公开(公告)号：US20080270564A1

公开(公告)日：2008-10-30

申请号：US11789727

申请日：2007-04-25

申请人： Dharshan Rangegowda ,  Robert Fries

发明人： Dharshan Rangegowda ,  Robert Fries

IPC分类号： G06F12/12 ,  G06F15/173

CPC分类号： G06F9/455 ,  G06F9/45558 ,  G06F9/5088 ,  G06F2009/4557

摘要： Virtual machine migration is described. In embodiment(s), a virtual machine can be migrated from one host computer to another utilizing LUN (logic unit number) masking. A virtual drive of the virtual machine can be mapped to a LUN mask associates the LUN with a host computer. The LUN mask can be changed to unmask the LUN to a second computer to migrate the virtual machine from the host computer to the second computer.

摘要翻译： 描述虚拟机迁移。 在实施例中，可以使用LUN（逻辑单元号）掩蔽将虚拟机从一台主机迁移到另一台主机。 可以将虚拟机的虚拟驱动器映射到LUN掩码，将LUN与主机相关联。 可以更改LUN掩码以将LUN卸载到第二台计算机，以将虚拟机从主机迁移到第二台计算机。

公开(公告)号：US08479194B2

公开(公告)日：2013-07-02

申请号：US11789727

申请日：2007-04-25

申请人： Dharshan Rangegowda ,  Robert Fries

发明人： Dharshan Rangegowda ,  Robert Fries

IPC分类号： G06F9/455 ,  G06F9/46 ,  G06F15/173

CPC分类号： G06F9/455 ,  G06F9/45558 ,  G06F9/5088 ,  G06F2009/4557

摘要： Virtual machine migration is described. In embodiment(s), a virtual machine can be migrated from one host computer to another utilizing LUN (logic unit number) masking. A virtual drive of the virtual machine can be mapped to a LUN of a storage array. A LUN mask associates the LUN with a host computer. The LUN mask can be changed to unmask the LUN to a second computer to migrate the virtual machine from the host computer to the second computer.

摘要翻译： 描述虚拟机迁移。 在实施例中，可以使用LUN（逻辑单元号）掩蔽将虚拟机从一台主机迁移到另一台主机。 虚拟机的虚拟驱动器可以映射到存储阵列的LUN。 LUN掩码将LUN与主机相关联。 可以更改LUN掩码以将LUN卸载到第二台计算机，以将虚拟机从主机迁移到第二台计算机。

公开(公告)号：US20060053147A1

公开(公告)日：2006-03-09

申请号：US10937708

申请日：2004-09-09

申请人： Brian Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian Berkowitz ,  Nikhil Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Lashkari ,  Robert Fries

发明人： Brian Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian Berkowitz ,  Nikhil Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Lashkari ,  Robert Fries

IPC分类号： G06F17/00

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A method for protecting protectable objects located at a production location is provided. A Namespace, representative of a plurality of protectable objects, is provided to a user for selection. A selection of at least a portion of the Namespace is received and that selected portion is mapped to at least one protectable object. A plan for protecting the mapped protectable object is created, and using that plan the protectable object is protected.

公开(公告)号：US09379946B2

公开(公告)日：2016-06-28

申请号：US12616800

申请日：2009-11-12

申请人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Ram Viswanathan ,  Anthony S. Chavez ,  Jiazhen Chen ,  Morgan Brown ,  Hasan S. Alkhatib ,  Geoffrey H. Outhred

发明人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Ram Viswanathan ,  Anthony S. Chavez ,  Jiazhen Chen ,  Morgan Brown ,  Hasan S. Alkhatib ,  Geoffrey H. Outhred

IPC分类号： H04L12/24 ,  H04L29/06

CPC分类号： H04L41/145 ,  H04L41/12 ,  H04L63/102 ,  H04L63/20

摘要： Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

摘要翻译： 有助于物理端点之间连接的虚拟规范的体系结构。 可以将网络定义为以连接意图表示的抽象连接模型，而不是任何特定技术。 连接模型被转换为配置设置，策略，防火墙规则等，以实现基于可用物理网络和设备功能的连接意图。 连接模型定义了网络的连接语义，并控制物理网络中的物理节点之间的通信。 所得到的虚拟网络可以是独立于物理层的虚拟覆盖。 或者，虚拟覆盖也可以包括物理网络的元素和摘要。 此外，可以从网络的连接性模型导出自动网络安全规则（例如，因特网协议安全IPSec）。

公开(公告)号：US08819801B2

公开(公告)日：2014-08-26

申请号：US13286001

申请日：2011-10-31

申请人： Murali Krishna Sangubhatla ,  Dharshan Rangegowda ,  Morgan Asher Brown ,  Jiazhen Chen ,  Anthony S. Chavez

发明人： Murali Krishna Sangubhatla ,  Dharshan Rangegowda ,  Morgan Asher Brown ,  Jiazhen Chen ,  Anthony S. Chavez

IPC分类号： H04L29/06 ,  G06F21/33

CPC分类号： G06F21/33 ,  G06F21/44 ,  H04L63/0807 ,  H04L63/10 ,  H04L63/102

摘要： In a multi-tenant environment, machines across the Internet, belonging to a particular subscription are securely enrolled with the tenant's subscription. Authentication of the machines is delegated to each of the tenant's own on-premise authentication mechanism The trust relationship with the tenant's authentication service is used to validate the security token presented by the machine being authenticated. Once authenticated, the machine has authorization (e.g. SSL machine cert for identity, security token, etc.,) to access the subscription. Each tenant within the multi-tenant environment can provide its own level of authentication. The machine presents the security token to the multi-tenant environment for requests for resources (e.g. services/content) from a user. When a request is received from a machine to access a resource, the multi-tenant environment determines from the issued token whether or not the machine is authorized to access the requested resources.

摘要翻译： 在多租户环境中，属于特定订阅的互联网机器可以安全地登记租户的订阅。 将机器的认证委托给租户自己的内部认证机制。与租户的认证服务的信任关系用于验证被验证机器呈现的安全令牌。 一旦认证，机器具有授权（例如，用于身份的SSL机器证书，安全令牌等）来访问订阅。 多租户环境中的每个租户都可以提供自己的认证级别。 该机器向多租户环境呈现安全令牌，用于从用户请求资源（例如服务/内容）。 当从机器接收到访问资源的请求时，多承租人环境从发出的令牌确定机器是否被授权访问所请求的资源。

公开(公告)号：US08606760B2

公开(公告)日：2013-12-10

申请号：US13315833

申请日：2011-12-09

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Harikrishnan

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Harikrishnan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

公开(公告)号：US20110113483A1

公开(公告)日：2011-05-12

申请号：US12616163

申请日：2009-11-11

申请人： Dharshan Rangegowda ,  Jeffrey R. Goldian

发明人： Dharshan Rangegowda ,  Jeffrey R. Goldian

IPC分类号： G06F21/20 ,  H04L29/06

CPC分类号： H04L63/0263 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/102 ,  H04L63/20

摘要： Architecture that creates and applies a virtual firewall profile for each network to which a multi-homed device is connected. In one implementation, the virtual profiles can be based on address ranges of the networks. This ensures seamless concurrent connectivity of the multi-homed device to multiple networks.

摘要翻译： 为多家庭设备连接到的每个网络创建和应用虚拟防火墙配置文件的体系结构。 在一个实现中，虚拟简档可以基于网络的地址范围。 这确保了多宿主设备与多个网络的无缝并发连接。

公开(公告)号：US08364983B2

公开(公告)日：2013-01-29

申请号：US12117059

申请日：2008-05-08

申请人： Dharshan Rangegowda ,  Robert M. Fries

发明人： Dharshan Rangegowda ,  Robert M. Fries

IPC分类号： G06F12/14 ,  H04L29/06

CPC分类号： G06F21/602 ,  H04L9/0833 ,  H04L2209/60

摘要： A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.

公开(公告)号：US20120109899A1

公开(公告)日：2012-05-03

申请号：US13315833

申请日：2011-12-09

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Karikrishnan

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Karikrishnan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

公开(公告)号：US20110113142A1

公开(公告)日：2011-05-12

申请号：US12616157

申请日：2009-11-11

申请人： Dharshan Rangegowda ,  Prashant J. Dongale ,  Sufian A. Dar ,  Ram Viswanathan

发明人： Dharshan Rangegowda ,  Prashant J. Dongale ,  Sufian A. Dar ,  Ram Viswanathan

IPC分类号： G06F15/16

CPC分类号： H04L61/6086 ,  H04L29/12971 ,  H04L45/12 ,  H04L67/10 ,  H04L67/327

摘要： Architecture that facilitates communications between two network nodes of the different networks by providing a routing mechanism that uses alternative modalities driven entirely by policies that are authored and stored in a computing cloud and enforced on the client. This allows the selection of one network path over another path based on criteria such as, physical location of the hosts and service level agreements (SLAs) to be provided, for example. With respect for path selection, a packet can be routed through a datacenter closest to the hosts. With respect to SLAs, there may be different SLAs available to different clients. For clients with the highest bandwidth/uptime or other guarantees, a network path different from other types of clients can be selected. Additionally, connectivity can be allowed or disallowed based on other kinds of policy rules such as a virtual circle to which the hosts may belong.

摘要翻译： 通过提供一种路由机制来促进不同网络的两个网络节点之间的通信的架构，该路由机制使用完全由被编写并存储在计算云中并在客户端上执行的策略驱动的替代模式。 这允许例如基于诸如主机的物理位置和要提供的服务水平协议（SLA）等标准来选择另一路径上的一个网络路径。 对于路径选择，可以通过最靠近主机的数据中心路由数据包。 对于SLA，可能会有不同的SLA可用于不同的客户端。 对于具有最高带宽/正常运行时间或其他保证的客户端，可以选择不同于其他类型的客户端的网络路径。 另外，可以基于其他类型的策略规则（诸如主机可能属于的虚拟圆）来允许或不允许连接。