Per-window digital watermark for desktop applications
Granted: December 19, 2023
Patent Number:
11847718
Embodiments are described for placing a watermark over application windows in a desktop. For each application window that is opened in the desktop, the system can determine whether the application requires a watermark, for example, based on a predefined list that specifies which applications require watermarks. For each application window that requires a watermark, a uncovered watermark region can be calculated where the watermark will appear. An overlay can be placed over the…
Enterprise metaverse management
Granted: December 19, 2023
Patent Number:
11849259
Examples described herein include systems and methods for managing user interaction within a virtual space. An example method can include installing management software on one or more user devices and requesting a digital ID that represents a combination of a user and at least one user device. The method can further include configuring a virtual reality (“VR”) space including virtual meeting rooms and a notification service. An administrator can set the number of rooms, place virtual…
Secure exchange of session tokens for claims-based tokens in an extensible system
Granted: December 19, 2023
Patent Number:
11849041
A method of securely exchanging a session token for a claims-based token by a plug-in integrated into an extensible system includes the steps of: transmitting, to an extensible system server of the extensible system, the session token and a request for a first claims-based token that corresponds to the session token and that is cryptographically signed by an authentication server; acquiring, from the extensible system server, the first claims-based token; transmitting, to the…
Self-service device encryption key access
Granted: December 19, 2023
Patent Number:
11849038
Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key…
Persisting an HTTP connection between application components
Granted: December 19, 2023
Patent Number:
11849003
Persistent connections are provided between components in a container environment. A hypertext transfer protocol (HTTP) client may include a monitoring service and a proxy service. To obtain information regarding containers in the container environment, the monitoring service communicates a request to the proxy service. The proxy service in turn maintains a persistent connection for a session with a container management service using an authentication token, and communicates the request…
Secure multi-directional data pipeline for data distribution systems
Granted: December 19, 2023
Patent Number:
11848981
Techniques for ingesting data streams to a distributed-computing system using a multi-directional data ingestion pipeline are provided. In one embodiment, a method for ingesting data streams includes, at a client gateway, receiving a plurality of messages; assigning the plurality of messages to one or more data streams; obtaining stream routing configurations; and identifying one or more receivers. The method further includes determining whether at least one of the one or more data…
Correlation-based security threat analysis
Granted: December 19, 2023
Patent Number:
11848948
Example methods and systems for correlation-based security threat analysis are described. In one example, a computer system may obtain event information that is generated by monitoring a virtualized computing instance supported by a host; and network alert information that is generated by monitoring network traffic associated with the virtualized computing instance. The network alert information may specify security threat signature(s) detected based on the network traffic. The computer…
Efficiently performing intrusion detection
Granted: December 19, 2023
Patent Number:
11848946
Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on…
Dynamically generating restriction profiles for managed devices
Granted: December 19, 2023
Patent Number:
11848935
Disclosed are various examples for dynamically generating restriction profiles for updated software platforms. A management system can determine that updated restrictions and/or settings are included in an updated or new version of a definition file. The updated settings identified and categorized according to risk for a given enterprise group without administrator input. An updated restriction profile can be generated according to the updated settings and distributed to managed devices.
Delegated authentication to certificate authorities
Granted: December 19, 2023
Patent Number:
11848931
Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and…
Assigning stateful pods fixed IP addresses depending on unique pod identity
Granted: December 19, 2023
Patent Number:
11848910
Some embodiments provide a novel method for resiliently associating Internet Protocol (IP) addresses with pods that each have unique identifiers (IDs) in a managed cluster of worker nodes managed by a first set of one or more controllers of the managed cluster. The resilient association between IP addresses and pods is maintained even when pods are moved between worker nodes. At a second set of controllers, the method receives notification regarding deployment, on a first worker node, of…
Selection of paired transmit queue
Granted: December 19, 2023
Patent Number:
11848869
Some embodiments provide a method for selecting a transmit queue of a network interface card (NIC) of a host computer for an outbound data message. The NIC includes multiple transmit queues and multiple receive queues. Each of the transmit queues is individually associated with a different receive queue, and the MC performs a load balancing operation to distribute inbound data messages among multiple receive queues. The method extracts a set of header values from a header of the outbound…
System and method for operational intelligence based on network traffic
Granted: December 19, 2023
Patent Number:
11848833
System and computer-implemented method for analyzing software-defined data center (SDDC) components in a computing environment uses network traffic data, which is correlated with an inventory of SDDC components in the computing environment to calculate a metric collection parameter for each SDDC component in the computing environment based on data flow associated with that SDDC component. Relevant metrics from each of the SDDC components in the computing environment are collected…
Network visualization of correlations between logical elements and associated physical elements
Granted: December 19, 2023
Patent Number:
11848825
Some embodiments of the invention provide a method for providing a visualization of a topology for a logical network implemented in a physical network. The method identifies a set of logical elements of the logical network. For each logical element, the method identifies a set of one or more physical elements in the physical network that implements the logical element. Multiple physical elements are identified for at least one of the logical elements. Through a user interface (UI) the…
Distributed auto discovery service
Granted: December 19, 2023
Patent Number:
11848824
Methods and systems are described for a distributed auto discovery service for device enrollment. In an example, a user device enrolling in a Unified Endpoint Management (“UEM”) system can receive an email address. The enrolling user device can identify, on a local network that the enrolling user device is connected to, other user devices that are already enrolled with the UEM system. The unenrolled user device can send a discovery request to the enrolled user devices that includes…
Methods and apparatus to determine container priorities in virtualized computing environments
Granted: December 19, 2023
Patent Number:
11848821
An example system includes memory, programmable circuitry, and machine readable instructions to program the programmable circuitry to: obtain utilization metric information corresponding to utilization metrics collected over a time interval, the utilization metrics corresponding to allocated resources utilized by containers, the containers associated with a cluster, obtain a request to generate priority classes for the containers in the cluster, the priority classes indicative of which…
Connecting virtual computer networks with overlapping IP addresses using transit virtual computer network
Granted: December 19, 2023
Patent Number:
11848800
A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier…
Request handling with automatic scheduling
Granted: December 19, 2023
Patent Number:
11848769
Example methods and systems for request handling with automatic scheduling are described. In one example, a computer system may receive, from multiple client devices, respective multiple requests that are generated and sent according to a first set of control parameters. Based on the multiple requests, request characteristic(s) may be monitored to determine whether an automatic scheduling condition is satisfied. In response to determination that the automatic scheduling condition is…
Network-efficient isolation environment redistribution
Granted: December 19, 2023
Patent Number:
11847485
Network-efficient isolation environment redistribution is described. In one example, network communications are surveyed among isolation environments, such as virtual machines (VMs) and containers, hosted on a cluster. An affinity for network communications between the isolation environments can be identified based on the survey. Pairs or groups of the isolation environments can be examined to identify ones which have an affinity for network communications between them but are also…
Allocating additional bandwidth to resources in a datacenter through deployment of dedicated gateways
Granted: December 12, 2023
Patent Number:
11843547
Some embodiments provide a method for deploying edge forwarding elements in a public or private software defined datacenter (SDDC). For an entity, the method deploys a default first edge forwarding element to process data message flows between machines of the entity in a first network of the SDDC and machines external to the first network of the SDDC. The method subsequently receives a request to allocate more bandwidth to a first set of the data message flows entering or exiting the…
