The present invention relates to the field of information technology, including, more particularly, to systems and techniques for distributed firewalls in cloud computing environments.
Generally, a firewall system, such as for a public cloud computing network, is deployed at the periphery of a TCP/IP (Transmission Control Protocol/Internet Protocol) network domain to protect applications and computers behind the network. When any software application or computer that is outside of the network domain attempts to communicate with another application or computer that is inside the network domain, the traffic has to pass the firewall. Depending on the security policy programmed on this firewall, the communication traffic may or may not be approved to traverse through.
In some cases, an enterprise may wish to deploy an application across multiple different cloud computing networks owned by multiple different cloud computing providers. The reasons for doing so vary. For example, one cloud provider may offer a particular service that another cloud provider does not and vice-versa. As another example, deploying across multiple cloud networks can reduce the risk of the application becoming unavailable. Specifically, if one cloud network suffers a failure, the application may continue to run uninterrupted on the other cloud network.
It is very laborious and time-consuming, however, to manage the different peripheral firewall systems that may be provided by the different cloud providers. For example, if the application is to be deployed across two different cloud networks, the enterprise administrator may have to program two different firewall systems to ensure consistency between the different firewall systems. Further, each firewall system may have different designs, interfaces, and programming procedures which can further complicate deployment and management.
Therefore, there is a need for new and improved systems and techniques for providing firewalls in a multi-cloud network environment.