-
公开(公告)号:US20190058691A1
公开(公告)日:2019-02-21
申请号:US15679307
申请日:2017-08-17
IPC分类号: H04L29/06
CPC分类号: H04L63/0218 , H04L63/0236 , H04L63/0245
摘要: A flexible hybrid firewall architecture that allows a mix of firewalls at end points in front of a target and at the initiator points. Groups of Priv-IDs may be created where each group is isolated from other worlds, with all firewalls controlled by a device management and security module.
-
公开(公告)号:US20180248846A1
公开(公告)日:2018-08-30
申请号:US15890519
申请日:2018-02-07
申请人: FUJITSU LIMITED
发明人: Tomohiro Inoue , SHINGO ADACHIHARA , DAISUKE KUDO
IPC分类号: H04L29/06
CPC分类号: H04L63/0218 , H04L41/0893 , H04L41/22 , H04L41/5096 , H04L43/026 , H04L63/0263 , H04L67/10
摘要: A non-transitory computer-readable recording medium has stored therein a program for causing a computer to execute a process of providing a service for constructing a platform in a cloud and using the constructed platform. The process includes constructing a plurality of platforms in a cloud when definition information on a construction of a platform is received from a plurality of information processing devices via a network, and causing each of the plurality of platforms constructed at the constructing to include a firewall initialized to block accesses excluding one or a plurality of common access sources.
-
公开(公告)号:US20180183757A1
公开(公告)日:2018-06-28
申请号:US15790303
申请日:2017-10-23
申请人: Nicira, Inc.
CPC分类号: H04L63/0227 , G06F9/45533 , G06F9/45558 , G06F2009/45587 , G06F2009/45595 , H04L63/0218
摘要: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.
-
公开(公告)号:US20180176184A1
公开(公告)日:2018-06-21
申请号:US15380934
申请日:2016-12-15
申请人: NICIRA, INC.
发明人: Kaushal BANSAL , Medhavi DHAWAN , Jerry PEREIRA , Shadab SHAH , Sameer KURKURE
CPC分类号: H04L63/0263 , G06F9/4881 , H03M7/30 , H03M7/70 , H04L63/0218
摘要: In a computer-implemented method for collecting firewall flow records, firewall flow records are received from a plurality of data end nodes of a virtualized infrastructure comprising a distributed firewall according to a collection schedule, wherein the collection schedule defines which data end nodes of the plurality of data end nodes from which firewall flow records are collected, a frequency of collection of firewall flow records from the data end nodes, and an amount of firewall flow records collected from the data end nodes. Firewall flow records received at a firewall flow record collection queue are processed, such that the received firewall flow records are prepared for storage at a flow record data store. The collection schedule is dynamically adapted based at least in part on the processing of the received firewall flow records, such that the firewall flow record collection queue is available for processing firewall flow records prior to receiving additional firewall flow records from the data end nodes.
-
公开(公告)号:US20180167338A1
公开(公告)日:2018-06-14
申请号:US15373616
申请日:2016-12-09
IPC分类号: H04L12/931 , H04L12/721 , H04L12/725 , H04L29/06
CPC分类号: H04L49/70 , H04L45/304 , H04L45/38 , H04L45/7457 , H04L63/0218 , H04L63/0254 , H04L63/101 , H04L63/1441 , H04L63/166
摘要: Techniques for providing a reflexive access control list (ACL) on a virtual switch are provided. Embodiments receive a first packet corresponding to a first network flow and a second packet corresponding to a second network flow. Upon determining that a SYN flag is set within the first packet, a first entry is created in the reflexive ACL for the first network flow. Upon determining that the first packet was received over a client port of the first physical switch, the first packet is forwarded to a second physical switch within virtual switch. Upon determining that the second packet has a SYN flag enabled, a second entry is created in the reflexive ACL. Finally, upon determining that the second packet was received from the second physical switch, the second packet is forwarded over an uplink port to a destination defined by the second packet.
-
公开(公告)号:US09906578B2
公开(公告)日:2018-02-27
申请号:US13679812
申请日:2012-11-16
发明人: Janga Aliminati
CPC分类号: H04L67/02 , G06F8/60 , G06F8/61 , H04L12/4641 , H04L29/06612 , H04L41/0886 , H04L41/0893 , H04L63/0209 , H04L63/0218 , H04L67/10 , H04L67/34
摘要: In accordance with an embodiment, one or more enterprise software application products, such as Fusion Applications, can be installed and/or configured according to an integration and deployment design/blueprint that is built or optimized for use within a multi-tiered enterprise deployment topology at an organization/customer's data center. Based on the organization/customer's site topology and needs/requirements, provisioning of the software applications can be optimized, and application life cycle operations performed. This enables each product component to be aware of the topology, which in turn provides customers with an “out-of-the-box” solution. The deployment topology can also be optimized for security, performance and simplicity.
-
公开(公告)号:US09866527B2
公开(公告)日:2018-01-09
申请号:US14765937
申请日:2014-01-16
申请人: Tomokazu Moriya , Hideki Goto , Koji Yura
发明人: Tomokazu Moriya , Hideki Goto , Koji Yura
IPC分类号: G06F9/00 , G06F15/16 , G06F17/00 , H04L29/06 , B61L15/00 , B61L27/00 , B60K31/00 , H04L29/08
CPC分类号: H04L63/0209 , B60K31/00 , B61L15/0018 , B61L27/0005 , H04L63/02 , H04L63/0218 , H04L63/0281 , H04L67/12 , H04L2209/84
摘要: An information processing device is connected to a plurality of networks and performs information processing. The networks include a control network connected to a control device in a mobile object, an information network connected to an information device in the mobile object, and an external network connected to an external device outside of the mobile object. The information processing device includes firewalls each connected to one of the networks, and a processor connected to each network via the corresponding firewall. The information processing device isolates at least the control network from the other networks.
-
公开(公告)号:US20180007001A1
公开(公告)日:2018-01-04
申请号:US15543724
申请日:2016-04-20
发明人: Songer Sun
IPC分类号: H04L29/06
CPC分类号: H04L63/0218 , H04L63/0236 , H04L63/0464 , H04L63/20 , H04L63/205
摘要: In an example, a security service providing system receives a service request for requesting security service for a target flow, determine a security device for providing security service for the target flow and first service configuration information and next-hop information of the security device according to security service information carried in the service request, and configure the first service configuration information and the next-hop information of the security device onto the security device, so that the security device provides security service to the target flow according to the first service configuration information and forwards the target flow according to the next-hop information
-
公开(公告)号:US20170310641A1
公开(公告)日:2017-10-26
申请号:US15479192
申请日:2017-04-04
发明人: Dongyi Jiang , Qijun Yang , Jin Shang , Linyang Shu
CPC分类号: H04L63/0218 , H04L12/4641 , H04L61/103 , H04L61/2007 , H04L61/6022 , H04L63/0245 , H04L63/0254 , H04L67/14
摘要: A data center system includes: at least two data center subsystems interconnected through a layer-2 network, each of the data center subsystems comprising a plurality of hosts, a plurality of layer-2 switches connected with the plurality of hosts, a firewall group connected with the layer-2 switches, and a layer-2 extension device connected with the layer-2 switches; wherein the firewall groups of the at least two data center subsystems are configured to transmit synchronization information to each other through a synchronization channel in a first virtual local area network; wherein the layer-2 extension devices of the at least two data center subsystems are configured to transmit service information through a service channel in a second virtual local area network; and wherein the first virtual local area network and the second virtual local area network are implemented in the layer-2 network.
-
公开(公告)号:US09755903B2
公开(公告)日:2017-09-05
申请号:US14811382
申请日:2015-07-28
申请人: Nicira, Inc.
发明人: Uday Masurekar , Kaushal Bansal
CPC分类号: H04L63/0218 , G06F9/445 , G06F9/455 , G06F9/45533 , G06F9/45558 , G06F12/0813 , G06F17/30557 , G06F17/30575 , G06F2009/4557 , G06F2212/154 , G06F2212/60 , G06F2212/62 , H04L41/0846 , H04L41/0893 , H04L63/0227 , H04L63/0263 , H04L63/20 , H04L67/1002 , H04L67/1095 , H04L67/2852
摘要: A method of replicating firewall rules across a group of data centers. Each data center includes a set of hosts and a network manager. Each host is configured to host a set of data compute nodes (DCNs). The method identifies a first DCN on a host in a primary data center. The first DCN is associated with a set of global firewall rules utilizing unique identifiers recognized by the network manager of each data center. The method allocates storage for a second DCN on a host in a secondary data center to replicate the first DCN. The method replicates the set of global firewall rules associated with the first DCN into the storage allocated for the second DCN. The method receives an indication that the second DCN is powered on. The method enforces the set of global firewall rules for the second DCN by using the replicated global firewall rules.
-
-
-
-
-
-
-
-
-