公开(公告)号：US11765174B2

公开(公告)日：2023-09-19

申请号：US16213545

申请日：2018-12-07

Applicant: VMware, Inc.

Inventor： Arijit Chanda ,  Venkat Rajagopalan ,  Rajiv Mordani ,  Arnold Poon ,  Rajiv Krishnamurthy ,  Farzad Ghannadian ,  Sirisha Myneni

IPC: H04L9/40 ,  G06F9/455

CPC classification number: H04L63/102 ,  H04L63/205 ,  G06F9/45533

Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.

公开(公告)号：US20230208765A1

公开(公告)日：2023-06-29

申请号：US18170917

申请日：2023-02-17

Applicant: VMware, Inc.

Inventor： Arijit Chanda ,  Rajiv Krishnamurthy

IPC: H04L47/20 ,  H04L49/35 ,  H04L49/00

CPC classification number: H04L47/20 ,  H04L49/35 ,  H04L49/309 ,  H04L49/355 ,  H04L49/70

Abstract: Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.

公开(公告)号：US11146592B2

公开(公告)日：2021-10-12

申请号：US16249629

申请日：2019-01-16

Applicant: VMware, Inc.

Inventor： Hamza Aharchaou ,  Farzad Ghannadian ,  Amarnath Palavalli ,  Rajiv Krishnamurthy

IPC: H04L12/803 ,  G06F21/62 ,  H04L29/06 ,  G06F9/48 ,  H04L12/801 ,  G06F9/455

Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.