External communication with packaged virtual machine applications without networking
Granted: October 24, 2023
Patent Number:
11797326
One or more embodiments provide techniques that permit virtual computing instances in isolated environments to communicate information outside the isolated environments without requiring networking. In one embodiment, an encoder which runs in a virtual machine (VM) within an isolated environment, such as one of the VMs of a packaged virtual machine application that does not have external network connectivity, is configured to encode information, such as state information of the packaged…
Dynamic virtual machine sizing
Granted: October 24, 2023
Patent Number:
11797327
A technique is described for managing processor (CPU) resources in a host having virtual machines (VMs) executed thereon. A target size of a VM is determined based on its demand and CPU entitlement. If the VM's current size exceeds the target size, the technique dynamically changes the size of a VM in the host by increasing or decreasing the number of virtual CPUs available to the VM. To “deactivate” virtual CPUs, a high-priority balloon thread is launched and pinned to one of the…
SAAS infrastructure for flexible multi-tenancy
Granted: October 24, 2023
Patent Number:
11797352
Techniques for implementing a software-as-a-service (SaaS) infrastructure that supports flexible multi-tenancy are provided. In various embodiments, this SaaS infrastructure employs a hybrid design that can flexibly accommodate both single-tenant and multi-tenant instances of a SaaS application. Accordingly, with this infrastructure, a SaaS provider can advantageously support high levels of isolation between certain tenants of its application (as dictated by the tenants' needs and/or…
Plug-in based framework to provide fault tolerance and high availability in distributed systems
Granted: October 24, 2023
Patent Number:
11797399
A plug-in based framework provides high availability (HA), including fault tolerance, in a distributed system, such as provided by a virtualized computing environment. The framework uses blueprints that define entities to be monitored, failure conditions, failover actions, restoration actions, and other aspects associated with HA. Microservices execute the blueprints, and a load balancer may balance the execution of the blueprints amongst microservices.
System and method for using local storage to emulate centralized storage
Granted: October 24, 2023
Patent Number:
11797489
A cluster of computer systems, each of which is configured with a virtualization software layer to support execution of virtual computing instances, includes a first computer system in which a first virtual computing instance is executing, the first computer system including a first local storage unit in which a first log file is stored to capture write operations to a virtual disk of the first virtual computing instance. The cluster also includes a second computer system, networked to…
Secure end-to-end deployment of workloads in a virtualized environment using hardware-based attestation
Granted: October 24, 2023
Patent Number:
11799670
A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to…
Micro-batching metadata updates to reduce transaction journal overhead during snapshot deletion
Granted: October 24, 2023
Patent Number:
11797214
A method for deleting one or more snapshots using micro-batch processing is provided. The method includes receiving a request to delete the one or more snapshots, identifying one or more middle map extents exclusively owned by the one or more snapshots requested to be deleted, wherein metadata for the one or more snapshots is stored in one or more logical maps having logical map extents mapping logical block addresses (LBAs) to middle block addresses (MBAs) and a middle map having middle…
Resolving conflicts of application runtime dependencies
Granted: October 17, 2023
Patent Number:
11792278
Described herein are systems, methods, and software to handle requests to an application file shared by a plurality of applications on a computing system. In one implementation, a method of handling request for an application file shared by a plurality of applications on a computing system includes identifying a request for the application file on the computing system, wherein each application in the plurality of applications is associated with an individualized version of the…
Offline sideloading for enrollment of devices in a mobile device management system
Granted: October 17, 2023
Patent Number:
11792270
Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled.…
Systems and methods for controlling email access
Granted: October 17, 2023
Patent Number:
11792203
Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band…
TLS policy enforcement at a tunnel gateway
Granted: October 17, 2023
Patent Number:
11792202
Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.
Endpoint group containing heterogeneous workloads
Granted: October 17, 2023
Patent Number:
11792159
Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can…
Method and apparatus for enhanced client persistence in multi-site GSLB deployments
Granted: October 17, 2023
Patent Number:
11792155
Some embodiments provide a method that, at a first domain name system (DNS) cluster of a set of DNS clusters, receives a DNS request from a client. The first DNS cluster identifies, based on an identifier of the client in the DNS request, a home DNS cluster of the client. The method forwards the DNS request to the home DNS cluster. The home DNS cluster supplies a DNS response to the client. Identifying the home DNS cluster, in some embodiments, includes performing a hash on the…
Detection of threats based on responses to name resolution requests
Granted: October 17, 2023
Patent Number:
11792151
Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method…
Network-aware load balancing
Granted: October 17, 2023
Patent Number:
11792127
Some embodiments of the invention provide a method for network-aware load balancing for data messages traversing a software-defined wide area network (SD-WAN) (e.g., a virtual network) including multiple connection links between different elements of the SD-WAN. The method includes receiving, at a load balancer in a multi-machine site, link state data relating to a set of SD-WAN datapaths including connection links of the multiple connection links. The load balancer, in some embodiments,…
Using service planes to perform services at the edge of a network
Granted: October 17, 2023
Patent Number:
11792112
Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple…
Remediation of containerized workloads based on context breach at edge devices
Granted: October 17, 2023
Patent Number:
11792086
Computer-implemented methods, media, and systems for remediation of containerized workloads based on context breach at edge devices are disclosed. One example computer-implemented method includes monitoring telemetry data from a first software defined wide area network (SD-WAN) edge device, where the telemetry data includes multiple context elements at the first SD-WAN edge device. It is determined that a context change occurs for at least one of the context elements at the first SD-WAN…
Error logging during system boot and shutdown
Granted: October 17, 2023
Patent Number:
11789801
Systems and methods are described for improved error logging during system boot and shutdown. A hardware initialization firmware on a computing device can include a logging module. When errors occur during early system booting or late system shutdown, the firmware can create error logs. The logging module can receive the error logs and prioritize them according to a set of rules. The logging module can select error logs of the highest priority up to a predetermined maximum amount. The…
Degraded availability zone remediation for multi-availability zone clusters of host computers
Granted: October 17, 2023
Patent Number:
11789800
System and computer-implemented method for managing multi-availability zone (AZ) clusters of host computers in a cloud computing environment automatically detects a degraded state of a first AZ in the cloud computing environment based on host failure events for host computers in a first cluster section of a multi-AZ cluster of host computers located in the first AZ and a recovered state of the first AZ based a successful scale-in operation of another multi-AZ cluster located partially in…
Decentralized resource scheduling
Granted: October 17, 2023
Patent Number:
11789772
Disclosed are various embodiments for distributed resource scheduling. An eviction request from a first host is received. The eviction request comprises data regarding a virtual machine to be migrated from the first host. The eviction request is then broadcast to a plurality of hosts. A plurality of responses are received from the plurality of hosts, each response comprising a score representing an ability of a respective one of the plurality of hosts to act as a new host for the virtual…
