公开(公告)号：US20200097310A1

公开(公告)日：2020-03-26

申请号：US16141502

申请日：2018-09-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhishek SHUKLA ,  Abhishek Ellore SREENATH ,  Neha AGGARWAL ,  Naveen PRABHAT ,  Nisheeth SRIVASTAVA ,  Xinyan ZAN ,  Ashish BHARGAVA ,  Parag SHARMA ,  Rishabh TEWARI

IPC: G06F9/455 ,  H04L29/06 ,  H04W4/50 ,  H04L12/66

Abstract: A virtual network interface controller (NIC) associated with a virtual machine in a cloud computing network is configured to support one or more network containers that encapsulate networking configuration data and policies that are applicable to a specific discrete computing workload to thereby enable the virtual machine to simultaneously belong to multiple virtual networks using the single NIC. The network containers supported by the NIC can be associated with a single tenant to enable additional flexibility such quickly switching between virtual networks and support pre-provisioning of additional computing resources with associated networking policies for rapid deployment. The network containers can also be respectively associated with different tenants so that the single NIC can support multi-tenant services on the same virtual machine.

公开(公告)号：US20230315506A1

公开(公告)日：2023-10-05

申请号：US18327713

申请日：2023-06-01

Applicant: Microsoft Technology Licensing, LLC

Inventor： Vishal TANEJA ,  Abhishek SHUKLA ,  Parag SHARMA ,  Xinyan ZAN ,  Kaihua XU

IPC: G06F9/455 ,  H04L12/46 ,  H04L45/74 ,  H04L61/5007

CPC classification number: G06F9/45558 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/74 ,  H04L61/5007 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: A hybrid state for a virtual machine (VM) in a cloud computing system enables a VM to communicate with other VMs that belong to a virtual network (VNET VMs) while maintaining connectivity with other VMs that do not belong to the virtual network (non-VNET VMs). A non-VNET VM can be transitioned to a hybrid VM that operates in a hybrid state. The hybrid VM can be assigned a private virtual IP address (VNET address) for communication with other VNET VMs. The hybrid VM can continue to use a physical IP address to communicate with other non-VNET VMs. In this way, the hybrid VM is able to maintain connectivity with other non-VNET VMs during and after migration to the VNET. A network stack can be configured to process data packets that are destined for non-VNET VMs differently from data packets that are destined for VNET VMs.

公开(公告)号：US20200099656A1

公开(公告)日：2020-03-26

申请号：US16262626

申请日：2019-01-30

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Sumeet MITTAL ,  Abhishek SHUKLA ,  Rishabh TEWARI ,  Qiming CHEN ,  Harish Kumar CHANDRAPPA ,  Pranjal SHRIVASTAVA ,  Anitha ADUSUMILLI ,  Parag SHARMA ,  Abhishek Ellore SREENATH

IPC: H04L29/12 ,  H04L29/08

Abstract: The techniques described herein enable a private connectivity solution between a virtual network of a service consumer and a virtual network of a service provider in a cloud-based platform. The techniques map a service (e.g., one or more workloads or containers) executing in the virtual network of the service provider into the virtual network of the service consumer. The mapping uses network address translation (NAT) that is performed by the cloud-based infrastructure. As a result of the techniques described herein, a public Internet Protocol (IP) address does not need to be used to establish a connection thereby alleviating privacy and/or security concerns for the virtual networks of the service provider and/or the service consumer that are hosted by the cloud-based platform.

公开(公告)号：US20210084003A1

公开(公告)日：2021-03-18

申请号：US16572491

申请日：2019-09-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Parag SHARMA ,  Hemant KUMAR ,  Xinyan ZAN ,  Nimish AGGARWAL

IPC: H04L29/12 ,  H04L12/46 ,  G06F9/455

Abstract: A distributed resource may be mapped into a virtual network, where the resource is distributed across a large number of nodes that are uniquely addressable within the distributed resource service's address space. The resource can be represented using a relatively small number of private VIP addresses within the virtual network, while still enabling access to all of the nodes that are uniquely addressable within the address space of the distributed resource service. A resource map may be created that relates the distributed resource service's address space to the virtual network's address space. The resource map may be used by a gateway that facilitates access to a distributed resource by clients. The resource map may also be used to translate packets that are sent from clients within a virtual network into the distributed resource service's address space.

公开(公告)号：US20210019167A1

公开(公告)日：2021-01-21

申请号：US16664552

申请日：2019-10-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Vishal TANEJA ,  Abhishek SHUKLA ,  Parag SHARMA ,  Xinyan ZAN ,  Kaihua XU

IPC: G06F9/455 ,  H04L12/46 ,  H04L12/741 ,  H04L29/12

Abstract: A hybrid state for a virtual machine (VM) in a cloud computing system enables a VM to communicate with other VMs that belong to a virtual network (VNET VMs) while maintaining connectivity with other VMs that do not belong to the virtual network (non-VNET VMs). A non-VNET VM can be transitioned to a hybrid VM that operates in a hybrid state. The hybrid VM can be assigned a private virtual IP address (VNET address) for communication with other VNET VMs. The hybrid VM can continue to use a physical IP address to communicate with other non-VNET VMs. In this way, the hybrid VM is able to maintain connectivity with other non-VNET VMs during and after migration to the VNET. A network stack can be configured to process data packets that are destined for non-VNET VMs differently from data packets that are destined for VNET VMs.

公开(公告)号：US20200092271A1

公开(公告)日：2020-03-19

申请号：US16234211

申请日：2018-12-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhijeet KUMAR ,  Aanand RAMACHANDRAN ,  Jayesh KUMARAN ,  David Michael BRUMLEY ,  Rishabh TEWARI ,  Nisheeth SRIVASTAVA ,  Sushant SHARMA ,  Deepak BANSAL ,  Abhishek Ellore SREENATH ,  Parag SHARMA ,  Abhishek SHUKLA ,  Avijit GUPTA

IPC: H04L29/06 ,  G06F9/455 ,  G06F9/46

Abstract: The disclosed system implements techniques to secure communications for injecting a workload (e.g., a container) into a virtual network hosted by a cloud-based platform. Based on a delegation instruction received from a tenant, a virtual network of the tenant can connect to and execute a workload via a virtual machine that is part of a virtual network that belongs to a resource provider. To secure calls and authorize access to the tenant's virtual network, authentication information provided in association with a call from the virtual network of the resource provider may need to match authorization information made available via a publication service of the cloud-based platform. Moreover, an identifier of a NIC used to make a call may need to correspond to a registered name of the resource provider for the call to be authorized. These checks provide increased security by preventing unauthorized calls from accessing the tenant's virtual network.

公开(公告)号：US20240187369A1

公开(公告)日：2024-06-06

申请号：US18417838

申请日：2024-01-19

Applicant: Microsoft Technology Licensing, LLC

Inventor： Parag SHARMA ,  Hemant KUMAR ,  Xinyan ZAN ,  Nimish AGGARWAL

IPC: H04L61/10 ,  G06F9/455 ,  H04L12/46 ,  H04L61/5007

CPC classification number: H04L61/10 ,  G06F9/45545 ,  H04L12/4641 ,  H04L61/5007 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: A distributed resource may be mapped into a virtual network, where the resource is distributed across a large number of nodes that are uniquely addressable within the distributed resource service's address space. The resource can be represented using a relatively small number of private VIP addresses within the virtual network, while still enabling access to all of the nodes that are uniquely addressable within the address space of the distributed resource service. A resource map may be created that relates the distributed resource service's address space to the virtual network's address space. The resource map may be used by a gateway that facilitates access to a distributed resource by clients. The resource map may also be used to translate packets that are sent from clients within a virtual network into the distributed resource service's address space.

公开(公告)号：US20230136574A1

公开(公告)日：2023-05-04

申请号：US17565234

申请日：2021-12-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： Jie LI ,  Ashish BHARGAVA ,  Mohamed N. HASSAN ,  Parag SHARMA ,  Neeraj MOTWANI ,  Rishabh TEWARI

IPC: H04L41/12 ,  H04L12/46 ,  H04L9/40 ,  H04L41/18 ,  H04L12/66

Abstract: A virtual network manager and associated user interface/portal provide customers with simplified centralized management of virtual networks to implement logical groupings of network resources at scale. The virtual network manager enables network segmentation using names or tags, connectivity configuration to create different virtual network topologies, security configuration to provide enforcement of organizational rules without being overwritten and Network Security Group (NSG) management in a simple and scalable manner, safe deployment of network configurations to designated regions on a fix and roll forward basis, and virtual network (VNet) level monitoring.

公开(公告)号：US20220021638A1

公开(公告)日：2022-01-20

申请号：US17492859

申请日：2021-10-04

Applicant: Microsoft Technology Licensing, LLC

Inventor： Parag SHARMA ,  Hemant KUMAR ,  Xinyan ZAN ,  Nimish AGGARWAL

IPC: H04L29/12 ,  G06F9/455 ,  H04L12/46

Abstract: A distributed resource may be mapped into a virtual network, where the resource is distributed across a large number of nodes that are uniquely addressable within the distributed resource service's address space. The resource can be represented using a relatively small number of private VIP addresses within the virtual network, while still enabling access to all of the nodes that are uniquely addressable within the address space of the distributed resource service. A resource map may be created that relates the distributed resource service's address space to the virtual network's address space. The resource map may be used by a gateway that facilitates access to a distributed resource by clients. The resource map may also be used to translate packets that are sent from clients within a virtual network into the distributed resource service's address space.

公开(公告)号：US20210389967A1

公开(公告)日：2021-12-16

申请号：US17241963

申请日：2021-04-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Abhishek SHUKLA ,  Abhishek Ellore SREENATH ,  Neha AGGARWAL ,  Naveen PRABHAT ,  Nisheeth SRIVASTAVA ,  Xinyan ZAN ,  Ashish BHARGAVA ,  Parag SHARMA ,  Rishabh TEWARI

IPC: G06F9/455 ,  H04W4/50 ,  H04L12/66 ,  H04L29/06

Abstract: A virtual network interface controller (NIC) associated with a virtual machine in a cloud computing network is configured to support one or more network containers that encapsulate networking configuration data and policies that are applicable to a specific discrete computing workload to thereby enable the virtual machine to simultaneously belong to multiple virtual networks using the single NIC. The network containers supported by the NIC can be associated with a single tenant to enable additional flexibility such quickly switching between virtual networks and support pre-provisioning of additional computing resources with associated networking policies for rapid deployment. The network containers can also be respectively associated with different tenants so that the single NIC can support multi-tenant services on the same virtual machine.