US 12,170,692 B2
Network security orchestration and management across different clouds
Toan Van Nguyen, Singapore (SG); Sriram Srinivasan, Milpitas, CA (US); Syed Abdullah Shah, Santa Clara, CA (US); Santhosh Ram Vetrinadar Manohar, San Jose, CA (US); Varun Kulkarni Somashekhar, Fremont, CA (US); Prabhat Singh, Sunnyvale, CA (US); and Bogdan Florin Romanescu, San Francisco, CA (US)
Assigned to Salesforce, Inc., San Francisco, CA (US)
Filed by salesforce.com, inc., San Francisco, CA (US)
Filed on Sep. 16, 2020, as Appl. No. 16/948,399.
Prior Publication US 2022/0086189 A1, Mar. 17, 2022
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) 18 Claims
OG exemplary drawing
 
1. A system comprising:
a server system comprising one or more processors in communication with one or more memory devices, the server system configurable to cause:
obtaining network security information comprising a set of security policies indicating permitted communications between or among computing resources,
converting the network security information to a cloud-independent representation of the network security information,
generating, from the cloud-independent representation, a plurality of policy sets, each policy set being specific to a respective one of a plurality of clouds of different cloud providers,
sending, using a policy deployer having a cloud-specific configuration tool, each cloud-specific policy set to the respective cloud, wherein a cloud-specific policy set specifies one or more of: an instance of a data center, one or more computing resources, one or more security groups of computing services, one or more subnets, one or more ingress rules, or one or more egress rules, and
monitoring deployment of a cloud-specific policy set to a respective cloud, the monitoring comprising detecting a change between the cloud-specific policy set and a different policy set deployed on the respective cloud.