公开(公告)号：US11601474B2

公开(公告)日：2023-03-07

申请号：US17103700

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Nikhil Bokare ,  Mayur Dhas ,  Shailesh Makhijani ,  Rushikesh Wagh ,  Shrinivas Sharad Parashar ,  Vaibhav Bhandari

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/455 ,  H04L12/46 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/586 ,  H04L49/00 ,  H04L67/10 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64

Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.

公开(公告)号：US11343227B2

公开(公告)日：2022-05-24

申请号：US17103708

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/10 ,  H04L45/586 ,  H04L49/00

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a plurality of sites. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifying a first set of the sites at which to deploy the application. Based on the definition of the application, the method assigns the application to a set of security zones defined for the virtual infrastructure. Each respective security zone is restricted to a respective set of the sites. The method deploys the application in a second set of sites based on the first set of sites and the sets of sites to which the set of security zones are restricted.

公开(公告)号：US20220103598A1

公开(公告)日：2022-03-31

申请号：US17103700

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Nikhil Bokare ,  Mayur Dhas ,  Shailesh Makhijani ,  Rushikesh Wagh ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  G06F9/455

Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.

公开(公告)号：US20220329603A1

公开(公告)日：2022-10-13

申请号：US17333072

申请日：2021-05-28

Applicant: VMWARE, Inc.

Inventor： BHAGYASHREE GUJAR ,  Sachin Mohan Vaidya ,  Ujwala Kawalay ,  Anand Loni ,  Prayas Gaurav

IPC: H04L29/06

Abstract: The disclosure provides an approach for managing group membership in a multi-site networking environment. Embodiments include receiving, at a local management component on a networking site of a plurality of networking sites, from a global management component associated with the plurality of networking sites, a definition of a group. Embodiments include determining, by the local management component on the networking site, based on the definition, that the group comprises a networking object with a span that does not include the networking site. Embodiments include storing, by the local management component on the networking site, in a data structure, a reference to the networking object in association with the group, wherein the networking object is excluded from a determination of local membership of the group on the networking site.

公开(公告)号：US20220103514A1

公开(公告)日：2022-03-31

申请号：US17103708

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  H04L12/931 ,  H04L12/713 ,  H04L29/08

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a plurality of sites. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifying a first set of the sites at which to deploy the application. Based on the definition of the application, the method assigns the application to a set of security zones defined for the virtual infrastructure. Each respective security zone is restricted to a respective set of the sites. The method deploys the application in a second set of sites based on the first set of sites and the sets of sites to which the set of security zones are restricted.

公开(公告)号：US11277309B2

公开(公告)日：2022-03-15

申请号：US16945727

申请日：2020-07-31

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Mayur Dhas ,  Naveen Ramaswamy ,  Pavlush Margarian ,  Hamza Aharchaou

IPC: G06F15/173 ,  H04L41/08 ,  H04L41/0806 ,  H04L67/10

Abstract: Some embodiments of the invention provide a method for deploying software-implemented resources in a software defined datacenter (SDDC). The method initially receives a hierarchical API command that, in a declarative format, specifies several operation requests for several software-defined (SD) resources at several resource levels of a resource hierarchy in the SDDC. The method parses the API command to identify the SD resources at the plurality of resource levels. Based on the parsed API command, the method deploys the SD resources by using a deployment process that ensures that any first SD resource on which a second SD resource depends is deployed before the second resource. In some embodiments, a second SD resource depends on a first SD resource when the second SD resource is a child of the first SD resource. Alternatively, or conjunctively, a second SD resource can also depend on a first SD resource in some embodiments when the second SD resource has some operational dependency on the first SD resource. In some embodiments, the method parses the API command by identifying several sets of SD resources, with each set having one or more SD resources at one resource level. The deployment in some embodiments deploys the identified SD resource sets at higher resource levels before deploying SD resources at lower resource levels.

公开(公告)号：US20210165695A1

公开(公告)日：2021-06-03

申请号：US17176191

申请日：2021-02-16

Applicant: VMware, Inc.

Inventor： Amarnath Palavalli ,  Sachin Mohan Vaidya ,  Pavlush Margarian

IPC: G06F9/50 ,  H04L29/06 ,  H04L29/08

Abstract: Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

公开(公告)号：US10942788B2

公开(公告)日：2021-03-09

申请号：US16200678

申请日：2018-11-27

Applicant: VMWARE, INC.

Inventor： Amarnath Palavalli ,  Sachin Mohan Vaidya ,  Pavlush Margarian

IPC: G06F15/173 ,  G06F9/50 ,  H04L29/08 ,  H04L29/06

Abstract: Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

公开(公告)号：US11757940B2

公开(公告)日：2023-09-12

申请号：US17103706

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Jayant Jain ,  Shadab Shah ,  Anirban Sengupta

IPC: H04L9/40 ,  G06F9/455 ,  H04L12/46 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/586 ,  H04L49/00 ,  H04L67/10 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64

CPC classification number: H04L63/20 ,  G06F9/455 ,  G06F9/45558 ,  H04L12/4641 ,  H04L12/66 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/42 ,  H04L45/586 ,  H04L45/64 ,  H04L49/70 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/10 ,  H04L67/10 ,  G06F2009/45595

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.

公开(公告)号：US20220200865A1

公开(公告)日：2022-06-23

申请号：US17692634

申请日：2022-03-11

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Mayur Dhas ,  Naveen Ramaswamy ,  Pavlush Margarian ,  Hamza Aharchaou

IPC: H04L41/08 ,  H04L41/0806

Abstract: Some embodiments of the invention provide a method for deploying software-implemented resources in a software defined datacenter (SDDC). The method initially receives a hierarchical API command that, in a declarative format, specifies several operation requests for several software-defined (SD) resources at several resource levels of a resource hierarchy in the SDDC. The method parses the API command to identify the SD resources at the plurality of resource levels. Based on the parsed API command, the method deploys the SD resources by using a deployment process that ensures that any first SD resource on which a second SD resource depends is deployed before the second resource. In some embodiments, a second SD resource depends on a first SD resource when the second SD resource is a child of the first SD resource. Alternatively, or conjunctively, a second SD resource can also depend on a first SD resource in some embodiments when the second SD resource has some operational dependency on the first SD resource. In some embodiments, the method parses the API command by identifying several sets of SD resources, with each set having one or more SD resources at one resource level. The deployment in some embodiments deploys the identified SD resource sets at higher resource levels before deploying SD resources at lower resource levels.