公开(公告)号：US12015591B2

公开(公告)日：2024-06-18

申请号：US17543254

申请日：2021-12-06

Applicant: VMware LLC

Inventor： Kavya Kambi Ravi ,  Radha Popuri ,  Sunitha Krishna ,  Margaret Petrus ,  Yiwei Zhang

IPC: H04L9/40

CPC classification number: H04L63/0263 ,  H04L63/20

Abstract: Some embodiments provide a method for modifying a firewall rule of a security policy implemented in a network. The method identifies a set of compute machines to be added to a match condition for the firewall rule. The match condition is expressed using one or more groups of compute machines. The method selects a set of groups for the identified set of compute machines from a plurality of existing groups of compute machines based on a user-specified threshold indicating tolerance for inclusion of compute machines that are not in the identified set of compute machines in the selected groups. The method uses the selected set of groups for the match condition of the firewall rule.

公开(公告)号：US20240152379A1

公开(公告)日：2024-05-09

申请号：US18195841

申请日：2023-05-10

Applicant: VMware LLC

Inventor： Sunitha Krishna ,  Rajiv Mordani ,  Radha Popuri ,  Yaqi Wang ,  Yiwei Zhang

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: Some embodiments provide a method for generating microsegmentation recommendations, performed by a network monitoring service implemented in a public cloud to monitor data flows for a group of datacenters. The method receives a selection of a set of logical network compute nodes (LNCNs) located at a particular datacenter for which to generate recommended rules. The method analyzes flows collected by the network monitoring service in order to generate a set of recommended rules relating to the set of LNCNs. The method provides the set of rules to a local manager at the particular datacenter for the local manager to configure network elements at the particular datacenter to enforce the set of rules. The rules use compute node identifiers for LNCNs located at the particular datacenter and network addresses for LNCNs located at other datacenters as the local manager does not store data regarding compute nodes located at the other datacenters.

公开(公告)号：US20240154878A1

公开(公告)日：2024-05-09

申请号：US18195839

申请日：2023-05-10

Applicant: VMware LLC

Inventor： Sunitha Krishna ,  Rajiv Mordani ,  Radha Popuri ,  Bofeng Hu ,  Suresh Nagar ,  Yili Zou

IPC: H04L41/22 ,  H04L41/0895

CPC classification number: H04L41/22 ,  H04L41/0895

Abstract: Some embodiments provide a method for providing a visualization of data flows for a logical network spanning a group of datacenters. The method receives a selection of a particular datacenter in the group of datacenters for which to display a flow visualization. The method generates a flow visualization for the particular datacenter including (i) representations of data flows between pairs of logical network compute nodes located within the particular datacenter, (ii) representations of data flows between logical network compute nodes located within the particular datacenter and logical network compute nodes at other datacenters in the group of datacenters, and (iii) representations of data flows between logical network compute nodes located within the particular datacenter and endpoints external to the group of datacenters. The method displays the generated flow visualization within a graphical user interface (GUI).