公开(公告)号：US20240241741A1

公开(公告)日：2024-07-18

申请号：US18097921

申请日：2023-01-17

Applicant: VMware, Inc.

Inventor： Petko PADEVSKI ,  Georgi LEKOV ,  Stanimir LUKANOV

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583 ,  G06F2009/45591 ,  G06F2009/45595

Abstract: The disclosure provides an example method for connection health monitoring and troubleshooting. The method generally includes monitoring a plurality of connections established between a first application running on a first host and a second application running on a second host; based on the monitoring, detecting two or more connections of the plurality of connections have failed within a first time period; in response to detecting the two or more connections have failed within the first time period, determining to initiate a single health check between the first host and the second host and enqueuing a single health check request in a queue to invoke performance of the single health check based on the single health check request; determining the queue comprises: a queued active health check request, or no previously-queued health check requests; enqueuing the single health check request in the queue; and performing the single health check.

公开(公告)号：US20210218723A1

公开(公告)日：2021-07-15

申请号：US16742881

申请日：2020-01-14

Applicant: VMware, Inc.

Inventor： Georgi LEKOV ,  Rusko ATANASOV ,  Stanimir LUKANOV ,  Elena DIMITROVA ,  Dimo RAYCHEV

IPC: H04L29/06

Abstract: Hosts in a cluster in a virtualized computing environment bypass a management layer when communicating with an external key management service (KMS). One of the hosts is configured with KMS configuration information (including digital certificate information) that enables the host to directly communicate with the KMS via a secure communication connection, instead of communicating with the KMS via the management layer. This KMS configuration information is replicated in a distributed manner from the host to the other hosts in the cluster, thereby enabling the other hosts in the cluster to also directly and independently communicate with the KMS to obtain encryption keys to perform cryptographic operations.

公开(公告)号：US20230168966A1

公开(公告)日：2023-06-01

申请号：US17456712

申请日：2021-11-29

Applicant: VMware, Inc.

Inventor： Georgi LEKOV ,  Radoslav GANKOV

IPC: G06F11/14 ,  G06F9/455 ,  G06F16/22

CPC classification number: G06F11/1415 ,  G06F9/45558 ,  G06F16/22 ,  G06F9/45541 ,  G06F2009/45595 ,  G06F2009/45562 ,  G06F2009/4557

Abstract: The disclosure provides an approach for alarm state restoration. Embodiments include determining a plurality of alarm definitions applicable to an inventory of a plurality of entities in a computing environment. Embodiments include assigning each given alarm definition of the plurality of alarm definitions to a given alarm category of a plurality of alarm categories. Embodiments include restoring declared states of the plurality of alarms definition on the inventory based on the assigning, wherein the restoring comprises, for each given alarm category of the plurality of alarm categories, performing a single traversal of the inventory to identify all respective entities of the plurality of entities that correspond to one or more alarm definitions assigned to the given alarm category.

公开(公告)号：US20230097770A1

公开(公告)日：2023-03-30

申请号：US17489012

申请日：2021-09-29

Applicant: VMware, Inc.

Inventor： Elena DIMITROVA ,  Georgi LEKOV ,  Radoslav GANKOV ,  Yoana STOYANOVA ,  Ivaylo KIRYAZOV

IPC: H04L29/06

Abstract: The disclosure herein describes monitoring authorization checks and detecting excess authorization privileges and other privilege usage patterns. An authorization check associated with an operation performed during a session in a computing environment is captured and a set of authorization privileges granted to a user of the session is identified. Based on comparison of the authorization privileges to authorization checks including the captured authorization check, excess authorization privileges granted to the user of the session is detected, wherein the excess authorization privileges are a subset of the identified set of authorization privileges. A privilege discrepancy notification based on the detected set of excess authorization privileges is generated. The detected privilege usage patterns described herein are used to improve the efficient use, and increase the security, of resources in the computing system. Further, the time required for authorization processing is reduced through caching of frequent privilege usage patterns.