公开(公告)号：US20200228571A1

公开(公告)日：2020-07-16

申请号：US16249629

申请日：2019-01-16

Applicant: VMware, Inc.

Inventor： Hamza AHARCHAOU ,  Farzad GHANNADIAN ,  Amarnath PALAVALLI ,  Rajiv KRISHNAMURTHY

IPC: H04L29/06 ,  G06F9/48

Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.

公开(公告)号：US20200186534A1

公开(公告)日：2020-06-11

申请号：US16213545

申请日：2018-12-07

Applicant: VMware, Inc.

Inventor： Arijit CHANDA ,  Venkat RAJAGOPALAN ,  Rajiv MORDANI ,  Arnold POON ,  Rajiv KRISHNAMURTHY ,  Farzad GHANNADIAN ,  Sirisha MYNENI

IPC: H04L29/06

Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.