公开(公告)号：US20220103514A1

公开(公告)日：2022-03-31

申请号：US17103708

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  H04L12/931 ,  H04L12/713 ,  H04L29/08

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a plurality of sites. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifying a first set of the sites at which to deploy the application. Based on the definition of the application, the method assigns the application to a set of security zones defined for the virtual infrastructure. Each respective security zone is restricted to a respective set of the sites. The method deploys the application in a second set of sites based on the first set of sites and the sets of sites to which the set of security zones are restricted.

公开(公告)号：US11343283B2

公开(公告)日：2022-05-24

申请号：US17103696

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Alka Pendharkar ,  Disha Chopra ,  Pavlush Margarian ,  Farzad Ghannadian ,  Shrinivas Sharad Parashar

IPC: G06F15/173 ,  H04L29/06 ,  G06F9/455 ,  H04L12/46 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/586 ,  H04L49/00 ,  H04L67/10 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. Based on input from a top-level user of the virtual infrastructure, the method deploys a first logical network within the virtual infrastructure and defines one or more second-level users of the virtual infrastructure. The method receives input from a second-level user of the virtual infrastructure to define a second logical network and connect the second logical network to the first logical network. The first and second logical networks use a same data model and the second-level users are restricted from viewing configuration of the first logical network.

公开(公告)号：US20220103430A1

公开(公告)日：2022-03-31

申请号：US17103704

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Rushikesh Wagh ,  Shailesh Makhijani ,  Mayur Dhas ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Pavlush Margarian ,  Alka Pendharkar ,  Abhishek Goliya ,  Shrinivas Sharad Parashar

IPC: H04L12/24 ,  H04L12/66 ,  H04L12/46 ,  H04L12/715 ,  H04L12/713

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies (i) a set of tiers of the application and (ii) a set of requirements for deploying the application. Based on the application definition, the method automatically defines a logical network architecture for connecting data compute nodes (DCNs) that implement the application tiers in the set of datacenters. The method configures a set of forwarding elements in the set of datacenters to implement the logical network architecture.

公开(公告)号：US20220103429A1

公开(公告)日：2022-03-31

申请号：US17103696

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Alka Pendharkar ,  Disha Chopra ,  Pavlush Margarian ,  Farzad Ghannadian ,  Shrinivas Sharad Parashar

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/713

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. Based on input from a top-level user of the virtual infrastructure, the method deploys a first logical network within the virtual infrastructure and defines one or more second-level users of the virtual infrastructure. The method receives input from a second-level user of the virtual infrastructure to define a second logical network and connect the second logical network to the first logical network. The first and second logical networks use a same data model and the second-level users are restricted from viewing configuration of the first logical network.

公开(公告)号：US09420004B2

公开(公告)日：2016-08-16

申请号：US14220185

申请日：2014-03-20

Applicant: VMWARE, INC.

Inventor： Amol Palshikar ,  Sachin Mohan Vaidya ,  Prayas Gaurav ,  Nikhil Bokare

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for grouping virtual machine (VM) objects for networking and security services in a virtualized computing system are described. In one example embodiment, VM attributes and identity attributes are obtained from a virtual center and an identity server, respectively. One or more desired security groups are then formed based on security requirements of the virtualized computing system. A user defined dynamic expression is then associated with the one or more security groups. One or more expression attributes are then determined by evaluating the user defined dynamic expression using the obtained VM attributes and identity attributes. VM objects are then grouped based on the determined one or more expression attributes. The grouped VM objects are then associated with the created one or more security groups for providing the networking and security services.

Abstract translation: 描述了在虚拟化计算系统中对用于网络和安全服务的虚拟机（VM）对象进行分组的技术。 在一个示例实施例中，VM属性和身份属性分别从虚拟中心和身份服务器获得。 然后基于虚拟化计算系统的安全性要求形成一个或多个期望的安全组。 然后，用户定义的动态表达式与一个或多个安全组相关联。 然后通过使用获得的VM属性和身份属性评估用户定义的动态表达式来确定一个或多个表达属性。 然后基于所确定的一个或多个表达属性对VM对象进行分组。 然后将分组的VM对象与所创建的一个或多个安全组相关联，以提供网络和安全服务。

公开(公告)号：US11601474B2

公开(公告)日：2023-03-07

申请号：US17103700

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Nikhil Bokare ,  Mayur Dhas ,  Shailesh Makhijani ,  Rushikesh Wagh ,  Shrinivas Sharad Parashar ,  Vaibhav Bhandari

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/455 ,  H04L12/46 ,  H04L41/0803 ,  H04L41/0893 ,  H04L45/586 ,  H04L49/00 ,  H04L67/10 ,  H04L12/66 ,  H04L45/42 ,  H04L45/64

Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.

公开(公告)号：US11343227B2

公开(公告)日：2022-05-24

申请号：US17103708

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Shailesh Makhijani ,  Mayur Dhas ,  Rushikesh Wagh ,  Nikhil Bokare ,  Vaibhav Bhandari ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/10 ,  H04L45/586 ,  H04L49/00

Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a plurality of sites. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifying a first set of the sites at which to deploy the application. Based on the definition of the application, the method assigns the application to a set of security zones defined for the virtual infrastructure. Each respective security zone is restricted to a respective set of the sites. The method deploys the application in a second set of sites based on the first set of sites and the sets of sites to which the set of security zones are restricted.

公开(公告)号：US11315044B2

公开(公告)日：2022-04-26

申请号：US16270614

申请日：2019-02-08

Applicant: VMWARE, INC.

Inventor： Prashant Ambardekar ,  Darshika Khandelwal ,  Rushikesh Wagh ,  Paryushan Sarsamkar ,  Nikhil Bokare

IPC: G06N20/10 ,  G06F21/60 ,  G06F9/50 ,  H04L12/801 ,  H04L29/06 ,  G06N5/00 ,  G06N20/00 ,  H04L47/127

Abstract: The disclosure provides an approach for collecting system state data relating to whether certain system states overload a processor assigned to a controller of the system. The approach further involves using the collected data to train a regression machine learning algorithm to predict whether indented or desired system states will result in processor overload. Depending on the prediction, the approach takes one of several steps to efficiently change system state.

公开(公告)号：US20220103598A1

公开(公告)日：2022-03-31

申请号：US17103700

申请日：2020-11-24

Applicant: VMware, Inc.

Inventor： Sachin Mohan Vaidya ,  Kausum Kumar ,  Nikhil Bokare ,  Mayur Dhas ,  Shailesh Makhijani ,  Rushikesh Wagh ,  Shrinivas Sharad Parashar

IPC: H04L29/06 ,  G06F9/455

Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.