公开(公告)号：US20200233689A1

公开(公告)日：2020-07-23

申请号：US16255768

申请日：2019-01-23

Applicant: VMware, Inc.

Inventor： Srinivas NEGINHAL ,  Medhavi Dhawan ,  Vjekoslav Brajkovic ,  Cheng Zhang ,  Jiaqi Chen ,  David Tsai ,  Maithem Munshed ,  Zeeshan Lokhandwala ,  Ming Wen ,  Ragnar Edholm ,  Rajneesh Bajpai

IPC: G06F9/455 ,  H04L29/06 ,  G06F16/182 ,  G06F3/06

Abstract: Certain embodiments described herein are directed to methods and systems for adding one or more nodes to a first cluster including a first node in a computer system. A method performed by the first node comprises receiving a first request from a second node to join the first cluster. The method also comprises retrieving a first cluster configuration associated with the first cluster from a distributed database through a first database server (DBS) and creating a second cluster configuration using the first cluster configuration and information received from the second node as part of the request. The method further comprises populating a first one or more local trust stores of a first one or more processes executing on the first node with a second one or more security certificates of a second one or more processes executing on the second node. The method further comprises writing the second cluster configuration to the distributed database and returning the second cluster configuration to the second node.

公开(公告)号：US10901771B2

公开(公告)日：2021-01-26

申请号：US16255768

申请日：2019-01-23

Applicant: VMware, Inc.

Inventor： Srinivas Neginhal ,  Medhavi Dhawan ,  Vjekoslav Brajkovic ,  Cheng Zhang ,  Jiaqi Chen ,  David Tsai ,  Maithem Munshed ,  Zeeshan Lokhandwala ,  Ming Wen ,  Ragnar Edholm ,  Rajneesh Bajpai

IPC: G06F9/46 ,  G06F9/455 ,  H04L29/06 ,  G06F16/182 ,  G06F3/06

Abstract: Certain embodiments described relate to methods and systems for adding one or more nodes to a first cluster including a first node in a computer system. A method performed by the first node comprises retrieving a first cluster configuration associated with the first cluster from a distributed database through a first database server (DBS) and creating a second cluster configuration using the first cluster configuration and information received from a second node as part of a request to join the first cluster. The method further comprises populating a first one or more local trust stores of a first one or more processes executing on the first node with a second one or more security certificates of a second one or more processes executing on the second node. The method further comprises writing the second cluster configuration to the distributed database and returning the second cluster configuration to the second node.

公开(公告)号：US11265316B2

公开(公告)日：2022-03-01

申请号：US16998371

申请日：2020-08-20

Applicant: VMware, Inc.

Inventor： Ming Wen ,  Edilmo Palencia ,  Russell Lu ,  Laxmikant Vithal Gunda ,  Margaret Petrus

IPC: H04L29/06

Abstract: The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance and providing the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager. Embodiments include adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store and providing, by the network manager, a network manager certificate to the node of the monitoring appliance. Embodiments include adding, by the node of the monitoring appliance, the network manager certificate to a second trust store.

公开(公告)号：US11140090B2

公开(公告)日：2021-10-05

申请号：US16520238

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Rajiv Mordani ,  Arnold Poon ,  Aditi Vutukuri ,  Anita Lu ,  Ming Wen

IPC: H04L12/891 ,  H04L12/26 ,  H04L12/851

Abstract: Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule.

公开(公告)号：US20210029051A1

公开(公告)日：2021-01-28

申请号：US16520238

申请日：2019-07-23

Applicant: VMware, Inc.

Inventor： Rajiv Mordani ,  Arnold Poon ,  Aditi Vutukuri ,  Anita Lu ,  Ming Wen

IPC: H04L12/891 ,  H04L12/851 ,  H04L12/26

Abstract: Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule.