公开(公告)号：US20240031228A1

公开(公告)日：2024-01-25

申请号：US18211360

申请日：2023-06-19

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Mayur Dhas ,  Naveen Ramaswamy ,  Pavlush Margarian ,  Hamza Aharchaou

IPC: H04L41/08 ,  H04L41/0806

CPC classification number: H04L41/0889 ,  H04L41/0806 ,  H04L67/10

Abstract: Some embodiments of the invention provide a method for deploying software-implemented resources in a software defined datacenter (SDDC). The method initially receives a hierarchical API command that, in a declarative format, specifies several operation requests for several software-defined (SD) resources at several resource levels of a resource hierarchy in the SDDC. The method parses the API command to identify the SD resources at the plurality of resource levels. Based on the parsed API command, the method deploys the SD resources by using a deployment process that ensures that any first SD resource on which a second SD resource depends is deployed before the second resource. In some embodiments, a second SD resource depends on a first SD resource when the second SD resource is a child of the first SD resource. Alternatively, or conjunctively, a second SD resource can also depend on a first SD resource in some embodiments when the second SD resource has some operational dependency on the first SD resource. In some embodiments, the method parses the API command by identifying several sets of SD resources, with each set having one or more SD resources at one resource level. The deployment in some embodiments deploys the identified SD resource sets at higher resource levels before deploying SD resources at lower resource levels.

公开(公告)号：US20230367650A1

公开(公告)日：2023-11-16

申请号：US18227306

申请日：2023-07-28

Applicant: VMware, Inc.

Inventor： Amarnath Palavalli ,  Sachin Mohan Vaidya ,  Pavlush Margarian

IPC: G06F9/50 ,  H04L67/1087 ,  H04L9/40 ,  H04L67/1074 ,  H04L67/60

CPC classification number: G06F9/5077 ,  G06F9/5011 ,  H04L67/1089 ,  H04L63/0263 ,  H04L63/101 ,  H04L67/1076 ,  H04L67/60 ,  G06F2209/506

Abstract: Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

公开(公告)号：US11748170B2

公开(公告)日：2023-09-05

申请号：US17176191

申请日：2021-02-16

Applicant: VMware, Inc.

Inventor： Amarnath Palavalli ,  Sachin Mohan Vaidya ,  Pavlush Margarian

IPC: G06F15/173 ,  G06F9/50 ,  H04L67/1087 ,  H04L9/40 ,  H04L67/1074 ,  H04L67/60

CPC classification number: G06F9/5077 ,  G06F9/5011 ,  H04L63/0263 ,  H04L63/101 ,  H04L67/1076 ,  H04L67/1089 ,  H04L67/60 ,  G06F2209/506

Abstract: Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

公开(公告)号：US11799726B2

公开(公告)日：2023-10-24

申请号：US16906955

申请日：2020-06-19

Applicant: VMware, Inc.

Inventor： Ganesan Chandrashekhar ,  Pankaj Thakkar ,  Sachin Mohan Vaidya ,  Ujwala Kawalay ,  Amarnath Palavalli ,  Bhagyashree Gujar

IPC: H04L41/0893 ,  H04L61/103 ,  H04L41/12 ,  H04L41/0686 ,  H04L43/06 ,  G06F16/25 ,  G06F16/23 ,  G06F9/54 ,  G06F11/34 ,  H04L41/046 ,  H04L9/40 ,  H04L69/22 ,  G06F16/27 ,  H04L41/0654 ,  H04L67/14 ,  H04L41/0803 ,  H04L12/66 ,  H04L43/0811 ,  H04L41/22 ,  H04L67/1095

CPC classification number: H04L41/0893 ,  G06F9/546 ,  G06F9/547 ,  G06F11/3409 ,  G06F16/2358 ,  G06F16/256 ,  G06F16/27 ,  H04L12/66 ,  H04L41/046 ,  H04L41/0654 ,  H04L41/0686 ,  H04L41/0803 ,  H04L41/12 ,  H04L43/06 ,  H04L43/0811 ,  H04L61/103 ,  H04L63/0263 ,  H04L63/104 ,  H04L67/14 ,  H04L69/22 ,  H04L41/22 ,  H04L67/1095

Abstract: Some embodiments provide a method for distributing a service rule that is to be enforced across a first set of sites and that is defined by reference to a group identifier that identifies a group of machines. The method distributes the service rule to each site in the first set of sites. The method identifies at least one site in the first set of sites that is not in a second set of sites that has already received a definition of the group. The method distributes the group definition to each identified site in the first set of sites that has not already received the definition of the group.

公开(公告)号：US11343283B2

公开(公告)日：2022-05-24

申请号：US17103696

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Alka Pendharkar ,  Disha Chopra ,  Pavlush Margarian ,  Farzad Ghannadian ,  Shrinivas Sharad Parashar

IPC: G06F15/173 ,  H04L29/06 ,  G06F9/455 ,  H04L12/46 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/586 ,  H04L49/00 ,  H04L67/10 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. Based on input from a top-level user of the virtual infrastructure, the method deploys a first logical network within the virtual infrastructure and defines one or more second-level users of the virtual infrastructure. The method receives input from a second-level user of the virtual infrastructure to define a second logical network and connect the second logical network to the first logical network. The first and second logical networks use a same data model and the second-level users are restricted from viewing configuration of the first logical network.

公开(公告)号：US20220103521A1

公开(公告)日：2022-03-31

申请号：US17103706

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Jayant Jain ,  Shadab Shah ,  Anirban Sengupta

IPC: H04L29/06 ,  H04L12/713 ,  H04L12/717 ,  H04L12/66 ,  G06F9/455

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.

公开(公告)号：US20220103430A1

公开(公告)日：2022-03-31

申请号：US17103704

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Rushikesh Wagh ,  Shailesh Makhijani ,  Mayur Dhas ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Pavlush Margarian ,  Alka Pendharkar ,  Abhishek Goliya ,  Shrinivas Sharad Parashar

IPC: H04L12/24 ,  H04L12/66 ,  H04L12/46 ,  H04L12/715 ,  H04L12/713

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies (i) a set of tiers of the application and (ii) a set of requirements for deploying the application. Based on the application definition, the method automatically defines a logical network architecture for connecting data compute nodes (DCNs) that implement the application tiers in the set of datacenters. The method configures a set of forwarding elements in the set of datacenters to implement the logical network architecture.

公开(公告)号：US20220103429A1

公开(公告)日：2022-03-31

申请号：US17103696

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Alka Pendharkar ,  Disha Chopra ,  Pavlush Margarian ,  Farzad Ghannadian ,  Shrinivas Sharad Parashar

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/713

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. Based on input from a top-level user of the virtual infrastructure, the method deploys a first logical network within the virtual infrastructure and defines one or more second-level users of the virtual infrastructure. The method receives input from a second-level user of the virtual infrastructure to define a second logical network and connect the second logical network to the first logical network. The first and second logical networks use a same data model and the second-level users are restricted from viewing configuration of the first logical network.

公开(公告)号：US09420004B2

公开(公告)日：2016-08-16

申请号：US14220185

申请日：2014-03-20

Applicant: VMWARE, INC.

Inventor： Amol Palshikar ,  Sachin Mohan Vaidya ,  Prayas Gaurav ,  Nikhil Bokare

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for grouping virtual machine (VM) objects for networking and security services in a virtualized computing system are described. In one example embodiment, VM attributes and identity attributes are obtained from a virtual center and an identity server, respectively. One or more desired security groups are then formed based on security requirements of the virtualized computing system. A user defined dynamic expression is then associated with the one or more security groups. One or more expression attributes are then determined by evaluating the user defined dynamic expression using the obtained VM attributes and identity attributes. VM objects are then grouped based on the determined one or more expression attributes. The grouped VM objects are then associated with the created one or more security groups for providing the networking and security services.

Abstract translation: 描述了在虚拟化计算系统中对用于网络和安全服务的虚拟机（VM）对象进行分组的技术。 在一个示例实施例中，VM属性和身份属性分别从虚拟中心和身份服务器获得。 然后基于虚拟化计算系统的安全性要求形成一个或多个期望的安全组。 然后，用户定义的动态表达式与一个或多个安全组相关联。 然后通过使用获得的VM属性和身份属性评估用户定义的动态表达式来确定一个或多个表达属性。 然后基于所确定的一个或多个表达属性对VM对象进行分组。 然后将分组的VM对象与所创建的一个或多个安全组相关联，以提供网络和安全服务。

公开(公告)号：US11689425B2

公开(公告)日：2023-06-27

申请号：US17692634

申请日：2022-03-11

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Mayur Dhas ,  Naveen Ramaswamy ,  Pavlush Margarian ,  Hamza Aharchaou

IPC: G06F15/173 ,  H04L41/08 ,  H04L41/0806 ,  H04L67/10

CPC classification number: H04L41/0889 ,  H04L41/0806 ,  H04L67/10

Abstract: Some embodiments of the invention provide a method for deploying software-implemented resources in a software defined datacenter (SDDC). The method initially receives a hierarchical API command that, in a declarative format, specifies several operation requests for several software-defined (SD) resources at several resource levels of a resource hierarchy in the SDDC. The method parses the API command to identify the SD resources at the plurality of resource levels. Based on the parsed API command, the method deploys the SD resources by using a deployment process that ensures that any first SD resource on which a second SD resource depends is deployed before the second resource. In some embodiments, a second SD resource depends on a first SD resource when the second SD resource is a child of the first SD resource. Alternatively, or conjunctively, a second SD resource can also depend on a first SD resource in some embodiments when the second SD resource has some operational dependency on the first SD resource. In some embodiments, the method parses the API command by identifying several sets of SD resources, with each set having one or more SD resources at one resource level. The deployment in some embodiments deploys the identified SD resource sets at higher resource levels before deploying SD resources at lower resource levels.