公开(公告)号：US11582217B2

公开(公告)日：2023-02-14

申请号：US17344857

申请日：2021-06-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet Kumar ,  Aanand Ramachandran ,  Jayesh Kumaran ,  David Michael Brumley ,  Rishabh Tewari ,  Nisheeth Srivastava ,  Sushant Sharma ,  Deepak Bansal ,  Abhishek Ellore Sreenath ,  Parag Sharma ,  Abhishek Shukla ,  Avijit Gupta

IPC: G06F21/71 ,  G06F21/53 ,  H04L9/40 ,  G06F9/46 ,  G06F9/455 ,  H04L12/22

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Additionally or alternatively, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls to the tenant's virtual network.

公开(公告)号：US11063857B2

公开(公告)日：2021-07-13

申请号：US16198732

申请日：2018-11-21

Applicant: Microsoft Technology Licensing, LLC

Inventor： Rishabh Tewari ,  Daniel Firestone ,  Harish Kumar Chandrappa ,  Anitha Adusumilli ,  David Michael Brumley ,  Deepak Bansal ,  Albert Gordon Greenberg ,  Parag Sharma ,  Arjun Roy

IPC: H04L12/26 ,  G06F9/455 ,  H04L12/24 ,  G06F9/48

Abstract: Techniques are described herein that are capable of monitoring connectivity and latency of network links in virtual networks. For instance, a ping agent injects first ping packets into network traffic on behalf of hosts in the virtual network. The ping agent monitors incoming packets to identify first ping response packets, which are in response to the first ping packets, among the incoming packets. A ping responder rule that is included in inbound packet filter rules for a port in a virtual switch intercepts second ping packets in the network traffic. The ping responder rule converts the second ping packets into second ping response packets and injects the second ping response packets into outbound packet filter rules to be transferred to sources from which the second ping packets are received.

公开(公告)号：US11038866B2

公开(公告)日：2021-06-15

申请号：US16234211

申请日：2018-12-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet Kumar ,  Aanand Ramachandran ,  Jayesh Kumaran ,  David Michael Brumley ,  Rishabh Tewari ,  Nisheeth Srivastava ,  Sushant Sharma ,  Deepak Bansal ,  Abhishek Ellore Sreenath ,  Parag Sharma ,  Abhishek Shukla ,  Avijit Gupta

IPC: G06F21/31 ,  G06F21/45 ,  H04L29/06 ,  G06F9/46 ,  G06F9/455 ,  G06F21/53

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided in association with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Moreover, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls from accessing the tenant's virtual network.