公开(公告)号：US12149537B2

公开(公告)日：2024-11-19

申请号：US17574306

申请日：2022-01-12

Applicant: VMware Inc.

Inventor： Stanimir Lukanov ,  Georgi Lyubomirov Dimitrov ,  Georgi Lekov

IPC: H04L9/40

Abstract: Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container membership is associated with a container from a set of containers for the resource directory. The container includes one or more resources in a tree data structure of the resource directory. The resource managing service filters access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory. The resource managing service provides access to a set of resources from the resource directory.

公开(公告)号：US20230353557A1

公开(公告)日：2023-11-02

申请号：US17732311

申请日：2022-04-28

Applicant: VMware, Inc.

Inventor： Stanimir Lukanov ,  Kamen Mazdrashki ,  Georgi Lyubomirov Dimitrov ,  Dimo Raychev ,  Georgi Lekov

IPC: H04L9/40

CPC classification number: H04L63/083 ,  H04L63/0823

Abstract: Bootstrapping a new remote appliance based on a request received at a main appliance based on established trust between the two appliances can be implemented as computer-implemented methods, media, and systems. A request is received at an authentication orchestrator at the main appliance to perform an operation requested by a user for execution on a remote appliance. The authentication orchestrator at the main appliance obtains an authentication token issued by an identity provider at the main appliance for the user associated with the request. The authentication orchestrator requests to exchange the authentication token issued by the identity provider at the main appliance for a new authentication token that is issued by an identity provider at the remote appliance. The authentication orchestrator at the main appliance initiates an authentication of the user at an appliance manager at the remote appliance based on providing the new authentication token.

公开(公告)号：US20230224304A1

公开(公告)日：2023-07-13

申请号：US17574306

申请日：2022-01-12

Applicant: VMware Inc.

Inventor： Stanimir Lukanov ,  Georgi Lyubomirov Dimitrov ,  Georgi Lekov

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/0853 ,  H04L63/20

Abstract: Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container membership is associated with a container from a set of containers for the resource directory. The container includes one or more resources in a tree data structure of the resource directory. The resource managing service filters access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory. The resource managing service provides access to a set of resources from the resource directory.

公开(公告)号：US11815999B2

公开(公告)日：2023-11-14

申请号：US17456712

申请日：2021-11-29

Applicant: VMware, Inc.

Inventor： Georgi Lekov ,  Radoslav Gankov

IPC: G06F11/14 ,  G06F9/455 ,  G06F16/22

CPC classification number: G06F11/1415 ,  G06F9/45558 ,  G06F16/22 ,  G06F9/45541 ,  G06F2009/4557 ,  G06F2009/45562 ,  G06F2009/45595

Abstract: The disclosure provides an approach for alarm state restoration. Embodiments include determining a plurality of alarm definitions applicable to an inventory of a plurality of entities in a computing environment. Embodiments include assigning each given alarm definition of the plurality of alarm definitions to a given alarm category of a plurality of alarm categories. Embodiments include restoring declared states of the plurality of alarms definition on the inventory based on the assigning, wherein the restoring comprises, for each given alarm category of the plurality of alarm categories, performing a single traversal of the inventory to identify all respective entities of the plurality of entities that correspond to one or more alarm definitions assigned to the given alarm category.

公开(公告)号：US11711351B2

公开(公告)日：2023-07-25

申请号：US16742881

申请日：2020-01-14

Applicant: VMware, Inc.

Inventor： Georgi Lekov ,  Rusko Atanasov ,  Stanimir Lukanov ,  Elena Dimitrova ,  Dimo Raychev

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: Hosts in a cluster in a virtualized computing environment bypass a management layer when communicating with an external key management service (KMS). One of the hosts is configured with KMS configuration information (including digital certificate information) that enables the host to directly communicate with the KMS via a secure communication connection, instead of communicating with the KMS via the management layer. This KMS configuration information is replicated in a distributed manner from the host to the other hosts in the cluster, thereby enabling the other hosts in the cluster to also directly and independently communicate with the KMS to obtain encryption keys to perform cryptographic operations.