VMware, Inc.
Network policy migration in a federated hybrid cloud

Abstract:

One or more embodiments provide a firewall policy between a first virtual data center and a second virtual data center. A method includes: establishing a communication link between a first firewall server in the first virtual data center and a second firewall server in the second virtual data center over a network, the first firewall server having a first firewall defined by polices applied to groups of objects in the first virtual data center; obtaining, at the first firewall server, an inventory of objects in the second virtual data center from the second firewall server; determining firewall rule tuples by mapping the policies of the first firewall to groups of objects in the inventory of the second virtual data center; and sending the firewall rule tuples to enforcement points in the second virtual data center.