公开(公告)号：US20220360563A1

公开(公告)日：2022-11-10

申请号：US17872846

申请日：2022-07-25

Applicant: VMware, Inc.

Inventor： Arnold POON ,  Sirisha MYNENI ,  Rajiv MORDANI ,  Aditi VUTUKURI

IPC: H04L9/40 ,  H04L61/103 ,  G06F9/455

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.

公开(公告)号：US20200296077A1

公开(公告)日：2020-09-17

申请号：US16351083

申请日：2019-03-12

Applicant: VMware, Inc.

Inventor： Arnold POON ,  Sirisha MYNENI ,  Rajiv MORDANI ,  Aditi VUTUKURI

IPC: H04L29/06 ,  H04L29/12 ,  G06F9/455

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.

公开(公告)号：US20200186534A1

公开(公告)日：2020-06-11

申请号：US16213545

申请日：2018-12-07

Applicant: VMware, Inc.

Inventor： Arijit CHANDA ,  Venkat RAJAGOPALAN ,  Rajiv MORDANI ,  Arnold POON ,  Rajiv KRISHNAMURTHY ,  Farzad GHANNADIAN ,  Sirisha MYNENI

IPC: H04L29/06

Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.