US 11,916,775 B1
Multi-tenant cloud native control plane system
Parag Pritam Thakore, Los Gatos, CA (US); Sunil Mukundan, Chennai (IN); and Anupam Rai, Fremont, CA (US)
Assigned to Netskope, Inc., Santa Clara, CA (US)
Filed by Netskope, Inc., Santa Clara, CA (US)
Filed on Mar. 17, 2023, as Appl. No. 18/185,967.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 45/02 (2022.01); H04L 12/46 (2006.01)
CPC H04L 45/02 (2013.01) [H04L 12/4633 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A multi-tenant cloud native control plane system for providing data exchange between a plurality of gateway endpoints using a secure tunnel between the gateway endpoints, the multi-tenant cloud native control plane system comprises:
an end-user device including a client endpoint, the client endpoint is configured to:
provide a request for accessing data from the client endpoint using a gateway device, wherein the request is provided by sending data packets;
a cloud control plane coupled to the end-user device; and
a cloud provider configured to provide access to the data, wherein the cloud control plane is configured to:
provision a connection from the gateway device to a control plane in the cloud control plane, wherein:
the cloud control plane provisions the connection to a service endpoint at the cloud provider for providing the access to the data using a data plane and the control plane, and
the control plane is isolated from the data plane;
identify by the control plane, routing information of network traffic from a plurality of devices corresponding to a plurality of tenants;
identify a tenant associated with the request and isolate the tenant from the plurality of tenants;
identify network patterns from the routing information, wherein the network patterns include connections between devices, the gateway endpoints, user locations or device addresses;
determine a network policy associated with the access to the data based on the network patterns, wherein the network policy specifies routing for access to the data, and the network policy is based on tenant specific rules, applications, the user locations, network preferences, or priorities;
determine the secure tunnel from a plurality of tunnels for providing access to the data based on the network policy and the network patterns from the routing information, wherein the secure tunnel connects the client endpoint and the service endpoint;
forward the data packets by the data plane for access to the data on the secure tunnel using the routing information; and
provide the access to the data from the cloud provider to the client endpoint on the gateway device using the secure tunnel.