中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

24 records (took 0.025 seconds)

    Enforcing network policies in heterogeneous systems
    11.
    发明授权
    Enforcing network policies in heterogeneous systems 有权

    公开(公告)号:US11831511B1

    公开(公告)日:2023-11-28

    申请号:US18098078

    申请日:2023-01-17

    Applicant: VMware, Inc.

    Inventor: Zhengsheng Zhou Wenfeng Liu Donghai Han

    IPC: H04L41/0895 H04L41/0894 H04L41/122 H04L41/042 H04L9/40

    CPC classification number: H04L41/0895 H04L41/042 H04L41/0894 H04L41/122 H04L63/0263

    Abstract: Some embodiments provide a novel method for enforcing service policies at different container clusters configured by several SDN controller clusters. A first SDN controller cluster defines a particular service policy to be enforced for machines in first, second, and third container clusters. First, second, and third sets of network elements for the first, second, and third container clusters are managed by the first, a second, and a third SDN controller cluster respectively. For data message flows exchanged between machines in the first and second container clusters, the first SDN controller cluster distributes the particular service policy to service nodes only in the first container cluster. For data message flows exchanged between machines in the second and third container clusters, the first SDN controller cluster distributes the particular service policy to service nodes in at least one of the second and third container clusters.

    Virtual network custom resource definition
    13.
    发明授权
    Virtual network custom resource definition 有权

    公开(公告)号:US11500688B2

    公开(公告)日:2022-11-15

    申请号:US16897715

    申请日:2020-06-10

    Applicant: VMware, Inc.

    Inventor: Danting Liu Jianjun Shen Kai Su Qian Sun Wenfeng Liu Donghai Han

    IPC: G06F9/50 H04L49/00 H04L45/42 G06F9/455 G06F9/54 H04L9/40 H04L61/103 H04L41/0893 H04L41/18 H04L41/5041 H04L41/50 H04L67/10 H04L12/46 H04L12/66 H04L61/50 H04L67/1001

    Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.

    EFFICIENT TROUBLE SHOOTING ON CONTAINER NETWORK BY CORRELATING KUBERNETES RESOURCES AND UNDERLYING RESOURCES
    14.
    发明申请
    EFFICIENT TROUBLE SHOOTING ON CONTAINER NETWORK BY CORRELATING KUBERNETES RESOURCES AND UNDERLYING RESOURCES 有权

    公开(公告)号:US20220321495A1

    公开(公告)日:2022-10-06

    申请号:US17333136

    申请日:2021-05-28

    Applicant: VMware, Inc.

    Inventor: Wenfeng Liu Jianjun Shen Ran Gu Rui Cao Donghai Han

    IPC: H04L12/911 H04L12/917 H04L12/24

    Abstract: Some embodiments provide a method of tracking errors in a container cluster network overlaying a software defined network (SDN), sometimes referred to as a virtual network. The method sends a request to instantiate a container cluster network object to an SDN manager of the SDN. The method then receives an identifier of a network resource of the SDN for instantiating the container cluster network object. The method associates the identified network resource with the container cluster network object. The method then receives an error message regarding the network resource from the SDN manager. The method identifies the error message as applying to the container cluster network object. The error message, in some embodiments, indicates a failure to initialize the network resource. The container cluster network object may be a namespace, a pod of containers, or a service.

    GENERAL GROUPING MECHANISM FOR ENDPOINTS
    15.
    发明申请
    GENERAL GROUPING MECHANISM FOR ENDPOINTS 有权

    公开(公告)号:US20220182439A1

    公开(公告)日:2022-06-09

    申请号:US17112689

    申请日:2020-12-04

    Applicant: VMware, Inc.

    Inventor: Zhengsheng Zhou Xiaopei Liu Wenfeng Liu Donghai Han

    IPC: H04L29/08 G06F9/54 G06F16/953

    Abstract: Some embodiments of the invention provide a method for identifying network resources related to an intent-based Application Programming Interface (API) request for a service to be implemented for a network. The method, in some embodiments, is performed by an API server (e.g., executing on a master node) in a Kubernetes network. The API server receives sets of criteria for identifying network resources related to the requested service and sets of instructions for retrieving information associated with network resources identified by the sets of criteria. The sets of criteria and sets of instructions are based on an API request for a resource selector object. The resource selector object, in some embodiments, is a custom resource that is used to define the sets of criteria and the sets of instructions and is based on a custom resource definition (CRD) provided by a user.

    DEVICE AND METHOD FOR REMEDIATING VULNERABILITIES
    16.
    发明申请
    DEVICE AND METHOD FOR REMEDIATING VULNERABILITIES 有权
    解决漏洞的设备和方法

    公开(公告)号:US20140173737A1

    公开(公告)日:2014-06-19

    申请号:US13716038

    申请日:2012-12-14

    Applicant: VMWARE, INC.

    Inventor: Michael Ira Toback David Ferguson Maria del Carmen Hernandez-Villavicencio Wenfeng Liu Monty Ijzerman

    IPC: G06F21/57

    CPC classification number: G06F21/577 G06F21/57

    Abstract: Exemplary methods, apparatuses, and systems receive data describing a first software component used by a software product and vulnerability data describing a vulnerability in the first software component. A vulnerability score is calculated for the software product based upon the vulnerability data for the first software component. The vulnerability score is recalculated for the software product based upon receiving an updated status of the vulnerability in the first software component from bug tracking software, a waiver of the vulnerability of a software component, the addition of another software component, or another update to the software product or component(s). The task of remediation of the vulnerability in the first software component can be assigned to a user and tracked. A user interface is provided to enable users to monitor the vulnerabilities of software products or components.

    Abstract translation: 示例性方法,装置和系统接收描述由软件产品使用的第一软件组件的数据和描述第一软件组件中的漏洞的漏洞数据。 基于第一个软件组件的漏洞数据计算软件产品的漏洞得分。 基于从错误跟踪软件接收到第一软件组件中的漏洞的更新状态,软件组件的漏洞的豁免,另外的软件组件的添加或另一个更新到 软件产品或组件。 可以将修复第一个软件组件中的漏洞的任务分配给用户并进行跟踪。 提供了一个用户界面,使用户能够监视软件产品或组件的漏洞。

    ASSIGNMENT OF CONTAINERIZED WORKLOADS TO VIRTUAL PRIVATE CLOUD SUBNETS IN A MULTI-TENANT NETWORK
    17.
    发明申请
    ASSIGNMENT OF CONTAINERIZED WORKLOADS TO VIRTUAL PRIVATE CLOUD SUBNETS IN A MULTI-TENANT NETWORK 有权

    公开(公告)号:US20250028548A1

    公开(公告)日:2025-01-23

    申请号:US18237387

    申请日:2023-08-23

    Applicant: VMware, Inc.

    Inventor: Xiaopei Liu Danting Liu Wenfeng Liu Jianjun Shen Donghai Han

    IPC: G06F9/455

    Abstract: The disclosure provides a method for assigning containerized workloads to isolated network constructs within a networking environment associated with a container-based cluster. The method generally includes receiving, at the container-based cluster, a subnet port custom resource specification to initiate creation of a subnet port object to assign a node to a subnet within the networking environment, wherein one or more containerized workloads are running on the node, in response to receiving the subnet port custom resource specification, creating the subnet port object, and modifying a state of the container-based cluster to match a first intended state of the container-based cluster at least specified in the subnet port object, wherein modifying the state comprises assigning the node to the subnet in the networking environment.

    FLOW TRACING FOR HETEROGENEOUS NETWORKS
    18.
    发明公开
    FLOW TRACING FOR HETEROGENEOUS NETWORKS 审中-公开

    公开(公告)号:US20240031267A1

    公开(公告)日:2024-01-25

    申请号:US17898344

    申请日:2022-08-29

    Applicant: VMware, Inc.

    Inventor: Ran Gu Wenfeng Liu Donghai Han Jianjun Shen Zhengsheng Zhou

    IPC: H04L43/10 H04L43/062

    CPC classification number: H04L43/10 H04L43/062

    Abstract: Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.

    TIERING TO GROUP AND ACCESS CONTROL CLOUD NATIVE SECURITY POLICIES
    20.
    发明公开
    TIERING TO GROUP AND ACCESS CONTROL CLOUD NATIVE SECURITY POLICIES 审中-公开

    公开(公告)号:US20230171291A1

    公开(公告)日:2023-06-01

    申请号:US17570354

    申请日:2022-01-06

    Applicant: VMware, Inc.

    Inventor: Abhishek Raut Yang Ding Kai Su Donghai Han Zhengsheng Zhou Wenfeng Liu

    IPC: H04L9/40

    CPC classification number: H04L63/20

    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing access to network security policies. One of the methods includes determining, for a policy access request i) received from a device and ii) that requests access to a network security policy that defines a rule for controlling network traffic, whether there is an entitlement for the network security policy, wherein the entitlement indicates one or more types of operations that a subset of user accounts can perform on the network security policy; in response to determining that there is an entitlement, determining, using a mapping for the entitlement that identifies the subset of user accounts that have access to the network security policy, whether a user account for the device is included in the subset of user accounts; and selectively allowing or denying the policy access request using the entitlement and a result of the determination.

Patent Agency Ranking