Mechanism for enabling cryptographic agility in legacy applications and services
Granted: March 5, 2024
Patent Number:
11924343
The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information…
Remote session based micro-segmentation
Granted: March 5, 2024
Patent Number:
11924167
The disclosure provides an approach for implementing a distributed firewall within a data center. The firewall is implemented as a kernel space filter driver within the operating system of virtual machines. Each virtual machine hosts several user sessions. The firewall may be dynamically updated with new security policies, either by an administrator or a component of the data center.
Resource-path-based, dynamic group membership support for membership groups
Granted: March 5, 2024
Patent Number:
11924166
In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of the object matches a URI regular expression and other conditions specified in membership…
Practical overlay network latency measurement in datacenter
Granted: March 5, 2024
Patent Number:
11924080
Some embodiments provide a method of identifying packet latency in a software defined datacenter (SDDC) that includes a network and multiple host computers executing multiple machines. At a first host computer, the method identifies and stores (i) multiple time values associated with several packet processing operations performed on a particular packet sent by a first machine executing on the first host computer, and (ii) a time value associated with packet transmission through the SDDC…
System and method for cross-architecture trusted execution environment migration
Granted: March 5, 2024
Patent Number:
11922211
System and method for managing migration of trusted execution environments (TEEs) based on migration policies utilizes a source migration agent in the source host computer and a destination migration agent in a destination host computer to migrate a source TEE in the source host computer to the destination host computer. A migration policy data of the source TEE is first transmitted to the destination migration agent from the source migration agent to determine whether the destination…
Gateway enrollment for Internet of Things device management
Granted: February 27, 2024
Patent Number:
11916911
Disclosed are various examples for enrollment of gateway enrollment for Internet-of-Things (IoT) device management. In some examples, a client device receives a gateway management installation package from a management service. The client device installs a gateway management application to the gateway device using the installation package. Enrollment credentials are entered through a user interface generated using the gateway management application and shown on the client device. The…
Automated methods and systems for performing host attestation using a smart network interface controller
Granted: February 27, 2024
Patent Number:
11917083
This disclosure is directed to automated processes for attesting to trustworthiness of a host considered for connection to a data center network. The attestation process is performed in two attestation phases. In the first phase, attestation is performed on a smart network interface controller (“SNIC”) connected to an internal bus of the host using a first trusted platform module (“TPM”) of the SNIC. In the second phase, attestation is performed on the host by the SNIC using a…
Container runtime image management across the cloud
Granted: February 27, 2024
Patent Number:
11917003
Examples disclosed herein relate to propagating changes made on a file system volume of a primary cluster of nodes to the same file system volume also being managed by a secondary cluster of nodes. An application is executed on both clusters, and data changes on the primary cluster are mirrored to the secondary cluster using an exo-clone file. The exo-clone file includes the differences between two or more snapshots of the volume on the primary cluster, along with identifiers of the…
Data driven interfaces for decoupling components of a management system from manufacturer and platform of managed client devices
Granted: February 27, 2024
Patent Number:
11916962
Disclosed are examples related to data driven interfaces for decoupling management system components from a manufacturer or a platform of client devices managed by the management system. In some examples, among others, a system can generate a data driven interface template that can be used to cause rendering of a data driven user interface for configuring a profile payload of a device profile for the client device. The system can generate, based on values associated with the data driven…
Coordinating a distributed vulnerability network scan
Granted: February 27, 2024
Patent Number:
11916950
The disclosure provides an approach for coordinating a distributed vulnerability network scan. Embodiments include sending, by a computing node, a check-in message to a scanning coordinator, the check-in message indicating attributes of the computing node. Embodiments include receiving, by the computing node, a scan configuration message from the scanning coordinator, the scan configuration message comprising: scan timing information for the computing node; and a list of scanning targets…
Performing firewall operations by sharing metadata between firewall processes
Granted: February 27, 2024
Patent Number:
11916879
Some embodiments of the invention provide a novel method for performing firewall operations on a computer. The method of some embodiments instantiates first and second firewall processes on the computer. These two processes are two separate processes, which in some embodiments have separate memory allocations in the memory system of the computer. The method uses the first firewall process to examine a data message to determine whether an encryption based firewall policy (e.g., a…
System and method for observing and controlling a programmable network using cross network learning
Granted: February 27, 2024
Patent Number:
11916735
A system and method for observing and controlling a programmable network via higher layer attributes is disclosed. According to one embodiment, the system includes one or more collectors and a remote network manager. The one or more collectors are configured to receive network traffic data from a plurality of network elements in the network. The remote network manager is configured to connect to the one or more collectors over the Internet via a network interface. The one or more…
Self-healing telco network function virtualization cloud
Granted: February 27, 2024
Patent Number:
11916721
Examples herein describe systems and methods for self-healing in a Telco network function virtualization cloud. KPI attributes for virtual network functions can be mapped to physical fault notifications to create synthesized alerts. The synthesized alerts can include information from both a virtual and physical layer, allowing a self-healing action framework to determine root causes of problems in the Telco cloud. Remedial actions can then be performed in either the virtual or physical…
Brokerless reliable totally ordered many-to-many interprocess communication on a single node that uses shared memory and multicast
Granted: February 27, 2024
Patent Number:
11915065
Examples described herein include systems and methods for brokerless reliable totally ordered many-to-many inter-process communication on a single node. A messaging protocol is provided that utilizes shared memory for one of the control plane and data plane, and multicast for the other plane. Readers and writers can store either control messages or message data in the shared memory, including in a ring buffer. Write access to portions of the shared memory can be controlled by a robust…
Highly concurrent and responsive application programming interface (API) in eventual consistency environment
Granted: February 27, 2024
Patent Number:
11915064
The disclosure relates to processing application programming interface (API) requests. Embodiments include receiving, at an API wrapper, from a first caller, a first call to an API and sending the first call to the API. Embodiments include receiving, by the API wrapper, from one or more second callers, a second one or more calls to the API prior to receiving a response from the API to the first call. Embodiments include receiving, by the API wrapper, the response from the API to the…
Method and apparatus for scaling a custom resource with custom metrics in a containerized application handling system
Granted: February 27, 2024
Patent Number:
11915049
A method and apparatus for autoscaling a custom resource of a containerized application handling system utilizes a metric value defined for a system object of the custom resource to scale the system object of the custom resource. An API request for the metric value is sent from an autoscaler to a control plane of the containerized application handling system to receive the metric value, which is compared to a desired metric value. A target scale metric value is then determined based on…
System and method to support port mapping for virtual machine based container
Granted: February 27, 2024
Patent Number:
11915025
When containers run in a guest operating system of a virtual machine running on the host computer system, the containers communicate with each other via ports of each container and a network. The ports of each container stay constant, but the virtual machine in which they run may change its IP address on the network when it is power-cycled. To avoid losing connection to the ports of the containers, a record table that associates static identifiers, such as MAC addresses, of the virtual…
Resiliency and performance for cluster memory
Granted: February 27, 2024
Patent Number:
11914469
Disclosed are various embodiments for improving the resiliency and performance of clustered memory. A computing device can generate at least one parity page from at least a first local page and a second local page. The computing device can then submit a first write request for the first local page to a first one of a plurality of memory hosts. The computing device can also submit a second write request for the second local page to a second one of the plurality of memory hosts.…
True high availability of workloads in a cloud software-defined data center
Granted: February 27, 2024
Patent Number:
11914454
In accordance with an embodiment of the invention, a cloud computing system is disclosed. The system includes a software-defined data center (SDDC), the SDDC including at least one cluster supported within the SDDC and at least one host computer running within the cluster, wherein the at least one host computer is configured to support at least one workload comprising an operating system and an application, and a cloud infrastructure, the cloud infrastructure including at least one child…
System and method of analyzing update readiness for distributed software systems
Granted: February 20, 2024
Patent Number:
11907706
The disclosure provides for analyzing upgrade and migration readiness. Embodiments include receiving an indication to upgrade a software product and a selected upgrade path identifying a target-upgrade version. Embodiments include accessing an array of pre-upgrade procedures comprising code for identifying one or more conditions that must be met before the software product can be upgraded based on the accessed array being associated with the software product. Embodiments include…
