Abstract: In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.

Abstract: In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.

Abstract: A distributed cloud computing system is disclosed that includes a controller configured to deploy a transit gateway and a first gateway in a security virtual private cloud (VPC) in a cloud computing network, wherein the first gateway is configured to connect to a first firewall instance deployed within the security VPC, and logic. The logic, upon execution by one or more processors, causes performance of operations including receiving network traffic at the transit gateway from an originating VPC deployed within the cloud computing network, routing the network traffic from the transit gateway to the first gateway, providing the network traffic to the first firewall instance for inspection, and routing the network traffic to a destination VPC deployed within the cloud computing network. In embodiments, the first gateway is connected to a plurality of firewall instances, where each instance of the plurality of firewall instances is an active firewall instance.

Abstract: A system for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.

Abstract: In one embodiment, a controller features a first data store, a second data store and route determination logic. The first data store is configured to store current routing information from a source transit gateway within at least a first transit cloud network to a destination transit gateway within at least a second transit cloud network of the cloud network. Each of the source transit gateway and the destination transit gateway being one of a plurality of transit gateways associated with the cloud network. The second data store is configured to store alternative routing information between the source transit gateway and the destination transit gateway. The route determination logic is configured to (i) conduct analytics on all available route paths for a message intended to be sent from the source transit gateway to the destination transit gateway and (ii) select a best route path for the message.

Abstract: In one embodiment, a secure exchange system is described. The secure exchange system includes a virtual private cloud network and a controller. The virtual private cloud network includes a plurality of gateways, each gateway of the plurality of gateways is configured to generate one or more local directories. Each local directory of the one or more local directories representing one or more stored objects within a public cloud storage element. The controller is configured to authenticate a user prior to granting the user access to the virtual private cloud network. The gateways are accessible by the user over AWS Direct Connect, where the public cloud storage element is a S3 bucket.

Abstract: A system supporting transferring content between an on-premises network and a public cloud network includes a first cloud computing platform comprising a first software instance having a first IP address, a subnet configured to extend across on-premises network and a public cloud network, a first gateway associated with the on-premises network, a second gateway associate with the public cloud network, a secure communication path between the first and second gateways. The subnet comprises a shared IP address range between the public cloud network and the on-premises network, and the first IP address of the first software instance is the same as an IP address of the first software instance that resided on the on-premises network.

Abstract: According to one embodiment, a network system features a first virtual private cloud (VPC) network and a second VPC network. The first VPC network includes a first plurality of gateways. Each gateway of the first plurality of gateways is in communications with other gateways. Similarly, a second VPC network includes a second plurality of gateways. Each of the second plurality of gateways is communicatively coupled to the each of the first plurality of gateways to support data exchanges between resources deployed in different public cloud networks.

Abstract: In an embodiment, a secure object transfer system is described. The system features a virtual private cloud network (VPC) and a controller. The VPC includes a plurality of gateways and a network load balancer, which configured to conduct a load balancing scheme on access messages from computing devices deployed within an on-premises network to direct the access memory to one of the plurality of gateways for storage or retrieval of an object from a cloud-based storage element. Each gateway includes Fully Qualified Domain Name (FQDN) filtering logic to restrict access of the computing devices to certain cloud-based storage elements in accordance with a security policy. The controller is configured to maintain and update the security policy utilized by each gateway of the plurality of gateways.

Abstract: A method is described that enables communication between two disjoined networks with overlapping IP address ranges. An intermediary function in each of the networks and a unique IP address pool are deployed to facilitate the communication. This method also enables communications between one network with a group of networks with overlapping IP address ranges.

Abstract: In one embodiment, a computing platform features a controller in communication with one or more virtual private cloud networks, including a first virtual private cloud network (VPC). The virtual private cloud network includes at least a first egress filtering gateway configured to filter egress traffic data received from a first gateway and route the filtered egress traffic data to a public network in accordance with a first set of filter rules. The first set of filter rules are included as part of a first security policy provided by the controller.

Abstract: A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.

Abstract: A method for facilitating communications between client devices in geographically separated networks is described. First, message monitoring is conducted by each of a plurality of virtual appliances within a local network to detect a message of a first message type. Responsive to failing to locate a Media Access Control (MAC) address of a destination for the message within a prescribed table by a default gateway, one of the plurality of virtual appliances is selected for handling a forwarding of the message to a plurality of remote networks, and the message via the selected virtual appliance is forwarded to a plurality of gateways associated with a plurality of remote networks. Responsive to locating the MAC address of the destination within the table, the virtual appliance previously handling communications with the destination to forward the message to the destination.

Abstract: A distributed cloud computing system is statistics logic a controller configured to deploy a first gateway in a spoke virtual private cloud network (VPC) and a second gateway in a transit VPC, wherein the second gateway is configured to connect to a first firewall instance deployed within the transit VPC. The spoke VPC and the transit VPC are both located within a cloud computing network. The logic, upon execution by one or more processors, causes performance of operations including receiving network traffic by the second gateway from the first gateway, providing the network traffic to the first firewall instance for inspection, and routing the network traffic to a destination VPC deployed within the cloud computing network. In some embodiments, the first gateway is attached to a first interface of the second gateway and the first firewall instance is connected to a second interface.

Abstract: A method is described that enables communication between two disjoined networks with overlapping IP address ranges. The method features receiving a first address mapping query message from a first intermediary device and returning a first private IP address map. The first private IP address map includes at least a first plurality of private IP addresses each uniquely assigned to a computing device residing in the first network. In response to a triggering event, recovering a second private IP address map by a second intermediary device. Herein, the second private IP address map includes at least a second plurality of private IP addresses each uniquely assigned to a computing device residing in the second network.

Abstract: According to one embodiment, a network device may be adapted to operate within a virtual private cloud where network address translation (NAT) is performed through virtual machines and each network address translation is handled differently by a different NAT control logic unit. The network device features one or more hardware processors, and a memory that stores at least a plurality of network address translation (NAT) control logic unit and demultiplexer logic. The demultiplexer logic, when executed, receives an incoming message and, based at least in part on information within the incoming message, determines a selected NAT control logic unit to receive at least a portion of the information within the incoming message. The selected NAT control logic unit handles address translation for routing of a message based on the incoming message to a public network.

Abstract: A computerized method for utilizing private Internet Protocol (IP) addressing for communications between components of one or more public cloud networks. The method features determining whether outbound traffic corresponds to a first type of outbound traffic being forwarded from a cloud instance supported by the gateway. In response to determining that the first type of outbound traffic is being forwarded from the cloud instance, the first type of outbound traffic is directed via a data interface of the gateway. Also, the method features determining whether the outbound traffic corresponds to a second type of outbound traffic being initiated by logic within the gateway. In response to determining that the second type of outbound traffic is being initiated by logic within the gateway, directing the second type of outbound traffic via a management interface of the gateway.

Abstract: A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.

Abstract: In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.

Abstract: A computerized method for establishing a secure channel between a virtual private network (VPN) client processing on a network device for a user and a network gateway is disclosed. The computerized method includes operations of the controller of transmitting an authentication request to an identity provider based on receipt of a resource request from the VPN client, receiving an authentication response from the identity provider, generating an authentication token based on the authentication response and transmitting the authentication token to the VPN client, wherein the controller further stores the authentication token.