公开(公告)号：US20220070139A1

公开(公告)日：2022-03-03

申请号：US17371490

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Daniel G. WING ,  Dexiang WANG ,  Nidheesh DUBEY

IPC: H04L29/12 ,  H04L29/06 ,  H04L9/08 ,  G06F9/455 ,  H04L29/08 ,  H04L12/46

Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

公开(公告)号：US20220006734A1

公开(公告)日：2022-01-06

申请号：US16920765

申请日：2020-07-06

Applicant: VMware, Inc.

Inventor： Yong WANG ,  Dexiang WANG ,  Xinhua HONG ,  Jia YU

IPC: H04L12/713 ,  H04L12/717 ,  H04L29/06 ,  H04L29/08 ,  H04L12/46 ,  G06F9/455

Abstract: Example methods and computer systems for encapsulated fragmented packet handling. One example may comprise a first computer system detecting an egress packet that requires fragmentation and determining an outer connectionless transport layer value based on content of an inner transport layer header of the egress packet. The first computer system may generate a first encapsulated fragmented packet that includes a first fragment of the inner payload, the inner transport layer header and a first outer header specifying the outer connectionless transport layer value; and a second encapsulated fragmented packet that includes a second fragment of the inner payload and a second outer header specifying the outer connectionless transport layer value. The first encapsulated fragmented packet and the second encapsulated fragmented packet may be forwarded towards a second computer system to cause receive-side processing based on the outer connectionless transport layer value.

公开(公告)号：US20200019698A1

公开(公告)日：2020-01-16

申请号：US16032349

申请日：2018-07-11

Applicant: VMware, Inc.

Inventor： Zhen MO ,  Dexiang WANG ,  Bin ZAN ,  Vijay GANTI ,  Amit CHOPRA

IPC: G06F21/55 ,  G06F21/57 ,  G06F9/455

Abstract: A virtual computing instance (VCI) is protected against security threats by a security manager, monitoring a behavior of a VCI over an observation period. The method further includes, storing by the security manager a digital profile in a first database, wherein the digital profile comprises information indicative of the behavior. The method further includes, accessing by a detection system, the digital profile from the first database, and accessing by the detection system, an intended state associated with VCI, wherein the intended state comprises information indicative of a behavior from a second VCI. The method further includes, comparing at least part of the digital profile to the at least part of the intended state. The method further includes, determining by the detection system, that the VCI contains a security threat when information indicative of a behavior in the digital profile is an outlier.