公开(公告)号：US20220103521A1

公开(公告)日：2022-03-31

申请号：US17103706

申请日：2020-11-24

申请人： VMware, Inc.

发明人： Sachin Mohan Vaidya ,  Kausum Kumar ,  Jayant Jain ,  Shadab Shah ,  Anirban Sengupta

IPC分类号： H04L29/06 ,  H04L12/713 ,  H04L12/717 ,  H04L12/66 ,  G06F9/455

摘要： Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.

公开(公告)号：US20210026677A1

公开(公告)日：2021-01-28

申请号：US16554370

申请日：2019-08-28

申请人： VMware, Inc.

发明人： Sunitha Krishna ,  Kausum Kumar ,  Rajiv Mordani ,  Ashish Shendure ,  Ashish Patel ,  Farzad Ghannadian

IPC分类号： G06F9/455 ,  H04L12/26 ,  H04L29/06

摘要： Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

公开(公告)号：US20200065080A1

公开(公告)日：2020-02-27

申请号：US16112396

申请日：2018-08-24

申请人： VMware, Inc.

发明人： Sirisha Myneni ,  Arijit Chanda ,  Laxmikant Vithal Gunda ,  Arnold Poon ,  Farzad Ghannadian ,  Kausum Kumar

IPC分类号： G06F8/60 ,  H04L29/08 ,  H04L29/06 ,  H04L29/12 ,  G06F17/27 ,  G06F9/54 ,  G06F9/455

摘要： Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

公开(公告)号：US11757940B2

公开(公告)日：2023-09-12

申请号：US17103706

申请日：2020-11-24

申请人： VMware, Inc.

发明人： Sachin Mohan Vaidya ,  Kausum Kumar ,  Jayant Jain ,  Shadab Shah ,  Anirban Sengupta

IPC分类号： H04L9/40 ,  G06F9/455 ,  H04L12/46 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/586 ,  H04L49/00 ,  H04L67/10 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64

CPC分类号： H04L63/20 ,  G06F9/455 ,  G06F9/45558 ,  H04L12/4641 ,  H04L12/66 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/42 ,  H04L45/586 ,  H04L45/64 ,  H04L49/70 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/10 ,  H04L67/10 ,  G06F2009/45595

摘要： Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.

公开(公告)号：US20210006542A1

公开(公告)日：2021-01-07

申请号：US16460823

申请日：2019-07-02

申请人： VMware, Inc.

发明人： Sirisha Myneni ,  Rajiv Mordani ,  Kausum Kumar

IPC分类号： H04L29/06

摘要： Behavior-based security in a datacenter includes monitoring user actions made by users in the datacenter. Behavior-based risk scores are computer for users based on their monitored actions. One or more firewall rules are generated for users based on their behavior-based risk scores. The firewall rules regulate the actions of the users.

公开(公告)号：US11349876B2

公开(公告)日：2022-05-31

申请号：US16554414

申请日：2019-08-28

申请人： VMware, Inc.

发明人： Sunitha Krishna ,  Kausum Kumar ,  Rajiv Mordani ,  Radha Popuri ,  Kavya Kambi Ravi ,  Ankur Saran ,  Farzad Ghannadian

IPC分类号： H04L29/06 ,  G06N20/00 ,  G06N5/04 ,  H04L9/40

摘要： Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

公开(公告)号：US20210226845A1

公开(公告)日：2021-07-22

申请号：US17133561

申请日：2020-12-23

申请人： VMware, Inc.

发明人： Kapil Goyal ,  W. Andrew Lambeth ,  Tea Liukkonen-Olmiala ,  Kausum Kumar

IPC分类号： H04L12/24

摘要： Some embodiments provide a method for visualizing a realization status of configuration changes for a set of logical entities of a logical network. The method generates a first presentation of a list of logical entities and a realization status for each logical entity in the list, where the realization status indicates whether all configuration changes for the logical entity have been realized. In response to a selection of a particular logical entity in the displayed list for which at least one configuration change has not been realized, the method generates a second presentation comprising a view of pending configuration changes for the selected particular logical entity.

公开(公告)号：US20210029166A1

公开(公告)日：2021-01-28

申请号：US16554414

申请日：2019-08-28

申请人： VMware, Inc.

发明人： Sunitha Krishna ,  Kausum Kumar ,  Rajiv Mordani ,  Radha Popuri ,  Kavya Kambi Ravi ,  Ankur Saran ,  Farzad Ghannadian

IPC分类号： H04L29/06 ,  G06N5/04 ,  G06N20/00

摘要： Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.

公开(公告)号：US11601458B2

公开(公告)日：2023-03-07

申请号：US17062600

申请日：2020-10-04

申请人： VMware, Inc.

发明人： Jayant Jain ,  Anirban Sengupta ,  Rick Lund ,  Kausum Kumar

IPC分类号： H04L29/06 ,  H04L9/40 ,  G06K9/62

摘要： The current document is directed to methods and systems that generate microsegmentation quotients for computational entities and components of a distributed-computer-system. In the described implementation, microsegmentation quotients are generated for each component, subsystem, or computational entity, collectively referred to as “system entities,” of a set of specified system-entity types within the distributed computer system. Microsegmentation quotients are generated for system entities at any of the various hierarchical levels within a distributed computer system, including for the entire distributed computer system. Microsegmentation quotients are generated by an iterative process that refines initial estimates of the microsegmentation quotients for system entities within the distributed computer system. Microsegmentation quotients are displayed, through system-management interfaces, to administration and management personnel and provided to automated administration-and-management-system tools and facilities in order to facilitate analysis and monitoring of distributed-computer-system security as well as to facilitate rapid and accurate detection and amelioration of security-related deficiencies and problems.

公开(公告)号：US11595255B2

公开(公告)日：2023-02-28

申请号：US17133561

申请日：2020-12-23

申请人： VMware, Inc.

发明人： Kapil Goyal ,  W. Andrew Lambeth ,  Tea Liukkonen-Olmiala ,  Kausum Kumar

IPC分类号： H04L41/0816 ,  H04L41/22 ,  H04L41/12

摘要： Some embodiments provide a method for visualizing a realization status of configuration changes for a set of logical entities of a logical network. The method generates a first presentation of a list of logical entities and a realization status for each logical entity in the list, where the realization status indicates whether all configuration changes for the logical entity have been realized. In response to a selection of a particular logical entity in the displayed list for which at least one configuration change has not been realized, the method generates a second presentation comprising a view of pending configuration changes for the selected particular logical entity.