公开(公告)号：US20210029146A1

公开(公告)日：2021-01-28

申请号：US16546513

申请日：2019-08-21

Applicant: VMware, Inc.

Inventor： Mani KANCHERLA ,  Jian LAN ,  Xi ZENG ,  Hailing XU ,  K. Antion SHIBAN

IPC: H04L29/06 ,  H04W12/08

Abstract: Embodiments described herein relate to managing firewall rules. Embodiments include identifying a plurality of firewall rules for request handling. Embodiments include determining a deny count for each given firewall rule of the plurality of firewall rules based on a number of requests flagged on account of the given firewall rule. Embodiments include determining an anomaly score for each given firewall rule of the plurality of firewall rules indicating a severity of attacks the given firewall rule protects against. Embodiments include determining an urgency measure for each given firewall rule of the plurality of firewall rules based on the deny count for the given firewall rule and the anomaly score for the given firewall rule. Embodiments include determining an update to at least one firewall rule of the plurality of firewall rules based on the urgency measure for each given firewall rule of the plurality of firewall rules.

公开(公告)号：US20240028441A1

公开(公告)日：2024-01-25

申请号：US17902350

申请日：2022-09-02

Applicant: VMware, Inc.

Inventor： Jian LAN ,  Liang CUI ,  Aravind SRINIVASAN ,  Hailing XU ,  Yan QI ,  Prachi DALVI ,  Shuting MA ,  Todd SABIN ,  Uday Suresh MASUREKAR ,  Weiqing WU

IPC: G06F11/07 ,  G06F9/455

CPC classification number: G06F11/0784 ,  G06F9/45558 ,  G06F11/0709 ,  G06F2009/45591

Abstract: An example method of propagating fault domain topology information in a distributed container orchestration system includes: receiving, at control plane software executing in a data center, the fault domain topology, which includes tags for a protection group and fault domains for remote sites in communication with the data center; deploying, by a master server of the distributed container orchestration system that executes in the data center, a node pool comprising virtual machines (VMs) executing in servers of the remote sites, the VMs being nodes of the distributed container orchestration system in which containers execute; determining, by a controller of the master server, relationships among the VMs, the servers, the protection group, and the fault domains based on state of resources maintained by the master server; and providing, by the controller, labels to the servers for associating the tags of the protection group and the fault domains to the VMs.

公开(公告)号：US20240028412A1

公开(公告)日：2024-01-25

申请号：US17940006

申请日：2022-09-08

Applicant: VMware, Inc.

Inventor： Hailing XU ,  Liang CUI ,  Aravind SRINIVASAN ,  Ni LU

IPC: G06F9/50

CPC classification number: G06F9/5055 ,  G06F9/5072 ,  G06F2209/505 ,  G06F2209/508

Abstract: Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. In response to receiving a first instruction to perform a first management action, a first validation operation may be performed based on the cluster add-on definition information and multiple first configuration values associated the multiple first configuration fields. In response to receiving a second instruction to perform a second management action associated with the second add-on, a second validation operation may be performed based on the cluster add-on definition information and multiple second configuration values associated the multiple second configuration fields. The first/second management action may be performed in response to determination that the first/second validation operation is successful.

公开(公告)号：US20240028411A1

公开(公告)日：2024-01-25

申请号：US17940004

申请日：2022-09-08

Applicant: VMware, Inc.

Inventor： Hailing XU ,  Liang CUI ,  Aravind SRINIVASAN ,  Ni LU

IPC: G06F9/50

CPC classification number: G06F9/5055 ,  G06F9/5072 ,  G06F2209/505 ,  G06F2209/508

Abstract: Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. User interface(s) may be generated based on the cluster add-on definition information to allow a user to request for a management action associated. In response to receiving a first request for a first management action associated with the first add-on, a first instruction may be generated and sent to cause the first management action to be performed in the first cluster. In response to receiving a second request for a second management action associated with the second add-on, a second instruction may be generated and sent to cause the second management action to be performed in the first cluster or the second cluster.