Abstract: A method for establishing a communication coupling within a cloud computing environment between a first gateway of a first virtual private cloud network deployed behind a firewall and a second gateway of a second virtual private cloud network is disclosed. The method includes operations of receiving, by the first gateway, a first controller message from a controller deployed within the cloud computing environment, the first controller message instructing the first gateway to transmit a first gateway message to the second gateway, transmitting, by the first gateway, the first gateway message to the second gateway, receiving, by the first gateway, a second gateway message from the second gateway, the second gateway message initiating a negotiation to establish a first tunnel between the first gateway and the second gateway in accordance with a first security protocol, and completing, by the first gateway, the negotiation thereby causing establishment of the first tunnel.

Abstract: A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.

Abstract: An edge gateway deployed within an overlay network interconnecting a first public cloud network with an on-premises network is described. Coupled to a controller, the edge gateway is configured to receive a configuration file and attestation data from a controller, analyze the configuration file to obtain at least a first network address being used as an interface for secure communications with the controller, establish a secure interconnect with the controller based on the attestation data, and conduct a provisioning operation to initiate a request to the controller for edge gateway software thereby automated provisioning the edge gateway without human intervention. The edge gateway experiences automated provisioning based on a configuration file and attestation data upload.

Abstract: In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.

Abstract: A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.

Abstract: A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.

Abstract: An edge gateway deployed within an overlay network interconnecting a first public cloud network with an on-premises network is described. Coupled to a controller, the edge gateway is configured to receive a configuration file and attestation data from a controller, analyze the configuration file to obtain at least a first network address being used as an interface for secure communications with the controller, establish a secure interconnect with the controller based on the attestation data, and conduct a provisioning operation to initiate a request to the controller for edge gateway software thereby automated provisioning the edge gateway without human intervention. The edge gateway experiences automated provisioning based on a configuration file and attestation data upload.

Abstract: A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed. The computerized method includes operations of receiving, by a receiving gateway instance deployed within the distributed cloud computing system, the data packet, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, and when the session is not found via the session lookup, creating a tentative forward session and forwarding the data packet to a peer gateway instance. In some instances, the data packet is a User Datagram Protocol (UDP) packet. In some instances, the data packet is received from either of a spoke gateway instance or a transit gateway instance, and wherein the spoke gateway instance or the transit gateway instance is deployed within the distributed cloud computing system.

Abstract: In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.

Abstract: A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed that includes receiving the data packet by a receiving gateway instance deployed within the distributed cloud computing system, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, when the session is not found via the session lookup, determining whether one least one peer firewall instance is available, and when a first peer firewall instance is available and the data packet is a synchronize packet, forwarding the data packet to the first peer firewall instance. In some instances, the data packet is a TCP packet and in others, the data packet is received from either of a spoke gateway or a transit gateway that is deployed within the distributed cloud computing system.

Abstract: A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed. The computerized method includes operations of receiving, by a receiving gateway instance deployed within the distributed cloud computing system, the data packet, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, and when the session is not found via the session lookup, creating a tentative forward session and forwarding the data packet to a peer gateway instance. In some instances, the data packet is a User Datagram Protocol (UDP) packet. In some instances, the data packet is received from either of a spoke gateway instance or a transit gateway instance, and wherein the spoke gateway instance or the transit gateway instance is deployed within the distributed cloud computing system.

Abstract: A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.

Abstract: In one embodiment, a cloud connection appliance features a processor and a non-transitory storage medium. The non-transitory storage medium comprises management control logic, that when executed by the processor, controls registration with a controller adapted to control data traffic between gateway instance and to establish a communication path including a reverse tunnel with the controller. The controller and cloud connection appliance operate in a client-server relationship with the cloud connection appliance operates as a client when establishing the communication path and operates as a server when receiving control information through the reverse tunnel. The reverse tunnel enables the cloud connection appliance to directly receive the control information from the controller despite the cloud connection application lacking a publicly routable Internet Protocol (IP) address.

Abstract: A computerized method for increasing throughput of encapsulated data over a network is described. First, a determination, at a first network device, of a number of available processing resources located at a second network device is conducted. Thereafter, a plurality of connections are generated between the first network device and the second device. The plurality of connections corresponding in number to the number of available processing resources. Data received by the first network device is associated with a first connection of the plurality of tunneling connections. Thereafter, translation data unique to a tunneling session associated with the first connection is generated and the received data is encapsulated with the translation data to generate the encapsulated data for transmission to the second network device.

Abstract: A computerized method for increasing throughput of encapsulated data through tunnels, the computerized method including receiving data at a first network device for transmission over a network to a second network device. Then determining at the first network device the number of available processing cores on the second network device and generating a plurality of tunneling sessions between the first network device and the second device. Associating the received data with a particular tunneling session and then generating translation data unique to the associated tunneling session prior to encapsulating the received data with the translation data. Finally, transmitting the encapsulated data to the second network device and processing the transmitted encapsulated data received at the second network device with a particular processing core based on the received translation data.