Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.

Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.

Abstract: Routing messages between virtual networks using a mapping of virtual addresses from one virtual network to a virtual address of the other virtual network. Each virtual network has a valid set of virtual addresses, some of which being assigned to virtual nodes within the corresponding network. When a virtual network identifies a message to be sent, it identifies a destination for the message. Some destinations may be within the same virtual network and thus may be routed to virtual nodes within the virtual network. Other destinations may instead be mapped to a virtual address of another virtual network. In that case, routing information may also be obtained and the message may be dispatched to the virtual address of the other virtual network. This may be performed within the need for a gateway, which publishes a public address that is globally unique.

Abstract: The performance of multicast and/or broadcasting between virtual machines over a virtual network. A source hypervisor accesses a network message originated from a source virtual machine, and uses the network message to determine a virtual network address associated with destination virtual machines (after potentially resolving group virtual network addresses). Using each virtual network address, the hypervisor determines a physical network address of the corresponding hypervisor that supports the destination virtual machine, and also determines a unique identifier for the destination virtual machine. The source hypervisor may then dispatch the network message along with the unique identifier to the destination hypervisor over the physical network using the physical network address of the hypervisor. The destination hypervisor passes the network message to the destination virtual machine identified by the unique identifier.

Abstract: The performance of multicast and/or broadcasting between virtual machines over a virtual network. A source hypervisor accesses a network message originated from a source virtual machine, and uses the network message to determine a virtual network address associated with destination virtual machines (after potentially resolving group virtual network addresses). Using each virtual network address, the hypervisor determines a physical network address of the corresponding hypervisor that supports the destination virtual machine, and also determines a unique identifier for the destination virtual machine. The source hypervisor may then dispatch the network message along with the unique identifier to the destination hypervisor over the physical network using the physical network address of the hypervisor. The destination hypervisor passes the network message to the destination virtual machine identified by the unique identifier.

Abstract: The present invention extends to methods, systems, and computer program products for synchronizing state among load balancer components. Embodiments of the invention include load balancers using a consistent hashing algorithm to decide how new connections should be load balanced. Use of consistent hashing algorithm permits load balancers to work in a stateless manner in steady state. Load balancers start keeping flow state information (destination address for a given flow) about incoming packets when it is needed, i.e. such as, for example, when a change in destination host configuration is detected. State information is shared across load balancers in a deterministic way, which allows knowing which load balancer is authoritative (e.g., is the owner) for a given flow. Each load balancer can reach the authoritative load balancer to learn about a flow that cannot be determined locally.

Abstract: The present invention extends to methods, systems, and computer program products for routing using global address pairs. Embodiments of the invention use publicly routable Internet Protocol (“IP”) addresses to represent sites rather than individual hosts. Hosts can be represented by a global address pair, including site public IP address and a node private IP address. Nodes route packets to address processing modules using IP-in-IP encapsulation. An outer header contains a site public IP address and is destined to a site on inter-site links. An inner header contains a node private IP address and is destined to a private endpoint in intra-site links. In some embodiments, a site public IPv4 address and a node private IPv4 address are encoded into an IPv6 address. Use of an IPv6 address makes encoding of the two IPv4 address transparent to IPv6 applications.

Abstract: Computerized methods, systems, and computer-storage media for fairly sharing available bandwidth among endpoints (including physical or virtual machines) of a multitenant environment are provided. Initially, a load balancer of the network is programmed to monitor bandwidth used by the endpoints, respectively, and to compare an aggregation of the usage against a network threshold. Also, the load balancer is equipped to dynamically classify the endpoints using the respective monitored bandwidth. Classifying generally involves designating some endpoints as small entities, which individually consume an amount of bandwidth less than an endpoint threshold, and designating other endpoints as large entities, which individually consume an amount of bandwidth greater than the endpoint threshold.

Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.

Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.

Abstract: The present invention extends to methods, systems, and computer program products for synchronizing state among load balancer components. Embodiments of the invention include load balancers using a consistent hashing algorithm to decide how new connections should be load balanced. Use of consistent hashing algorithm permits load balancers to work in a stateless manner in steady state. Load balancers start keeping flow state information (destination address for a given flow) about incoming packets when it is needed, i.e. such as, for example, when a change in destination host configuration is detected. State information is shared across load balancers in a deterministic way, which allows knowing which load balancer is authoritative (e.g., is the owner) for a given flow. Each load balancer can reach the authoritative load balancer to learn about a flow that cannot be determined locally.

Abstract: The present invention extends to methods, systems, and computer program products for synchronizing state among load balancer components. Embodiments of the invention include load balancers using a consistent hashing algorithm to decide how new connections should be load balanced. Use of consistent hashing algorithm permits load balancers to work in a stateless manner in steady state. Load balancers start keeping flow state information (destination address for a given flow) about incoming packets when it is needed, i.e. such as, for example, when a change in destination host configuration is detected. State information is shared across load balancers in a deterministic way, which allows knowing which load balancer is authoritative (e.g., is the owner) for a given flow. Each load balancer can reach the authoritative load balancer to learn about a flow that cannot be determined locally.

Abstract: The performance of multicast and/or broadcasting between virtual machines over a virtual network. A source hypervisor accesses a network message originated from a source virtual machine, and uses the network message to determine a virtual network address associated with destination virtual machines (after potentially resolving group virtual network addresses). Using each virtual network address, the hypervisor determines a physical network address of the corresponding hypervisor that supports the destination virtual machine, and also determines a unique identifier for the destination virtual machine. The source hypervisor may then dispatch the network message along with the unique identifier to the destination hypervisor over the physical network using the physical network address of the hypervisor. The destination hypervisor passes the network message to the destination virtual machine identified by the unique identifier.

Abstract: A delivery controller for use in an enterprise environment that communicates with a cloud computing environment that is providing a service for the enterprise. As the cloud service processing progresses, some cloud service data is transferred from the cloud computing environment to the enterprise environment, and vice versa. The cloud service data may be exchanged over any one of a number of different types of communication channels. The delivery controller selects which communication channel to use to transfer specific data, depending on enterprise policy. Such policy might consider any business goals of the enterprise, and may be applied at the application level.

Abstract: A management service that receives requests for the cloud computing environment to host applications, and improves performance of the application using an edge server. In response to the original request, the management service allocates the application to run on an origin data center, evaluates the application by evaluating at least one of the application properties designated by an application code author or provider, or the application performance, and uses an edge server to improve performance of the application in response to evaluating the application. For instance, a portion of application code may be offloaded to run on the edge data center, a portion of application data may be cached at the edge data center, or the edge server may add functionality to the application.

Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.

Abstract: Computerized methods, systems, and computer-storage media for fairly sharing available bandwidth among endpoints (including physical or virtual machines) of a multitenant environment are provided. Initially, a load balancer of the network is programmed to monitor bandwidth used by the endpoints, respectively, and to compare an aggregation of the usage against a network threshold. Also, the load balancer is equipped to dynamically classify the endpoints using the respective monitored bandwidth. Classifying generally involves designating some endpoints as small entities, which individually consume an amount of bandwidth less than an endpoint threshold, and designating other endpoints as large entities, which individually consume an amount of bandwidth greater than the endpoint threshold.

Abstract: Architecture that facilitates the capture of connection state of a connection established between a client and an intermediate server and forwards the state to one or more target servers. A software component at the target server (as well as the intermediate server) uses this connection state to reply back to the client directly, thereby bypassing the intermediate server. All packets from the client related to the request are received at the intermediate server and then forwarded to the target server. The migration can be accomplished without any change in the client operating system and client applications, without assistance from a gateway device such as a load balancer or the network, without duplication of all packets between the multiple servers, and without changes to the transport layer stack of the intermediate and target servers.

Abstract: The present application relates to network configurations and specifically to scalable load balancing network configurations. One implementation includes an external client coupled to a scalable load balancing system. The scalable load balancing system includes a load balancing layer that is configured to encapsulate individual incoming packets of a packet flow from the external client. The load balancing layer is further configured to route the incoming packets to target devices on the system. The target devices can span multiple IP subnets. The incoming packets can pass through one or more load balancers of the load balancing layer before reaching individual target devices. Individual target devices can be configured to route at least some outgoing packets of the packet flow to the external client without passing through any of the one or more load balancers.

Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic.