-
公开(公告)号:US20210306338A1
公开(公告)日:2021-09-30
申请号:US16836410
申请日:2020-03-31
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , Sajeesh Mathew , Kannan Varadhan
Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.
-
2.发明授权公开(公告)号:US12074884B2
公开(公告)日:2024-08-27
申请号:US17808970
申请日:2022-06-24
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , Sajeesh Mathew , Akhilesh Pathodia , Tashi Garg
CPC classification number: H04L63/105 , G06F9/547 , H04L63/20
Abstract: A network controller for a software-defined networking (SDN) architecture system may receive a request to generate an access control policy for a role in a container orchestration system, where the request specifies a plurality of functions. The network controller may execute the plurality of functions and may log execution of the plurality of functions in an audit log. The network controller may parse the audit log to determine a plurality of resources of the container orchestration system accessed from executing the plurality of functions and, for each resource of the plurality of resources, a respective one or more types of operations performed on the respective resource. The network controller may create, based at least in part on the parsed audit log, the access control policy for the role that permits a role to perform, on each of the plurality of resources, the respective one or more types of operations.
-
3.发明授权公开(公告)号:US12159176B2
公开(公告)日:2024-12-03
申请号:US17491224
申请日:2021-09-30
Applicant: Juniper Networks, Inc.
Inventor: Yuvaraja Mariappan , Thayumanavan Sridhar , Sajeesh Mathew , Raj Yavatkar , Senthilnathan Murugappan , Raja Kommula , Kiran K N
Abstract: A container orchestration platform manages a plurality of instances of resources including a first custom resource and a second custom resource. An API server of the container orchestration platform receives a request to delete an instance of the second custom resource; determines whether instance data associated with the instance of the second custom resource has a backreference identifying an instance of the first custom resource, the backreference indicating the instance of the first custom resource is dependent on the instance of the second custom resource; and in response to determining that the instance data has the backreference to the instance of the first custom resource, bypasses deletion of the instance of the second custom resource.
-
公开(公告)号:US12107859B2
公开(公告)日:2024-10-01
申请号:US18166893
申请日:2023-02-09
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , Sajeesh Mathew , Kannan Varadhan
CPC classification number: H04L63/101 , G06F21/6209 , H04L63/20
Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.
-
公开(公告)号:US12101227B2
公开(公告)日:2024-09-24
申请号:US18313131
申请日:2023-05-05
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , FNU Nadeem , Sayali Mane , Ankur Tandon , Sajeesh Mathew , Pranav Cherukupalli , Khushi Vaidya
IPC: G06F15/173 , H04L41/0681 , H04L41/0894
CPC classification number: H04L41/0894 , H04L41/0681
Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.
-
Patent Agency Ranking
公开(公告)号:US20250023787A1
公开(公告)日:2025-01-16
申请号:US18893090
申请日:2024-09-23
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , FNU Nadeem , Sayali Mane , Ankur Tandon , Sajeesh Mathew , Pranav Cherukupalli , Khushi Vaidya
IPC: H04L41/0894 , H04L41/0681
Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.
-
7.发明申请公开(公告)号:US20240422167A1
公开(公告)日:2024-12-19
申请号:US18815417
申请日:2024-08-26
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , Sajeesh Mathew , Akhilesh Pathodia , Tashi Garg
Abstract: A network controller for a software-defined networking (SDN) architecture system may receive a request to generate an access control policy for a role in a container orchestration system, where the request specifies a plurality of functions. The network controller may execute the plurality of functions and may log execution of the plurality of functions in an audit log. The network controller may parse the audit log to determine a plurality of resources of the container orchestration system accessed from executing the plurality of functions and, for each resource of the plurality of resources, a respective one or more types of operations performed on the respective resource. The network controller may create, based at least in part on the parsed audit log, the access control policy for the role that permits a role to perform, on each of the plurality of resources, the respective one or more types of operations.
-
公开(公告)号:US12143385B2
公开(公告)日:2024-11-12
申请号:US18166893
申请日:2023-02-09
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , Sajeesh Mathew , Kannan Varadhan
Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.
-
公开(公告)号:US20240223454A1
公开(公告)日:2024-07-04
申请号:US18313131
申请日:2023-05-05
Applicant: Juniper Networks, Inc.
Inventor: Prasad Miriyala , FNU Nadeem , Sayali Mane , Ankur Tandon , Sajeesh Mathew , Pranav Cherukupalli , Khushi Vaidya
IPC: H04L41/0894 , H04L41/0681
CPC classification number: H04L41/0894 , H04L41/0681
Abstract: In an example, a validation system comprises processing circuitry having access to a storage device and is configured to obtain flow records indicative of packet flows among workloads deployed to a cluster of one or more computing devices configured with a network policy, wherein each flow record of the flow records indicates a corresponding packet flow was allowed or denied by the cluster; receive an updated network policy; determine whether a corresponding packet flow for a flow record of the flow records has a discrepancy with the updated network policy; and in response to determining the corresponding packet flow for the flow record of the flow records has a discrepancy with the updated network policy, output an indication of an error.
-
公开(公告)号:US20230188526A1
公开(公告)日:2023-06-15
申请号:US18166893
申请日:2023-02-09
Applicant: Juniper Networks, Inc,
Inventor: Prasad Miriyala , Sajeesh Mathew , Kannan Varadhan
CPC classification number: H04L63/101 , G06F21/6209
Abstract: In some examples, an access control policy controller in a computer network may receive a request to create an access control policy that permits a role to perform one or more functions in the computer network. The access control policy controller may determine one or more operations performed on one or more objects in the computer network to perform the one or more functions based at least in part on tracking performance of the one or more functions in the computer network. The access control policy controller may create the access control policy for the role that permits the role to perform the one or more operations on the one or more objects in the computer network.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.016 seconds)
