公开(公告)号：US08606760B2

公开(公告)日：2013-12-10

申请号：US13315833

申请日：2011-12-09

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Harikrishnan

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Harikrishnan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

公开(公告)号：US08364983B2

公开(公告)日：2013-01-29

申请号：US12117059

申请日：2008-05-08

申请人： Dharshan Rangegowda ,  Robert M. Fries

发明人： Dharshan Rangegowda ,  Robert M. Fries

IPC分类号： G06F12/14 ,  H04L29/06

CPC分类号： G06F21/602 ,  H04L9/0833 ,  H04L2209/60

摘要： A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.

公开(公告)号：US20120109899A1

公开(公告)日：2012-05-03

申请号：US13315833

申请日：2011-12-09

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Karikrishnan

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Karikrishnan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

公开(公告)号：US08078587B2

公开(公告)日：2011-12-13

申请号：US12433838

申请日：2009-04-30

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

摘要翻译： 提供了被配置为描述第一命名空间和第二命名空间之间的关系的计算机实现的系统。 系统包括识别第一命名空间的第一对象与第一命名空间的第二对象之间的直接关系的包容关系。 此外，系统包括将第一命名空间的第二对象与第二命名空间的第一对象相链接的连接关系。 在一个实施例中，系统被配置为便于基于维护的命名空间的描述来恢复信息。

公开(公告)号：US20090216798A1

公开(公告)日：2009-08-27

申请号：US12433838

申请日：2009-04-30

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

摘要翻译： 提供了被配置为描述第一命名空间和第二命名空间之间的关系的计算机实现的系统。 系统包括识别第一命名空间的第一对象与第一命名空间的第二对象之间的直接关系的包容关系。 此外，系统包括将第一命名空间的第二对象与第二命名空间的第一对象相链接的连接关系。 在一个实施例中，系统被配置为便于基于维护的命名空间的描述来恢复信息。

公开(公告)号：US07567974B2

公开(公告)日：2009-07-28

申请号：US10937708

申请日：2004-09-09

申请人： Brian M Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z Lashkari ,  Robert M Fries

发明人： Brian M Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z Lashkari ,  Robert M Fries

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A method for protecting protectable objects located at a production location is provided. A Namespace, representative of a plurality of protectable objects, is provided to a user for selection. A selection of at least a portion of the Namespace is received and that selected portion is mapped to at least one protectable object. A plan for protecting the mapped protectable object is created, and using that plan the protectable object is protected.

摘要翻译： 提供了一种用于保护位于生产位置的可保护物体的方法。 将代表多个可保护对象的命名空间提供给用户进行选择。 接收至少一部分命名空间的选择，并且选择的部分被映射到至少一个可保护对象。 创建保护映射的可保护对象的计划，并使用该计划保护可保护对象。

公开(公告)号：US20120084265A1

公开(公告)日：2012-04-05

申请号：US13314587

申请日：2011-12-08

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Seetharaman Harikrishnan ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries

IPC分类号： G06F7/00 ,  G06F21/00

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

摘要翻译： 提供了被配置为描述第一命名空间和第二命名空间之间的关系的计算机实现的系统。 系统包括识别第一命名空间的第一对象与第一命名空间的第二对象之间的直接关系的包容关系。 此外，系统包括将第一命名空间的第二对象与第二命名空间的第一对象相链接的连接关系。 在一个实施例中，系统被配置为便于基于维护的命名空间的描述来恢复信息。

公开(公告)号：US20090282266A1

公开(公告)日：2009-11-12

申请号：US12117059

申请日：2008-05-08

申请人： Robert M. Fries ,  Dharshan Rangegowda

发明人： Robert M. Fries ,  Dharshan Rangegowda

IPC分类号： H04L9/14

CPC分类号： G06F21/602 ,  H04L9/0833 ,  H04L2209/60

摘要： A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.

摘要翻译： 虚拟机包括与一个或多个加密密钥相关联的唯一标识符。 管理服务器使用一个或多个相关联的加密密钥对虚拟机的虚拟硬盘进行加密。 管理服务器还将一个或多个加密密钥提供给系统中有限数量的一个或多个服务器。 只有提供了一个或多个加密密钥的那些一个或多个服务器可以用于加载，访问和/或操作虚拟机。 因此，管理服务器可以通过区分哪些服务器可以接收哪些加密密钥来区分哪些虚拟机可以在哪些服务器上操作。 在一个实现中，管理服务器加密系统中的所有虚拟机，但是使用有限的一组加密密钥对具有敏感数据的虚拟机进行加密，并且还将这些加密密钥提供给有限的可信服务器集合。

公开(公告)号：US08463747B2

公开(公告)日：2013-06-11

申请号：US13314587

申请日：2011-12-08

申请人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Harikrishnan

发明人： Brian M. Wahlert ,  Mike Jazayeri ,  Catharine van Ingen ,  Brian T. Berkowitz ,  Nikhil Vijay Chandhok ,  Dharshan Rangegowda ,  Vinay Badami ,  Yezdi Z. Lashkari ,  Robert M. Fries ,  Seetharaman Harikrishnan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F2221/2141 ,  Y10S707/99943

摘要： A computer-implemented system configured to describe the relationship between a first Namespace and a second Namespace is provided. The system includes a containment relationship identifying a direct relationship between a first object of the first Namespace and a second object of the first Namespace. Moreover, the system includes a junction relationship linking the second object of the first Namespace to a first object of the second Namespace. In one embodiment, the system is configured to facilitate the recovery of information based on the descriptions of the Namespaces that is maintained.

摘要翻译： 提供了被配置为描述第一命名空间和第二命名空间之间的关系的计算机实现的系统。 系统包括识别第一命名空间的第一对象与第一命名空间的第二对象之间的直接关系的包容关系。 此外，系统包括将第一命名空间的第二对象与第二命名空间的第一对象相链接的连接关系。 在一个实施例中，系统被配置为便于基于维护的命名空间的描述来恢复信息。

公开(公告)号：US09379946B2

公开(公告)日：2016-06-28

申请号：US12616800

申请日：2009-11-12

申请人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Ram Viswanathan ,  Anthony S. Chavez ,  Jiazhen Chen ,  Morgan Brown ,  Hasan S. Alkhatib ,  Geoffrey H. Outhred

发明人： Anatoliy Panasyuk ,  Dharshan Rangegowda ,  Ram Viswanathan ,  Anthony S. Chavez ,  Jiazhen Chen ,  Morgan Brown ,  Hasan S. Alkhatib ,  Geoffrey H. Outhred

IPC分类号： H04L12/24 ,  H04L29/06

CPC分类号： H04L41/145 ,  H04L41/12 ,  H04L63/102 ,  H04L63/20

摘要： Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

摘要翻译： 有助于物理端点之间连接的虚拟规范的体系结构。 可以将网络定义为以连接意图表示的抽象连接模型，而不是任何特定技术。 连接模型被转换为配置设置，策略，防火墙规则等，以实现基于可用物理网络和设备功能的连接意图。 连接模型定义了网络的连接语义，并控制物理网络中的物理节点之间的通信。 所得到的虚拟网络可以是独立于物理层的虚拟覆盖。 或者，虚拟覆盖也可以包括物理网络的元素和摘要。 此外，可以从网络的连接性模型导出自动网络安全规则（例如，因特网协议安全IPSec）。