公开(公告)号：US12260229B2

公开(公告)日：2025-03-25

申请号：US18122162

申请日：2023-03-16

Applicant: VMWARE, INC.

Inventor： Kalyan Devarakonda ,  Ivaylo Radoslavov Radev ,  Georgi Lyubomirov Dimitrov ,  Narasimha Gopal Gorthi ,  Lipsa Nayak

IPC: G06F9/445

Abstract: Drift is automatically detected in configuration of services running in a management appliance of a software-defined data center. A method of automatically detecting drift includes: in response to a notification of a change in a configuration of a first service enabled for proactive drift detection, transmitting a first request to compute drift in the configuration of the first service to a plug-in of the first service, the first request including the change in the configuration of the first service; periodically, at designated time intervals, transmitting a second request to compute drift in the configuration of a second service enabled for passive drift detection, to the plug-in of the second service, the second request including a current state of the configuration of the second service; and notifying a desired state management service of the computed drift in the configuration of the first and second services.

公开(公告)号：US12149537B2

公开(公告)日：2024-11-19

申请号：US17574306

申请日：2022-01-12

Applicant: VMware Inc.

Inventor： Stanimir Lukanov ,  Georgi Lyubomirov Dimitrov ,  Georgi Lekov

IPC: H04L9/40

Abstract: Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container membership is associated with a container from a set of containers for the resource directory. The container includes one or more resources in a tree data structure of the resource directory. The resource managing service filters access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory. The resource managing service provides access to a set of resources from the resource directory.

公开(公告)号：US20230393881A1

公开(公告)日：2023-12-07

申请号：US18324373

申请日：2023-05-26

Applicant: VMware Inc.

Inventor： Brian Masao Oki ,  George Gregory Hicken ,  Mukesh Hira ,  Leonid Livshin ,  Ivaylo Vladimirov Loboshki ,  Ivaylo Radoslavov Radev ,  Alkesh Shah ,  Jianjun Shen ,  Abhishek Ajit Srivastava ,  Konstantinos Roussos ,  Stanimir Plamenov Lukanov ,  Anton Valentinov Donchevski ,  Georgi Lyubomirov Dimitrov

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45566 ,  G06F2009/45591

Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed to manage a deployment of virtual machines in a cluster by, in a first host of a plurality of hosts, monitor, with first control plane services, an availability of second control plane services at a second host of the plurality of hosts, wherein the first control plane services and the second control plane services support implementation of application programming interface (API) requests in association with managing a cluster, after a determination that the second control plane services at the second host is not available, assign the first control plane services at the first host to operate in place of the second control plane services at the second host, and in the first host, assign, via the first control plane services at the first host, resources of one or more hosts in the cluster to support the API request.

公开(公告)号：US11695777B2

公开(公告)日：2023-07-04

申请号：US16286240

申请日：2019-02-26

Applicant: VMware, Inc.

Inventor： Stanimir Lukanov ,  Georgi Lyubomirov Dimitrov ,  Hristo Hristov

IPC: H04L9/40 ,  G06F21/62 ,  G06F21/60

CPC classification number: H04L63/105 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/104 ,  H04L63/205 ,  G06F2221/2141 ,  G06F2221/2145

Abstract: Techniques for providing hybrid access control in a cloud-services computing environment are provided. In one embodiment, a method for providing hybrid access control is provided at a host computing device. The method includes obtaining access control settings including at least a first user's role-based access settings with respect to a first sub-system of a hierarchical computing-resource system. The method further includes propagating the access control settings from the first sub-system to a second sub-system; obtaining user group domains assigned to a plurality of sub-systems; and obtaining a group membership associated with the first user. The method further includes determining, based on the obtained user group domains and the obtained group membership associated with the first user, whether the first user's role-based access settings propagated to the second sub-system are to be adjusted; and making adjustments accordingly.

公开(公告)号：US20240220284A1

公开(公告)日：2024-07-04

申请号：US18122162

申请日：2023-03-16

Applicant: VMWARE, INC.

Inventor： KALYAN DEVARAKONDA ,  Ivaylo Radoslavov Radev ,  Georgi Lyubomirov Dimitrov ,  Narasimha Gopal Gorthi ,  Lipsa Nayak

IPC: G06F9/445

CPC classification number: G06F9/44526 ,  G06F9/4451

Abstract: Drift is automatically detected in configuration of services running in a management appliance of a software-defined data center. A method of automatically detecting drift includes: in response to a notification of a change in a configuration of a first service enabled for proactive drift detection, transmitting a first request to compute drift in the configuration of the first service to a plug-in of the first service, the first request including the change in the configuration of the first service; periodically, at designated time intervals, transmitting a second request to compute drift in the configuration of a second service enabled for passive drift detection, to the plug-in of the second service, the second request including a current state of the configuration of the second service; and notifying a desired state management service of the computed drift in the configuration of the first and second services.

公开(公告)号：US20230353557A1

公开(公告)日：2023-11-02

申请号：US17732311

申请日：2022-04-28

Applicant: VMware, Inc.

Inventor： Stanimir Lukanov ,  Kamen Mazdrashki ,  Georgi Lyubomirov Dimitrov ,  Dimo Raychev ,  Georgi Lekov

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/0823

Abstract: Bootstrapping a new remote appliance based on a request received at a main appliance based on established trust between the two appliances can be implemented as computer-implemented methods, media, and systems. A request is received at an authentication orchestrator at the main appliance to perform an operation requested by a user for execution on a remote appliance. The authentication orchestrator at the main appliance obtains an authentication token issued by an identity provider at the main appliance for the user associated with the request. The authentication orchestrator requests to exchange the authentication token issued by the identity provider at the main appliance for a new authentication token that is issued by an identity provider at the remote appliance. The authentication orchestrator at the main appliance initiates an authentication of the user at an appliance manager at the remote appliance based on providing the new authentication token.

公开(公告)号：US20230224304A1

公开(公告)日：2023-07-13

申请号：US17574306

申请日：2022-01-12

Applicant: VMware Inc.

Inventor： Stanimir Lukanov ,  Georgi Lyubomirov Dimitrov ,  Georgi Lekov

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/0853 ,  H04L63/20

Abstract: Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container membership is associated with a container from a set of containers for the resource directory. The container includes one or more resources in a tree data structure of the resource directory. The resource managing service filters access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory. The resource managing service provides access to a set of resources from the resource directory.