公开(公告)号：US09420004B2

公开(公告)日：2016-08-16

申请号：US14220185

申请日：2014-03-20

Applicant: VMWARE, INC.

Inventor： Amol Palshikar ,  Sachin Mohan Vaidya ,  Prayas Gaurav ,  Nikhil Bokare

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for grouping virtual machine (VM) objects for networking and security services in a virtualized computing system are described. In one example embodiment, VM attributes and identity attributes are obtained from a virtual center and an identity server, respectively. One or more desired security groups are then formed based on security requirements of the virtualized computing system. A user defined dynamic expression is then associated with the one or more security groups. One or more expression attributes are then determined by evaluating the user defined dynamic expression using the obtained VM attributes and identity attributes. VM objects are then grouped based on the determined one or more expression attributes. The grouped VM objects are then associated with the created one or more security groups for providing the networking and security services.

Abstract translation: 描述了在虚拟化计算系统中对用于网络和安全服务的虚拟机（VM）对象进行分组的技术。 在一个示例实施例中，VM属性和身份属性分别从虚拟中心和身份服务器获得。 然后基于虚拟化计算系统的安全性要求形成一个或多个期望的安全组。 然后，用户定义的动态表达式与一个或多个安全组相关联。 然后通过使用获得的VM属性和身份属性评估用户定义的动态表达式来确定一个或多个表达属性。 然后基于所确定的一个或多个表达属性对VM对象进行分组。 然后将分组的VM对象与所创建的一个或多个安全组相关联，以提供网络和安全服务。

公开(公告)号：US20140351396A1

公开(公告)日：2014-11-27

申请号：US13899549

申请日：2013-05-21

Applicant: VMware, Inc.

Inventor： James Joseph Stabile ,  Debashis Basak ,  Amol Palshikar ,  Sachin Thakkar

IPC: H04L12/24

CPC classification number: H04L41/044 ,  G06F9/45558 ,  H04L29/08 ,  H04L41/12 ,  H04L43/0817 ,  H04L43/10 ,  H04L51/04 ,  H04L67/1095

Abstract: Some embodiments provide a network system that includes several host machines for hosting virtual machines, divided into several different domains. The network system includes several local domain management servers. A first local domain management server of a first domain is for (i) initiating creation of a set of distributed virtual switch ports associated with a particular logical network identifier on a host machine within its domain and (ii) attaching a first virtual machine on the host machine to a created port associated with the particular logical network identifier in order for the first virtual machine to send traffic over the logical network. The network system includes a second level management server for coordinating the use of logical network identifiers between multiple different logical domain management servers in order for the first virtual machine to communicate via the logical network with a second virtual machine in a second domain.

Abstract translation: 一些实施例提供一种网络系统，其包括用于托管虚拟机的几台主机，分为几个不同的域。 网络系统包括几个本地域管理服务器。 第一域的第一本地域管理服务器用于（i）发起与其域内的主机上的特定逻辑网络标识符相关联的一组分布式虚拟交换机端口的创建，以及（ii）在第一域上附加第一虚拟机 主机到与特定逻辑网络标识符相关联的创建端口，以便第一虚拟机通过逻辑网络发送流量。 网络系统包括第二级管理服务器，用于协调多个不同逻辑域管理服务器之间的逻辑网络标识符的使用，以使第一虚拟机通过逻辑网络与第二域中的第二虚拟机进行通信。

公开(公告)号：US09432215B2

公开(公告)日：2016-08-30

申请号：US13899549

申请日：2013-05-21

Applicant: VMware, Inc.

Inventor： James Joseph Stabile ,  Debashis Basak ,  Amol Palshikar ,  Sachin Thakkar

IPC: G06F15/173 ,  H04L12/58 ,  H04L12/24 ,  G06F9/455 ,  H04L29/08 ,  H04L12/26

CPC classification number: H04L41/044 ,  G06F9/45558 ,  H04L29/08 ,  H04L41/12 ,  H04L43/0817 ,  H04L43/10 ,  H04L51/04 ,  H04L67/1095

Abstract: Some embodiments provide a network system that includes several host machines for hosting virtual machines, divided into several different domains. The network system includes several local domain management servers. A first local domain management server of a first domain is for (i) initiating creation of a set of distributed virtual switch ports associated with a particular logical network identifier on a host machine within its domain and (ii) attaching a first virtual machine on the host machine to a created port associated with the particular logical network identifier in order for the first virtual machine to send traffic over the logical network. The network system includes a second level management server for coordinating the use of logical network identifiers between multiple different logical domain management servers in order for the first virtual machine to communicate via the logical network with a second virtual machine in a second domain.

Abstract translation: 一些实施例提供一种网络系统，其包括用于托管虚拟机的几台主机，分为几个不同的域。 网络系统包括几个本地域管理服务器。 第一域的第一本地域管理服务器用于（i）发起与其域内的主机上的特定逻辑网络标识符相关联的一组分布式虚拟交换机端口的创建，以及（ii）在第一域上附加第一虚拟机 主机到与特定逻辑网络标识符相关联的创建端口，以便第一虚拟机通过逻辑网络发送流量。 网络系统包括第二级管理服务器，用于协调多个不同逻辑域管理服务器之间的逻辑网络标识符的使用，以使第一虚拟机通过逻辑网络与第二域中的第二虚拟机进行通信。