-
Patent Agency Ranking
1.发明授权公开(公告)号:US10191762B2
公开(公告)日:2019-01-29
申请号:US15420523
申请日:2017-01-31
Applicant: VMware, Inc.
Inventor: Marcel Moolenaar
IPC: G06F9/46 , G06F9/455 , H04L29/12 , H04L12/833
Abstract: A technique transparently deploys an operating entity (OE) into a network data path of a virtualized computing environment that includes a guest operating system (OS) running in a virtual machine instance (VMI) of a virtual data center (VDC). The OE is embodied as an intermediary manager, e.g., a meta-hypervisor (metavisor), of a computing cell within the VMI that includes the guest OS and associated applications. The computing cell is layered over a hypervisor which manages system resources of the VDC in an arrangement such that the metavisor is disposed between the hypervisor and guest OS, and operates transparent to the guest OS. The transparent deployment technique involves a set of conditional tests and actions embodied as modules of the metavisor that is applied to examine network packet traffic exchanged over the network data path and that operates to make the presence of the metavisor within the network data path “invisible” (i.e., transparent) to the guest OS, i.e., so that the guest OS is unaware of the presence of the metavisor.
-
公开(公告)号:US10810034B2
公开(公告)日:2020-10-20
申请号:US16259325
申请日:2019-01-28
Applicant: VMware, Inc.
Inventor: Marcel Moolenaar
IPC: G06F9/46 , G06F9/455 , H04L12/823 , H04L29/12
Abstract: A technique transparently deploys an operating entity (OE) into a network data path of a virtualized computing environment that includes a guest operating system (OS) running in a virtual machine instance (VMI) of a virtual data center (VDC). The OE is embodied as an intermediary manager, e.g., a meta-hypervisor (metavisor), of a computing cell within the VMI that includes the guest OS and associated applications. The computing cell is layered over a hypervisor which manages system resources of the VDC in an arrangement such that the metavisor is disposed between the hypervisor and guest OS, and operates transparent to the guest OS. The transparent deployment technique involves a set of conditional tests and actions embodied as modules of the metavisor that is applied to examine network packet traffic exchanged over the network data path and that operates to make the presence of the metavisor within the network data path “invisible” (i.e., transparent) to the guest OS, i.e., so that the guest OS is unaware of the presence of the metavisor.
-
公开(公告)号:US10356128B1
公开(公告)日:2019-07-16
申请号:US15661618
申请日:2017-07-27
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Grant Callaghan , Marcel Moolenaar , Vinay Wagh , Rohan Desai , Matthew Page , Gary Menezes , Antoine Pourchet , Ramya Olichandran
Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VM is at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.
-
公开(公告)号:US10999328B2
公开(公告)日:2021-05-04
申请号:US16430344
申请日:2019-06-03
Applicant: VMware, Inc.
Inventor: Jason A. Lango , Grant Callaghan , Marcel Moolenaar , Vinay Wagh , Rohan Desai , Matthew Page , Gary Menezes , Antoine Pourchet , Ramya Olichandran
Abstract: A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VMIs at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.
-
公开(公告)号:US10652281B1
公开(公告)日:2020-05-12
申请号:US15692890
申请日:2017-08-31
Applicant: VMware, Inc.
Inventor: Marcel Moolenaar , Dennis Ramdass , Ramya Olichandran
Abstract: A technique implements network policy deployed in a tag-based policy architecture of a virtualized computing environment. One or more virtual machine instances (VMIs) may be provided by a virtual data center (VDC) of the environment, wherein each VMI includes an intermediary manager of a computing cell that also includes a guest operating system (OS) and associated applications. The tag-based policy architecture may be configured to enforce the network policy in the virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources, such as the VMIs, coupled to a computer network and to authorize access to protected resources, such as virtualized network resources of the VDC.
-
-
-
-
Search Results
5
records
(took 0.01 seconds)
