External communication with packaged virtual machine applications without networking
Granted: March 25, 2025
Patent Number:
12260246
One or more embodiments provide techniques that permit virtual computing instances in isolated environments to communicate information outside the isolated environments without requiring networking. In one embodiment, an encoder which runs in a virtual machine (VM) within an isolated environment, such as one of the VMs of a packaged virtual machine application that does not have external network connectivity, is configured to encode information, such as state information of the packaged…
Managing virtual infrastructure resources in cloud environments
Granted: March 25, 2025
Patent Number:
12260242
Examples for managing virtual infrastructure resources in cloud environments can include (1) instantiating an orchestration node for managing local control planes at multiple clouds, (2) instantiating first and second local control planes at different respective clouds, the first and second local control planes interfacing with different respective virtualized infrastructure managers (“VIMs”), where the first and second local control planes establish secure communication with the…
Network-based signaling to control virtual machine placement
Granted: March 25, 2025
Patent Number:
12260241
A virtualized computing environment includes a plurality of host computers, each host being connected to a physical network and having a hypervisor executing therein. To provision a virtual machine requiring a connection to a virtual network in one of the hosts, a candidate host for hosting the virtual machine, the candidate host having the virtual network configured therein, is selected. A request is then made for a status of the virtual network to the candidate host. The status of the…
Automatic drift detection of configurations of a software-defined data center that are managed according to a desired state
Granted: March 25, 2025
Patent Number:
12260229
Drift is automatically detected in configuration of services running in a management appliance of a software-defined data center. A method of automatically detecting drift includes: in response to a notification of a change in a configuration of a first service enabled for proactive drift detection, transmitting a first request to compute drift in the configuration of the first service to a plug-in of the first service, the first request including the change in the configuration of the…
Converting the format of a distributed object storage with reduced write operations
Granted: March 25, 2025
Patent Number:
12260105
The disclosure herein describes converting a disk cluster to a different format. A format conversion instruction associated with a disk cluster is received. A first subgroup of disks of the disk cluster that are the emptiest disks of the disk cluster are identified and all data is evacuated from the first subgroup of disks to other disks of the disk cluster. The first subgroup of disks is reformatted based on the received format conversion instruction. A group of data objects stored in…
Detecting anomalies in distributed applications based on process data
Granted: March 25, 2025
Patent Number:
12259969
Techniques for detecting anomalies in a distributed application based on process data are provided. This process data can include, e.g., the hierarchy (i.e., tree) of processes created and run by the application, the file system operations performed by each process, the network access operations performed by each process.
Tagging packets for monitoring and analysis
Granted: March 18, 2025
Patent Number:
12255792
Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any…
Decentralized identity access management using byzantine fault tolerant state machine replication
Granted: March 18, 2025
Patent Number:
12256007
A decentralized identity access management (IAM) architecture that executes IAM service code on the distributed nodes (i.e., replicas) of a Byzantine fault tolerant (BFT) state machine replication (SMR) system is provided. For example, the IAM service code may be implemented as a blockchain smart contract or as a native execution engine that runs on each replica. With this decentralized architecture, up to f replicas (where f is a threshold number defined by the system's BFT consensus…
Dynamically updating load balancing criteria
Granted: March 18, 2025
Patent Number:
12255950
Some embodiments provide a method of performing load balancing for a group of machines that are distributed across several physical sites. The method of some embodiments iteratively computes (1) first and second sets of load values respectively for first and second sets of machines that are respectively located at first and second physical sites, and (2) uses the computed first and second sets of load values to distribute received data messages that the group of machines needs to…
Edge device implanting a logical network that spans across multiple routing tables
Granted: March 18, 2025
Patent Number:
12255804
Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a…
Placing virtual graphics processing unit (GPU)-configured virtual machines on physical GPUs supporting multiple virtual GPU profiles
Granted: March 18, 2025
Patent Number:
12254342
In one set of embodiments, a computer system can receive a request to provision a virtual machine (VM) in a host cluster, where the VM is associated with a virtual graphics processing unit (GPU) profile indicating a desired or required framebuffer memory size of a virtual GPU of the VM. In response, the computer system can execute an algorithm that identifies, from among a plurality of physical GPUs installed in the host cluster, a physical GPU on which the VM may be placed, where the…
Providing services with guest VM mobility
Granted: March 18, 2025
Patent Number:
12254340
Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (I) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to…
Endpoint incident response from a secure enclave through dynamic insertion of an interrupt
Granted: March 18, 2025
Patent Number:
12254091
A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding…
Hybrid scheme for performing translation lookaside buffer (TLB) shootdowns
Granted: March 18, 2025
Patent Number:
12253956
A hybrid scheme is provided for performing translation lookaside buffer (TLB) shootdowns in a computer system whose processing cores support both inter-processor interrupt (IPI) and broadcast TLB invalidate (TLBI) shootdown mechanisms. In one set of embodiments, this hybrid scheme dynamically determines, for each instance where a TLB shootdown is needed, whether to use the IPI mechanism or the broadcast TLBI mechanism to optimize shootdown performance (or otherwise make the TLB shootdown…
Two-round byzantine fault tolerant (BFT) state machine replication (SMR) protocol with linear authenticator complexity and optimistic responsiveness
Granted: March 11, 2025
Patent Number:
12248496
The present disclosure is directed to a leader-based partially synchronous BFT SMR protocol that improves upon existing protocols by exhibiting two rounds of communication latency, linear authenticator complexity, and optimistic responsiveness. This is achieved through the novel use of an aggregate signature scheme as part of the protocol's view-change procedure.
Methods and systems that automatically generate parameterized cloud-infrastructure templates
Granted: March 11, 2025
Patent Number:
12250119
The current document is directed to an infrastructure-as-code (“IaC”) cloud-infrastructure-management service or system that automatically generates parameterized cloud templates that represent already deployed cloud-based infrastructure, including virtual networks, virtual machines, load balancers, and connection topologies. The IaC cloud-infrastructure manager provides an infrastructure-discovery service that accesses a cloud-computing facility to obtain information about already…
Method and apparatus for deploying tenant deployable elements across public clouds based on harvested performance metrics of sub-types of resource elements in the public clouds
Granted: March 11, 2025
Patent Number:
12250114
Some embodiments of the invention provide a method of deploying a tenant deployable element to one public cloud. The method identifies first and second candidate resource elements respectively of first and second resource element sub-types to deploy in a public cloud to implement the tenant deployable element. The method identifies, for the first and second candidate resource elements respectively first and second sets of performance metric values to evaluate. The method evaluates the…
Update of virtual machines using clones
Granted: March 11, 2025
Patent Number:
12248801
The disclosure provides an approach for upgrading a virtual machine (VM) using an instant clone. A method includes initiating updating of the VM on a host in a datacenter; creating a clone of the VM on the host, in response to initiating the update; receiving a first write input/output (I/O) request for a first data block; checking a first disk bitmap associated with a first delta disk for whether a first bit associated with the first data block is set; based on the first bit being set,…
Guest time scaling for a virtual machine in a virtualized computer system
Granted: March 11, 2025
Patent Number:
12248799
An example method of managing guest time for a virtual machine (VM) supported by a hypervisor of a virtualized host computer includes: configuring, by the hypervisor, a central processing unit (CPU) of the host computer to trap, to the hypervisor, access by guest code in the VM to a physical counter and timer of the CPU; configuring, by the hypervisor, the guest code in the VM to use the physical counter and timer of the CPU rather than a virtual counter and timer of the CPU; trapping,…
Aggregating block mapping metadata to improve linked clone read performance
Granted: March 11, 2025
Patent Number:
12248797
Linked clone read performance when retrieving data from a clone is improved at least by aggregating block mapping metadata efficiently. Primary metadata for a child clone maps a logical block address (LBA) for data in a data region of the child clone to a physical sector address (PSA) for data in the data region of the child clone. At least a portion of primary metadata for a parent clone of the child clone is copied into archival metadata for the child clone. In response to a read…
