Method and system for enforcing intrusion detection signatures curated for workloads based on contextual attributes in an SDDC
Granted: September 17, 2024
Patent Number:
12095780
Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter, the datacenter including at least one host computer executing multiple machines. The method receives a filtered set of intrusion detection signatures to be enforced on the at least one host computer. The method uses a set of contextual attributes associated with a particular data message to generate an intrusion detection signature for the…
Security association bundling for an interface
Granted: September 17, 2024
Patent Number:
12095736
A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the…
Determining whether to rate limit traffic
Granted: September 17, 2024
Patent Number:
12095668
Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router,…
Security threat detection during service query handling
Granted: September 17, 2024
Patent Number:
12095629
Example methods and systems for a computer system to perform security threat detection during service query handling are described. In one example, a process running on a virtualized computing instance supported by the computer system may generate and send a first service query specifying a query input according to a service protocol. The first service query may be detected by a security agent configured to operate in a secure enclave that is isolated from the process. Next, the security…
Hypervisor-assisted security mechanism
Granted: September 17, 2024
Patent Number:
12093711
The disclosure provides an approach for hypervisor-assisted security analysis. Embodiments include receiving, at a hypervisor on a host computer, events from one or more virtual computing instances (VCIs). Embodiments include analyzing, by the hypervisor, the events according to one or more rules to identify a subset of the events for additional analysis. Embodiments include compressing, by the hypervisor, the subset of the events by performing deduplication to produce a compressed…
Adding a watermark on a document for printing in a virtual desktop infrastructure (VDI) environment
Granted: September 17, 2024
Patent Number:
12093586
Example methods and systems are described to add a watermark for printing in a virtual desktop environment having an agent side and a client side. A watermark can be configured at the agent side for printing at the client side. At the agent side, a fallback font can be determined for text of the watermark, and coordinate space calculation can be performed, so that the watermark prints correctly at the client side.
On-demand backups for management components in software-defined data centers
Granted: September 17, 2024
Patent Number:
12093133
System and method for backing up management components of a software-defined data center (SDDC) managed by a cloud-based service uses backup rules for the SDDC, which are used to configure a backup manager agent in the SDDC. The backup rules are then used by the backup manager agent to determine whether at least one of system logs generated by the management components in the SDDC, which are monitored by the backup manager agent, satisfies the backup rules to initiate a backup operation…
Voice skill session lifetime management
Granted: September 10, 2024
Patent Number:
12088585
Disclosed are various aspects of voice skill session lifetime management. In some examples, a session extension request is received. The session extension request extends a voice skill session of a voice-activated device. A personal client device is identified based on the session extension request. A command to emit an ultrasonic pulse is transmitted to the personal client device.
Dynamic selection and calibration of ciphers based on network and resource constraints
Granted: September 10, 2024
Patent Number:
12088713
The disclosure provides an approach for cryptographic agility. Embodiments include receiving a request from an application for a cryptographic operation, wherein the request is associated with a computing device. Embodiments include determining one or more resource constraints related to the computing device. Embodiments include selecting, based on the one or more resource constraints, a cryptographic technique from a plurality of cryptographic techniques associated with indications of…
Synchronization of notification actions across multiple enrolled devices
Granted: September 10, 2024
Patent Number:
12088681
Disclosed herein are examples of systems and methods for synchronizing notification actions across multiple enrolled devices. A management service can receive from a first client device metadata associated with a notification posted on the first client device. The management service can receive from the first client device an indication of an action performed with respect to the notification. The management service can determine whether to propagate a new notification state to a second…
IOMMU-based direct memory access (DMA) tracking for enabling live migration of virtual machines (VMS) using passthrough physical devices
Granted: September 10, 2024
Patent Number:
12086084
Techniques for implementing IOMMU-based DMA tracking for enabling live migration of VMs that use passthrough physical devices are provided. In one set of embodiments, these techniques leverage an IOMMU feature known as dirty bit tracking which is available in most, if not all, modern IOMMU implementations. The use of this feature allows for the tracking of passthrough DMA in a manner that is device/vendor/driver agnostic, resulting in a solution that is universally applicable to all…
Managing L4 ports
Granted: September 10, 2024
Patent Number:
12088555
Some embodiments of the invention provide a novel method for managing layer four (L4) ports associated with a machine executing on a host computer. The method collects a set of contextual attributes relating to applications executing on the machine. It then analyzes the collected contextual attributes to identify at least one L4 port that has to have its status modified. Next, it modifies the status of the identified L4 port. In some embodiments, the status of an L4 port can be either…
Packet fragmentation using outer header
Granted: September 10, 2024
Patent Number:
12088512
In some embodiments, a method fragments a first packet into a plurality of fragments when a length of an encapsulated first packet is larger than a maximum transmission unit size. For each fragment in the plurality of fragments, fragmentation information is generated. The method encapsulates each fragment in the plurality of fragments with an outer header to form a plurality of encapsulated packets. The respective fragmentation information for each fragment is inserted in a portion of…
Multi-VRF and multi-service insertion on edge gateway virtual machines
Granted: September 10, 2024
Patent Number:
12088493
In an embodiment, a method for a VRF and multi-service insertion on edge gateways is described. In an embodiment, the method comprises obtaining a rule configuration. Based on, at least in part, the rule configuration, a rule table is created. The rule table comprises rule data records, wherein a rule data record comprises packet attributes and a redirection identifier. A policy configuration comprising policy records is obtained. Each policy record comprises a redirection identifier, a…
Multi-cloud recommendation engine for customer workloads
Granted: September 10, 2024
Patent Number:
12088479
System and computer-implemented method for generating multi-cloud recommendations for workloads uses costs and performance metrics of appropriate instance types in specific public clouds for target workloads to produce recommendation results. The appropriate instance types in the specific public clouds are determined based on instance capabilities and the workload type of the target workloads. In addition, a recommended cloud resource offering is determined for the target workloads,…
Optimizing VM NUMA configuration and workload placement in a heterogeneous cluster
Granted: September 10, 2024
Patent Number:
12086634
An example method of placing a virtual machine (VM) in a cluster of hosts is described. Each of the hosts having a hypervisor managed by a virtualization management server for the cluster, the hosts separated into a plurality of nonuniform memory access (NUMA) domains. The method including: comparing a virtual central processing unit (vCPU) and memory configuration of the VM with physical NUMA topologies of the hosts; selecting a set of the hosts spanning at least one of the NUMA…
Optimizing virtual machine scheduling on non-uniform cache access (NUCA) systems
Granted: September 10, 2024
Patent Number:
12086622
Techniques for optimizing virtual machine (VM) scheduling on a non-uniform cache access (NUCA) system are provided. In one set of embodiments, a hypervisor of the NUCA system can partition the virtual CPUs of each VM running on the system into logical constructs referred to as last level cache (LLC) groups, where each LLC group is sized to match (or at least not exceed) the LLC domain size of the system. The hypervisor can then place/load balance the virtual CPUs of each VM on the…
Resiliency and performance for cluster memory
Granted: September 10, 2024
Patent Number:
12086469
Disclosed are various embodiments for improving the resiliency and performance for clustered memory. A computing device can mark a page of the memory as being reclaimed. The computing device can then set the page of the memory as read-only. Next, the computing device can submit a write request for the contents of the page to individual ones of a plurality of memory hosts. Subsequently, the computing device can receive individual confirmations of a successful write of the page from the…
System and method for checking reputations of executable files using file origin analysis
Granted: September 10, 2024
Patent Number:
12086234
System and method for checking reputations of executable files in an endpoint device use an integrity verification on an executable file being scanned to determine whether the executable file has been unaltered since being installed in the endpoint device. When the executable file has been determined to be unaltered since being installed in the endpoint device, a file origin analysis is executed on the executable file based on a vendor identifier for the executable file to determine…
Device to device migration in a unified endpoint management system
Granted: September 10, 2024
Patent Number:
12086099
Described herein are example methods and systems for enrolling a user device with an unified endpoint management system (“UEMS”) directly from another user device. The examples describe a first user device that is already enrolled with the UEMS and a second user device that is seeking to be enrolled. The two user devices can establish a direct connection with each other. The second user device can be authenticated by a user inputting the same migration password or pin at both user…
