公开(公告)号：US20220329603A1

公开(公告)日：2022-10-13

申请号：US17333072

申请日：2021-05-28

Applicant: VMWARE, Inc.

Inventor： BHAGYASHREE GUJAR ,  Sachin Mohan Vaidya ,  Ujwala Kawalay ,  Anand Loni ,  Prayas Gaurav

IPC: H04L29/06

Abstract: The disclosure provides an approach for managing group membership in a multi-site networking environment. Embodiments include receiving, at a local management component on a networking site of a plurality of networking sites, from a global management component associated with the plurality of networking sites, a definition of a group. Embodiments include determining, by the local management component on the networking site, based on the definition, that the group comprises a networking object with a span that does not include the networking site. Embodiments include storing, by the local management component on the networking site, in a data structure, a reference to the networking object in association with the group, wherein the networking object is excluded from a determination of local membership of the group on the networking site.

公开(公告)号：US20210314219A1

公开(公告)日：2021-10-07

申请号：US17322318

申请日：2021-05-17

Applicant: VMware, Inc.

Inventor： Bhagyashree Gujar ,  Ujwala Kawalay ,  Prayas Gaurav

IPC: H04L12/24

Abstract: Some embodiments provide a method for distributing a group definition for a group of machines. The method receives the group definition, which includes (i) a span of the group that specifies a set of sites at which the group is to be used and (ii) a set of criteria for machines to be included in the group. The set of criteria includes at least a location criteria specifying one or more sites. The method distributes the group definition to each site in the set of sites. At each site in the set of sites, a local network control system of the site determines a set of machines in the group based on the set of criteria. Only machines in the one or more sites specified by the location criteria are determined to be in the group.

公开(公告)号：US11777793B2

公开(公告)日：2023-10-03

申请号：US17322318

申请日：2021-05-17

Applicant: VMware, Inc.

Inventor： Bhagyashree Gujar ,  Ujwala Kawalay ,  Prayas Gaurav

IPC: H04L41/08

CPC classification number: H04L41/08

Abstract: Some embodiments provide a method for distributing a group definition for a group of machines. The method receives the group definition, which includes (i) a span of the group that specifies a set of sites at which the group is to be used and (ii) a set of criteria for machines to be included in the group. The set of criteria includes at least a location criteria specifying one or more sites. The method distributes the group definition to each site in the set of sites. At each site in the set of sites, a local network control system of the site determines a set of machines in the group based on the set of criteria. Only machines in the one or more sites specified by the location criteria are determined to be in the group.

公开(公告)号：US09420004B2

公开(公告)日：2016-08-16

申请号：US14220185

申请日：2014-03-20

Applicant: VMWARE, INC.

Inventor： Amol Palshikar ,  Sachin Mohan Vaidya ,  Prayas Gaurav ,  Nikhil Bokare

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/20 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Techniques for grouping virtual machine (VM) objects for networking and security services in a virtualized computing system are described. In one example embodiment, VM attributes and identity attributes are obtained from a virtual center and an identity server, respectively. One or more desired security groups are then formed based on security requirements of the virtualized computing system. A user defined dynamic expression is then associated with the one or more security groups. One or more expression attributes are then determined by evaluating the user defined dynamic expression using the obtained VM attributes and identity attributes. VM objects are then grouped based on the determined one or more expression attributes. The grouped VM objects are then associated with the created one or more security groups for providing the networking and security services.

Abstract translation: 描述了在虚拟化计算系统中对用于网络和安全服务的虚拟机（VM）对象进行分组的技术。 在一个示例实施例中，VM属性和身份属性分别从虚拟中心和身份服务器获得。 然后基于虚拟化计算系统的安全性要求形成一个或多个期望的安全组。 然后，用户定义的动态表达式与一个或多个安全组相关联。 然后通过使用获得的VM属性和身份属性评估用户定义的动态表达式来确定一个或多个表达属性。 然后基于所确定的一个或多个表达属性对VM对象进行分组。 然后将分组的VM对象与所创建的一个或多个安全组相关联，以提供网络和安全服务。