-
公开(公告)号:US20200228571A1
公开(公告)日:2020-07-16
申请号:US16249629
申请日:2019-01-16
Applicant: VMware, Inc.
Inventor: Hamza AHARCHAOU , Farzad GHANNADIAN , Amarnath PALAVALLI , Rajiv KRISHNAMURTHY
Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.
-
公开(公告)号:US20230262114A1
公开(公告)日:2023-08-17
申请号:US18307504
申请日:2023-04-26
Applicant: VMware, Inc.
Inventor: Alok TIAGI , Farzad GHANNADIAN , Karen HAYRAPETYAN , Laxmikant Vithal GUNDA , Sunitha KRISHNA , Ashot ASLANYAN , Anirban SENGUPTA
IPC: H04L67/1012 , H04L47/78 , H04L47/125 , H04L9/40 , H04L41/22 , H04L67/01 , G06F18/214
CPC classification number: H04L67/1012 , H04L47/781 , H04L47/125 , H04L63/20 , H04L41/22 , H04L67/01 , G06F18/2148
Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.
-
公开(公告)号:US20210336899A1
公开(公告)日:2021-10-28
申请号:US16855305
申请日:2020-04-22
Applicant: VMware, Inc.
Inventor: Alok TIAGI , Farzad GHANNADIAN , Karen HAYRAPETYAN , Laxmikant Vithal GUNDA , Sunitha KRISHNA , Ashot ASLANYAN , Anirban SENGUPTA
IPC: H04L12/911 , H04L12/803 , H04L12/24 , H04L29/06 , G06K9/62
Abstract: The disclosure provides an approach for workload labeling and identification of known or custom applications. Embodiments include determining a plurality of sets of features comprising a respective set of features for each respective workload of a first subset of a plurality of workloads. Embodiments include identifying a group of workloads based on similarities among the plurality of sets of features. Embodiments include receiving label data from a user comprising a label for the group of workloads. Embodiments include associating the label with each workload of the group of workloads to produce a training data set. Embodiments include using the training data set to train a model to output labels for input workloads. Embodiments include determining a label for a given workload of the plurality of workloads by inputting features of the given workload to the model.
-
公开(公告)号:US20200186534A1
公开(公告)日:2020-06-11
申请号:US16213545
申请日:2018-12-07
Applicant: VMware, Inc.
Inventor: Arijit CHANDA , Venkat RAJAGOPALAN , Rajiv MORDANI , Arnold POON , Rajiv KRISHNAMURTHY , Farzad GHANNADIAN , Sirisha MYNENI
IPC: H04L29/06
Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.
-
-
-