Abstract: The order of migrating virtual computing instances from a private data center to a public cloud is optimized using a TSP solver. The method of migrating a plurality of virtual computing instances that are in communication with each other within a private data center to a public cloud includes the steps of assigning, for each different pair of virtual computing instances, a numerical value that represents an amount of data transmission between the pair over a predetermined period of time, determining a recommended order of migration for the virtual computing instances based on the assigned numerical values, and migrating the virtual computing instances according to the recommended order.

Abstract: A method for managing an application executing in a computing system is disclosed as including a private cloud operated by a first organization and a multi-tenant public cloud of which the first organization is one of the tenants. The method comprises instantiating a first virtual object in the private cloud and instantiating a second virtual object in the public cloud for executing the application cooperatively with the first virtual object. Mapping associated with the first virtual object is generated, wherein the mapping comprises a first identifier having a context of the private cloud and a second identifier having a context of the public cloud. The method further includes detecting migration of the first or second virtual object such that both of the first and second virtual objects are instantiated in a single one of the private and public clouds and updating the mapping to reflect the migration.

Abstract: A centralized namespace controller allocates addresses in a distributed cloud infrastructure on-demand. Upon receiving a request to allocate addresses for a network to be provisioned by a cloud computing system included in the distributed cloud infrastructure, the centralized namespace controller allocates a network address that is unique within the distributed cloud infrastructure. Further, the centralized namespace controller allocates a range of virtual network interface cards (NIC) addresses that are unique within the network. The centralized namespace controller then allocates addresses from the range of virtual NIC addresses on an as-requested basis—when a virtual NIC is being created by the first cloud computing system on the network.

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

Abstract: A hybrid cloud computing system having a private data center and a public cloud computing system is discussed. The private data center is managed by a first organization. The public cloud computing system is managed by a second organization, and the first organization is a tenant in the public cloud computing system. The hybrid cloud computing system is configured to generate a mapping that contextualizes virtual objects migrated between the private data center and the public cloud computing system based on the objects' location. Such a mapping is maintained to expose the true hybridity of the hybrid cloud rather than present two distinct views of a private data center (or private cloud) and a public cloud.

Abstract: A method is provided to control the flow of packets within a system that includes one or more computer networks comprising: policy rules are provided that set forth attribute dependent conditions for communications among machines on the one or more networks; machine attributes and corresponding machine identifiers are obtained for respective machines on the networks; and policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules.

Abstract: A method of transferring a virtual machine between a virtualized computing system and a cloud computing system includes determining that a virtual machine is to be transferred from a virtualized computing system to a cloud computing system and determining a connection between a first resource in the virtualized computing system and a second resource in the cloud computing system. Files that enable implementation of the virtual machine at the virtualized computing system and identified, as are file portions of the files for transfer from the virtualized computing system to the cloud computing system. At least one compliance check is executed on each of the file portions using at least one compliance checker. Each of the file portions that fails a compliance check is blocked from being maintained in the cloud computing system.

Abstract: A method is provided to control the flow of packets within a system that includes one or more computer networks comprising: policy rules are provided that set forth attribute dependent conditions for communications among machines on the one or more networks; machine attributes and corresponding machine identifiers are obtained for respective machines on the networks; and policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules.

Abstract: Techniques for executing jobs in a hybrid cloud computing system. A job defines multiple states and tasks for transitioning between states. Jobs are passed between systems that execute different tasks via a message bus, so that the different tasks may be executed. A job manager controls execution flow of jobs based on a job descriptor that describes the job.

Abstract: A hybrid computing system includes an on-premise data center and a cloud computing system. To connect between an organization's multiple data centers, a gateway may instead utilize the connections between the private data center and the cloud computing system rather than a direct connection to the other of the organizations' data centers.

Abstract: Connectivity between data centers in a hybrid cloud system having a first data center managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center, is optimized. According to the described technique, a path-optimized connection is established through a wide area network (WAN) between a first gateway of a first data center and a second gateway of a second data center for an application executing in the first data center based on performance of paths across a set of Internet Protocol (IP) flows. Application packets received from the application at the first gateway are forwarded to a WAN optimization appliance in the first data center. WAN optimized application packets received from the WAN optimization appliance at the first gateway are then sent to the second gateway over the path-optimized connection.

Abstract: A cloud computing system may include multiple cloud data centers. A gateway may establish connections between a cloud providers' multiple data centers using knowledge about the types of applications workloads executing within the cloud computing system, and may be further based on determines policies indicating priorities for routing traffic for the application workloads.

Abstract: An example method of optimizing connectivity between data centers in a hybrid cloud system having a first data center managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center. The method includes probing a wide area network (WAN) with test packets by varying an internet protocol (IP) flow tuple of the test packets across a set of IP flows. The method includes identifying a plurality of paths between a gateway of the first data center and another gateway of the second data center associated with the set of IP flows. The method further includes selecting an IP flow from the set of IP flows for an application executing in the first data center. The method further includes establishing a path-optimized connection between the gateway and the other gateway through the WAN having the selected IP flow for use by the application.

Abstract: A cloud computing system retrieves routing entries associated with a particular tenant of the cloud computing system and are a subset of a routing table of the entire cloud computing system. The routing entries are loaded into a networking switch, which is configured to route network packets using the loaded subset of routing entries, using a general-purpose processor rather than a costly dedicated ASIC.

Abstract: Techniques are disclosed for deploying and maintaining appliances in a hybrid cloud computing system which includes an on-premise data center and a public cloud computing system configured to provide a common platform for managing and executing virtual workloads. Appliances to be deployed may include those required (or useful) for hybrid operations, including a cloud gateway appliance, a wide area network (WAN) optimizer, a layer 2 (L2) concentrator, and a mobility agent that handles virtual machine (VM) migration traffic. Such appliances are deployed first on the on-premise data center, and remote jobs are then sent to the public cloud to deploy the same appliances thereon. After deployment, the appliances deployed on the on-premise data center and corresponding appliances on the public cloud share configuration states and may further be wired together to communicate via secure encrypted tunnels.

Abstract: One or more examples provide a method of transferring a virtual machine between a virtualized computing system and a cloud computing system that includes: establishing connection between a first resource in the virtualized computing system and a second resource in the cloud computing system to transfer files that implement the virtual machine from the first resource to the second resource; accessing, for transmission over the connection, data blocks on a storage device in the virtualized computing system that include the files; executing at least one compliance check on each of the data blocks using at least one compliance checker; and preventing each of the data blocks that fails a compliance check from being maintained in the cloud computing system.

Abstract: The order of migrating virtual computing instances from a private data center to a public cloud is optimized using a TSP solver. The method of migrating a plurality of virtual computing instances that are in communication with each other within a private data center to a public cloud includes the steps of assigning, for each different pair of virtual computing instances, a numerical value that represents an amount of data transmission between the pair over a predetermined period of time, determining a recommended order of migration for the virtual computing instances based on the assigned numerical values, and migrating the virtual computing instances according to the recommended order.

Abstract: Some embodiments provide a network system that includes several host machines for hosting virtual machines, divided into several different domains. The network system includes several local domain management servers. A first local domain management server of a first domain is for (i) initiating creation of a set of distributed virtual switch ports associated with a particular logical network identifier on a host machine within its domain and (ii) attaching a first virtual machine on the host machine to a created port associated with the particular logical network identifier in order for the first virtual machine to send traffic over the logical network. The network system includes a second level management server for coordinating the use of logical network identifiers between multiple different logical domain management servers in order for the first virtual machine to communicate via the logical network with a second virtual machine in a second domain.

Abstract: Some embodiments provide a network system that includes several host machines for hosting virtual machines, divided into several different domains. The network system includes several local domain management servers. A first local domain management server of a first domain is for (i) initiating creation of a set of distributed virtual switch ports associated with a particular logical network identifier on a host machine within its domain and (ii) attaching a first virtual machine on the host machine to a created port associated with the particular logical network identifier in order for the first virtual machine to send traffic over the logical network. The network system includes a second level management server for coordinating the use of logical network identifiers between multiple different logical domain management servers in order for the first virtual machine to communicate via the logical network with a second virtual machine in a second domain.

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.