NARKOLAYEV SHOLOMO (DE)
EP1455483A2 | 2004-09-08 | |||
US5727157A | 1998-03-10 |
CLAIMS 1. Virtualization device for virtualizing a first computer network (20) comprising at least one device (21, 22, 23, 24, 25, 26, 27), wherein the virtualization device (10) comprises a network prober (40) and a cloud configurator (90), the network prober (40) comprises a probing unit (41) adapted for - accessing the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), and - copying configurations of the at least one device (21, 22, 23, 24, 25, 26, 27) and data of the at least one device of the first computer network (20), and the network prober (40) further comprises a modeling unit (70) adapted for - creating a virtual representation of the first computer network (20) from the copied configurations, and - uploading the virtual representation of the first computer network (20) and the copied data to a second computer network (30), wherein the second computer network (30) is a cloud network, wherein the cloud configurator (90) comprises a configuring unit (120) adapted for configuring the second computer network (30) based upon the virtual representation of the first computer network (20) and the copied data, and the cloud configurator (90) further comprises an initialization unit (130) adapted for initializing the second computer network (30). 2. Virtualization device according to claim 1, wherein the probing unit (41) is adapted for connecting to all devices (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) before accessing all devices (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) by the network prober (40). 3. Virtualization device according to claim 1 or 2, wherein the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) is a network device (21, 22, 27), such as a router (21), a switch (27) and a firewall (22) and/or a computer (23, 24, 25, 26) such as a server (26) and a workstation (23, 24, 25). 4. Virtualization device according to any of the claims 1 to 3, wherein the modeling unit (70) is adapted for - creating a virtual private network performing all functions of network devices (21, 22, 27) of the first computer network (20), and - creating a virtual machine for each computer (23, 24, 25, 26) of the first computer network (20) and configuring the virtual machine to perform all functions of the respective computer (23, 24, 25, 26). 5. Virtualization device according to claim 4, wherein the second computer network (30) comprises a network manager for managing the virtual private network, and a machine manager for managing the virtual machines. 6. Virtualization device according to claim 4 or 5, wherein the second computer network (30) comprises at least one network device (31, 32, 37) and at least one computer (33, 34, 35, 36), and that the at least one network device (31, 32, 37) and the at least one computer (33, 34, 35, 36) are adapted to run the virtual private network and the virtual machines. 7. Virtualization device according to any of the claims 1 to 6, wherein the probing unit (41) of the network prober (40) is adapted for copying data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), which has changed since copying the configurations and/or data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) after the second computer network (30) is initialized by the cloud configurator (90), and the configuration unit (120) of the cloud configurator (90) is adapted to update the second computer network (30) using the copied data after initializing of the second computer network (30) by the initialization means (120). 8. Network comprising a virtualization device according to any of the claims 1 to 7, a first computer network (20) and a second computer network (30). 9. Method for virtualizing a first computer network (20) comprising at least one device (21, 22, 23, 24, 25, 26, 27), comprising - accessing the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), - copying configurations of the at least one device (21, 22, 23, 24, 25, 26, 27) and data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), - creating a virtual representation of the first computer (20) network from the copied configurations, and - uploading the virtual representation of the first computer network (20) and the copied data to a second computer network (30), wherein the second computer network (30) is a cloud network, - configuring the second computer network (30) based upon the virtual representation of the first computer network (20) and the copied data, and - initializing the second computer network (30). 10. Method according to claim 9, wherein the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) being a network device (21, 22, 27), such a routers (21), a switch (27) and a firewall (22) and/or a computer (23, 24, 25, 26) such a server (26) and a workstation (23, 24, 25). 11. Method according to any of the claims 9 to 10, wherein the step of creating a virtual representation of the first computer network (20) from the copied configurations comprises: - creating a virtual private network performing all functions of all network devices (21, 22, 27) of the first computer network (20), and - creating a virtual machine for each computer (23, 24, 25, 26) of the first computer network (20) and configuring the virtual machine to perform all functions of the respective computer (23, 24, 25, 26). 12. Method according to any of the claims 9 to 11, comprising copying data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20), which has changed since copying the configurations and/or data of the at least one device (21, 22, 23, 24, 25, 26, 27) of the first computer network (20) after the second computer network (30) is initialized, and updating the second computer network (30) using this copied data after initialization of the second computer network (30). 13. A computer program with program code means for performing all steps according to any of the claims 9 to 12 if the program is executed on a computer or a digital signal processor. 14. A computer program product having a computer readable medium with stored program code means for performing all steps according to any of the claims 9 to 12 if the program is executed on a computer or a digital signal processor. |
NETWORKS TO THE CLOUD TECHNICAL FIELD
The present invention refers to a virtualization device and a method for virtualizing a first computer network to a second computer network.
Especially, the present invention refers to a virtualization device and method for virtualizing devices of a source network to a destination network, which is in the cloud.
BACKGROUND
Traditional cooperate networks use a great number of individual network components such as routers, switches, firewalls, etc. and can comprise a great number of computers, such as workstations or servers. Each of these network devices can hold configuration information and data. In recent years, a trend to virtualizing traditional cooperate networks at least in part to cloud based solutions is evident. So far, virtualizing an entire cooperate network though requires a great deal of effort, since each individual device has to be accessed by systems administration and virtualized manually.
For example, the US patent US 7,849,192 B2 shows a system for virtualizing devices of a computer network. The system shown there though is disadvantageous, since as explained above, a great deal of systems administration workload is generated while virtualizing an entire cooperate network.
SUMMARY
The object of the present invention is therefore to provide a virtualization device and a method for virtualizing a computer network which allow a reduction of systems administration workload to perform the virtualization.
The above object is achieved by the solutions provided in the enclosed independent claims. Advantageous implementations are defined in the respective dependent claims. A first aspect of the present invention provides a virtualization device for virtualizing a first computer network comprising at least one device. The virtualization device comprises a network prober and a cloud configurator. The network prober comprises a probing unit adapted for accessing the at least one device of the first computer network and copying configurations of the at least one device and the data of the at least one device of the first computer network. The network prober further comprises a modeling unit adapted for creating a virtual representation of the first computer network from the copied configurations and uploading the virtual representation of the first computer network and the copied data to a second computer network. The second computer network is a cloud network. The cloud configurator furthermore comprises a configuring unit adapted for configuring the second computer network based upon the virtual representation of the first computer network and the copied data. The cloud configurator further comprises an initialization unit adapted for initializing the second computer network.
Advantageously, the first computer network is a source computer network while the second computer network is a destination computer network. It is therefore possible to automatically perform the virtualization with only minimal systems administration time usage.
In a first advantageous implementation form of the first aspect of the virtualization device, the probing unit is adapted for connecting to all devices of the first computer network before accessing all devices of the first computer network by the network prober. The virtualization of an entire first computer network is therefore possible.
According to a second advantageous implementation of the first aspect of the present invention, the at least one device of the first computer network is a network device, such as a router, a switch and a firewall and/or a computer such as a server and a workstation. Due to the large number of possible devices, a great flexibility of the virtualization device is reached.
According to a third advantageous implementation of the first aspect of the present invention, the modeling unit is adapted for creating a virtual private network performing all functions of network devices of the first computer network and creating a virtual machine for each computer of the first computer network and configuring the virtual machine to perform all functions of the respective computer. A very efficient virtualized system is thereby reached.
In a fourth advantageous implementation form of the first aspect of the virtualization device, the second computer network comprises a network manager for managing the virtual private network and a machine manager for managing the virtual machines. This allows for minimal systems administration time spent when running the second computer network.
According to a fifth advantageous implementation form of the first aspect of the virtualization device, the second computer network comprises at least one network device and at least one computer, the at least one network device and the at least one computer are adapted to run the virtual private network and the virtual machines. By this measure, the number of computers and the network components can be
significantly reduced in comparison to a possibly very large first computer network.
In a sixth advantageous implementation of the first aspect of the present invention, the probing unit of the network prober is adapted for copying data of the at least one device of the first computer network, which has changed since copying the
configurations and/or data of the at least one device of the first computer network after the second computer network is initialized by the cloud configurator. The
configuration unit of the cloud configurator is then adapted to update the second computer network using the copied data after initializing of the second computer network by the initialization means. It is therefore possible to keep the first computer network in productive operation while the network prober performs its function. After the second computer network is initialized, the present working state of the first computer network is again migrated so that a seamless handover of the first and second computer networks is possible.
According to a second aspect of the present invention, a network comprising an above- described virtualization device, a first computer network and a second computer network is provided. According to a third aspect of the present invention, a method for virtualizing a first computer network comprising at least one device is provided. The method comprises accessing the at least one device of the first computer network, copying configurations of the at least one device and the data of the at least one device of the first computer network and creating a virtual representation of the first computer network from the copied configurations. Moreover, the method comprises creating a virtual
representation of the first computer network from the copied configurations and uploading the virtual representation of the first computer network and the copied data to a second computer network, wherein the second computer network is a cloud network. The second computer network is then configured based upon the virtual representation of the first computer network and the copied data. Moreover, the method comprises initializing the second computer network. Advantageously, the first computer network is a source computer network while the second computer network is a destination computer network. Minimal systems administration involvement is therefore necessary.
According to a first implementation form of the third aspect of present invention, the at least one device of the first computer network is a network device such as a router, a switch, a firewall and/or a computer such as a server and a workstation. A great flexibility regarding networks which can be migrated and thereby virtualized is thereby possible. According to a second implementation form of the third aspect of the present invention, the step of creating a virtual representation of the first computer network from the copied configurations comprises creating a virtual private network
performing all functions of the network devices of the first computer network and creating a virtual machine for each computer of the first computer network and configuring the virtual machine to perform all functions of the respective computer. A very effective and efficient implementation is therefore possible.
According to a third implementation form of the third aspect, the method comprises copying data of the at least one device of the first computer network, which has changed since copying the configurations and/or data of the at least one device of the first computer network after the second computer network is initialized and updating the second computer network using this copied data after initialization of the second computer network. A seamless handover between the first computer network and the second computer network is therefore possible. A downtime during which users cannot use either of the networks can thereby be prevented.
According to a fourth aspect of the present invention, a computer program with program code means for performing all previously described steps if the program is executed on a computer or a digital signal processor is provided.
Moreover, a fifth aspect of the present invention provides a computer program product having a computer-readable medium with stored program code means for performing all previously shown steps if the program is executed on a computer or a digital signal processor.
Generally, it has to be noted that in all arrangements devices, elements, units and means and so forth described in the present invention could be implemented by software or hardware elements of any kind and combination thereof. All steps which are performed by the various entities described in the present application as well as the functionality described to be performed by the various entities are intended to mean that the respective entity is adapted to or configured to perform the respective steps and functionalities. Even if in the following description or specific embodiments, a specific functionality of step to be performed by a general entity is not reflected in the description of a specific detailed element of that entity which performs that specific detailed element of that entity which performs that specific step or functionality, it should be clear for a skilled person that these methods and functionalities can be implemented in respective software or hardware elements, or any kind combination thereof. BRIEF DESCRIPTION OF THE DRAWINGS
The present invention is in the following explained in detail in relation to embodiments of the invention with reference to the enclosed drawings, in which
Fig. 1 shows a general arrangement of a network comprising a source computer network and a destination computer network and an embodiment of the inventive virtualization device;
Fig. 2 shows a detailed block diagram of a first part of the embodiment of the
invention;
Fig. 3 shows a detailed block diagram of a second part of the embodiment of the invention, and
Fig. 4 shows a flow diagram of an embodiment of the inventive method.
DESCRIPTION OF THE EMBODIMENTS
In Fig. 1, an embodiment of the inventive virtualization device and network are shown. The network 1 comprises the virtualization device 10, a first computer network 20 and a second computer network 30. The first computer network 20 is a source computer network, while the second computer network 30 is a destination computer network. The first computer network 20 comprises a number of devices 21-27. The
devices 21-27 include a router 21, a firewall 22, a number of workstations 23-25, a server 26 and a switch 27. Also the second computer network 30 comprises a number of devices 31-37. The devices 31-37 comprise a router 31, a firewall 32, a number of workstations 33-35, a server 36 and a switch 37. In the embodiment depicted here, the first computer network 20 and the second computer network 30 comprise an identical number and type of devices. This is though no limitation. The first computer network 20 and the second computer network 30 can also comprise different numbers and types of devices. The virtualization device 10 comprises a network prober 40 and a cloud
configurator 90. The network prober 40 and the cloud configurator 90 are both connected to the second computer network 30. The network prober 40 is additionally connected to the first computer 20. Moreover, the network prober 40 and the cloud configurator 90 are connected to each other.
In the example shown in Fig. 1, the first computer network 20 is to be virtualized. To achieve this goal, the functions and information of the first computer network 20, which is for example a dedicated cooperate network have to be transferred to the second computer network 30, which is a cloud network. In order to do this, the network prober 40 accesses at least one of the devices 21-27, preferably all of the devices 21-27 of the first computer network and copies configurations and data of all accessed devices 21-27. During accessing the at least one device 21-27 of the first computer network 20, the network prober 40 needs to have access to all necessary rights for accessing the devices 21-27. While accessing the devices 21-27, the network prober 40 performs a full network discovery (mapping out the network regarding local area networks, routings, ACLs, QOS, etc.). Therefore, when accessing the
devices 21-27, the network prober 40 learns the entire layout, function and present state of the first computer network 20.
After this, the network prober 40 creates a virtual representation of the first computer network 20 from the copied configurations and uploads the virtual representation of the first computer network and the copied data to the second computer network 30. When creating the virtual representation of the first computer network 20, the entire information gathered about the first computer network 20 is used.
Now, the cloud configurator configures the second computer network based upon the virtual representation and the copied data provided to it by the network prober 40. Finally, the cloud configurator initializes the second computer network 30 by initializing the individual devices to 31-37.
The functions of network devices such as routers, switches and firewalls is
advantageously implemented as a virtual private network, which can be run by one or more devices 31-37 of the second computer network 30. The function of the computers 23-25 of the first computer network 20 is mapped to a number of virtual machines, which are run by one or more computers 33-35 of the second computer network 30. After the second computer network 30 has been initialized, the second computer network 30 is not up-to-date regarding the most current state of the configurations and data of the first computer network 20, in case the first computer network 20 was kept in operation during the network probing and configuring of the second computer network 30. Therefore, after initializing the second computer network 30, additionally and optionally the network prober 40 can perform a second round of accessing the first computer network 20 copying configurations and/or data of a more current state. The second computer network 30 is then again configured by the cloud configurator 90 in order to match the present state of the first computer network 20. By these measures, a seamless transfer between the first computer network 20 and the second computer network 30 is possible.
In Fig. 2 a more detailed configuration and architecture of the network prober 40 is shown in a block diagram. Individual connections between the different components are not depicted in detail for reasons of clarity.
The network prober 40 comprises a probing unit 41, which again comprises a machine connector 42, which in turn comprises a Unix machine connector 43 and a Windows machine connector 44. Optionally, the machine connector 42 can also comprise a Linux machine connector and/or connectors for other different types of machines. Moreover, the probing unit 41 comprises a network connector 50, which in turn comprises a switch connector 51, a router connector 52, a load balancer connector 53 and a virtual private network connector 54.
Moreover, the probing unit comprises a security connector 60, which in turn comprises a firewall connector 61, an intrusion prevention connector 62, a network authentication authorization accounting connector 63 and a web application firewall connector 64. The different components of the machine connector 42, the network connector 50 and the security connector 60 serve the purpose of connecting to different devices of the first computer network 20 of Fig. 1. The probing unit 41, especially the components of the machine connector 42, the network connector 50 and the security connector 60 perform the accessing of the devices of the first computer network 20 and the copying of the configurations and data of the devices 20-27 of the first computer network 20. Moreover, the network prober 40 comprises a modeling unit 70, which comprises a virtualization manager 71, a packaging manager 72, an upload manager 73 and a system database warehouse 74. The modeling unit 70 performs the functions of creating the virtual representation of the first computer network and uploading the created virtual representation and the copied data to the second computer network 30.
Especially, the virtualization manager 71 performs the creation of the virtual representation of the first computer network. The packaging manager 72 packages the virtual representation of the first computer network into a transferable file format, which is then uploaded to the second computer network 30 by the upload manager 33. The system database warehouse is used for hosting information and tools necessary for creating the virtual representation and uploading it.
Also, the network prober 40 comprises a system management unit 80, which again comprises a web graphical user interface 81 for accessing the network prober 40 by a user through a web browser and a call level interface 82, which serves the purpose of accessing the network prober 40 as part of a databank.
In Fig. 3 a detailed block diagram of the cloud configurator 90 of Fig. 1 is shown. The cloud configurator 90 comprises a machine connector 110 which in turn comprises a network tester 111 and a machine tester 112. The machine tester 112 and the network tester 111 perform the function of testing the devices 31-37 of the second computer network 30 of a Fig. 1 after it has been configured and initialized.
Moreover, the cloud configurator 90 comprises a system management unit 100, which comprises a web graphical user interface 102 and a call level interface 101. The system management unit 100 performs the same functions for the cloud configurator 90 as the system management unit 80 does for the network prober 40. It allows a user to access the functions of the cloud configurator either through a graphical web interface or through a databank. Furthermore, the cloud configurator 90 comprises an initialization unit 130 for initializing the second computer network 30 of Fig. 1 after it has been configured. Moreover, the cloud configurator 90 comprises a configuring unit 120, which again comprises a cloud networking connector 121, a virtual machine manager
connector 122, a cloud security connector 123, a network prober data extractor 124 and a remote access manager 125. These components 121-125 are used for performing the configuration of the second computer network 30 of Fig. 1 according to the virtual representation created by the network prober 40 of the Fig. 1. Especially, the cloud networking connector 121, the virtual machine manager connector 122 and the cloud security connector 123 serve the purpose of the connecting to and accessing different devices of the second computer network 30. The network prober data extractor 24 serves the purpose of accepting the virtual representation of the first computer network from the network prober 40 of Fig. 1 and extracting the information of this virtual representation for further handling. The remote access manager 125 serves the purpose of managing the access to remote devices by the configuring unit 120.
Finally, in Fig. 4, a flow diagram of an embodiment of the inventive method is shown. In a first step 200, at least one device, preferably all devices of a first computer network are accessed. In a second step 201, the configurations and the data of all accessed devices of the first computer network are copied. In a third step 202, a virtual representation of the first computer network is created from the copied configurations. In a fourth step 204, this virtual representation of the first computer network is uploaded to a second computer network. In a fifth step 204, the second computer network is configured based upon the virtual representation of the first computer network and the data copied from the first computer network. In a sixth step 205, the second computer network is initialized. In an optional seventh step 206, the copied data and optionally also the copied configuration of the first computer network is updated to the second computer network, in case the data and/or configuration of the first computer network has changed since copying the data at configuration in the second step 201. The invention is not limited to the examples and especially not to the number and type of devices of the first and second computer networks. The characteristics of the embodiments can be used in any advantageous combination.
Next Patent: SELF-HEALING ELASTOMER AND PROCESS FOR ITS PREPARATION