving, from each of the first and second gateways, network data, deriving heat map information detailing a density of network traffic at a plurality of geographic locations, wherein the network traffic is transmitted across multiple cloud computing networks, generating a heat map visualization illustrating the density of the network traffic that includes a map of a geographic region as well as an overlay of visual indicators representing the density of the network traffic, and causing rendering of the heat map visualization on a display screen of a network device.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a first gateway in a first cloud computing network and a second gateway in a second cloud computing network and logic. The logic, upon execution by one or more processors, causes performance of operations including generating a topology mapping visualization illustrating a plurality of constructs and communication paths therebetween, wherein a first subset of the plurality of constructs are deployed in the first cloud computing network and a second subset of the plurality of constructs are deployed in the second cloud computing network, receiving user input corresponding to (i) a selection of one or more constructs and (ii) an identifier for the selection, generating a filtered topology mapping visualization of the selection of the one or more constructs and any connections therebetween, and causing rendering of the filtered topology mapping visualization on a display screen.

Abstract: A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.

Abstract: A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.

Abstract: One embodiment of the invention features a system including a first gateway and a second gateway that operate in concert to support a migration of a software component from an on-premises network to a public cloud network while preserving an Internet Protocol (IP) address assigned to the software component. The first gateway deployed as part of the on-premises network, and the second gateway deployed as part of the public cloud network. The first and second gateways are in communication via a secure communication path. To support migration of the software component to the public cloud network while retaining its IP address, the second gateway is configured to resolve a media access control (MAC) address for an on-premises host connected to the on-premises network. Similarly, the first gateway is configured to resolve a MAC address for a cloud host connected to the public cloud network.

Abstract: A computerized method for increasing throughput of encapsulated data through tunnels, the computerized method including receiving data at a first network device for transmission over a network to a second network device. Then determining at the first network device the number of available processing cores on the second network device and generating a plurality of tunneling sessions between the first network device and the second device. Associating the received data with a particular tunneling session and then generating translation data unique to the associated tunneling session prior to encapsulating the received data with the translation data. Finally, transmitting the encapsulated data to the second network device and processing the transmitted encapsulated data received at the second network device with a particular processing core based on the received translation data.

Abstract: According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demuliplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.

Abstract: A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.

Abstract: A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.