公开(公告)号：US20200186534A1

公开(公告)日：2020-06-11

申请号：US16213545

申请日：2018-12-07

Applicant: VMware, Inc.

Inventor： Arijit CHANDA ,  Venkat RAJAGOPALAN ,  Rajiv MORDANI ,  Arnold POON ,  Rajiv KRISHNAMURTHY ,  Farzad GHANNADIAN ,  Sirisha MYNENI

IPC: H04L29/06

Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.

公开(公告)号：US20200036608A1

公开(公告)日：2020-01-30

申请号：US16045108

申请日：2018-07-25

Applicant: VMware, Inc.

Inventor： Arijit CHANDA ,  Nafisa MANDLIWALA

IPC: H04L12/26 ,  H04L29/06

Abstract: Example methods are provided for a first host to perform context-aware network mapping a software-defined networking (SDN) environment. One example method may comprise: detecting multiple packet flows that include an egress packet flow originating from a first endpoint and destined for a second host, and an ingress packet flow originating from a second host or a third host and destined for the first endpoint or a second endpoint. The method may also comprise: in response to detecting the egress packet flow, obtaining first packet flow information and first context information; in response to detecting the ingress packet flow, obtaining second packet header information and second context information; and generating network map information that identifies the egress packet flow based on the first packet flow information and first context information, and the ingress packet flow based on the second packet flow information and second context information.