公开(公告)号：US20210314227A1

公开(公告)日：2021-10-07

申请号：US16906955

申请日：2020-06-19

Applicant: VMware, Inc.

Inventor： Ganesan Chandrashekhar ,  Pankaj Thakkar ,  Sachin Mohan Vaidya ,  Ujwala Kawalay ,  Amarnath Palavalli ,  Bhagyashree Gujar

IPC: H04L12/24 ,  H04L29/06

Abstract: Some embodiments provide a method for distributing a service rule that is to be enforced across a first set of sites and that is defined by reference to a group identifier that identifies a group of machines. The method distributes the service rule to each site in the first set of sites. The method identifies at least one site in the first set of sites that is not in a second set of sites that has already received a definition of the group. The method distributes the group definition to each identified site in the first set of sites that has not already received the definition of the group.

公开(公告)号：US10812337B2

公开(公告)日：2020-10-20

申请号：US16200677

申请日：2018-11-27

Applicant: VMWARE, INC.

Inventor： Sachin Mohan Vaidya ,  Mayur Dhas ,  Naveen Ramaswamy ,  Pavlush Margarian ,  Hamza Aharchaou

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/08

Abstract: Some embodiments of the invention provide a method for deploying software-implemented resources in a software defined datacenter (SDDC). The method initially receives a hierarchical API command that, in a declarative format, specifies several operation requests for several software-defined (SD) resources at several resource levels of a resource hierarchy in the SDDC. The method parses the API command to identify the SD resources at the plurality of resource levels. Based on the parsed API command, the method deploys the SD resources by using a deployment process that ensures that any first SD resource on which a second SD resource depends is deployed before the second resource. In some embodiments, a second SD resource depends on a first SD resource when the second SD resource is a child of the first SD resource. Alternatively, or conjunctively, a second SD resource can also depend on a first SD resource in some embodiments when the second SD resource has some operational dependency on the first SD resource. In some embodiments, the method parses the API command by identifying several sets of SD resources, with each set having one or more SD resources at one resource level. The deployment in some embodiments deploys the identified SD resource sets at higher resource levels before deploying SD resources at lower resource levels.

公开(公告)号：US20140317677A1

公开(公告)日：2014-10-23

申请号：US13866869

申请日：2013-04-19

Applicant: VMWARE, INC.

Inventor： Sachin Mohan Vaidya ,  Azeem Feroz ,  Anirban Sengupta ,  James Christopher Wiese

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06F21/554 ,  G06F21/56 ,  G06F21/568

Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the obtained tags and the one or more criteria.

Abstract translation: 描述了虚拟机安全性的系统和技术。 所描述的技术包括根据相应的安全容器来操作一个或多个虚拟机，其中相应的安全容器与相应的规则相关联，该相应的规则基于一个或多个虚拟机指定将虚拟机从相应的安全容器传输到检疫容器 更多的标准。 一个或多个安全服务在一个或多个虚拟机上操作以识别与一个或多个虚拟机相关联的一个或多个安全威胁。 获得由端点安全服务生成的一个或多个标签，其中每个标签用于与所识别的安全威胁之一相关联的虚拟机。 并且其中一个虚拟机被识别为基于至少一个或多个获得的标签和一个或多个标准来要求转移到隔离容器。