公开(公告)号：US20220365806A1

公开(公告)日：2022-11-17

申请号：US17751140

申请日：2022-05-23

Applicant: VMware, Inc.

Inventor： Sunitha Krishna ,  Kausum Kumar ,  Rajiv Mordani ,  Ashish Shendure ,  Ashish Patel ,  Farzad Ghannadian

IPC: G06F9/455 ,  H04L43/026 ,  H04L9/40

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

公开(公告)号：US11340931B2

公开(公告)日：2022-05-24

申请号：US16554370

申请日：2019-08-28

Applicant: VMware, Inc.

Inventor： Sunitha Krishna ,  Kausum Kumar ,  Rajiv Mordani ,  Ashish Shendure ,  Ashish Patel ,  Farzad Ghannadian

IPC: G06F9/455 ,  H04L12/26 ,  H04L29/06 ,  H04L43/026

Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

公开(公告)号：US20220103598A1

公开(公告)日：2022-03-31

申请号：US17103700

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Nikhil Bokare ,  Mayur Dhas ,  Shailesh Makhijani ,  Rushikesh Wagh ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  G06F9/455

Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.

公开(公告)号：US20210365308A1

公开(公告)日：2021-11-25

申请号：US17397936

申请日：2021-08-09

Applicant: VMware, Inc.

Inventor： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Koon-Chee Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC: G06F9/54 ,  G06F8/60

Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.