The present invention relates to computing, and in particular, to systems and methods of integrating local systems with cloud computing resources.
In general, the concepts of “virtual” and “cloud computing” includes the utilization of a set of shared computing resources (e.g., servers) which are typically consolidated in one or more data center locations. For example, cloud computing systems may be implemented as a web service that enables a user to launch and manage computing resources (e.g., virtual server instances) in third party data centers. In a cloud environment, computer resources may be available in different sizes and configurations so that different resource types can be specified to meet specific needs of different users. For example, one user may desire to use small instance as a web server and another larger instance as a database server, or an even larger instance for processor intensive applications. Cloud computing offers this type of outsourced flexibility without having to manage the purchase and operation of additional hardware resources within an organization.
A cloud-based computing resource is thought to execute or reside somewhere on the “cloud”, which may be an internal corporate network or the public Internet. From the perspective of an application developer or information technology administrator, cloud computing enables the development and deployment of applications that exhibit scalability (e.g., increase or decrease resource utilization as needed), performance (e.g., execute efficiently and fast), and reliability (e.g., never, or at least rarely, fail), all without any regard for the nature or location of the underlying infrastructure.
A number of factors have given rise to an increase in the utilization of cloud computing resources. For example, advances in networking technologies have significantly improved resource connectivity while decreasing connectivity costs. Advances in virtualization technologies have increased the efficiency of computing hardware by improving scalability and making it possible to more closely match computing hardware resources to the requirements of a particular computing task. Additionally, virtualization technologies commonly deployed in cloud computing environments have improved application reliability by enabling failover policies and procedures that reduce disruption due to an application or hardware failure.
A variety of different computing resources may be created on a cloud. For example, a resource may include all the information necessary to run application software, and may include UNIX, Linux, or Windows operating systems and specific application software as desired by a user. The information for configuring the resource to be created is referred to as an image. After an image has been created (instantiated), the resource becomes an instance (a server instance).
FIG. 1 illustrates a typical cloud computing architecture. A service requester 104 may desire to use computing resources available on the cloud 102. As mentioned above, physically, the cloud may be one or more physical computer networks (e.g., server farms) accessible over the Internet, for example, with software for creating resource images and instances desired by users. One such cloud computing system is offered by Amazon.com®. Before a cloud computing resource can be created and used, a user must typically configure the particular resource. For example, in the case of a virtual server or virtual appliance, a user must configure the server or appliance and provision a physical server to execute the virtual server or appliance. Service requestor 104 may send messages to a cloud management system 103 to create or access configuration information for creating resources on cloud 102. In response to such messages, cloud management system 103 may configure a virtual server or virtual appliance for use by a requesting user. As illustrated in FIG. 1, the cloud management system 103 may act as an interface, whereby one or more users may setup resources on the cloud. For example, cloud management system 103 may facilitate web-based access to various administrative functions thereby enabling the user to configure the cloud-based resource using a conventional web browser application. For instance, the management system 103 may display to the user a list of resources or services that the user can utilize, along with a list of commands (e.g., start, stop, suspend, list) that can be executed to operate on, or with, certain resources. As mentioned above, the cloud-based resources may comprise, for example, a list of preconfigured or customized machine images corresponding to virtual servers that can be instantiated in the cloud. The management systems may manage the available resources, including the physical servers.
As illustrated in FIG. 1, cloud management system 103 may use configuration data 105 for setting up computing resources for different users. The configuration data may specify the details of the computing resources to be allocated, such as the image to be instantiated and the amount of computing resources to be applied. For instance, a user may upload a customized machine image or select a pre-configured machine image. The management system may store configuration data 105 in a repository, for example. When the user desires to use the resources, the system may generate the necessary commands for instantiating the virtual server on the appropriate physical server. For example, if a user desires a small amount of resources, the user may direct management system 103 to access configuration data specifying an image including a virtual CPU having a certain processing power and specifications, 1 GB of memory, and 100 GB of persistent storage. However, if the user desires a large amount of resources, the user may direct management system 103 to access configuration data specifying an image including multiple virtual CPUs having a certain processing power, 10 GB of memory, and 500 GB of persistent storage. The images are used to create server instances of the specified resources. Once the resources are instantiated, a link to the resources is sent to the user (e.g., an IP address) and the user may access the resources to run software applications as desired.
One problem associated with cloud computing system is security. In some situations, it may be desirable for software systems running on a local network inside a company to interface with resources running on a cloud. FIG. 2 illustrates an existing technique for creating a secure connection between a local system 200A and a cloud computing system 200B over a network 255. In this example, a local system 200A may include a client 201 and one or more backend systems 207 and 208 (e.g., a software server executing on a computer system). The client system may be a software application that communicates with software running on the backend systems 207 and 208. For example, the client may be a software application executing on a computer system, such as Netweaver Design Studio by SAP AG®, for example, and the backend systems may be an Enterprise Resource Planning (“ERP”) software server system or Customer Relationship Management (“CRM”) software server system, for example. If the computing resources of the local system become insufficient, client 201 may send a request for additional software resources across a network 255 (e.g., the Internet) to cloud management service 202 on cloud 200B. Cloud management service 202 may access configuration data 203 to create server instances 204 to meet the computing demands of the local network. However, since the new resources are on the cloud, access to the new resources, and communication between the new resources on the cloud and the local system, must be made secure. Additionally, the communications must be authorized to penetrate a local firewall 250 and a firewall 251 protecting the cloud, for example. One existing approach to provide this security is to use a virtual private network (“VPN”). In this example, a VPN 205 node may be implemented on cloud computing system 200B. Another VPN 206 node may also be implemented on the local system 200A. The VPN implementations may enable secure communication between client 201 and server instances 204.
There are a number of problems with the existing tools and techniques for integrating a local system with external resources in a computing cloud. First, conventional cloud management systems provide no easy way to achieve a tight secure integration between clients and servers on a local system and software instances on a cloud. In particular, implementing secure communications through a VPN creates a bottleneck in the VPN. Additionally, complex and sometimes incompatible third party VPN software interfaces and requirements must be integrated into the local networks and cloud instances. Moreover, VPNs do not provide the flexibility and feature set desired fully integrate a local system with a cloud in a dynamic manner. For instance, VPNs are typically used for static networks, and are not suited for a changing environment where new resources are created and integrated into a local network on-the-fly. Consequently, there exists a need for improved systems and methods for integrating external resources with a local system.