Containerized workload scheduling
Granted: April 8, 2025
Patent Number:
12271749
A method for containerized workload scheduling can include monitoring network traffic between a first containerized workload deployed on a node in a virtual computing environment to determine affinities between the first containerized workload and other containerized workloads in the virtual computing environment. The method can further include scheduling, based, at least in part, on the determined affinities between the first containerized workload and the other containerized workloads,…
Dynamic mounting of trusted certificates into function execution on a containerized environment
Granted: April 8, 2025
Patent Number:
12271461
Dynamic supply of trusted certificates to a containerized environment by mounting a directory into a container image can be implemented as computer-readable methods, media and systems. The directory stores trusted certificates related to a tenant account at a platform system. The trusted certificates include user specific trusted certificates relevant for authentication at an external system and default certificates relevant for an operating system running at a containerized runtime…
Deduplicating data chunks using chunk objects
Granted: April 8, 2025
Patent Number:
12271298
The disclosure herein describes deduplicating data chunks using chunk objects. A batch of data chunks is obtained from an original data object and a hash value is calculated for each data chunk. A first duplicate data chunk is identified using the hash value and a hash map. A chunk logical block address (LBA) of a chunk object is assigned to the duplicate data chunk. Payload data of the duplicate data chunk is migrated from the original data object to the chunk object, and a chunk map is…
Network management services in a virtual network
Granted: April 1, 2025
Patent Number:
12267364
A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy.…
WAN optimization using probabilistic data filters
Granted: April 1, 2025
Patent Number:
12267250
Some embodiments of the invention provide a method for WAN (wide area network) optimization for a WAN that connects multiple sites, each of which has at least one router. At a gateway router deployed to a public cloud, the method receives from at least two routers at least two sites, multiple data streams destined for a particular centralized datacenter. The method performs a WAN optimization operation to aggregate the multiple streams into one outbound stream that is WAN optimized for…
Implementing defined service policies in a third-party container cluster
Granted: April 1, 2025
Patent Number:
12267212
Some embodiments provide a method of implementing service rules for a container cluster that is configured by a first SDN controller cluster. The method registers for event notification from an application programming interface (API) server to receive notification regarding events associated with resources deployed in the container cluster. The method forwards to a second SDN controller cluster resource identifiers collected through the registration for resources of the container…
Use of nested hypervisors by a resource-exchange system to enhance data and operational security and to facilitate component installation
Granted: April 1, 2025
Patent Number:
12265849
The current document is directed a resource-exchange system that facilitates resource exchange and sharing among computing facilities. The currently disclosed methods and systems employ efficient, distributed-search methods and subsystems within distributed computer systems that include large numbers of geographically distributed data centers to locate resource-provider computing facilities that match the resource needs of resource-consumer computing-facilities based on attribute values…
Methods and apparatus to generate code as a plug-in in a cloud computing environment
Granted: April 1, 2025
Patent Number:
12265833
Methods, apparatus, systems, and articles of manufacture are disclosed to generate code as a plug-in in a cloud computing environment. An example system includes at least one memory, programmable circuitry, and machine readable instructions to program the programmable circuitry to introspect code in a library to obtain introspection data, the library corresponding to a resource that is to be deployed in a cloud infrastructure environment, generate a model based on the introspection data,…
Forwarding packets in multi-regional large scale deployments with distributed gateways
Granted: March 25, 2025
Patent Number:
12261777
Some embodiments of the invention provide a method for forwarding packets through an SD-WAN. To facilitate the forwarding of packets between first and second regions of the SD-WAN, said first and second regions having respective first and second hub routers forwarding packets between respective first and second sets of edge routers of respective first and second sets of sites of the first and second regions, the method directs (1) the first set of edge routers to establish connections to…
System and method for capturing malicious flows and associated context for threat analysis
Granted: March 25, 2025
Patent Number:
12261859
Some embodiments of the invention provide, for an intrusion detection and prevention system (IDPS) engine operating on a host computer deployed in a software-defined datacenter (SDDC), a method for detecting and analyzing malicious packet flows. Upon detecting a new packet flow, the method captures packets belonging to the new packet flow in a file. When the new packet flow ends, the method determines that a particular packet belonging to the new packet flow has triggered an alert…
Hierarchical API for a SDDC
Granted: March 25, 2025
Patent Number:
12261746
Some embodiments of the invention provide a method for deploying software-implemented resources in a software defined datacenter (SDDC). The method initially receives a hierarchical API command that, in a declarative format, specifies several operation requests for several software-defined (SD) resources at several resource levels of a resource hierarchy in the SDDC. The method parses the API command to identify the SD resources at the plurality of resource levels. Based on the parsed…
External communication with packaged virtual machine applications without networking
Granted: March 25, 2025
Patent Number:
12260246
One or more embodiments provide techniques that permit virtual computing instances in isolated environments to communicate information outside the isolated environments without requiring networking. In one embodiment, an encoder which runs in a virtual machine (VM) within an isolated environment, such as one of the VMs of a packaged virtual machine application that does not have external network connectivity, is configured to encode information, such as state information of the packaged…
Managing virtual infrastructure resources in cloud environments
Granted: March 25, 2025
Patent Number:
12260242
Examples for managing virtual infrastructure resources in cloud environments can include (1) instantiating an orchestration node for managing local control planes at multiple clouds, (2) instantiating first and second local control planes at different respective clouds, the first and second local control planes interfacing with different respective virtualized infrastructure managers (“VIMs”), where the first and second local control planes establish secure communication with the…
Network-based signaling to control virtual machine placement
Granted: March 25, 2025
Patent Number:
12260241
A virtualized computing environment includes a plurality of host computers, each host being connected to a physical network and having a hypervisor executing therein. To provision a virtual machine requiring a connection to a virtual network in one of the hosts, a candidate host for hosting the virtual machine, the candidate host having the virtual network configured therein, is selected. A request is then made for a status of the virtual network to the candidate host. The status of the…
Automatic drift detection of configurations of a software-defined data center that are managed according to a desired state
Granted: March 25, 2025
Patent Number:
12260229
Drift is automatically detected in configuration of services running in a management appliance of a software-defined data center. A method of automatically detecting drift includes: in response to a notification of a change in a configuration of a first service enabled for proactive drift detection, transmitting a first request to compute drift in the configuration of the first service to a plug-in of the first service, the first request including the change in the configuration of the…
Converting the format of a distributed object storage with reduced write operations
Granted: March 25, 2025
Patent Number:
12260105
The disclosure herein describes converting a disk cluster to a different format. A format conversion instruction associated with a disk cluster is received. A first subgroup of disks of the disk cluster that are the emptiest disks of the disk cluster are identified and all data is evacuated from the first subgroup of disks to other disks of the disk cluster. The first subgroup of disks is reformatted based on the received format conversion instruction. A group of data objects stored in…
Detecting anomalies in distributed applications based on process data
Granted: March 25, 2025
Patent Number:
12259969
Techniques for detecting anomalies in a distributed application based on process data are provided. This process data can include, e.g., the hierarchy (i.e., tree) of processes created and run by the application, the file system operations performed by each process, the network access operations performed by each process.
Endpoint incident response from a secure enclave through dynamic insertion of an interrupt
Granted: March 18, 2025
Patent Number:
12254091
A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding…
Dynamically updating load balancing criteria
Granted: March 18, 2025
Patent Number:
12255950
Some embodiments provide a method of performing load balancing for a group of machines that are distributed across several physical sites. The method of some embodiments iteratively computes (1) first and second sets of load values respectively for first and second sets of machines that are respectively located at first and second physical sites, and (2) uses the computed first and second sets of load values to distribute received data messages that the group of machines needs to…
Tagging packets for monitoring and analysis
Granted: March 18, 2025
Patent Number:
12255792
Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any…
