公开(公告)号：US20210224179A1

公开(公告)日：2021-07-22

申请号：US16745248

申请日：2020-01-16

Applicant: VMware, Inc.

Inventor： Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian

IPC: G06F11/34 ,  G06F11/30 ,  G06F9/455

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Some embodiments collect, each time a request for a new data message flow is initiated, a set of contextual attributes (i.e., context data) associated with the requested new data message flow. The method, in some embodiments, generates a correlation data set and provides the correlation data set to be included in flow data regarding the requested data message flow to be used by the analysis appliance to correlate context data and flow data received as separate data sets from multiple host computers.

公开(公告)号：US20200065080A1

公开(公告)日：2020-02-27

申请号：US16112396

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F8/60 ,  H04L29/08 ,  H04L29/06 ,  H04L29/12 ,  G06F17/27 ,  G06F9/54 ,  G06F9/455

Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

公开(公告)号：US11321213B2

公开(公告)日：2022-05-03

申请号：US16745248

申请日：2020-01-16

Applicant: VMware, Inc.

Inventor： Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian

IPC: G06F11/34 ,  G06F9/455 ,  G06F11/30

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Some embodiments collect, each time a request for a new data message flow is initiated, a set of contextual attributes (i.e., context data) associated with the requested new data message flow. The method, in some embodiments, generates a correlation data set and provides the correlation data set to be included in flow data regarding the requested data message flow to be used by the analysis appliance to correlate context data and flow data received as separate data sets from multiple host computers.

公开(公告)号：US11659026B2

公开(公告)日：2023-05-23

申请号：US16855305

申请日：2020-04-22

Applicant: VMware, Inc.

Inventor： Alok Tiagi ,  Farzad Ghannadian ,  Karen Hayrapetyan ,  Laxmikant Vithal Gunda ,  Sunitha Krishna ,  Ashot Aslanyan ,  Anirban Sengupta

IPC: H04L47/78 ,  H04L47/125 ,  G06K9/62 ,  H04L9/40 ,  H04L41/22 ,  H04L67/01

CPC classification number: H04L47/781 ,  G06K9/6257 ,  H04L41/22 ,  H04L47/125 ,  H04L63/20 ,  H04L67/01

Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.

公开(公告)号：US20220261330A1

公开(公告)日：2022-08-18

申请号：US17734250

申请日：2022-05-02

Applicant: VMware, Inc.

Inventor： Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian

IPC: G06F11/34 ,  G06F9/455 ,  G06F11/30

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Some embodiments collect, each time a request for a new data message flow is initiated, a set of contextual attributes (i.e., context data) associated with the requested new data message flow. The method, in some embodiments, generates a correlation data set and provides the correlation data set to be included in flow data regarding the requested data message flow to be used by the analysis appliance to correlate context data and flow data received as separate data sets from multiple host computers.

公开(公告)号：US11086700B2

公开(公告)日：2021-08-10

申请号：US16112408

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F9/54 ,  G06F8/60 ,  H04L29/06

Abstract: A simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. These manifests are application specific. Also, in some cases, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

公开(公告)号：US20200065166A1

公开(公告)日：2020-02-27

申请号：US16112408

申请日：2018-08-24

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F9/54 ,  G06F8/60

Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

公开(公告)号：US11265316B2

公开(公告)日：2022-03-01

申请号：US16998371

申请日：2020-08-20

Applicant: VMware, Inc.

Inventor： Ming Wen ,  Edilmo Palencia ,  Russell Lu ,  Laxmikant Vithal Gunda ,  Margaret Petrus

IPC: H04L29/06

Abstract: The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance and providing the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager. Embodiments include adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store and providing, by the network manager, a network manager certificate to the node of the monitoring appliance. Embodiments include adding, by the node of the monitoring appliance, the network manager certificate to a second trust store.

公开(公告)号：US20210365308A1

公开(公告)日：2021-11-25

申请号：US17397936

申请日：2021-08-09

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Koon-Chee Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F9/54 ,  G06F8/60

Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.