公开(公告)号：US20200296078A1

公开(公告)日：2020-09-17

申请号：US16352577

申请日：2019-03-13

Applicant: VMware, Inc.

Inventor： Jingmin Zhou ,  David Lorenzo ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: H04L29/06 ,  G06F9/455 ,  G06F16/901

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

公开(公告)号：US10735541B2

公开(公告)日：2020-08-04

申请号：US16207031

申请日：2018-11-30

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Rick Lund ,  Mike Parsa ,  Brenden Blanco ,  Anirban Sengupta

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/455

Abstract: In some embodiments, a first proxy is instantiated on the first computing device. and receives packets that are intercepted by a hypervisor. The packets are sent between a workload and another device and the proxy includes a first session between the proxy and the another device and a second session between the proxy and the workload. State information is extracted for the packets that are sent in the first session or the second session at the first proxy and the state information is stored. The first computing device migrates the workload to a second computing device. When the workload is migrated to the second computing device, the state information for the workload is migrated to a second proxy that is instantiated on the second computing device. The second proxy then resumes the first session with the another device and the second session with the proxy using the state information.

公开(公告)号：US09923786B2

公开(公告)日：2018-03-20

申请号：US15043958

申请日：2016-02-15

Applicant: VMware, Inc.

Inventor： Subrahmanyam Manuguri ,  Anirban Sengupta ,  Andre Khan

IPC: H04J3/16 ,  H04L12/24

CPC classification number: H04L41/5058 ,  H04L41/12 ,  Y02D30/30

Abstract: A system and method for performing a service discovery on a distributed computer system includes obtaining information of a service that is provided by a host computer in the distributed computer system and embedding the information into a Link Layer Discovery Protocol (LLDP) data frame to be transmitted from the host computer to another component of the distributed computer system.

公开(公告)号：US20230131464A1

公开(公告)日：2023-04-27

申请号：US18088620

申请日：2022-12-26

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Jingmin Zhou ,  Sushruth Gopal ,  Anirban Sengupta ,  Sirisha Myneni

IPC: H04L9/40 ,  G06F16/901 ,  G06F9/54 ,  G06F9/455

Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity. For instance, in some embodiments, the IDS engine identifies one rule in the identified subset of IDS rules as matching the received data message, and then processes this rule to determine whether the data message is associated with an intrusion.

公开(公告)号：US11544375B2

公开(公告)日：2023-01-03

申请号：US16718174

申请日：2019-12-17

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Nafisa Mandliwala ,  Subrahmanyam Manuguri ,  Anirban Sengupta

IPC: G06F21/55 ,  G06N5/04 ,  G06N20/00

Abstract: File events are correlated with intrusion detection alerts for corrective action. A monitoring component receives file events from a thin agent. An analysis component analyzes the file events and metadata obtained from the intrusion detection alerts, such as attack type or file name, to correlate a set of file events to at least one detected action (intrusion) described in the alert. A recommendation component identifies one or more options, including one or more corrective actions, which are applicable for remediating the alert. The set of options includes a recommended action from two or more possible corrective actions. The set of options are output or displayed to the user. The user selects which option/action to perform in response to the alert. In some examples, an automatic response is performed without user selection with respect to selected types of alerts, detected action(s), selected file(s) or other user-generated criteria.

公开(公告)号：US20210218758A1

公开(公告)日：2021-07-15

申请号：US16739572

申请日：2020-01-10

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Jingmin Zhou ,  Sushruth Gopal ,  Anirban Sengupta ,  Sirisha Myneni

IPC: H04L29/06 ,  G06F16/901 ,  G06F9/455 ,  G06F9/54

Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity. For instance, in some embodiments, the IDS engine identifies one rule in the identified subset of IDS rules as matching the received data message, and then processes this rule to determine whether the data message is associated with an intrusion.

公开(公告)号：US09807021B2

公开(公告)日：2017-10-31

申请号：US14968890

申请日：2015-12-14

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Debashis Basak ,  Serge Maskalik ,  Weiqing Wu ,  Aravind Srinivasan ,  Todd Sabin

IPC: H04L29/12 ,  H04L29/06 ,  H04L12/813 ,  H04L29/08

CPC classification number: H04L47/20 ,  H04L61/2514 ,  H04L63/0218 ,  H04L63/0263 ,  H04L67/1002

Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

公开(公告)号：US20160269252A1

公开(公告)日：2016-09-15

申请号：US15043958

申请日：2016-02-15

Applicant: VMware, Inc.

Inventor： Subrahmanyam Manuguri ,  Anirban Sengupta ,  Andre Khan

IPC: H04L12/24

CPC classification number: H04L41/5058 ,  H04L41/12 ,  Y02D30/30

Abstract: A system and method for performing a service discovery on a distributed computer system includes obtaining information of a service that is provided by a host computer in the distributed computer system and embedding the information into a Link Layer Discovery Protocol (LLDP) data frame to be transmitted from the host computer to another component of the distributed computer system.

Abstract translation: 一种用于在分布式计算机系统上执行服务发现的系统和方法包括：获得由分布式计算机系统中的主计算机提供的服务的信息，并将该信息嵌入到要发送的链路层发现协议（LLDP）数据帧中 从主机到分布式计算机系统的另一个组件。

公开(公告)号：US20150263974A1

公开(公告)日：2015-09-17

申请号：US14205121

申请日：2014-03-11

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Weiqing Wu

IPC: H04L12/863 ,  H04L12/801

CPC classification number: H04L47/621 ,  H04L47/36 ,  H04L47/82

Abstract: A network interface controller (NIC) that includes a set of receive NIC queues capable of performing large receive offload (LRO) operations by aggregating incoming receive packets is provided. Each NIC queue turns on or off its LRO operation based a set of LRO enabling rules or parameters, whereby only packets that meet the set of rules or parameters will be aggregated in the NIC queue. Each NIC queue is controlled by its own set of LRO enabling rules such that the LRO operations of the different NIC queues can be individually controlled.

Abstract translation: 提供了一种网络接口控制器（NIC），其包括能够通过聚合传入的接收分组来执行大的接收卸载（LRO）操作的一组接收NIC队列。 每个NIC队列基于一组LRO使能规则或参数来打开或关闭其LRO操作，从而只有满足规则或参数集合的数据包将被聚合在NIC队列中。 每个NIC队列由其自己的一组LRO启用规则控制，使得可以单独控制不同NIC队列的LRO操作。

公开(公告)号：US20150261556A1

公开(公告)日：2015-09-17

申请号：US14205143

申请日：2014-03-11

Applicant: VMware, Inc.

Inventor： Jayant Jain ,  Anirban Sengupta ,  Weiqing Wu

IPC: G06F9/455 ,  H04L12/931

CPC classification number: G06F9/45558 ,  G06F2009/45595 ,  H04L49/70

Abstract: A network interface controller (NIC) that includes a set of receive NIC queues capable of performing large receive offload (LRO) operations by aggregating incoming receive packets is provided. Each NIC queue turns on or off its LRO operation based a set of LRO enabling rules or parameters, whereby only packets that meet the set of rules or parameters will be aggregated in the NIC queue. Each NIC queue is controlled by its own set of LRO enabling rules such that the LRO operations of the different NIC queues can be individually controlled.