公开(公告)号：US20230122596A1

公开(公告)日：2023-04-20

申请号：US18083311

申请日：2022-12-16

Applicant: VMware, Inc.

Inventor： Rishi Kanth Alapati ,  Parasuramji Rajendran ,  Weiming Xu ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Anuprem Chalvadi ,  Chidambareswaran Raman ,  Margaret Angeline Petrus

IPC: H04L9/40 ,  H04L41/0806 ,  H04L41/00 ,  H04L61/5007

Abstract: Described herein are systems and methods to manage blacklists and duplicate addresses in software defined networks (SDNs). In one implementation, a method includes, in a control plane and data plane of an SDN environment, obtaining a blacklist for a logical port in the SDN environment. The method further includes deleting realized address bindings in a realized address list for the logical port that match the one or more address bindings in the blacklist and preventing subsequent address bindings that match the one or more address bindings in the blacklist from being added to the realized address list.

公开(公告)号：US11176157B2

公开(公告)日：2021-11-16

申请号：US16520227

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Rajiv Mordani ,  Arnold Poon ,  Aditi Vutukuri ,  Vinith Podduturi

IPC: G06F17/30 ,  G06F16/25 ,  G06F7/14 ,  G06F21/55 ,  G06F9/455

Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, identifies at least two received attribute sets from two different host computers that relate to a same set of flows between a same set of source machines and a same set of destination machines. The appliance merges the two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two identified attribute sets, in some embodiments.

公开(公告)号：US20210029002A1

公开(公告)日：2021-01-28

申请号：US16520235

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Rajiv Mordani ,  Santhana Krishna Kallya Perumal ,  Aditi Vutukuri

IPC: H04L12/26 ,  H04L29/06

Abstract: Some embodiments provide a novel method for analyzing the incoming flow data to detect anomalous behavior. The analysis, in some embodiments, is performed after a deduplication/aggregation operation. In some embodiments, the analysis identifies flows for further investigation by an administrator. The analysis, in some embodiments is also performed based on other received data sets (e.g., context data and configuration data), stored flow data, or both.

公开(公告)号：US20200280534A1

公开(公告)日：2020-09-03

申请号：US16804638

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Parasuramji Rajendran ,  Rishi Kanth Alapati ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Chidambareswaran Raman ,  Margaret Angeline Petrus ,  Anuprem Chalvadi ,  Pallavi Moghe ,  Weiming Xu

IPC: H04L29/12 ,  G06F9/455 ,  H04L12/751 ,  H04L12/741 ,  H04L12/715

Abstract: Described herein are systems and methods to manage Internet Protocol (IP) address discovery in a software defined networking (SDN) environment. In one example, a manager may generate an IP address discovery configuration and pass the IP address discovery configuration to a controller. Once received, the controller may obtain a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports and update a realized list for the one or more logical ports based on the discovered list and the IP address discovery configuration.

公开(公告)号：US09779240B2

公开(公告)日：2017-10-03

申请号：US14611006

申请日：2015-01-30

Applicant: VMware, Inc.

Inventor： Azeem Feroz ,  Rahul Mathias Madan ,  Arnold Poon ,  Aditi Vutukuri

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/56 ,  G06F9/455 ,  G06F21/53 ,  G06F21/57

CPC classification number: G06F21/566 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/561 ,  G06F21/575 ,  G06F2009/45587 ,  G06F2221/034

Abstract: Aspects of the present invention include hypervisor based security using a hypervisor to monitor a VM. In embodiments of the present invention, the information gathered by the hypervisor in the monitoring is compared against a reference image to determine if there are possible rootkits present on the VM. If there are potential rootkits, the VM can be quarantined.

公开(公告)号：US11792151B2

公开(公告)日：2023-10-17

申请号：US17507548

申请日：2021-10-21

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L61/10 ,  H04L61/2521 ,  H04L61/5053 ,  H04L61/256

CPC classification number: H04L61/10 ,  H04L61/2521 ,  H04L61/2571 ,  H04L61/5053

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

公开(公告)号：US20220239675A1

公开(公告)日：2022-07-28

申请号：US17220553

申请日：2021-04-01

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Santhanakrishnan Kaliya Perumal ,  Aditi Vutukuri ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.

公开(公告)号：US11115379B2

公开(公告)日：2021-09-07

申请号：US16804638

申请日：2020-02-28

Applicant: VMware, Inc.

Inventor： Parasuramji Rajendran ,  Rishi Kanth Alapati ,  Shireesh Kumar Singh ,  Aditi Vutukuri ,  Chidambareswaran Raman ,  Margaret Angeline Petrus ,  Anuprem Chalvadi ,  Pallavi Moghe ,  Weiming Xu

IPC: H04L29/12 ,  G06F9/455 ,  H04L12/741 ,  H04L12/715 ,  H04L12/751

Abstract: Described herein are systems and methods to manage Internet Protocol (IP) address discovery in a software defined networking (SDN) environment. In one example, a manager may generate an IP address discovery configuration and pass the IP address discovery configuration to a controller. Once received, the controller may obtain a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports and update a realized list for the one or more logical ports based on the discovered list and the IP address discovery configuration.

公开(公告)号：US11106480B2

公开(公告)日：2021-08-31

申请号：US16258016

申请日：2019-01-25

Applicant: VMware, Inc.

Inventor： Bin Wang ,  Aditi Vutukuri ,  Lan Luo ,  Margaret Petrus

IPC: G06F9/455 ,  H04L29/12 ,  H04L12/24 ,  G06F9/54 ,  G06F9/451 ,  H04L12/26

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve containerized application visibility. An example apparatus includes a container application manager to build an inventory of the containerized application, the containerized application including a virtual machine, the virtual machine hosting one or more containers, and a network topology builder to invoke a virtual machine agent of the virtual machine to obtain network traffic events from the one or more containers to generate network topology information associated with the containerized application based on the inventory, generate a network topology for the containerized application based on the network topology information, build the visualization based on the network topology, the visualization including the inventory and the network topology information, and launch a user interface to display the visualization to execute one or more computing tasks.

公开(公告)号：US20210026863A1

公开(公告)日：2021-01-28

申请号：US16520227

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Rajiv Mordani ,  Arnold Poon ,  Aditi Vutukuri ,  Vinith Podduturi

IPC: G06F16/25 ,  G06F7/14

Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, identifies at least two received attribute sets from two different host computers that relate to a same set of flows between a same set of source machines and a same set of destination machines. The appliance merges the two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two identified attribute sets, in some embodiments.