Congestion avoidance in a slice-based network
Granted: February 13, 2024
Patent Number:
11902080
A system can reduce congestion in slice-based networks, such as a virtual service network (“VSN”). The system can include a monitoring module that communicates with agents on switches, such as routers or servers. The switches report telematics data to the monitoring module, which determines slice-specific performance attributes such as slice latency and slice throughput. These slice-specific performance attributes are compared against software license agreement (“SLA”)…
Methods and apparatus to generate migration recommendations to migrate services between geographic regions
Granted: February 13, 2024
Patent Number:
11902384
A disclosed example to determine a migration recommendation of a service between geographic regions includes: a graph generator to generate an interaction graph, the interaction graph including first and second nodes and an edge therebetween, the first node representative of a first service in a first geographic region, the second node representative of a second service in a second geographic region, and the edge representative of a network path of interactions between the first and…
Proxy-enabled communication across network boundaries by self-replicating applications
Granted: February 13, 2024
Patent Number:
11902353
The disclosure provides an approach for cross-network communication by self-replicating applications. Embodiments include identifying, by a first instance of a self-replicating application on a first computing device having a first network connection to a parent component, a second computing device that is connected to the first computing device via a second network connection. Embodiments include self-replicating, by the first instance of the self-replicating application, across the…
Dynamic remote browsing
Granted: February 13, 2024
Patent Number:
11902298
A method for an electronic device for managing one or more browsing tabs of a browsing sessions is provided. The method receives a request for a browsing tab. The method determines whether to process the request for the browsing tab locally on the electronic device based on one or more parameters associated with at least one of the electronic device or a destination associated with the request. When it is determined to process the request locally, the method performs the browsing tab…
Access to physical resources based through identity provider
Granted: February 13, 2024
Patent Number:
11902276
Disclosed are various approaches for providing a virtual badge credential to a user's device that is enrolled with a management service as a managed device. Upon authentication of a user's identity via an identity provider, a virtual badge credential can be provided to an application on the client device. The virtual badge credential can be presented by the client device to access control readers to gain access to physical resources, such as doors and buildings, that are secured by the…
Secure gateway onboarding via mobile devices for internet of things device management
Granted: February 13, 2024
Patent Number:
11902268
Disclosed are various examples for enrollment of gateways using a client device. In one example, a request is transmitted from a client device to a management service. The request comprises the gateway identifier. Gateway credentials are relayed through the client device from the management service to the gateway device. The gateway credentials are unexposed to users of the client device.
Path selection for data packets encrypted based on an IPSEC protocol
Granted: February 13, 2024
Patent Number:
11902264
A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source…
Methods and systems of application security mesh user interfaces
Granted: February 13, 2024
Patent Number:
11902247
A computerized method for implementing distributed application security mesh systems comprising: providing a service graph; and providing an underlying mesh graph with a pre-defined paths.
Per-namespace IP address management method for container networks
Granted: February 13, 2024
Patent Number:
11902245
Some embodiments of the invention provide a method of sending data in a network that includes at least one worker node executing one or more sets of containers and a virtual switch, the virtual switch including a gateway interface, a virtual local area network (VLAN) tunnel interface, and a set of virtual Ethernet interfaces associated with the one or more sets of containers. The method configures the gateway interface of the worker node to associate the gateway interface with multiple…
Using VTI teaming to achieve load balance and redundancy
Granted: February 13, 2024
Patent Number:
11902164
In an embodiment, a computer-implemented method for using virtual tunnel interface teaming to achieve load balance and redundancy in virtual private networks (“VPNs”) is disclosed. In an embodiment, a method comprises: receiving, by a gateway, configuration data from a control plane; based on the configuration data, configuring on the gateway a bonded virtual tunnel interface (“bonded VTI”) having a plurality of slave virtual tunnel interfaces (“slave VTIs”); configuring a…
Methods and systems for identifying and resolving root causes of performance problems in data center object
Granted: February 13, 2024
Patent Number:
11899528
Automated methods and systems for identifying and resolving performance problems of objects of a data center are described. The automated methods and systems construct a model for identifying objects of the datacenter that are experiencing performance problems based on baseline distributions of events of the objects in a historical time period and event distributions of events of the objects in a time window located outside the historical time period. A root causes and recommendations…
Method for providing distributed gateway service at host computer
Granted: February 13, 2024
Patent Number:
11902050
Some embodiments of the invention provide a novel network architecture for providing edge services of a virtual private cloud (VPC) at host computers hosting machines of the VPC. The host computers in the novel network architecture are reachable from external networks through a gateway router of an availability zone (AZ). The gateway router receives a data message from the external network addressed to one or more data compute nodes (DCNs) in the VPC and forwards the data message to a…
System for analyzing and attesting physical access
Granted: February 13, 2024
Patent Number:
11900748
Methods and systems are described for analyzing and attesting physical access to a location. In an example, an administrator can create a survey for users in an organization. The survey can be sent to a user device as a notification. The user can complete the survey, and the user's physical access rights can be determined based on the survey answers. When the user attempts to gain access to a location of the organization, the user can provide a digital access badge. The digital access…
Method for repointing resources between hosts
Granted: February 13, 2024
Patent Number:
11900159
Techniques are disclosed for reallocating host resources in a virtualized computing environment when certain criteria have been met. In some embodiments, a system identifies a host disabling event. In view of the disabling event, the system identifies a resource for reallocation from a first host to a second host. Based on the identification, the computer system disassociates the identified resource's virtual identifier from the first host device and associates the virtual identifier…
Direct access storage for persistent services in a distributed storage system
Granted: February 13, 2024
Patent Number:
11900141
An example virtualized computing system includes a cluster of hosts having a virtualization layer executing thereon and configured to manage virtual machines (VMs); first and second local storage devices in a first host, the first local storage device being part of a virtual storage area network (vSAN) and the second local storage device being exclusive of the vSAN; and an orchestration control plane, integrated with the virtualization layer and including a master server managing state…
Reduced downtime during upgrade of an application hosted in a data center
Granted: February 13, 2024
Patent Number:
11900099
A method of upgrading an application in a software-defined data center (SDDC) includes: deploying, by lifecycle management software executing in the SDDC, a second appliance, a first appliance executing services of the application at a first version, the second appliance having services of the application at a second version, the services in the first appliance being active and the services in the second appliance being inactive; expanding, by the lifecycle management software, state of…
Linear byzantine agreement
Granted: February 13, 2024
Patent Number:
11899654
An optimistic byzantine agreement protocol (the protocol) first tries to reach agreement via an efficient deterministic algorithm (synchronous protocol) that relies on synchrony for termination. If an agreement is not reached (e.g., due to asynchrony), the protocol uses a randomized asynchronous algorithm (asynchronous protocol) for fallback. Although randomized asynchronous algorithms are considered to be costly, the rationale here is to bound communication in non-synchronous runs after…
Maintenance of data message classification cache on smart NIC
Granted: February 13, 2024
Patent Number:
11899594
Some embodiments provide a method for performing data message processing at a smart NIC of a computer that executes a software forwarding element (SFE). The method stores (i) a set of cache entries that the smart NIC uses to process a set of received data messages without providing the data messages to the SFE and (ii) rule updates used by the smart NIC to validate the cache entries. After a period of time, the method determines that the rule updates are incorporated into a data message…
Computer storage deduplication
Granted: February 13, 2024
Patent Number:
11899592
Decentralized deduplication operations in a computer system employ a hash index that is a variant of a B+ tree to support both efficient sequential updates as well as efficient random updates. Sequential update is selected when deduplication is infrequently performed, such as on the order of days, and random update is selected when deduplication is performed more frequently, such as on the order of seconds. More frequent deduplication may be beneficial during periods when large amounts…
Usage pattern virtual machine idle detection
Granted: February 13, 2024
Patent Number:
11899554
The detection of utilized virtual machines through usage pattern analysis is described. In one example, a computing device can collect utilization metrics from a virtual machine over time. The utilization metrics can be related to one or more processing usage, disk usage, network usage, and memory usage metrics, among others. The utilization metrics can be used to determine a number of clusters, and the clusters can be used to organize the utilization metrics into groups. Depending upon…
