U.S. patent application number 12/982820 was filed with the patent office on 2012-07-05 for domain name resolution for a hybrid cloud cluster.
This patent application is currently assigned to International Business Machines Corporation. Invention is credited to Mandar U. Jog, Bart C. Vashaw.
Application Number | 20120173760 12/982820 |
Document ID | / |
Family ID | 46381810 |
Filed Date | 2012-07-05 |
United States Patent
Application |
20120173760 |
Kind Code |
A1 |
Jog; Mandar U. ; et
al. |
July 5, 2012 |
DOMAIN NAME RESOLUTION FOR A HYBRID CLOUD CLUSTER
Abstract
Embodiments of the present invention provide a method, system
and computer program product for domain name resolution for a
hybrid cloud cluster. In an embodiment of the invention, a method
for domain name resolution for a hybrid cloud cluster includes
receiving a request for name resolution in a DNS name server proxy
executing in memory of a host computer in a public cloud.
Thereafter, it can be determined whether or not the request for
name resolution implicates a domain name within an Intranet coupled
to the proxy over a communications network. Finally, the request
for name resolution can be resolved in a DNS name server disposed
in the Intranet in response to determining the request to implicate
a domain name within the Intranet. Otherwise, the request for name
resolution can be resolved in a DNS name server for the public
cloud in response to determining the request not to implicate a
domain name within the Intranet.
Inventors: |
Jog; Mandar U.; (Cary,
NC) ; Vashaw; Bart C.; (Apex, NC) |
Assignee: |
International Business Machines
Corporation
Armonk
NY
|
Family ID: |
46381810 |
Appl. No.: |
12/982820 |
Filed: |
December 30, 2010 |
Current U.S.
Class: |
709/245 |
Current CPC
Class: |
H04L 61/1511 20130101;
H04L 61/1552 20130101; H04L 61/6013 20130101 |
Class at
Publication: |
709/245 |
International
Class: |
G06F 15/16 20060101
G06F015/16 |
Claims
1.-4. (canceled)
5. A domain name system (DNS) data processing system configured for
domain name resolution for a hybrid cloud cluster, the system
comprising: a public cloud; a DNS name server providing name
resolution for name resolution requests in the public cloud; an
Intranet separated from the public cloud by a firewall; a DNS name
server providing name resolution for name resolution requests in
the Intranet; and, a DNS name server proxy disposed in the public
cloud, the proxy comprising program code enabled to determine
whether or not a request for name resolution received in the proxy
implicates a domain name within the Intranet and to resolve the
request for name resolution in the DNS name server disposed in the
Intranet in response to determining the request to implicate a
domain name within the Intranet, but to resolve the request for
name resolution in the DNS name server for the public cloud in
response to determining the request not to implicate a domain name
within the Intranet.
6. The system of claim 1, wherein the Intranet is coupled to the
proxy by way of a secure tunnel through the firewall.
7. The system of claim 1, further comprising a cluster of virtual
machines disposed in the public cloud, hosting application logic,
and issuing name resolution requests from the application logic to
the proxy.
8. A computer program product for domain name resolution for a
hybrid cloud cluster, the computer program product comprising: a
computer readable storage medium having computer readable program
code embodied therewith, the computer readable program code
comprising: computer readable program code for receiving a request
for name resolution in a domain name system (DNS) name server proxy
executing in memory of a host computer in a public cloud; computer
readable program code for determining whether or not the request
for name resolution implicates a domain name within an Intranet
coupled to the proxy over a communications network; and, computer
readable program code for resolving the request for name resolution
in a DNS name server disposed in the Intranet in response to
determining the request to implicate a domain name within the
Intranet, but resolving the request for name resolution in a DNS
name server for the public cloud in response to determining the
request not to implicate a domain name within the Intranet.
9. The computer program product of claim 8, wherein the Intranet is
coupled to the DNS name server proxy in the public cloud over a
secure tunnel.
10. The computer program product of claim 8, wherein the computer
readable program code for resolving the request for name resolution
in the DNS name server for the public cloud comprises computer
readable program code for passing the request to localhost in the
public cloud.
11. The computer program product of claim 8, wherein the computer
readable program code for receiving a request for name resolution
in a DNS name server proxy executing in memory of a host computer
in a public cloud, comprises computer readable program code for
receiving a request from logic executing in a cluster of virtual
machines in a public cloud for name resolution in a DNS name server
proxy executing in memory of a host computer in the public cloud.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Field of the Invention
[0002] The present invention relates to hybrid cloud cluster
deployment and more particularly to domain name resolution in a
hybrid cloud cluster.
[0003] 2. Description of the Related Art
[0004] Network computing, at its core, relates to the transport of
data between addressable computing endpoints in a network of
computing endpoints. Integral to network computing is the universal
way in which data is addressed so as to be delivered to an intended
end point. In this regard, the Internet protocol (IP) is the
principal communications protocol used for relaying packets of data
across an internetwork using the IP suite. Responsible for routing
packets across network boundaries, IP is the primary protocol that
establishes the Internet. The domain name system, however, remains
the enabler of global computing by bridging the complexity of the
IP address with a human factors friendly domain name.
[0005] The domain name system (DNS) is a hierarchical naming system
built on a distributed database for computers, services, or any
resource connected to the Internet or a private network. The domain
name system associates various information with domain names
assigned to each of the participating entities. Most importantly,
the domain name system translates domain names meaningful to humans
into the numerical identifiers associated with networking equipment
for the purpose of locating and addressing these devices worldwide.
The backbone of the domain name system is the DNS server. Each
domain in the DNS enjoys at least one authoritative DNS name server
that publishes information about that domain and the name servers
of any domains subordinate to the domain. The top of the hierarchy
is served by the root name servers--specifically, the servers to
query when resolving a top-level domain name (TLD).
[0006] While the architecture and operation of the DNS has become a
generally understood principal of computing in respect to the
Internet, managing the DNS in a hybrid cloud computing environment
is not without its challenges. In this regard, cloud computing
refers to Internet-based computing in which shared resources,
software, and information are provided to computers and other
devices on demand, analogous to the delivery of power in the
municipal electricity grid. Generally, the typical cloud computing
infrastructure consists of services delivered through common
centers and built on host servers. Clouds often appear as single
points of access for the computing needs of the consumer. Further,
commercial cloud computing offerings generally are expected to meet
quality of service (QoS) requirements of customers, and typically
include service level agreements (SLAs).
[0007] A hybrid cloud computing environment is one that consists of
both public cloud machine instances (the "public cloud") and
private cloud machine instances such as physical or virtual
machines within the firewall, otherwise known as the Intranet or
the private enterprise. A machine image can be securely dispensed
into the public cloud and with the establishment of a secure
tunnel, can be made to look as if the machine image is part of the
private enterprise. It is also possible to deploy a set of machines
according to some pattern, for instance a cluster can be deployed
into specific public clouds. When this cluster is dispensed into
the public cloud, it remains necessary for the set of machines in
the public cloud to communicate with one another as well as with
machines disposed within the Intranet. Thus, the machines in the
public cloud must be able to resolve domain names in both the
public cloud and the private enterprise.
[0008] The public cloud typically assigns machines both public and
private hostnames that are resolvable to external and internal IP
addresses, respectively. The internal addresses ensure
internal-only resolution of addresses. Also, the private enterprise
name is typically not resolvable in the Internet, but only within
the Intranet. Thus, no one DNS name server can resolve both the
internal names of the public cloud and also the internal names of
the private enterprise. There are several ways that this difficulty
has been addressed.
[0009] First, only private enterprise names have been used, but two
drawbacks result: (1) all connections within the cluster now must
traverse the Internet, through at least two secure pipes, and an
exceptional performance penalty results large enough to likely be
completely unacceptable; and (2) some services and/or ports in the
public cloud instance may be configured to only accept connections
from inside the public cloud, or only from outside the private
enterprise. Second, the DNS name server of the public cloud has
been manually configured in the cluster to be deployed. This DNS
name server must parse out resolution queries for public cloud
addresses to the public cloud DNS name server, and private
enterprise addresses to the private enterprise DNS name server.
This course of action introduces possible errors and also
performance penalties.
BRIEF SUMMARY OF THE INVENTION
[0010] Embodiments of the present invention address deficiencies of
the art in respect to DNS name server configuration for a hybrid
cloud computing environment and provide a novel and non-obvious
method, system and computer program product for domain name
resolution for a hybrid cloud cluster. In an embodiment of the
invention, a method for domain name resolution for a hybrid cloud
cluster includes receiving a request for name resolution in a DNS
name server proxy executing in memory of a host computer in a
public cloud. Thereafter, it can be determined whether or not the
request for name resolution implicates a domain name within an
Intranet coupled to the proxy over a communications network.
Finally, the request for name resolution can be resolved in a DNS
name server disposed in the Intranet in response to determining the
request to implicate a domain name within the Intranet. Otherwise,
the request for name resolution can be resolved in a DNS name
server for the public cloud in response to determining the request
not to implicate a domain name within the Intranet.
[0011] In another embodiment of the invention, a DNS data
processing system can be configured for domain name resolution for
a hybrid cloud cluster. The system can include a public cloud with
a DNS name server providing name resolution for name resolution
requests in the public cloud. The system also can include an
Intranet separated from the public cloud by a firewall, the public
cloud and the Intranet forming a hybrid cloud. The Intranet further
can include a DNS name server providing name resolution for name
resolution requests in the Intranet. Finally, the system can
include a DNS name server proxy disposed in the public cloud. The
proxy can include program code enabled to determine whether or not
a request for name resolution received in the proxy implicates a
domain name within the Intranet and to resolve the request for name
resolution in the DNS name server disposed in the Intranet in
response to determining the request to implicate a domain name
within the Intranet, but to resolve the request for name resolution
in the DNS name server for the public cloud in response to
determining the request not to implicate a domain name within the
Intranet.
[0012] Additional aspects of the invention will be set forth in
part in the description which follows, and in part will be obvious
from the description, or may be learned by practice of the
invention. The aspects of the invention will be realized and
attained by means of the elements and combinations particularly
pointed out in the appended claims. It is to be understood that
both the foregoing general description and the following detailed
description are exemplary and explanatory only and are not
restrictive of the invention, as claimed.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
[0013] The accompanying drawings, which are incorporated in and
constitute part of this specification, illustrate embodiments of
the invention and together with the description, serve to explain
the principles of the invention. The embodiments illustrated herein
are presently preferred, it being understood, however, that the
invention is not limited to the precise arrangements and
instrumentalities shown, wherein:
[0014] FIG. 1 is a pictorial illustration of a process for domain
name resolution for a hybrid cloud cluster;
[0015] FIG. 2 is a schematic illustration of a DNS data processing
system configured for domain name resolution for a hybrid cloud
cluster; and,
[0016] FIG. 3 is a flow chart illustrating a process for domain
name resolution for a hybrid cloud cluster.
DETAILED DESCRIPTION OF THE INVENTION
[0017] Embodiments of the invention provide for domain name
resolution for a hybrid cloud cluster. In accordance with an
embodiment of the invention, a DNS name server proxy can be
deployed as part of a cluster of virtual machines operating in a
public cloud computing environment, and the machines in the cluster
can be configured to route name resolution requests to the DNS name
server proxy. The DNS name server proxy can enjoy a communicative
linkage both with a DNS name server local to the public cloud
computing environment and also a DNS name disposed behind a
firewall in an Intranet. The DNS name server proxy can receive name
resolution requests from the cluster of virtual machines and can
resolve the requests through the use of the DNS name servers in the
public cloud and the Intranet by way of the communicative linkages
according to a domain for the requests. For requests implicating
the Intranet, the DNS name server in the Intranet can be used. In
contrast, for requests implicating domains outside of the Intranet,
the DNS name server of the public cloud can be used.
[0018] In further illustration, FIG. 1 pictorially shows a process
for domain name resolution for a hybrid cloud cluster. As shown in
FIG. 1, a private cloud--namely an Intranet 110 protected from
public access by way of a firewall 130 can subsist along with a
public cloud 120. The public cloud 120 can include a local DNS name
server 150. Likewise, the Intranet 110 can include a local DNS name
server 140. A cluster of virtual machines 160 can be deployed into
the public cloud 120. Finally, a cloud deployment management module
170 can configure and deploy a DNS name server proxy 180 into the
public cloud 120 for the cluster of virtual machines 160 to resolve
name resolution requests received in the public cloud for names
associated with the Intranet 110 using the DNS name server 140 in
the Intranet 110, but to use the DNS name server 150 in the public
cloud to resolve requests for other names.
[0019] The process described in connection with the DNS name server
proxy 180 of FIG. 1 can be implemented in a DNS data processing
system for hybrid cloud computing. In yet further illustration,
FIG. 2 schematically shows a DNS data processing system configured
for domain name resolution for a hybrid cloud cluster. The system
can include a public cloud 200 communicatively coupled to an
Intranet 250 over communicative linkage 260 in order to form a
hybrid cloud computing environment. For instance, the communicative
linkage 260 can be a secure tunnel.
[0020] The public cloud can include one or more host computers 210,
each with at least one processor and memory. The host computers 210
cooperatively can be managed by a cloud computing environment 220
upon which multiple different virtual machines 240 can execute in a
cluster. The virtual machines 240, in turn, can manage the
operation of computer program logic deployed into the cluster of
virtual machines 240.
[0021] The cloud computing environment 220 also can include one or
more DNS name servers 230, for example, those referenced by
localhost within the cloud operating environment. Of note, a DNS
name server proxy 300 also can be included in the set of virtual
machines 240 and the virtual machines 240 can be configured to
route name resolution requests to the DNS name server proxy 300. In
this regard, the DNS name server proxy 300 can include program code
such than when executed by one or more of the host computers 210,
can process name resolution requests by using the DNS name server
230 of the public cloud 200 for domains external to the Intranet
250, but by using a DNS name server (not shown) within the Intranet
250 for domains internal to the Intranet 250.
[0022] In even yet further illustration of the operation of the DNS
name server proxy 300, FIG. 3 is a flow chart illustrating a
process for domain name resolution for a hybrid cloud cluster.
Beginning in block 310, a DNS name resolution request can be
received in the proxy. In decision block 320, it can be determined
whether or not the request involves a domain name associated with
the Intranet. If so, in block 330 a DNS name server disposed within
the Intranet can be used to resolve the domain name of the
resolution request. Otherwise, if the request involves a domain
name not associated with the Intranet, a DNS name server for the
public cloud can be used to resolve the domain name of the
resolution request.
[0023] As will be appreciated by one skilled in the art, aspects of
the present invention may be embodied as a system, method or
computer program product. Accordingly, aspects of the present
invention may take the form of an entirely hardware embodiment, an
entirely software embodiment (including firmware, resident
software, micro-code, etc.) or an embodiment combining software and
hardware aspects that may all generally be referred to herein as a
"circuit," "module" or "system." Furthermore, aspects of the
present invention may take the form of a computer program product
embodied in one or more computer readable medium(s) having computer
readable program code embodied thereon.
[0024] Any combination of one or more computer readable medium(s)
may be utilized. The computer readable medium may be a computer
readable signal medium or a computer readable storage medium. A
computer readable storage medium may be, for example, but not
limited to, an electronic, magnetic, optical, electromagnetic,
infrared, or semiconductor system, apparatus, or device, or any
suitable combination of the foregoing. More specific examples (a
non-exhaustive list) of the computer readable storage medium would
include the following: an electrical connection having one or more
wires, a portable computer diskette, a hard disk, a random access
memory (RAM), a read-only memory (ROM), an erasable programmable
read-only memory (EPROM or Flash memory), an optical fiber, a
portable compact disc read-only memory (CD-ROM), an optical storage
device, a magnetic storage device, or any suitable combination of
the foregoing. In the context of this document, a computer readable
storage medium may be any tangible medium that can contain, or
store a program for use by or in connection with an instruction
execution system, apparatus, or device.
[0025] A computer readable signal medium may include a propagated
data signal with computer readable program code embodied therein,
for example, in baseband or as part of a carrier wave. Such a
propagated signal may take any of a variety of forms, including,
but not limited to, electro-magnetic, optical, or any suitable
combination thereof. A computer readable signal medium may be any
computer readable medium that is not a computer readable storage
medium and that can communicate, propagate, or transport a program
for use by or in connection with an instruction execution system,
apparatus, or device.
[0026] Program code embodied on a computer readable medium may be
transmitted using any appropriate medium, including but not limited
to wireless, wireline, optical fiber cable, radiofrequency, and the
like, or any suitable combination of the foregoing. Computer
program code for carrying out operations for aspects of the present
invention may be written in any combination of one or more
programming languages, including an object oriented programming
language and conventional procedural programming languages. The
program code may execute entirely on the user's computer, partly on
the user's computer, as a stand-alone software package, partly on
the user's computer and partly on a remote computer or entirely on
the remote computer or server. In the latter scenario, the remote
computer may be connected to the user's computer through any type
of network, including a local area network (LAN) or a wide area
network (WAN), or the connection may be made to an external
computer (for example, through the Internet using an Internet
Service Provider).
[0027] Aspects of the present invention have been described above
with reference to flowchart illustrations and/or block diagrams of
methods, apparatus (systems) and computer program products
according to embodiments of the invention. In this regard, the
flowchart and block diagrams in the Figures illustrate the
architecture, functionality, and operation of possible
implementations of systems, methods and computer program products
according to various embodiments of the present invention. For
instance, each block in the flowchart or block diagrams may
represent a module, segment, or portion of code, which comprises
one or more executable instructions for implementing the specified
logical function(s). It should also be noted that, in some
alternative implementations, the functions noted in the block may
occur out of the order noted in the figures. For example, two
blocks shown in succession may, in fact, be executed substantially
concurrently, or the blocks may sometimes be executed in the
reverse order, depending upon the functionality involved. It will
also be noted that each block of the block diagrams and/or
flowchart illustration, and combinations of blocks in the block
diagrams and/or flowchart illustration, can be implemented by
special purpose hardware-based systems that perform the specified
functions or acts, or combinations of special purpose hardware and
computer instructions.
[0028] It also will be understood that each block of the flowchart
illustrations and/or block diagrams, and combinations of blocks in
the flowchart illustrations and/or block diagrams, can be
implemented by computer program instructions. These computer
program instructions may be provided to a processor of a general
purpose computer, special purpose computer, or other programmable
data processing apparatus to produce a machine, such that the
instructions, which execute via the processor of the computer or
other programmable data processing apparatus, create means for
implementing the functions/acts specified in the flowchart and/or
block diagram block or blocks.
[0029] These computer program instructions may also be stored in a
computer readable medium that can direct a computer, other
programmable data processing apparatus, or other devices to
function in a particular manner, such that the instructions stored
in the computer readable medium produce an article of manufacture
including instructions which implement the function/act specified
in the flowchart and/or block diagram block or blocks. The computer
program instructions may also be loaded onto a computer, other
programmable data processing apparatus, or other devices to cause a
series of operational steps to be performed on the computer, other
programmable apparatus or other devices to produce a computer
implemented process such that the instructions which execute on the
computer or other programmable apparatus provide processes for
implementing the functions/acts specified in the flowchart and/or
block diagram block or blocks.
[0030] Finally, the terminology used herein is for the purpose of
describing particular embodiments only and is not intended to be
limiting of the invention. As used herein, the singular forms "a",
"an" and "the" are intended to include the plural forms as well,
unless the context clearly indicates otherwise. It will be further
understood that the terms "comprises" and/or "comprising," when
used in this specification, specify the presence of stated
features, integers, steps, operations, elements, and/or components,
but do not preclude the presence or addition of one or more other
features, integers, steps, operations, elements, components, and/or
groups thereof.
[0031] The corresponding structures, materials, acts, and
equivalents of all means or step plus function elements in the
claims below are intended to include any structure, material, or
act for performing the function in combination with other claimed
elements as specifically claimed. The description of the present
invention has been presented for purposes of illustration and
description, but is not intended to be exhaustive or limited to the
invention in the form disclosed. Many modifications and variations
will be apparent to those of ordinary skill in the art without
departing from the scope and spirit of the invention. The
embodiment was chosen and described in order to best explain the
principles of the invention and the practical application, and to
enable others of ordinary skill in the art to understand the
invention for various embodiments with various modifications as are
suited to the particular use contemplated.
[0032] Having thus described the invention of the present
application in detail and by reference to embodiments thereof, it
will be apparent that modifications and variations are possible
without departing from the scope of the invention defined in the
appended claims as follows:
* * * * *