Abstract: Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

Abstract: A system is disclosed that allows an entity outside of a private network to initiate communication with another entity inside the private network. A first entity inside the private network maintains a persistent connection with a second entity outside the private network, with a port identification associated with the first entity's persistent connection. A third entity outside the private network obtains the port identification and initiates communication with the first entity by sending a message to the first entity using the port identification. The first and third entities then exchange communications outside the persistent connection. In an alternate implementation, the third entity uses the port identification to send the first entity a request for establishing a connection. The request is forwarded to the first entity through the persistent connection. The first entity responds by establishing a connection with the third entity outside the persistent connection.

Abstract: A system is disclosed for establishing a public identity for an entity on a private network. In one embodiment, a first entity can initiate a request to create a binding of a public address to a private address for itself. The existence of this public address for the first entity can be made known so that other entities can use the public address to communicate with the first entity. The present invention allows entities outside of a private network to initiate communication with an entity inside a private network.

Abstract: A system is disclosed for establishing a public identity for an entity on a private network. In one embodiment, a first entity can initiate a request to create a binding of a public address to a private address for itself. The existence of this public address for the first entity can be made known so that other entities can use the public address to communicate with the first entity. The present invention allows entities outside of a private network to initiate communication with an entity inside a private network.

Abstract: A private virtual dynamic network is provided for computing devices coupled to public networks or private networks. This enables computing devices anywhere in the world to join into private enterprise intranets and communicate with each other. In one embodiment, the present invention provides a separate private virtual address realm, seen to each user as a private network, while seamlessly crossing public and private network boundaries. One implementation of the present invention uses an agent to enable an entity to participate in the network without requiring the member to add new hardware or software.

Abstract: Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

Abstract: A system is disclosed for establishing a public identity for an entity on a private network. In one embodiment, a first entity can initiate a request to create a binding of a public address to a private address for itself. The existence of this public address for the first entity can be made known so that other entities can use the public address to communicate with the first entity. The present invention allows entities outside of a private network to initiate communication with an entity inside a private network.

Abstract: An enterprise namespace may be extended into a cloud of networked resources. A portion of the cloud may be dynamically partitioned, and the extension of the enterprise namespace established within the portion. Cloud resources thus remain as easily accessible to enterprise users as those which are physically located on the enterprise network. Thus, components such as applications, virtual machine instantiations, application states, server states, etc., may be easily migrated between the enterprise network and the cloud.

Abstract: A system is disclosed that allows an entity outside of a private network to initiate communication with an entity inside the private network. The entity inside of the private network maintains a persistent connection with an agent. In one embodiment, communications that are intended for the entity inside the private network are sent to the agent. The agent then forwards the communications to the entity inside the private via the persistent connection.

Abstract: The present invention provides for a system for communicating with a host using a global address and a local address. The present invention allows for the communication to be initiated by an entity outside the host's network. The entity initiating the communication resolves the destination host's domain name into a global address and a local address. Messages are sent to the destination host using both the global address and the local address. In one embodiment, both the global and local address are included in the message by encapsulating IP packets. Some embodiments of the present invention also use pseudo addressing.

Abstract: A private virtual dynamic network is provided for computing devices coupled to public networks or private networks. This enables computing devices anywhere in the world to join into private enterprise intranets and communicate with each other. In one embodiment, the present invention provides a separate private virtual address realm, seen to each user as a private network, while seamlessly crossing public and private network boundaries. One implementation of the present invention uses an agent to enable an entity to participate in the network without requiring the member to add new hardware or software.

Abstract: A private virtual dynamic network is provided for computing devices coupled to public networks or private networks. This enables computing devices anywhere in the world to join into private enterprise intranets and communicate with each other. In one embodiment, the present invention provides a separate private virtual address realm, seen to each user as a private network, while seamlessly crossing public and private network boundaries. One implementation of the present invention uses an agent to enable an entity to participate in the network without requiring the member to add new hardware or software.

Abstract: A private virtual dynamic network is provided for computing devices coupled to public networks or private networks. This enables computing devices anywhere in the world to join into private enterprise intranets and communicate with each other. In one embodiment, the present invention provides a separate private virtual address realm, seen to each user as a private network, while seamlessly crossing public and private network boundaries. One implementation of the present invention uses an agent to enable an entity to participate in the network without requiring the member to add new hardware or software.

Abstract: The present invention provides for a Domain Name Router (DNR) that uses domain names to route data sent to a destination on a network (e.g., a stub network). Each corporate entity or stub network can be assigned one or a small number of global addresses. Each of the hosts on the stub network can be assigned a local address. When a source entity sends data to a destination entity with a local address, the data is sent to the DNR using a global address. The source entity embeds the destination's domain name and its own domain name inside the data. The DNR extracts the destination's domain name from the data, translates that domain name to a local address and sends the data to the destination.

Abstract: A system is disclosed that allows an entity outside of a private network to initiate communication with an entity inside the private network. The entity inside of the private network maintains a persistent connection with an agent. In one embodiment, communications that are intended for the entity inside the private network are sent to the agent. The agent then forwards the communications to the entity inside the private via the persistent connection.

Abstract: A system is disclosed that allows an entity outside of a private network to initiate communication with another entity inside the private network. A first entity inside the private network maintains a persistent connection with a second entity outside the private network, with a port identification associated with the first entity's persistent connection. A third entity outside the private network obtains the port identification and initiates communication with the first entity by sending a message to the first entity using the port identification. The first and third entities then exchange communications outside the persistent connection. In an alternate implementation, the third entity uses the port identification to send the first entity a request for establishing a connection. The request is forwarded to the first entity through the persistent connection. The first entity responds by establishing a connection with the third entity outside the persistent connection.

Abstract: A system is disclosed for establishing a public identity for an entity on a private network. In one embodiment, a first entity can initiate a request to create a binding of a public address to a private address for itself. The existence of this public address for the first entity can be made known so that other entities can use the public address to communicate with the first entity. The present invention allows entities outside of a private network to initiate communication with an entity inside a private network.

Abstract: The present invention provides for a system for automatically determining a network address. A new node starting on the network will solicit addresses from other nodes on the subnet. The addresses received are stored in a database. The address stored in the database will be reviewed in order to determine a subnet mask. The new node will choose a host number, based on the subnet mask, that is unique among the addresses in the database: The chosen unique host number is combined with the subnet number to form the new node's network address. One example of a network address is an IP version 4 address.

Abstract: The present invention provides for a Domain Name Router (DNR) that uses domain names to route data sent to a destination on a network (e.g., a stub network). Each corporate entity or stub network can be assigned one or a small number of global addresses. Each of the hosts on the stub network can be assigned a local address. When a source entity sends data to a destination entity with a local address, the data is sent to the DNR using a global address. The source entity embeds the destination's domain name and its own domain name inside the data. The DNR extracts the destination's domain name from the data, translates that domain name to a local address and sends the data to the destination.

Abstract: The present invention provides for a Domain Name Router (DNR) that uses domain names to route data sent to a destination on a network (e.g., a stub network). Each corporate entity or stub network can be assigned one or a small number of global addresses. Each of the hosts on the stub network can be assigned a local address. When a source entity sends data to a destination entity with a local address, the data is sent to the DNR using a global address. The source entity embeds the destination's domain name and its own domain name inside the data. The DNR extracts the destination's domain name from the data, translates that domain name to a local address and sends the data to the destination.