DHCP-communications monitoring by a network controller in software defined network environments
Granted: November 28, 2023
Patent Number:
11831677
Methods and apparatus to manage a dynamic deployment environment including one or more virtual machines is provided herein. A disclosed example includes involves: scanning, by executing a computer readable instruction with a processor, the virtual machines in the deployment environment to identify a service installed on any of the virtual machines; determining, by executing a computer readable instruction with the processor, the identified service corresponds to a service monitoring…
Identification of time-ordered sets of connections to identify threats to a datacenter
Granted: November 28, 2023
Patent Number:
11831667
Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that…
System and method for using private native security groups and private native firewall policy rules in a public cloud
Granted: November 28, 2023
Patent Number:
11831610
A system and method for using private native security groups and private native firewall policy rules for a private cloud computing environment and a public cloud computing environment uses a public cloud gateway for routing data traffic between at least a cloud network created in the public cloud computing environment and the private cloud computing environment. For each of some private native firewall policy rules that has any of newly created private native security groups as one of…
Data IO and service on different pods of a RIC
Granted: November 28, 2023
Patent Number:
11831517
To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not…
Label-based methods for identifying a source location in service chaining topology
Granted: November 28, 2023
Patent Number:
11831468
In an embodiment, a computer-implemented method provides mechanisms for identifying a source location in a service chaining topology. In an embodiment, a method comprises: determining, at an egress interface of a host that hosts a virtual machine (“VM”), whether a service plane MAC address (“spmac”) in a packet header of a packet, provided to the egress interface, is the same as an inner destination MAC address in the packet; in response to determining that the spmac in the…
Providing recommendations for implementing virtual networks
Granted: November 28, 2023
Patent Number:
11831414
Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects…
Data leak prevention using user and device contexts
Granted: November 28, 2023
Patent Number:
11830098
Disclosed are various examples for audio data leak prevention using user and device contexts. In some examples, a voice assistant device can be connected to a remote service that provides enterprise data to be audibly emitted by the voice assistant device. In response to a request for the enterprise data being received from the voice assistant device, an audio signal can be generated that audibly broadcasts the enterprise data. The audio signal can be generated to audibly redact at least…
Using maintenance mode to upgrade a distributed system
Granted: November 21, 2023
Patent Number:
11824929
The present disclosure relates to using maintenance mode to upgrade a distributed system. One method includes determining that a first host of a cluster of a software-defined datacenter (SDDC) is to be upgraded as a part of a rolling upgrade of the hosts of the cluster, wherein the first host is executing a process instance of a cluster store, demoting the process instance to a proxy, creating a replica of the process instance using a different proxy on a second host of the cluster,…
Packet handling based on user information included in packet headers by a network gateway
Granted: November 21, 2023
Patent Number:
11824965
The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The first connection is established based on authentication of user information received from the first connection endpoint. The method further provides adding the user information to a packet…
Using physical and virtual functions associated with a NIC to access an external storage through network fabric driver
Granted: November 21, 2023
Patent Number:
11824931
Some embodiments provide a method of providing distributed storage services to a host computer from a network interface card (NIC) of the host computer. At the NIC, the method accesses a set of one or more external storages operating outside of the host computer through a shared port of the NIC that is not only used to access the set of external storages but also for forwarding packets not related to an external storage. In some embodiments, the method accesses the external storage set…
Hardware-assisted tracking of remote direct memory access (RDMA) writes to virtual machine memory
Granted: November 21, 2023
Patent Number:
11822509
Techniques for live migrating a paravirtual remote direct memory access (PVRDMA) virtual machine (VM) from a source host system to a destination host system are provided. In one set of embodiments, during a pre-copy phase of the live migration process, a source hypervisor of the source host system can invoke an application programming interface (API) exposed by a source host channel adapter (HCA) of the source host system for initiating write tracing of remote direct memory access (RDMA)…
Automatic configuring of virtual networking based on information from a switch
Granted: November 21, 2023
Patent Number:
11824720
Examples described herein include systems and methods for automatically configuring a VM on a server using information from a switch located remotely from the server. The switch can provide the configuration information in a Link Layer Discovery Protocol (“LLDP”) type-length-value (“TLV”) data structure. The configuration information can include various information related to configuring a VM, such as a VM identifier, an indication of a physical port of the server, a VM interface…
Managing downtime to networking managers during configuration updates in cloud computing environments
Granted: November 21, 2023
Patent Number:
11822952
Described herein are systems and methods that manage configuration updates for networking manager virtual machines. In one example, a method includes identifying an update for at least one networking manager virtual machine. In response to identifying the update, the method notifies a daemon on the host with the networking manager virtual machine to establish a channel with a control plane agent to receive communications in place of the networking manager virtual machine. The method…
Hypercall authentication in a guest-assisted virtual machine introspection (VMI) implementation
Granted: November 21, 2023
Patent Number:
11822951
Example methods are provided to use a guest monitoring mode (GMM) module in a hypervisor to authenticate hypercalls sent by a guest agent to the GMM module. The GMM module uses reference information, including thread information associated with a thread, to determine whether a hypercall associated with the thread was issued by the trusted guest agent or by potentially malicious code.
Cloneless snapshot reversion
Granted: November 21, 2023
Patent Number:
11822950
The present disclosure is related to methods, systems, and machine-readable media for cloneless snapshot reversion. A request can be received to revert to a past snapshot of a virtual computing instance in a snapshot chain of a snapshot tree provided by a software defined data center. A live snapshot can be created at an end of the snapshot chain comprising the past snapshot. An intervening snapshot in the snapshot chain can be indicated as abandoned in a snapshot map associated with the…
Guest cluster deployed as virtual extension of management cluster in a virtualized computing system
Granted: November 21, 2023
Patent Number:
11822949
An example virtualized computing system includes: a host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs); an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server executing in a first VM of the VMs; guest cluster infrastructure software (GCIS) executing in the master server, the GCIS configured to…
User profile migration to virtual desktop infrastructure
Granted: November 21, 2023
Patent Number:
11822938
A method of migrating a user profile to a virtual desktop infrastructure (VDI) system includes enumerating applications installed at an endpoint of a user, retrieving a list of application settings files, determining file and registry locations of user profile data relating to the applications installed at the endpoint from the application settings files, and retrieving the user profile data from the determined file and registry locations and storing the user profile data in a shared…
Intelligent scheduling of coprocessor execution
Granted: November 21, 2023
Patent Number:
11822925
Execution of multiple execution streams is scheduled on at least one coprocessor. A software layer located logically between applications and the at least one coprocessor intercepts a first API call from an application and determines that a first execution stream is to be executed. Before scheduling the first execution stream, the software layer transmits a response to the application indicating that the at least one coprocessor is ready to execute another execution stream. The software…
Managing extent sharing between snapshots using mapping addresses
Granted: November 21, 2023
Patent Number:
11822804
The present disclosure is related to methods, systems, and machine-readable media for managing extent sharing between snapshots using mapping addresses. A first mapping address can be assigned to a first extent responsive to a request to write the first extent. A second mapping address can be assigned to a second extent responsive to a request to write the second extent. A snapshot can be created. A snapshot mapping address, that is monotonically increased from the second mapping…
Determination of a minimal set of privileges to execute a workflow in a virtualized computing environment
Granted: November 21, 2023
Patent Number:
11822676
Example methods are provided to for automated determination of a minimal set of privileges that are required to execute a workflow in a virtualized computing environment. While the workflow is being executed, interactions with a user interface are recorded. The interactions include application program interface (API) calls. The method identifies the privileges that are used to execute the API calls, and the identified privileges are combined to form the minimal set of privileges. A model…
