Services within reverse proxy servers
US-2016088023-A1 · Mar 24, 2016 · US
Monitoring cloud computing environments with data control policies
US10567356B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10567356-B2 |
| Application number | US-201715628344-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 20, 2017 |
| Priority date | Jun 20, 2017 |
| Publication date | Feb 18, 2020 |
| Grant date | Feb 18, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.
First claim
Opening claim text (preview).
What is claimed is: 1. A computerized system comprising: one or more processors; and one or more computer storage media storing computer-useable instructions that, when used by the one or more processors, cause the one or more processors to: receive, at an SNMP proxy in a first cloud computing environment, a request for telemetry data for a network device in the first cloud computing environment, the request being received from a monitoring service in a second cloud computing environment remote from the first cloud computing environment; obtain, by the SNMP proxy, an SNMP community string for the network device from an access data store maintained in the first cloud computing environment and not accessible to the monitoring service; issue, by the SNMP proxy, a request for the telemetry data to the network device using the SNMP community string; receive, at the SNMP proxy, a response from the network device; and send the telemetry data from the SNMP proxy to the monitoring service based on the response from the network device. 2. The system of claim 1 , wherein the request for the telemetry data from the monitoring service received at the SNMP proxy is made via an API. 3. The system of claim 1 , wherein the request for the telemetry data from the monitoring service received at the SNMP proxy includes a claim, which is evaluated by an access control service in the first cloud computing environment to validate the claim. 4. The system of claim 1 , wherein the request for the telemetry data from the monitoring service received at the SNMP proxy identifies the network device using an SNMP object identifier for the network device. 5. The system of claim 1 , wherein the SNMP proxy decodes the response from the network device to obtain the telemetry data using a management information base for the first cloud computing environment. 6. One or more computer storage media storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising: receiving, at a hardware proxy in a first cloud computing environment, a request to perform an action to obtain data from a network device in the first cloud computing environment, the request being received from a monitoring service in a second cloud computing environment remote from the first cloud computing environment; obtaining, by the hardware proxy, access control data for the network device from an access data store maintained in the first cloud computing environment and not accessible to the monitoring service; issuing, by the hardware proxy, one or more commands to the network device to access the data from the network device using the access control data for the network device; receiving, at the hardware proxy, the data obtained from the network device; and sending the data from the hardware proxy to the monitoring service. 7. The one or more computer storage media of claim 6 , wherein the request for the data from the monitoring service received at the hardware proxy is made via an API. 8. The one or more computer storage media of claim 6 , wherein the request for the data from the monitoring service received at the hardware proxy includes a claim, which is evaluated by an access control service in the first cloud computing environment to validate the claim. 9. The one or more computer storage media of claim 6 , wherein the hardware proxy uses the access control data to log onto the network device in order to issue the one or more commands to the network device. 10. The one or more computer storage media of claim 6 , wherein the hardware proxy determines a device type for the network device and the one or more commands are selected by the hardware proxy based on the device type. 11. The one or more computer storage media of claim 6 , wherein the hardware proxy obtains the data using a screen scraping capability to read output from the network device via a command-line tool used to interface with the network device. 12. The one or more computer storage media of claim 6 , wherein the operations further comprise: identifying restricted data in the data, and removing the restricted data from the data before sending the data to the monitoring service. 13. The one or more computer storage media of claim 12 , wherein the restricted data is removed from the data by encrypting the restricted data or replacing the restricted data with a placeholder. 14. A computer-implemented method comprising: receiving, at a hardware proxy in a first cloud computing environment, a request to perform an action to obtain data from a network device in the first cloud computing environment, the request being received from a monitoring service in a second cloud computing environment remote from the first cloud computing environment; obtaining, by the hardware proxy, access control data for the network device from an access data store maintained in the first cloud computing environment and not accessible to the monitoring service; issuing, by the hardware proxy, one or more commands to the network device to access the data from the network device using the access control data for the network device; receiving, at the hardware proxy, the data obtained from the network device; and sending the data from the hardware proxy to the monitoring service. 15. The computer-implemented method of claim 14 , wherein the request for the data from the monitoring service received at the hardware proxy includes a claim, which is evaluated by an access control service in the first cloud computing environment to validate the claim. 16. The computer-implemented method of claim 14 , wherein the hardware proxy uses the access control data to log onto the network device in order to issue the one or more commands to the network device. 17. The computer-implemented method of claim 14 , wherein the hardware proxy determines a device type for the network device and the one or more commands are selected by the hardware proxy based on the device type. 18. The computer-implemented method of claim 14 , wherein the hardware proxy obtains the data using a screen scraping capability to read output from the network device via a command-line tool used to interface with the network device. 19. The computer-implemented method of claim 14 , wherein the operations further comprise: identifying restricted data in the data, and removing the restricted data from the data before sending the data to the monitoring service. 20. The computer-implemented method of claim 19 , wherein the restricted data is removed from the data by encrypting the restricted data or replacing the restricted data with a placeholder.
Assignees
Inventors
Classifications
between heterogeneous systems · CPC title
Standardised network management protocols, e.g. simple network management protocol [SNMP] · CPC title
for controlling access to devices or network resources · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10567356B2 cover?
- Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environm…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).