公开(公告)号：US11038866B2

公开(公告)日：2021-06-15

申请号：US16234211

申请日：2018-12-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet Kumar ,  Aanand Ramachandran ,  Jayesh Kumaran ,  David Michael Brumley ,  Rishabh Tewari ,  Nisheeth Srivastava ,  Sushant Sharma ,  Deepak Bansal ,  Abhishek Ellore Sreenath ,  Parag Sharma ,  Abhishek Shukla ,  Avijit Gupta

IPC: G06F21/31 ,  G06F21/45 ,  H04L29/06 ,  G06F9/46 ,  G06F9/455 ,  G06F21/53

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided in association with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Moreover, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls from accessing the tenant's virtual network.

公开(公告)号：US10536431B2

公开(公告)日：2020-01-14

申请号：US15966612

申请日：2018-04-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Young Lee ,  Sheng Lu ,  Xinyan Zan ,  Daniel M. Firestone ,  Harish Kumar Chandrappa ,  Anil Ingle ,  Jayesh Kumaran

IPC: H04L29/12 ,  G06F9/455

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

公开(公告)号：US10705870B2

公开(公告)日：2020-07-07

申请号：US15916225

申请日：2018-03-08

Applicant: Microsoft Technology Licensing, LLC

Inventor： Sushant Pramod Rewaskar ,  Md. Daud Hossain Howlader ,  Ashish Bhargava ,  Nisheeth Srivastava ,  Naveen Prabhat ,  Jayesh Kumaran ,  Xinyan Zan ,  Abhishek Shukla ,  Rishabh Tewari

IPC: G06F15/16 ,  G06F9/455 ,  G06F9/4401 ,  G06F9/445 ,  H04L29/12 ,  H04L12/24

Abstract: The disclosed technology is generally directed to virtual machines. In one example of the technology, a network change from a first virtual network having a first customer Internet Protocol (IP) address to a second virtual network having a second customer IP address is configured for a first virtual machine. The configuring includes controlling the following actions. The second virtual network is provided. At least one networking artifact is associated with a first user that is associated with the first virtual machine. The at least one networking artifact includes the second virtual network. A directory service is updated to map the second customer IP address to a first physical IP address. The first physical IP address is a physical IP address of the first virtual network.

公开(公告)号：US11960916B2

公开(公告)日：2024-04-16

申请号：US17234612

申请日：2021-04-19

Applicant: Microsoft Technology Licensing, LLC

Inventor： Sushant Pramod Rewaskar ,  Md. Daud Hossain Howlader ,  Ashish Bhargava ,  Nisheeth Srivastava ,  Naveen Prabhat ,  Jayesh Kumaran ,  Xinyan Zan ,  Abhishek Shukla ,  Rishabh Tewari

IPC: G06F9/455 ,  G06F9/4401 ,  G06F9/445 ,  H04L41/0813 ,  H04L41/0816 ,  H04L61/5007 ,  H04L61/5014 ,  H04L101/622

CPC classification number: G06F9/45558 ,  G06F9/4406 ,  G06F9/44505 ,  G06F9/45533 ,  H04L41/0813 ,  H04L41/0816 ,  H04L61/5007 ,  H04L61/5014 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45579 ,  G06F2009/45595 ,  H04L2101/622

Abstract: The disclosed technology is generally directed to virtual machines. In one example of the technology, a network change from a first virtual network to a second virtual network is reconfigured for a first virtual machine that is executing on a first virtual machine host. The reconfiguring includes the following. In the first virtual machine host, a mapping change from the first virtual network to the second virtual network is configured by reprogramming drivers in the first virtual machine host for route mapping for the second virtual network. A Dynamic Host Configuration Protocol (DHCP) retrigger is caused without rebooting the first virtual machine. A configuration file is provided to the first virtual machine. The configuration file includes user-specific networking settings. The first virtual machine is reconfigured in accordance with the user-specific networking settings.

公开(公告)号：US11582217B2

公开(公告)日：2023-02-14

申请号：US17344857

申请日：2021-06-10

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet Kumar ,  Aanand Ramachandran ,  Jayesh Kumaran ,  David Michael Brumley ,  Rishabh Tewari ,  Nisheeth Srivastava ,  Sushant Sharma ,  Deepak Bansal ,  Abhishek Ellore Sreenath ,  Parag Sharma ,  Abhishek Shukla ,  Avijit Gupta

IPC: G06F21/71 ,  G06F21/53 ,  H04L9/40 ,  G06F9/46 ,  G06F9/455 ,  H04L12/22

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Additionally or alternatively, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls to the tenant's virtual network.

公开(公告)号：US11153269B2

公开(公告)日：2021-10-19

申请号：US16707252

申请日：2019-12-09

Applicant: Microsoft Technology Licensing, LLC

Inventor： Young Lee ,  Sheng Lu ,  Xinyan Zan ,  Daniel M. Firestone ,  Harish Kumar Chandrappa ,  Anil A. Ingle ,  Jayesh Kumaran

IPC: H04L29/12 ,  G06F9/455

Abstract: A DHCP server implementation includes transmission of a DHCP packet from a virtual machine executing on a server node to a node agent executing on the server node, generation, by the node agent, of a DHCP response packet based on the DHCP packet and on DHCP information previously stored in a local memory of the server node, and transmission of the DHCP response packet from the node agent to the virtual machine. Neither the DHCP packet transmitted by the virtual machine nor the DHCP response packet are transmitted out of the server node.

公开(公告)号：US11055125B2

公开(公告)日：2021-07-06

申请号：US15870983

申请日：2018-01-14

Applicant: Microsoft Technology Licensing, LLC

Inventor： Sushant Pramod Rewaskar ,  Md. Daud Hossain Howlader ,  Ashish Bhargava ,  Nisheeth Srivastava ,  Naveen Prabhat ,  Jayesh Kumaran ,  Xinyan Zan ,  Abhishek Shukla ,  Rishabh Tewari

IPC: G06F9/455 ,  G06F9/4401 ,  G06F9/445 ,  H04L29/12 ,  H04L12/24

Abstract: The disclosed technology is generally directed to virtual machines. In one example of the technology, a network change from a first virtual network to a second virtual network is reconfigured for a first virtual machine that is executing on a first virtual machine host. The reconfiguring includes the following. In the first virtual machine host, a mapping change from the first virtual network to the second virtual network is configured by reprogramming drivers in the first virtual machine host for route mapping for the second virtual network. A Dynamic Host Configuration Protocol (DHCP) retrigger is caused without rebooting the first virtual machine. A configuration file is provided to the first virtual machine. The configuration file includes user-specific networking settings. The first virtual machine is reconfigured in accordance with the user-specific networking settings.