-
公开(公告)号:US11106480B2
公开(公告)日:2021-08-31
申请号:US16258016
申请日:2019-01-25
Applicant: VMware, Inc.
Inventor: Bin Wang , Aditi Vutukuri , Lan Luo , Margaret Petrus
Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve containerized application visibility. An example apparatus includes a container application manager to build an inventory of the containerized application, the containerized application including a virtual machine, the virtual machine hosting one or more containers, and a network topology builder to invoke a virtual machine agent of the virtual machine to obtain network traffic events from the one or more containers to generate network topology information associated with the containerized application based on the inventory, generate a network topology for the containerized application based on the network topology information, build the visualization based on the network topology, the visualization including the inventory and the network topology information, and launch a user interface to display the visualization to execute one or more computing tasks.
-
公开(公告)号:US20230239306A1
公开(公告)日:2023-07-27
申请号:US17582943
申请日:2022-01-24
Applicant: VMware, Inc.
Inventor: Karen Hayrapetyan , Sunitha Krishna , Nikash Walia , Margaret Petrus
CPC classification number: H04L63/104 , G06N20/00 , G06F16/2365
Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.
-
公开(公告)号:US20230011957A1
公开(公告)日:2023-01-12
申请号:US17372271
申请日:2021-07-09
Applicant: VMware, Inc.
Inventor: Tejas Sanjeev Panse , Aditi Vutukuri , Arnold Koon-Chee Poon , Rajiv Mordani , Margaret Petrus
IPC: H04L29/06
Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method receives a set of connections between a set of DCNs in the datacenter over a particular time period. The set of DCNs includes at least a first DCN at which a first anomalous event was detected. The method analyzes a set of detected anomalous events to identify additional anomalous events detected at other DCNs in the set of DCNs during the particular time period. Based on the first anomalous event and identified additional anomalous events, the method determines whether the anomalous events indicate a threat to the datacenter.
-
公开(公告)号:US11265316B2
公开(公告)日:2022-03-01
申请号:US16998371
申请日:2020-08-20
Applicant: VMware, Inc.
Inventor: Ming Wen , Edilmo Palencia , Russell Lu , Laxmikant Vithal Gunda , Margaret Petrus
IPC: H04L29/06
Abstract: The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance and providing the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager. Embodiments include adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store and providing, by the network manager, a network manager certificate to the node of the monitoring appliance. Embodiments include adding, by the node of the monitoring appliance, the network manager certificate to a second trust store.
-
公开(公告)号:US20160226678A1
公开(公告)日:2016-08-04
申请号:US14961801
申请日:2015-12-07
Applicant: VMware, Inc.
Inventor: Thayumanavan Sridhar , Margaret Petrus , Mallik Mahalingam
IPC: H04L12/46
CPC classification number: H04L12/4641 , H04L12/413 , H04L12/4633 , H04L12/66 , H04L45/74 , H04L61/103 , H04L61/2007 , H04L61/6022 , H04L69/324
Abstract: The disclosure herein describes a virtual extensible local area network (VXLAN) gateway. During operation, the VXLAN gateway receives, from a physical host, an Ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. The VXLAN gateway then determines a VXLAN identifier for the received Ethernet packet. The VXLAN gateway further encapsulates the Ethernet packet with the virtual extensible local area network identifier and an Internet Protocol (IP) header, and forwards the encapsulated packet to an IP network, thereby allowing the packet to be transported to the virtual machine via the IP network and allowing the remote layer-2 network broadcast domain and the local layer-2 network broadcast domain to be part of a common layer-2 broadcast domain.
Abstract translation: 本文的公开内容描述了虚拟可扩展局域网(VXLAN)网关。 在运行期间,VXLAN网关从物理主机接收目的地为驻留在物理主机所在的本地二层网络广播域的远程二层网络广播域中的虚拟机的以太网数据包。 然后,VXLAN网关确定接收的以太网分组的VXLAN标识符。 VXLAN网关进一步封装具有虚拟可扩展局域网标识符和Internet协议(IP)头的以太网数据包,并将封装后的数据包转发到IP网络,从而允许数据包通过IP网络传输到虚拟机 并允许远程二层网络广播域和本地二层网络广播域成为公共第二层广播域的一部分。
-
Patent Agency Ranking
公开(公告)号:US09210079B2
公开(公告)日:2015-12-08
申请号:US13791264
申请日:2013-03-08
Applicant: VMware, Inc.
Inventor: Thayumanavan Sridhar , Margaret Petrus , Mallik Mahalingam
IPC: H04L12/741 , H04L12/413 , H04L12/46
CPC classification number: H04L12/4641 , H04L12/413 , H04L12/4633 , H04L12/66 , H04L45/74 , H04L61/103 , H04L61/2007 , H04L61/6022 , H04L69/324
Abstract: The disclosure herein describes a virtual extensible local area network (VXLAN) gateway. During operation, the VXLAN gateway receives, from a physical host, an Ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. The VXLAN gateway then determines a VXLAN identifier for the received Ethernet packet. The VXLAN gateway further encapsulates the Ethernet packet with the virtual extensible local area network identifier and an Internet Protocol (IP) header, and forwards the encapsulated packet to an IP network, thereby allowing the packet to be transported to the virtual machine via the IP network and allowing the remote layer-2 network broadcast domain and the local layer-2 network broadcast domain to be part of a common layer-2 broadcast domain.
Abstract translation: 本文的公开内容描述了虚拟可扩展局域网(VXLAN)网关。 在运行期间,VXLAN网关从物理主机接收目的地为驻留在物理主机所在的本地二层网络广播域的远程二层网络广播域中的虚拟机的以太网数据包。 然后,VXLAN网关确定接收的以太网分组的VXLAN标识符。 VXLAN网关进一步封装具有虚拟可扩展局域网标识符和Internet协议(IP)头的以太网数据包,并将封装后的数据包转发到IP网络,从而允许数据包通过IP网络传输到虚拟机 并允许远程二层网络广播域和本地二层网络广播域成为公共第二层广播域的一部分。
-
公开(公告)号:US20140092907A1
公开(公告)日:2014-04-03
申请号:US13791264
申请日:2013-03-08
Applicant: VMware, Inc.
Inventor: Thayumanavan Sridhar , Margaret Petrus
IPC: H04L12/741
CPC classification number: H04L12/4641 , H04L12/413 , H04L12/4633 , H04L12/66 , H04L45/74 , H04L61/103 , H04L61/2007 , H04L61/6022 , H04L69/324
Abstract: The disclosure herein describes a virtual extensible local area network (VXLAN) gateway. During operation, the VXLAN gateway receives, from a physical host, an Ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. The VXLAN gateway then determines a VXLAN identifier for the received Ethernet packet. The VXLAN gateway further encapsulates the Ethernet packet with the virtual extensible local area network identifier and an Internet Protocol (IP) header, and forwards the encapsulated packet to an IP network, thereby allowing the packet to be transported to the virtual machine via the IP network and allowing the remote layer-2 network broadcast domain and the local layer-2 network broadcast domain to be part of a common layer-2 broadcast domain.
Abstract translation: 本文的公开内容描述了虚拟可扩展局域网(VXLAN)网关。 在运行期间,VXLAN网关从物理主机接收目的地为驻留在物理主机所在的本地二层网络广播域的远程二层网络广播域中的虚拟机的以太网数据包。 然后,VXLAN网关确定接收的以太网分组的VXLAN标识符。 VXLAN网关进一步封装具有虚拟可扩展局域网标识符和Internet协议(IP)头的以太网数据包,并将封装后的数据包转发到IP网络,从而允许数据包通过IP网络传输到虚拟机 并允许远程二层网络广播域和本地二层网络广播域成为公共第二层广播域的一部分。
-
公开(公告)号:US11785032B2
公开(公告)日:2023-10-10
申请号:US17220550
申请日:2021-04-01
Applicant: VMware, Inc.
Inventor: Santhanakrishnan Kaliya Perumal , Tejas Sanjeev Panse , Aditi Vutukuri , Rajiv Mordani , Margaret Petrus
CPC classification number: H04L63/1425 , H04L63/20
Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives data indicating port usage for a particular time period for each of multiple destination data compute nodes (DCNs) executing on the host computers. For each DCN of a set of the destination DCNs, identifies whether the port usage for the particular time period deviates from a historical baseline port usage for the DCN. When the port usage for a particular DCN deviates from the historical baseline for the particular DCN, the method identifies the particular DCN as a target of a security threat.
-
公开(公告)号:US20230239204A1
公开(公告)日:2023-07-27
申请号:US17677039
申请日:2022-02-22
Applicant: VMware, Inc.
Inventor: Karen Hayrapetyan , Sunitha Krishna , Nikash Walia , Margaret Petrus
IPC: H04L41/0813 , H04L41/12 , H04L9/40
CPC classification number: H04L41/0813 , H04L41/12 , H04L63/104
Abstract: Systems and methods are described for recommending security groups using graph-based learning models. A server can create a network graph that illustrates network flows between devices in a network and security groups that the devices belong to. The network graph can include nodes that represent the devices and security groups. The server can apply a graph-based learning model to learn embeddings of the nodes and create vectors using the embeddings. Using vectors of two nodes, the server can calculate a vector that represents an edge between the two nodes. The server can apply a binary classifier determine whether the edge should exist. A “true” classification between two nodes can indicate that they should be able to communicate, and vice versa. A “true” classification between a device node and a security group node can indicate that the device should be assigned to the security group, and vice versa.
-
公开(公告)号:US20230131894A1
公开(公告)日:2023-04-27
申请号:US17507548
申请日:2021-10-21
Applicant: VMware, Inc.
Inventor: Tejas Sanjeev Panse , Aditi Vutukuri , Arnold Koon-Chee Poon , Rajiv Mordani , Margaret Petrus
IPC: H04L29/12
Abstract: Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.
-
-
-
-
-
-
-
-
-
Search Results
23
records
(took 0.017 seconds)
