-
公开(公告)号:US11140090B2
公开(公告)日:2021-10-05
申请号:US16520238
申请日:2019-07-23
Applicant: VMware, Inc.
Inventor: Rajiv Mordani , Arnold Poon , Aditi Vutukuri , Anita Lu , Ming Wen
IPC: H04L12/891 , H04L12/26 , H04L12/851
Abstract: Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule.
-
公开(公告)号:US20160224789A1
公开(公告)日:2016-08-04
申请号:US14611006
申请日:2015-01-30
Applicant: VMware, Inc.
Inventor: Azeem Feroz , Rahul Mathias Madan , Arnold Poon , Aditi Vutukuri
CPC classification number: G06F21/566 , G06F9/45558 , G06F21/53 , G06F21/561 , G06F21/575 , G06F2009/45587 , G06F2221/034
Abstract: Aspects of the present invention include hypervisor based security using a hypervisor to monitor a VM. In embodiments of the present invention, the information gathered by the hypervisor in the monitoring is compared against a reference image to determine if there are possible rootkits present on the VM. If there are potential rootkits, the VM can be quarantined.
Abstract translation: 本发明的方面包括使用管理程序监视VM的基于虚拟机管理程序的安全性。 在本发明的实施例中,将监视中的管理程序收集的信息与参考图像进行比较,以确定VM上是否存在可能的rootkit。 如果有潜在的rootkit,则VM可以被隔离。
-
公开(公告)号:US11522835B2
公开(公告)日:2022-12-06
申请号:US16027086
申请日:2018-07-03
Applicant: VMware, Inc.
Inventor: Arijit Chanda , Sirisha Myneni , Arnold Poon , Kausum Kumar , Dhivya Srinivasan
IPC: H04L29/06 , H04L9/40 , H04L41/5041 , H04L65/1033 , G06F9/455
Abstract: A system and method for performing firewall operations on an edge service gateway virtual machine that monitors traffic for a network. The method includes detecting, from a directory service executing on a computing device, a login event on the computing device, obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event, storing the login event information as one or more context attributes in an attribute table, and applying a firewall rule to a data message that corresponds to the one or more context attributes.
-
公开(公告)号:US20220261330A1
公开(公告)日:2022-08-18
申请号:US17734250
申请日:2022-05-02
Applicant: VMware, Inc.
Inventor: Laxmikant Vithal Gunda , Arnold Poon , Farzad Ghannadian
Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Some embodiments collect, each time a request for a new data message flow is initiated, a set of contextual attributes (i.e., context data) associated with the requested new data message flow. The method, in some embodiments, generates a correlation data set and provides the correlation data set to be included in flow data regarding the requested data message flow to be used by the analysis appliance to correlate context data and flow data received as separate data sets from multiple host computers.
-
公开(公告)号:US11184327B2
公开(公告)日:2021-11-23
申请号:US16028347
申请日:2018-07-05
Applicant: VMware, Inc.
Inventor: Tori Chen , Sirisha Myneni , Arijit Chanda , Arnold Poon , Farzad Ghannadian , Venkat Rajagopalan
Abstract: Some embodiments of the invention provide a novel architecture for providing context-aware middlebox services at the edge of a physical datacenter. In some embodiments, the middlebox service engines run in an edge host (e.g., an NSX Edge) that provides routing services and connectivity to external networks (e.g., networks external to an NSX-T deployment). Some embodiments use a novel architecture for capturing contextual attributes on host computers that execute one or more machines and providing the captured contextual attributes to context-aware middlebox service engines providing the context-aware middlebox services. In some embodiments, a context header insertion processor uses contextual attributes to generate a header including data regarding the contextual attributes (a “context header”) that is used to encapsulate a data message that is processed by the SFE and sent to the context-aware middlebox service engine.
-
Patent Agency Ranking
公开(公告)号:US11086700B2
公开(公告)日:2021-08-10
申请号:US16112408
申请日:2018-08-24
Applicant: VMware, Inc.
Inventor: Sirisha Myneni , Arijit Chanda , Laxmikant Vithal Gunda , Arnold Poon , Farzad Ghannadian , Kausum Kumar
Abstract: A simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. These manifests are application specific. Also, in some cases, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.
-
公开(公告)号:US20200065166A1
公开(公告)日:2020-02-27
申请号:US16112408
申请日:2018-08-24
Applicant: VMware, Inc.
Inventor: Sirisha Myneni , Arijit Chanda , Laxmikant Vithal Gunda , Arnold Poon , Farzad Ghannadian , Kausum Kumar
Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.
-
公开(公告)号:US20200014662A1
公开(公告)日:2020-01-09
申请号:US16027086
申请日:2018-07-03
Applicant: VMware, Inc.
Inventor: Arijit Chanda , Sirisha Myneni , Arnold Poon , Kausum Kumar , Dhivya Srinivasan
Abstract: A system and method for performing firewall operations on an edge service gateway virtual machine that monitors traffic for a network. The method includes detecting, from a directory service executing on a computing device, a login event on the computing device, obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event, storing the login event information as one or more context attributes in an attribute table, and applying a firewall rule to a data message that corresponds to the one or more context attributes.
-
公开(公告)号:US11176157B2
公开(公告)日:2021-11-16
申请号:US16520227
申请日:2019-07-23
Applicant: VMware, Inc.
Inventor: Rajiv Mordani , Arnold Poon , Aditi Vutukuri , Vinith Podduturi
Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, identifies at least two received attribute sets from two different host computers that relate to a same set of flows between a same set of source machines and a same set of destination machines. The appliance merges the two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two identified attribute sets, in some embodiments.
-
公开(公告)号:US10999220B2
公开(公告)日:2021-05-04
申请号:US16028342
申请日:2018-07-05
Applicant: VMware, Inc.
Inventor: Tori Chen , Sirisha Myneni , Arijit Chanda , Arnold Poon , Farzad Ghannadian , Venkat Rajagopalan
IPC: H04L29/06 , G06F9/445 , H04L12/931 , H04L12/741 , H04L12/24 , H04L12/721 , G06F9/455 , H04L12/803 , H04L12/46
Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines and providing the captured contextual attributes to middlebox service engines executing at the edge of a physical datacenter. In some embodiments, the middlebox service engines run in an edge host (e.g., an NSX Edge) that provides routing services and connectivity to external networks (e.g., networks external to an NSX-T deployment). Some embodiments execute a context header insertion processor that receives contextual attributes relating to network events and/or process events on the machines collected using a guest-introspection (GI) agent on each machine. In some embodiments, the context header insertion processor uses these contextual attributes to generate a header including data regarding the contextual attributes (a “context header”) that is used to encapsulate a data message that is processed by the SFE.
-
-
-
-
-
-
-
-
-
Search Results
22
records
(took 0.014 seconds)
