WO2015127980A1 - Device and method for automatic virtulization of networks to the cloud - Google Patents

Device and method for automatic virtulization of networks to the cloud Download PDF

Info

Publication number
WO2015127980A1
WO2015127980A1 PCT/EP2014/053896 EP2014053896W WO2015127980A1 WO 2015127980 A1 WO2015127980 A1 WO 2015127980A1 EP 2014053896 W EP2014053896 W EP 2014053896W WO 2015127980 A1 WO2015127980 A1 WO 2015127980A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
computer network
computer
cloud
data
Prior art date
Application number
PCT/EP2014/053896
Other languages
French (fr)
Inventor
Sholomo NARKOLAYEV
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/EP2014/053896 priority Critical patent/WO2015127980A1/en
Priority to CN201480036850.5A priority patent/CN105359096B/en
Publication of WO2015127980A1 publication Critical patent/WO2015127980A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors

Definitions

  • the present invention refers to a virtualization device and a method for virtualizing a first computer network to a second computer network.
  • the present invention refers to a virtualization device and method for virtualizing devices of a source network to a destination network, which is in the cloud.
  • the US patent US 7,849,192 B2 shows a system for virtualizing devices of a computer network.
  • the system shown there though is disadvantageous, since as explained above, a great deal of systems administration workload is generated while virtualizing an entire cooperate network.
  • the object of the present invention is therefore to provide a virtualization device and a method for virtualizing a computer network which allow a reduction of systems administration workload to perform the virtualization.
  • a first aspect of the present invention provides a virtualization device for virtualizing a first computer network comprising at least one device.
  • the virtualization device comprises a network prober and a cloud configurator.
  • the network prober comprises a probing unit adapted for accessing the at least one device of the first computer network and copying configurations of the at least one device and the data of the at least one device of the first computer network.
  • the network prober further comprises a modeling unit adapted for creating a virtual representation of the first computer network from the copied configurations and uploading the virtual representation of the first computer network and the copied data to a second computer network.
  • the second computer network is a cloud network.
  • the cloud configurator furthermore comprises a configuring unit adapted for configuring the second computer network based upon the virtual representation of the first computer network and the copied data.
  • the cloud configurator further comprises an initialization unit adapted for initializing the second computer network.
  • the first computer network is a source computer network while the second computer network is a destination computer network. It is therefore possible to automatically perform the virtualization with only minimal systems administration time usage.
  • the probing unit is adapted for connecting to all devices of the first computer network before accessing all devices of the first computer network by the network prober. The virtualization of an entire first computer network is therefore possible.
  • the at least one device of the first computer network is a network device, such as a router, a switch and a firewall and/or a computer such as a server and a workstation. Due to the large number of possible devices, a great flexibility of the virtualization device is reached.
  • the modeling unit is adapted for creating a virtual private network performing all functions of network devices of the first computer network and creating a virtual machine for each computer of the first computer network and configuring the virtual machine to perform all functions of the respective computer.
  • a very efficient virtualized system is thereby reached.
  • the second computer network comprises a network manager for managing the virtual private network and a machine manager for managing the virtual machines. This allows for minimal systems administration time spent when running the second computer network.
  • the second computer network comprises at least one network device and at least one computer, the at least one network device and the at least one computer are adapted to run the virtual private network and the virtual machines.
  • the probing unit of the network prober is adapted for copying data of the at least one device of the first computer network, which has changed since copying the
  • configuration unit of the cloud configurator is then adapted to update the second computer network using the copied data after initializing of the second computer network by the initialization means. It is therefore possible to keep the first computer network in productive operation while the network prober performs its function. After the second computer network is initialized, the present working state of the first computer network is again migrated so that a seamless handover of the first and second computer networks is possible.
  • a network comprising an above- described virtualization device, a first computer network and a second computer network is provided.
  • a method for virtualizing a first computer network comprising at least one device is provided. The method comprises accessing the at least one device of the first computer network, copying configurations of the at least one device and the data of the at least one device of the first computer network and creating a virtual representation of the first computer network from the copied configurations. Moreover, the method comprises creating a virtual
  • the method comprises initializing the second computer network.
  • the first computer network is a source computer network while the second computer network is a destination computer network. Minimal systems administration involvement is therefore necessary.
  • the at least one device of the first computer network is a network device such as a router, a switch, a firewall and/or a computer such as a server and a workstation.
  • a network device such as a router, a switch, a firewall and/or a computer such as a server and a workstation.
  • the method comprises copying data of the at least one device of the first computer network, which has changed since copying the configurations and/or data of the at least one device of the first computer network after the second computer network is initialized and updating the second computer network using this copied data after initialization of the second computer network.
  • a seamless handover between the first computer network and the second computer network is therefore possible.
  • a downtime during which users cannot use either of the networks can thereby be prevented.
  • a computer program with program code means for performing all previously described steps if the program is executed on a computer or a digital signal processor is provided.
  • a fifth aspect of the present invention provides a computer program product having a computer-readable medium with stored program code means for performing all previously shown steps if the program is executed on a computer or a digital signal processor.
  • Fig. 1 shows a general arrangement of a network comprising a source computer network and a destination computer network and an embodiment of the inventive virtualization device
  • Fig. 2 shows a detailed block diagram of a first part of the embodiment of the
  • Fig. 3 shows a detailed block diagram of a second part of the embodiment of the invention.
  • Fig. 4 shows a flow diagram of an embodiment of the inventive method.
  • the network 1 comprises the virtualization device 10, a first computer network 20 and a second computer network 30.
  • the first computer network 20 is a source computer network
  • the second computer network 30 is a destination computer network.
  • the first computer network 20 comprises a number of devices 21-27.
  • the devices 21-27 include a router 21, a firewall 22, a number of workstations 23-25, a server 26 and a switch 27.
  • the second computer network 30 comprises a number of devices 31-37.
  • the devices 31-37 comprise a router 31, a firewall 32, a number of workstations 33-35, a server 36 and a switch 37.
  • the first computer network 20 and the second computer network 30 comprise an identical number and type of devices. This is though no limitation.
  • the first computer network 20 and the second computer network 30 can also comprise different numbers and types of devices.
  • the virtualization device 10 comprises a network prober 40 and a cloud
  • the network prober 40 and the cloud configurator 90 are both connected to the second computer network 30.
  • the network prober 40 is additionally connected to the first computer 20.
  • the network prober 40 and the cloud configurator 90 are connected to each other.
  • the first computer network 20 is to be virtualized.
  • the functions and information of the first computer network 20, which is for example a dedicated cooperate network have to be transferred to the second computer network 30, which is a cloud network.
  • the network prober 40 accesses at least one of the devices 21-27, preferably all of the devices 21-27 of the first computer network and copies configurations and data of all accessed devices 21-27.
  • the network prober 40 needs to have access to all necessary rights for accessing the devices 21-27.
  • the network prober 40 While accessing the devices 21-27, the network prober 40 performs a full network discovery (mapping out the network regarding local area networks, routings, ACLs, QOS, etc.). Therefore, when accessing the
  • the network prober 40 learns the entire layout, function and present state of the first computer network 20.
  • the network prober 40 creates a virtual representation of the first computer network 20 from the copied configurations and uploads the virtual representation of the first computer network and the copied data to the second computer network 30.
  • the entire information gathered about the first computer network 20 is used.
  • the cloud configurator configures the second computer network based upon the virtual representation and the copied data provided to it by the network prober 40. Finally, the cloud configurator initializes the second computer network 30 by initializing the individual devices to 31-37.
  • network devices such as routers, switches and firewalls.
  • the second computer network 30 is not up-to-date regarding the most current state of the configurations and data of the first computer network 20, in case the first computer network 20 was kept in operation during the network probing and configuring of the second computer network 30. Therefore, after initializing the second computer network 30, additionally and optionally the network prober 40 can perform a second round of accessing the first computer network 20 copying configurations and/or data of a more current state.
  • the second computer network 30 is then again configured by the cloud configurator 90 in order to match the present state of the first computer network 20.
  • Fig. 2 a more detailed configuration and architecture of the network prober 40 is shown in a block diagram. Individual connections between the different components are not depicted in detail for reasons of clarity.
  • the network prober 40 comprises a probing unit 41, which again comprises a machine connector 42, which in turn comprises a Unix machine connector 43 and a Windows machine connector 44.
  • the machine connector 42 can also comprise a Linux machine connector and/or connectors for other different types of machines.
  • the probing unit 41 comprises a network connector 50, which in turn comprises a switch connector 51, a router connector 52, a load balancer connector 53 and a virtual private network connector 54.
  • the probing unit comprises a security connector 60, which in turn comprises a firewall connector 61, an intrusion prevention connector 62, a network authentication authorization accounting connector 63 and a web application firewall connector 64.
  • the different components of the machine connector 42, the network connector 50 and the security connector 60 serve the purpose of connecting to different devices of the first computer network 20 of Fig. 1.
  • the probing unit 41, especially the components of the machine connector 42, the network connector 50 and the security connector 60 perform the accessing of the devices of the first computer network 20 and the copying of the configurations and data of the devices 20-27 of the first computer network 20.
  • the network prober 40 comprises a modeling unit 70, which comprises a virtualization manager 71, a packaging manager 72, an upload manager 73 and a system database warehouse 74.
  • the modeling unit 70 performs the functions of creating the virtual representation of the first computer network and uploading the created virtual representation and the copied data to the second computer network 30.
  • the virtualization manager 71 performs the creation of the virtual representation of the first computer network.
  • the packaging manager 72 packages the virtual representation of the first computer network into a transferable file format, which is then uploaded to the second computer network 30 by the upload manager 33.
  • the system database warehouse is used for hosting information and tools necessary for creating the virtual representation and uploading it.
  • the network prober 40 comprises a system management unit 80, which again comprises a web graphical user interface 81 for accessing the network prober 40 by a user through a web browser and a call level interface 82, which serves the purpose of accessing the network prober 40 as part of a databank.
  • FIG. 3 a detailed block diagram of the cloud configurator 90 of Fig. 1 is shown.
  • the cloud configurator 90 comprises a machine connector 110 which in turn comprises a network tester 111 and a machine tester 112.
  • the machine tester 112 and the network tester 111 perform the function of testing the devices 31-37 of the second computer network 30 of a Fig. 1 after it has been configured and initialized.
  • the cloud configurator 90 comprises a system management unit 100, which comprises a web graphical user interface 102 and a call level interface 101.
  • the system management unit 100 performs the same functions for the cloud configurator 90 as the system management unit 80 does for the network prober 40. It allows a user to access the functions of the cloud configurator either through a graphical web interface or through a databank.
  • the cloud configurator 90 comprises an initialization unit 130 for initializing the second computer network 30 of Fig. 1 after it has been configured.
  • the cloud configurator 90 comprises a configuring unit 120, which again comprises a cloud networking connector 121, a virtual machine manager
  • the cloud networking connector 121, the virtual machine manager connector 122 and the cloud security connector 123 serve the purpose of the connecting to and accessing different devices of the second computer network 30.
  • the network prober data extractor 24 serves the purpose of accepting the virtual representation of the first computer network from the network prober 40 of Fig. 1 and extracting the information of this virtual representation for further handling.
  • the remote access manager 125 serves the purpose of managing the access to remote devices by the configuring unit 120.
  • a flow diagram of an embodiment of the inventive method is shown.
  • a first step 200 at least one device, preferably all devices of a first computer network are accessed.
  • a second step 201 the configurations and the data of all accessed devices of the first computer network are copied.
  • a virtual representation of the first computer network is created from the copied configurations.
  • this virtual representation of the first computer network is uploaded to a second computer network.
  • the second computer network is configured based upon the virtual representation of the first computer network and the data copied from the first computer network.
  • the second computer network is initialized.
  • the copied data and optionally also the copied configuration of the first computer network is updated to the second computer network, in case the data and/or configuration of the first computer network has changed since copying the data at configuration in the second step 201.
  • the invention is not limited to the examples and especially not to the number and type of devices of the first and second computer networks. The characteristics of the embodiments can be used in any advantageous combination.

Abstract

A virtualization device (10) serves the purpose of virtualizing a first computer (20) network comprising at least one device (21, 22, 23, 24, 25, 26, 27). The virtualization device (10) comprises a network prober (40) and a cloud configurator (90). The network prober (40) comprises a probing unit adapted for accessing the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) and copying configurations of the at least one device (21, 22, 23, 24, 25, 26, 27) and the data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20). The network prober (40) further comprises a modeling unit adapted for creating a virtual representation of the first computer network (20) from the copied configurations and uploading the virtual representation of the first computer network (20) and the copied data to a second computer network (30). The second computer network (30) is a cloud network. The cloud configurator (90) furthermore comprises a configuring unit adapted for configuring the second computer network (30) based upon the virtual representation of the first computer network (20) and the copied data. The cloud configurator (90) further comprises an initialization unit adapted for initializing the second computer network (30).

Description

DEVICE AND METHOD FOR AUTOMATIC VIRTULIZATION OF
NETWORKS TO THE CLOUD TECHNICAL FIELD
The present invention refers to a virtualization device and a method for virtualizing a first computer network to a second computer network.
Especially, the present invention refers to a virtualization device and method for virtualizing devices of a source network to a destination network, which is in the cloud.
BACKGROUND
Traditional cooperate networks use a great number of individual network components such as routers, switches, firewalls, etc. and can comprise a great number of computers, such as workstations or servers. Each of these network devices can hold configuration information and data. In recent years, a trend to virtualizing traditional cooperate networks at least in part to cloud based solutions is evident. So far, virtualizing an entire cooperate network though requires a great deal of effort, since each individual device has to be accessed by systems administration and virtualized manually.
For example, the US patent US 7,849,192 B2 shows a system for virtualizing devices of a computer network. The system shown there though is disadvantageous, since as explained above, a great deal of systems administration workload is generated while virtualizing an entire cooperate network.
SUMMARY
The object of the present invention is therefore to provide a virtualization device and a method for virtualizing a computer network which allow a reduction of systems administration workload to perform the virtualization.
The above object is achieved by the solutions provided in the enclosed independent claims. Advantageous implementations are defined in the respective dependent claims. A first aspect of the present invention provides a virtualization device for virtualizing a first computer network comprising at least one device. The virtualization device comprises a network prober and a cloud configurator. The network prober comprises a probing unit adapted for accessing the at least one device of the first computer network and copying configurations of the at least one device and the data of the at least one device of the first computer network. The network prober further comprises a modeling unit adapted for creating a virtual representation of the first computer network from the copied configurations and uploading the virtual representation of the first computer network and the copied data to a second computer network. The second computer network is a cloud network. The cloud configurator furthermore comprises a configuring unit adapted for configuring the second computer network based upon the virtual representation of the first computer network and the copied data. The cloud configurator further comprises an initialization unit adapted for initializing the second computer network.
Advantageously, the first computer network is a source computer network while the second computer network is a destination computer network. It is therefore possible to automatically perform the virtualization with only minimal systems administration time usage.
In a first advantageous implementation form of the first aspect of the virtualization device, the probing unit is adapted for connecting to all devices of the first computer network before accessing all devices of the first computer network by the network prober. The virtualization of an entire first computer network is therefore possible.
According to a second advantageous implementation of the first aspect of the present invention, the at least one device of the first computer network is a network device, such as a router, a switch and a firewall and/or a computer such as a server and a workstation. Due to the large number of possible devices, a great flexibility of the virtualization device is reached.
According to a third advantageous implementation of the first aspect of the present invention, the modeling unit is adapted for creating a virtual private network performing all functions of network devices of the first computer network and creating a virtual machine for each computer of the first computer network and configuring the virtual machine to perform all functions of the respective computer. A very efficient virtualized system is thereby reached.
In a fourth advantageous implementation form of the first aspect of the virtualization device, the second computer network comprises a network manager for managing the virtual private network and a machine manager for managing the virtual machines. This allows for minimal systems administration time spent when running the second computer network.
According to a fifth advantageous implementation form of the first aspect of the virtualization device, the second computer network comprises at least one network device and at least one computer, the at least one network device and the at least one computer are adapted to run the virtual private network and the virtual machines. By this measure, the number of computers and the network components can be
significantly reduced in comparison to a possibly very large first computer network.
In a sixth advantageous implementation of the first aspect of the present invention, the probing unit of the network prober is adapted for copying data of the at least one device of the first computer network, which has changed since copying the
configurations and/or data of the at least one device of the first computer network after the second computer network is initialized by the cloud configurator. The
configuration unit of the cloud configurator is then adapted to update the second computer network using the copied data after initializing of the second computer network by the initialization means. It is therefore possible to keep the first computer network in productive operation while the network prober performs its function. After the second computer network is initialized, the present working state of the first computer network is again migrated so that a seamless handover of the first and second computer networks is possible.
According to a second aspect of the present invention, a network comprising an above- described virtualization device, a first computer network and a second computer network is provided. According to a third aspect of the present invention, a method for virtualizing a first computer network comprising at least one device is provided. The method comprises accessing the at least one device of the first computer network, copying configurations of the at least one device and the data of the at least one device of the first computer network and creating a virtual representation of the first computer network from the copied configurations. Moreover, the method comprises creating a virtual
representation of the first computer network from the copied configurations and uploading the virtual representation of the first computer network and the copied data to a second computer network, wherein the second computer network is a cloud network. The second computer network is then configured based upon the virtual representation of the first computer network and the copied data. Moreover, the method comprises initializing the second computer network. Advantageously, the first computer network is a source computer network while the second computer network is a destination computer network. Minimal systems administration involvement is therefore necessary.
According to a first implementation form of the third aspect of present invention, the at least one device of the first computer network is a network device such as a router, a switch, a firewall and/or a computer such as a server and a workstation. A great flexibility regarding networks which can be migrated and thereby virtualized is thereby possible. According to a second implementation form of the third aspect of the present invention, the step of creating a virtual representation of the first computer network from the copied configurations comprises creating a virtual private network
performing all functions of the network devices of the first computer network and creating a virtual machine for each computer of the first computer network and configuring the virtual machine to perform all functions of the respective computer. A very effective and efficient implementation is therefore possible.
According to a third implementation form of the third aspect, the method comprises copying data of the at least one device of the first computer network, which has changed since copying the configurations and/or data of the at least one device of the first computer network after the second computer network is initialized and updating the second computer network using this copied data after initialization of the second computer network. A seamless handover between the first computer network and the second computer network is therefore possible. A downtime during which users cannot use either of the networks can thereby be prevented.
According to a fourth aspect of the present invention, a computer program with program code means for performing all previously described steps if the program is executed on a computer or a digital signal processor is provided.
Moreover, a fifth aspect of the present invention provides a computer program product having a computer-readable medium with stored program code means for performing all previously shown steps if the program is executed on a computer or a digital signal processor.
Generally, it has to be noted that in all arrangements devices, elements, units and means and so forth described in the present invention could be implemented by software or hardware elements of any kind and combination thereof. All steps which are performed by the various entities described in the present application as well as the functionality described to be performed by the various entities are intended to mean that the respective entity is adapted to or configured to perform the respective steps and functionalities. Even if in the following description or specific embodiments, a specific functionality of step to be performed by a general entity is not reflected in the description of a specific detailed element of that entity which performs that specific detailed element of that entity which performs that specific step or functionality, it should be clear for a skilled person that these methods and functionalities can be implemented in respective software or hardware elements, or any kind combination thereof. BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is in the following explained in detail in relation to embodiments of the invention with reference to the enclosed drawings, in which
Fig. 1 shows a general arrangement of a network comprising a source computer network and a destination computer network and an embodiment of the inventive virtualization device;
Fig. 2 shows a detailed block diagram of a first part of the embodiment of the
invention;
Fig. 3 shows a detailed block diagram of a second part of the embodiment of the invention, and
Fig. 4 shows a flow diagram of an embodiment of the inventive method.
DESCRIPTION OF THE EMBODIMENTS
In Fig. 1, an embodiment of the inventive virtualization device and network are shown. The network 1 comprises the virtualization device 10, a first computer network 20 and a second computer network 30. The first computer network 20 is a source computer network, while the second computer network 30 is a destination computer network. The first computer network 20 comprises a number of devices 21-27. The
devices 21-27 include a router 21, a firewall 22, a number of workstations 23-25, a server 26 and a switch 27. Also the second computer network 30 comprises a number of devices 31-37. The devices 31-37 comprise a router 31, a firewall 32, a number of workstations 33-35, a server 36 and a switch 37. In the embodiment depicted here, the first computer network 20 and the second computer network 30 comprise an identical number and type of devices. This is though no limitation. The first computer network 20 and the second computer network 30 can also comprise different numbers and types of devices. The virtualization device 10 comprises a network prober 40 and a cloud
configurator 90. The network prober 40 and the cloud configurator 90 are both connected to the second computer network 30. The network prober 40 is additionally connected to the first computer 20. Moreover, the network prober 40 and the cloud configurator 90 are connected to each other.
In the example shown in Fig. 1, the first computer network 20 is to be virtualized. To achieve this goal, the functions and information of the first computer network 20, which is for example a dedicated cooperate network have to be transferred to the second computer network 30, which is a cloud network. In order to do this, the network prober 40 accesses at least one of the devices 21-27, preferably all of the devices 21-27 of the first computer network and copies configurations and data of all accessed devices 21-27. During accessing the at least one device 21-27 of the first computer network 20, the network prober 40 needs to have access to all necessary rights for accessing the devices 21-27. While accessing the devices 21-27, the network prober 40 performs a full network discovery (mapping out the network regarding local area networks, routings, ACLs, QOS, etc.). Therefore, when accessing the
devices 21-27, the network prober 40 learns the entire layout, function and present state of the first computer network 20.
After this, the network prober 40 creates a virtual representation of the first computer network 20 from the copied configurations and uploads the virtual representation of the first computer network and the copied data to the second computer network 30. When creating the virtual representation of the first computer network 20, the entire information gathered about the first computer network 20 is used.
Now, the cloud configurator configures the second computer network based upon the virtual representation and the copied data provided to it by the network prober 40. Finally, the cloud configurator initializes the second computer network 30 by initializing the individual devices to 31-37.
The functions of network devices such as routers, switches and firewalls is
advantageously implemented as a virtual private network, which can be run by one or more devices 31-37 of the second computer network 30. The function of the computers 23-25 of the first computer network 20 is mapped to a number of virtual machines, which are run by one or more computers 33-35 of the second computer network 30. After the second computer network 30 has been initialized, the second computer network 30 is not up-to-date regarding the most current state of the configurations and data of the first computer network 20, in case the first computer network 20 was kept in operation during the network probing and configuring of the second computer network 30. Therefore, after initializing the second computer network 30, additionally and optionally the network prober 40 can perform a second round of accessing the first computer network 20 copying configurations and/or data of a more current state. The second computer network 30 is then again configured by the cloud configurator 90 in order to match the present state of the first computer network 20. By these measures, a seamless transfer between the first computer network 20 and the second computer network 30 is possible.
In Fig. 2 a more detailed configuration and architecture of the network prober 40 is shown in a block diagram. Individual connections between the different components are not depicted in detail for reasons of clarity.
The network prober 40 comprises a probing unit 41, which again comprises a machine connector 42, which in turn comprises a Unix machine connector 43 and a Windows machine connector 44. Optionally, the machine connector 42 can also comprise a Linux machine connector and/or connectors for other different types of machines. Moreover, the probing unit 41 comprises a network connector 50, which in turn comprises a switch connector 51, a router connector 52, a load balancer connector 53 and a virtual private network connector 54.
Moreover, the probing unit comprises a security connector 60, which in turn comprises a firewall connector 61, an intrusion prevention connector 62, a network authentication authorization accounting connector 63 and a web application firewall connector 64. The different components of the machine connector 42, the network connector 50 and the security connector 60 serve the purpose of connecting to different devices of the first computer network 20 of Fig. 1. The probing unit 41, especially the components of the machine connector 42, the network connector 50 and the security connector 60 perform the accessing of the devices of the first computer network 20 and the copying of the configurations and data of the devices 20-27 of the first computer network 20. Moreover, the network prober 40 comprises a modeling unit 70, which comprises a virtualization manager 71, a packaging manager 72, an upload manager 73 and a system database warehouse 74. The modeling unit 70 performs the functions of creating the virtual representation of the first computer network and uploading the created virtual representation and the copied data to the second computer network 30.
Especially, the virtualization manager 71 performs the creation of the virtual representation of the first computer network. The packaging manager 72 packages the virtual representation of the first computer network into a transferable file format, which is then uploaded to the second computer network 30 by the upload manager 33. The system database warehouse is used for hosting information and tools necessary for creating the virtual representation and uploading it.
Also, the network prober 40 comprises a system management unit 80, which again comprises a web graphical user interface 81 for accessing the network prober 40 by a user through a web browser and a call level interface 82, which serves the purpose of accessing the network prober 40 as part of a databank.
In Fig. 3 a detailed block diagram of the cloud configurator 90 of Fig. 1 is shown. The cloud configurator 90 comprises a machine connector 110 which in turn comprises a network tester 111 and a machine tester 112. The machine tester 112 and the network tester 111 perform the function of testing the devices 31-37 of the second computer network 30 of a Fig. 1 after it has been configured and initialized.
Moreover, the cloud configurator 90 comprises a system management unit 100, which comprises a web graphical user interface 102 and a call level interface 101. The system management unit 100 performs the same functions for the cloud configurator 90 as the system management unit 80 does for the network prober 40. It allows a user to access the functions of the cloud configurator either through a graphical web interface or through a databank. Furthermore, the cloud configurator 90 comprises an initialization unit 130 for initializing the second computer network 30 of Fig. 1 after it has been configured. Moreover, the cloud configurator 90 comprises a configuring unit 120, which again comprises a cloud networking connector 121, a virtual machine manager
connector 122, a cloud security connector 123, a network prober data extractor 124 and a remote access manager 125. These components 121-125 are used for performing the configuration of the second computer network 30 of Fig. 1 according to the virtual representation created by the network prober 40 of the Fig. 1. Especially, the cloud networking connector 121, the virtual machine manager connector 122 and the cloud security connector 123 serve the purpose of the connecting to and accessing different devices of the second computer network 30. The network prober data extractor 24 serves the purpose of accepting the virtual representation of the first computer network from the network prober 40 of Fig. 1 and extracting the information of this virtual representation for further handling. The remote access manager 125 serves the purpose of managing the access to remote devices by the configuring unit 120.
Finally, in Fig. 4, a flow diagram of an embodiment of the inventive method is shown. In a first step 200, at least one device, preferably all devices of a first computer network are accessed. In a second step 201, the configurations and the data of all accessed devices of the first computer network are copied. In a third step 202, a virtual representation of the first computer network is created from the copied configurations. In a fourth step 204, this virtual representation of the first computer network is uploaded to a second computer network. In a fifth step 204, the second computer network is configured based upon the virtual representation of the first computer network and the data copied from the first computer network. In a sixth step 205, the second computer network is initialized. In an optional seventh step 206, the copied data and optionally also the copied configuration of the first computer network is updated to the second computer network, in case the data and/or configuration of the first computer network has changed since copying the data at configuration in the second step 201. The invention is not limited to the examples and especially not to the number and type of devices of the first and second computer networks. The characteristics of the embodiments can be used in any advantageous combination.

Claims

1. Virtualization device for virtualizing a first computer network (20) comprising at least one device (21, 22, 23, 24, 25, 26, 27), wherein the virtualization device (10) comprises a network prober (40) and a cloud configurator (90), the network prober (40) comprises a probing unit (41) adapted for
- accessing the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), and
- copying configurations of the at least one device (21, 22, 23, 24, 25, 26, 27) and data of the at least one device of the first computer network (20), and the network prober (40) further comprises a modeling unit (70) adapted for
- creating a virtual representation of the first computer network (20) from the copied configurations, and
- uploading the virtual representation of the first computer network (20) and the copied data to a second computer network (30), wherein the second computer network (30) is a cloud network, wherein the cloud configurator (90) comprises a configuring unit (120) adapted for configuring the second computer network (30) based upon the virtual representation of the first computer network (20) and the copied data, and the cloud configurator (90) further comprises an initialization unit (130) adapted for initializing the second computer network (30).
2. Virtualization device according to claim 1, wherein the probing unit (41) is adapted for connecting to all devices (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) before accessing all devices (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) by the network prober (40).
3. Virtualization device according to claim 1 or 2, wherein the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) is a network device (21, 22, 27), such as a router (21), a switch (27) and a firewall (22) and/or a computer (23, 24, 25, 26) such as a server (26) and a workstation (23, 24, 25).
4. Virtualization device according to any of the claims 1 to 3, wherein the modeling unit (70) is adapted for
- creating a virtual private network performing all functions of network devices (21, 22, 27) of the first computer network (20), and
- creating a virtual machine for each computer (23, 24, 25, 26) of the first computer network (20) and configuring the virtual machine to perform all functions of the respective computer (23, 24, 25, 26).
5. Virtualization device according to claim 4, wherein the second computer network (30) comprises a network manager for managing the virtual private network, and a machine manager for managing the virtual machines.
6. Virtualization device according to claim 4 or 5, wherein the second computer network (30) comprises at least one network device (31, 32, 37) and at least one computer (33, 34, 35, 36), and that the at least one network device (31, 32, 37) and the at least one computer (33, 34, 35, 36) are adapted to run the virtual private network and the virtual machines.
7. Virtualization device according to any of the claims 1 to 6, wherein the probing unit (41) of the network prober (40) is adapted for copying data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), which has changed since copying the configurations and/or data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) after the second computer network (30) is initialized by the cloud configurator (90), and the configuration unit (120) of the cloud configurator (90) is adapted to update the second computer network (30) using the copied data after initializing of the second computer network (30) by the initialization means (120).
8. Network comprising a virtualization device according to any of the claims 1 to 7, a first computer network (20) and a second computer network (30).
9. Method for virtualizing a first computer network (20) comprising at least one device (21, 22, 23, 24, 25, 26, 27), comprising
- accessing the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20),
- copying configurations of the at least one device (21, 22, 23, 24, 25, 26, 27) and data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20),
- creating a virtual representation of the first computer (20) network from the copied configurations, and
- uploading the virtual representation of the first computer network (20) and the copied data to a second computer network (30), wherein the second computer network (30) is a cloud network,
- configuring the second computer network (30) based upon the virtual representation of the first computer network (20) and the copied data, and - initializing the second computer network (30).
10. Method according to claim 9, wherein the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) being a network device (21, 22, 27), such a routers (21), a switch (27) and a firewall (22) and/or a computer (23, 24, 25, 26) such a server (26) and a workstation (23, 24, 25).
11. Method according to any of the claims 9 to 10, wherein the step of creating a virtual representation of the first computer network (20) from the copied configurations comprises:
- creating a virtual private network performing all functions of all network devices (21, 22, 27) of the first computer network (20), and
- creating a virtual machine for each computer (23, 24, 25, 26) of the first computer network (20) and configuring the virtual machine to perform all functions of the respective computer (23, 24, 25, 26).
12. Method according to any of the claims 9 to 11, comprising copying data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), which has changed since copying the configurations and/or data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) after the second computer network (30) is initialized, and updating the second computer network (30) using this copied data after initialization of the second computer network (30).
13. A computer program with program code means for performing all steps according to any of the claims 9 to 12 if the program is executed on a computer or a digital signal processor.
14. A computer program product having a computer readable medium with stored program code means for performing all steps according to any of the claims 9 to 12 if the program is executed on a computer or a digital signal processor.
PCT/EP2014/053896 2014-02-28 2014-02-28 Device and method for automatic virtulization of networks to the cloud WO2015127980A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/EP2014/053896 WO2015127980A1 (en) 2014-02-28 2014-02-28 Device and method for automatic virtulization of networks to the cloud
CN201480036850.5A CN105359096B (en) 2014-02-28 2014-02-28 The device and method virtualized automatically for network to cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/053896 WO2015127980A1 (en) 2014-02-28 2014-02-28 Device and method for automatic virtulization of networks to the cloud

Publications (1)

Publication Number Publication Date
WO2015127980A1 true WO2015127980A1 (en) 2015-09-03

Family

ID=50231143

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/053896 WO2015127980A1 (en) 2014-02-28 2014-02-28 Device and method for automatic virtulization of networks to the cloud

Country Status (2)

Country Link
CN (1) CN105359096B (en)
WO (1) WO2015127980A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3430509B1 (en) * 2016-03-15 2022-06-22 Nokia Solutions and Networks Oy Conflict resolution in network virtualization scenarios

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5727157A (en) * 1990-09-17 1998-03-10 Cabletron Systems, Inc. Apparatus and method for determining a computer network topology
EP1455483A2 (en) * 2003-03-06 2004-09-08 Microsoft Corporation Virtual network topology generation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5727157A (en) * 1990-09-17 1998-03-10 Cabletron Systems, Inc. Apparatus and method for determining a computer network topology
EP1455483A2 (en) * 2003-03-06 2004-09-08 Microsoft Corporation Virtual network topology generation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GREGOR SCHAFFRATH ET AL: "Network virtualization architecture", PROCEEDINGS OF THE 1ST ACM WORKSHOP ON VIRTUALIZED INFRASTRUCTURE SYSTEMS AND ARCHITECTURES, VISA '09, 1 January 2009 (2009-01-01), New York, New York, USA, pages 63, XP055128386, ISBN: 978-1-60-558595-6, DOI: 10.1145/1592648.1592659 *

Also Published As

Publication number Publication date
CN105359096A (en) 2016-02-24
CN105359096B (en) 2019-06-28

Similar Documents

Publication Publication Date Title
US10498601B2 (en) Dynamic, load-based, auto-scaling network security microservices architecture
US20190149420A1 (en) System and method for automated system management
US10461999B2 (en) Methods and systems for managing interconnection of virtual network functions
US11122129B2 (en) Virtual network function migration
US11595252B2 (en) Composable edge device platforms
EP2992444B1 (en) Automated creation of private virtual networks in a service provider network
US10681046B1 (en) Unauthorized device detection in a heterogeneous network
US8954962B2 (en) Automatically reconfiguring physical switches to be in synchronization with changes made to associated virtual system
US9047109B1 (en) Policy enforcement in virtualized environment
US20170293501A1 (en) Method and system that extends a private data center to encompass infrastructure allocated from a remote cloud-computing facility
US11789802B2 (en) System and method of mapping and diagnostics of data center resources
US11507439B1 (en) Application programming interface as a service
TW202105221A (en) Automatically deployed information technology (it) system and method with enhanced security
US10536518B1 (en) Resource configuration discovery and replication system for applications deployed in a distributed computing environment
US20160057171A1 (en) Secure communication channel using a blade server
US9774600B1 (en) Methods, systems, and computer readable mediums for managing infrastructure elements in a network system
US10979289B2 (en) Apparatuses and methods for remote computing node registration and authentication
US11546224B2 (en) Virtual network layer for distributed systems
US10715385B2 (en) System and method for live migration for software agents
Al-Ayyoub et al. A novel framework for software defined based secure storage systems
WO2015127980A1 (en) Device and method for automatic virtulization of networks to the cloud
JP2024515247A (en) Configurable Edge Device Platform
CN116997892A (en) Combinable edge device platform

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480036850.5

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14707989

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14707989

Country of ref document: EP

Kind code of ref document: A1