公开(公告)号：US20230224155A1

公开(公告)日：2023-07-13

申请号：US17684432

申请日：2022-03-02

Applicant: VMware, Inc.

Inventor： Wenguang WANG ,  Abhay Kuamr JAIN ,  Ruiling DOU ,  Tao XIE ,  Xin LI ,  Chandrakanth GADHIRAJU ,  Kevin Rayfeng LI ,  Satish PUDI

IPC: H04L9/08 ,  G06F21/60

CPC classification number: H04L9/0891 ,  G06F21/602

Abstract: An example method for a first host, being an owner of an object stored in a virtual storage area network (vSAN) cluster, to perform encryption and decryption operations during a rekey in the vSAN cluster is disclosed. The method includes obtaining a first encryption key and a first key identifier (ID) of the first encryption key; transmitting the first key ID and an active key index to a second host; using the first encryption key to perform encryption and decryption operations; and in response to a determination of receiving a key change notification from a master node of the vSAN cluster, terminating a connection with the second host.

公开(公告)号：US20230236863A1

公开(公告)日：2023-07-27

申请号：US17678551

申请日：2022-02-23

Applicant: VMware, Inc.

Inventor： Peng DAI ,  Matthew B. AMDUR ,  Tao XIE ,  Ruiling DOU

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583 ,  G06F2009/45595 ,  G06F2009/4557

Abstract: An example method of providing a common volume (cVol) datastore for virtual machines (VMs) managed by a hypervisor in a cloud computing system includes: mounting, by the hypervisor in cooperation with a network file system server, a network file system share of a common volume (cVol), the network file system share storing metadata for the VMs; creating a file system container backed by the network file system share; routing file operations targeting the metadata to the file system container; attaching cloud volumes as devices on a host of the hypervisor, the cloud volumes referenced by descriptors in the metadata; and routing file operations targeting virtual disks of the VMs to the devices.

公开(公告)号：US20220407685A1

公开(公告)日：2022-12-22

申请号：US17402293

申请日：2021-08-13

Applicant: VMware, Inc.

Inventor： Tao XIE ,  Wenguang WANG ,  Ruiling DOU ,  Zhao JIN

IPC: H04L9/08 ,  H04L29/08

Abstract: A method for encryption in a distributed datastore is provided. The method generally includes receiving random data from a virtualization management platform as a wrapped data encryption key (DEK), retrieving a key encryption key (KEK) from a key management server (KMS), decrypting the wrapped DEK using the KEK to determine a blank DEK, where the blank DEK is common to a plurality of hosts of a host cluster accessing a distributed datastore; encrypting first data using the blank DEK, and storing the encrypted first data in one or more disks of the distributed datastore, the one or more disks belonging to the plurality of hosts.