公开(公告)号：US20190334862A1

公开(公告)日：2019-10-31

申请号：US15965825

申请日：2018-04-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anirban Paul ,  Poornananda Gaddehosur Ramachandra ,  Gerardo Diaz-Cuellar ,  Osman Nuri Ertugay ,  Keith Edgar Horton ,  Omar Cardona ,  Nicholas David Wood ,  Shankar Seal ,  Dinesh Kumar Govindasamy

IPC: H04L29/12 ,  H04L12/46 ,  G06F9/455

Abstract: Embodiments described herein relate to providing hardware isolated virtualized environments (HIVEs) with network information. The HIVEs are managed by a hypervisor that virtualizes access to one or more physical network interface cards (NICs) of the host. Each HIVE has a virtual NIC backed by the physical NIC. Network traffic of the HIVEs flows through the physical NIC to a physical network. Traits of the physical NIC may be projected to the virtual NICs. For example, a media-type property of the virtual NICs (exposed to guest software in the HIVEs) may be set to mirror the media type of the physical NIC. A private subnet connects the virtual NICs with the physical NICs, possibly through a network address translation (NAT) component and virtual NICs of the host.

公开(公告)号：US20190306116A1

公开(公告)日：2019-10-03

申请号：US15937831

申请日：2018-03-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anirban Paul ,  Poornananda Gaddehosur Ramachandra ,  Shankar Seal ,  Anurag Saxena ,  Arun Venkatachalam ,  Sai Krishna Goutham Bachu

IPC: H04L29/06

Abstract: Embodiments relate to enabling clouds to multiplex their public network addresses among private addresses of IPSec gateways while making sure that IPSec tunnel packets are delivered to the private addresses of the IPSec tunnels that they are associated with. When IPSec packets egress from a cloud, the cloud may determine which IPSec tunnel or gateway the IPSec packets are associated with and modify the IPSec packets to identify the associated tunnel or gateway. When IPSec packets ingress to the cloud, the cloud may find identity information in the IPSec packets that identifies the associated tunnel or gateway. The identity information is used to direct the IPSec packets to the associated tunnel or gateway.

公开(公告)号：US10795717B2

公开(公告)日：2020-10-06

申请号：US16134912

申请日：2018-09-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anirban Paul ,  Poornananda Gaddehosur Ramachandra ,  Gerardo Diaz-Cuellar ,  Osman Nuri Ertugay ,  Keith Edgar Horton ,  Omar Cardona ,  Nicholas David Wood ,  Shankar Seal ,  Dinesh Kumar Govindasamy

IPC: G06F9/455 ,  G06F9/48 ,  G06F9/50 ,  H04L29/12

Abstract: Embodiments relate to hypervisors that provide hardware isolated virtualization environments (HIVEs) such as containers and virtual machines (VMs). A first HIVE includes a first virtual network interface card (NIC) and a second HIVE includes a second virtual NIC. Both virtual NICs are backed by the same physical NIC. The physical NIC has an Internet Protocol (IP) address. The virtual NICs are assigned the same IP address as the physical NIC. A networking stack of the hypervisor receives inbound packets addressed to the IP address. The networking stack steers the inbound packets to the virtual NICs according to tuples of the inbound packets. Packets emitted by the virtual NICs comprise the IP address, pass through the network stack, and are transmitted by the physical NIC with headers comprising the IP address.

公开(公告)号：US20200089517A1

公开(公告)日：2020-03-19

申请号：US16134912

申请日：2018-09-18

Applicant: Microsoft Technology Licensing, LLC

Inventor： Anirban Paul ,  Poornananda Gaddehosur Ramachandra ,  Gerardo Diaz-Cuellar ,  Osman Nuri Ertugay ,  Keith Edgar Horton ,  Omar Cardona ,  Nicholas David Wood ,  Shankar Seal ,  Dinesh Kumar Govindasamy

IPC: G06F9/455 ,  H04L29/12

Abstract: Embodiments relate to hypervisors that provide hardware isolated virtualization environments (HIVEs) such as containers and virtual machines (VMs). A first HIVE includes a first virtual network interface card (NIC) and a second HIVE includes a second virtual NIC. Both virtual NICs are backed by the same physical NIC. The physical NIC has an Internet Protocol (IP) address. The virtual NICs are assigned the same IP address as the physical NIC. A networking stack of the hypervisor receives inbound packets addressed to the IP address. The networking stack steers the inbound packets to the virtual NICs according to tuples of the inbound packets. Packets emitted by the virtual NICs comprise the IP address, pass through the network stack, and are transmitted by the physical NIC with headers comprising the IP address.

公开(公告)号：US09432359B2

公开(公告)日：2016-08-30

申请号：US14802362

申请日：2015-07-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ryan S. Menezes ,  Taroon Mandhana ,  Shankar Seal ,  Dhiraj P. Gandhi ,  Aaron Wesley Cunningham

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32

CPC classification number: H04L63/083 ,  H04L9/3213 ,  H04L63/0815 ,  H04L63/0884 ,  H04L63/101 ,  H04L67/2814

Abstract: In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials.

公开(公告)号：US20150326560A1

公开(公告)日：2015-11-12

申请号：US14802362

申请日：2015-07-17

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ryan S. Menezes ,  Taroon Mandhana ,  Shankar Seal ,  Dhiraj P. Gandhi ,  Aaron Wesley Cunningham

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/083 ,  H04L9/3213 ,  H04L63/0815 ,  H04L63/0884 ,  H04L63/101 ,  H04L67/2814

Abstract: In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials.

Abstract translation: 在注册和网络访问控制的实施例中，可以将初始未配置的网络接口设备注册和配置为用于客户端设备的公共网络的接口。 在另一个实施例中，网络接口设备可以接收来自客户端设备的网络访问请求，以利用可扩展认证协议（EAP）来访问安全网络，并且该请求被传送到认证服务以基于客户端设备的用户认证 用户凭据。 在另一个实施例中，网络接口设备可以使用通用接入方法（UAM）从客户端设备接收访问公共网络中的网站的网络接入请求，并且将该请求重定向到认证服务以认证用户的 客户端设备基于用户凭据。