公开(公告)号：US20230362064A1

公开(公告)日：2023-11-09

申请号：US18224474

申请日：2023-07-20

Applicant: Nicira, Inc.

Inventor： Amardeep Nagarkar ,  Shivraj Shahajirao Sonawane ,  Shantanu Kulkarni ,  Sarat Chandra Annadata ,  Sachin Mohan Vaidya

IPC: H04L41/22 ,  H04L43/045 ,  H04L41/12

CPC classification number: H04L41/22 ,  H04L43/045 ,  H04L41/12

Abstract: Some embodiments provide a method for generating a multi-layer network map from network configuration data. The method receives network configuration data that defines network components and connections between the network components for a network that spans one or more datacenters. Based on the received network configuration data, the method generates multiple data layers for a multi-layer interactive map of the network. Different data layers include different network components and connections. The method generates a visual representation of the network for each data layer. Each visual representation includes a map of the network at a different level of hierarchy.

公开(公告)号：US10778651B2

公开(公告)日：2020-09-15

申请号：US15896099

申请日：2018-02-14

Applicant: NICIRA, INC.

Inventor： Laxmikant Vithal Gunda ,  Sachin Mohan Vaidya ,  Arnold Poon

IPC: H04L29/06 ,  H04L9/08 ,  G06F9/455 ,  H04L9/06 ,  H04L29/08

Abstract: Some embodiments provide a context engine that supplies contextual-attributes to several context-based service engines on its host computer. Different embodiments use different types of context-based service engines. For instance, in some embodiments, the attribute-based service engines include an encryption engine that performs context-based encryption or decryption operations to encrypt data messages from the machines, or to decrypt data messages received for the machines.

公开(公告)号：US10715607B2

公开(公告)日：2020-07-14

申请号：US15830074

申请日：2017-12-04

Applicant: Nicira, Inc.

Inventor： Arnold Poon ,  Laxmikant Gunda ,  Jayant Jain ,  Anirban Sengupta ,  Sachin Mohan Vaidya

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06 ,  G06F9/448 ,  H04L12/26

Abstract: Some embodiments provide a novel method for configuring a set of service one or more nodes on a host to perform context-rich, attribute-based services on the host computer, which executes several data compute nodes (DCNs) in addition to the set of service nodes. The method uses a context-filtering node on the host to collect a first set of attributes associated with service rules processed by the set of service nodes on the host computer. The context filter also collects a second set of attributes associated with at least one data message flow of a DCN (e.g., of a virtual machine (VM) or container) executing on the host. After collecting the first and second sets of attributes, the context filtering node on the host compares the first and second sets of attributes to generate a service tag to represent a subset of the first set of attributes associated with the data message flow. The method associates this service tag with the data message flow. This service tag can then be used to identify the subset of attributes associated with the data message flow when a service node needs to process its attribute-based service rules for the data message flow.

公开(公告)号：US10511636B2

公开(公告)日：2019-12-17

申请号：US16112732

申请日：2018-08-26

Applicant: Nicira, Inc.

Inventor： Sachin Mohan Vaidya ,  Azeem Feroz ,  Anirban Sengupta ,  James Christopher Wiese

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/55 ,  G06F21/53

Abstract: Systems and techniques are described for virtual machine security. A described technique includes operating one or more virtual machines each in accordance with a respective security container, wherein the respective security container is associated with a respective rule that specifies transfer of the virtual machine from the respective security container to a quarantine container based on one or more criteria. One or more security services are operated on the one or more virtual machines to identify one or more security threats associated with one or more of the virtual machines. One or more tags generated by the endpoint security services are obtained, where each tag is for a virtual machine that is associated with one of the identified security threats. And one of the virtual machines is identified as requiring transfer to the quarantine container based on, at least, one or more of the Obtained tags and the one or more criteria.

公开(公告)号：US09762619B1

公开(公告)日：2017-09-12

申请号：US15369596

申请日：2016-12-05

Applicant: Nicira, Inc.

Inventor： Sachin Mohan Vaidya ,  W. Andrew Lambeth ,  James Joseph Stabile ,  Farzad Ghannadian

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/20 ,  G06F9/455 ,  G06F9/5077 ,  H04L12/244 ,  H04L63/0263 ,  H04L65/1073

Abstract: A multi-layer policy framework for monitoring and enforcing policy is provided. The multi-layer policy framework receives the desired state of the policy at each layer and translates the desired state into a realized state for the layer. The desired state specifies the intent of the user and the realized specifies the specific actions that have to be performed in order to reach the desired state. The realized state at each layer is sent to the next lower layer as the desired state for the lower layer. At the lowest layer, the desired state is converted into a realized state that includes a set of rules used to enforce the policy. The set of rules are then enforced at different enforcement points at the lowest layer.

公开(公告)号：US20220261273A1

公开(公告)日：2022-08-18

申请号：US17739534

申请日：2022-05-09

Applicant: Nicira, Inc.

Inventor： Laxmikant Vithal Gunda ,  Sachin Mohan Vaidya

IPC: G06F9/455 ,  H04L9/40 ,  G06F9/06 ,  H04L51/214 ,  G06F21/50 ,  G06F21/55 ,  G06F21/57

Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines. The context engine then provides the contextual attributes to the service engines, which, in turn, use these contextual attributes to identify service rules for processing.

公开(公告)号：US11327784B2

公开(公告)日：2022-05-10

申请号：US16945736

申请日：2020-07-31

Applicant: Nicira, Inc.

Inventor： Laxmikant Vithal Gunda ,  Sachin Mohan Vaidya

IPC: G06F9/455 ,  H04L29/06 ,  G06F9/06 ,  H04L12/58 ,  G06F21/50 ,  G06F21/55 ,  G06F21/57 ,  H04L29/12 ,  H04L51/00 ,  H04L61/2596 ,  H04L61/2521 ,  H04L61/103 ,  H04L61/5014 ,  H04L61/59 ,  H04L101/622

Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines. The context engine then provides the contextual attributes to the service engines, which, in turn, use these contextual attributes to identify service rules for processing.

公开(公告)号：US20200169474A1

公开(公告)日：2020-05-28

申请号：US16261613

申请日：2019-01-30

Applicant: NICIRA, INC.

Inventor： AMARDEEP NAGARKAR ,  Shivraj Shahajirao Sonawane ,  Shantanu Kulkarni ,  Sarat Chandra Annadata ,  Sachin Mohan Vaidya

IPC: H04L12/24 ,  H04L12/26

Abstract: Some embodiments provide a method for generating a multi-layer network map from network configuration data. The method receives network configuration data that defines network components and connections between the network components for a network that spans one or more datacenters. Based on the received network configuration data, the method generates multiple data layers for a multi-layer interactive map of the network. Different data layers include different network components and connections. The method generates a visual representation of the network for each data layer. Each visual representation includes a map of the network at a different level of hierarchy.

公开(公告)号：US10666508B2

公开(公告)日：2020-05-26

申请号：US15810158

申请日：2017-11-13

Applicant: NICIRA, INC.

Inventor： Kaushal Bansal ,  Sorabh Kalra ,  Anil Kumar ,  Shashikant Anna Shinde ,  Sachin Mohan Vaidya

IPC: H04L12/24 ,  G06F9/455 ,  H04L29/06 ,  H04L29/08 ,  G06F8/71 ,  G06F8/65

Abstract: Described herein are systems, methods, and software to enhance the management of software defined networking configurations over multiple hosting environments. In one implementations, a sync service receives a software defined networking configuration from a software defined networking manager of a first hosting site. Once received, the sync service determines differencing data between the software defined networking configuration and a second software defined networking configuration received previously by the sync service from the first hosting site. The sync service further identifies a configuration update for a second software defined networking manager of a second hosting site based on the differencing data, and transfers the configuration update to the second software defined networking manager.

公开(公告)号：US10333983B2

公开(公告)日：2019-06-25

申请号：US15369580

申请日：2016-12-05

Applicant: Nicira, Inc.

Inventor： Sachin Mohan Vaidya ,  Yogesh Gaikwad ,  Naveen Ramaswamy ,  Minjal Agarwal ,  Abhishek Goliya ,  Rajiv Krishnamurthy ,  ChiHsiang Su

IPC: H04L29/06 ,  G06F9/455 ,  G06F9/50 ,  H04L12/24

Abstract: A method of defining policy for a network virtualization platform of a data center is provided. The method receives a registration of one or more actions provided by each of a plurality of data center services. The method defines a policy template by receiving the identification of a set of data center resources and a set of actions registered by a set of data center services to be applied to each identified resource. The method instantiates the template into a set of policy instances that each includes an identification of one or more resources and identification of one or more actions identified in the policy template. The policy is then enforced by the set of data center services by applying the actions identified in each policy instance to the resources identified in the policy instance.