公开(公告)号：US20220239675A1

公开(公告)日：2022-07-28

申请号：US17220553

申请日：2021-04-01

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Santhanakrishnan Kaliya Perumal ,  Aditi Vutukuri ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives attribute sets for multiple flows. Each respective attribute set for a respective flow includes at least (i) a source identifier for the respective flow and (ii) an indicator as to whether the respective flow is indicative of the source of the respective flow being a security threat. For each of multiple source identifiers, the method aggregates the received attribute sets to generate an aggregate attribute set for the source identifier that includes a combined measurement of security threat indicators. For a particular source identifier, the method adjusts a security threat likelihood score for the source corresponding to the particular source identifier based on the combined measurement of security threat indicators for the source identifier.

公开(公告)号：US11093288B2

公开(公告)日：2021-08-17

申请号：US16440702

申请日：2019-06-13

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Suket Gakhar ,  Anant Kumar ,  Lakshmi Narasimhan

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/445 ,  G06F8/60

Abstract: Systems and methods herein can provide virtual resource management for hyper-converged infrastructures. In an example, a method can include identifying an overloaded cluster requesting at least one resource, the overloaded cluster including a hypervisor on a virtual machine. The method can further include identifying an additional cluster having a free resource corresponding to the requested resource. The method can include instantiating a nested host on the additional cluster, the nested host being configured to provide the free resource and the nested hosted comprising an additional hypervisor that manages an additional virtual machine. Further, the method can include registering the nested host with the overloaded cluster such that the overloaded cluster is authorized to use the free resource.

公开(公告)号：US11025453B2

公开(公告)日：2021-06-01

申请号：US15934027

申请日：2018-03-23

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse

IPC: H04L12/46 ,  H04L12/24 ,  G06F9/455

Abstract: Outside-of-network management of a component in a virtual data center using a remote display on a HMS is disclosed. A computing device, outside of the virtual data center network, requests access to a host JNLP file for a host on the component. After receiving the request, the host provides the host JNLP file to the HMS. The HMS initiates a web based application, opens a port for access to the application, and provides the port information to a WebService within the virtual data center network. The WebService opens a port that the computing device can use to access the WebService and provides the webService port information and the HMS port information to the computing device. The computing device uses a browser to remotely manage the component via the port information and the application operating on the HMS.

公开(公告)号：US20240037475A1

公开(公告)日：2024-02-01

申请号：US17875356

申请日：2022-07-27

Applicant: VMware, Inc.

Inventor： Minjal Agarwal ,  Vinith Podduturi ,  Tejas Sanjeev Panse ,  Sonam Sinha

IPC: G06Q10/06

CPC classification number: G06Q10/0635

Abstract: Some embodiments provide a novel method for monitoring health of logical networks. For a logical network including multiple LFEs, a health analytics manager identifies a set of one or more metrics associated with each LFE in the logical network. The health analytics manager uses the set of metrics to compute a health score for the logical network. Then, the health analytics manager provides the health score in a report to provide an indication regarding the monitored health of the logical network. In some embodiments, at least one LFE is implemented by multiple PFEs, and the set of metrics includes metrics associated with each of the PFEs implementing the at least one LFE.

公开(公告)号：US11831667B2

公开(公告)日：2023-11-28

申请号：US17372268

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416 ,  H04L63/168

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.

公开(公告)号：US20230011043A1

公开(公告)日：2023-01-12

申请号：US17372268

申请日：2021-07-09

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Arnold Koon-Chee Poon ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.

公开(公告)号：US20220239683A1

公开(公告)日：2022-07-28

申请号：US17220550

申请日：2021-04-01

Applicant: VMware, Inc.

Inventor： Santhanakrishnan Kaliya Perumal ,  Tejas Sanjeev Panse ,  Aditi Vutukuri ,  Rajiv Mordani ,  Margaret Petrus

IPC: H04L29/06

Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives data indicating port usage for a particular time period for each of multiple destination data compute nodes (DCNs) executing on the host computers. For each DCN of a set of the destination DCNs, identifies whether the port usage for the particular time period deviates from a historical baseline port usage for the DCN. When the port usage for a particular DCN deviates from the historical baseline for the particular DCN, the method identifies the particular DCN as a target of a security threat.

公开(公告)号：US11231951B2

公开(公告)日：2022-01-25

申请号：US16285264

申请日：2019-02-26

Applicant: VMWARE, INC.

Inventor： Tejas Sanjeev Panse ,  Suket Gakhar ,  Anant Kumar ,  Lakshmi Narasimhan

IPC: G06F9/455 ,  G06F8/65

Abstract: In a computer-implemented method for upgrading a fault tolerant hyper-converged infrastructure in an environment with no additional physical infrastructure, a workload domain having a plurality of hosts is chosen for an upgrade. One or more conflict groups are calculated for each host, and a physical host in the workload domain is selected. A number and a size of one or more nested hosts is determined and a different nested host is created in a management cluster for each of the one more conflict groups in the physical host. A communication network provides communication between a virtual machine (VM) on the different nested host and a VM in the physical host. The physical host is put into a maintenance mode, upgraded, and then returned from the maintenance mode to an operational mode.

公开(公告)号：US10404783B2

公开(公告)日：2019-09-03

申请号：US15678547

申请日：2017-08-16

Applicant: VMware, Inc.

Inventor： Tejas Sanjeev Panse

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/46 ,  H04L12/24 ,  H04L29/12

Abstract: In a system and method for outside-of-network management of a component in a virtual data center, a computing device outside of the virtual data center network requests a host java network launch protocol (JNLP) file for a host on a component in the virtual data center network. After receiving the request, the host provides the host JNLP file to a webservice that modifies a portion of the host JNLP file and provides the further modified host JNLP file to the computing device outside of the virtual data center network. The computing device outside of the virtual data center network can utilize the information in the modified host JNLP file to establish a connection to the host and remotely manage the component.