Auto deploying network for virtual private cloud with heterogenous workloads
Granted: June 27, 2023
Patent Number:
11689497
Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can…
Generating path usability state for different sub-paths offered by a network link
Granted: June 27, 2023
Patent Number:
11689959
Some embodiments provide a method for quantifying quality of several service classes provided by a link between first and second forwarding nodes in a wide area network (WAN). At a first forwarding node, the method computes and stores first and second path quality metric (PQM) values based on packets sent from the second forwarding node for the first and second service classes. The different service classes in some embodiments are associated with different quality of service (QoS)…
System and method for establishing trust between multiple management entities with different authentication mechanisms
Granted: June 27, 2023
Patent Number:
11689924
A system and method for establishing trust between management entities with different authentication mechanisms in a computing system utilizes a token exchange service to acquire a second security token used in a second management entity in exchange for a first security token used in a first management entity. In an embodiment, an endpoint is set at the first management entity as an authentication endpoint for the second management entity, which is used to authenticate a request with the…
Transparent network service migration across service devices
Granted: June 27, 2023
Patent Number:
11689631
Migrating a network service that is currently being performed by a first device to be performed by a second device includes: instructing the second device to notify an upstream network device to forward traffic that is to be serviced by the network service to the second device instead of to the first device, the network service being associated with an Internet Protocol (IP) address; and instructing the first device to migrate the network service to the second device, wherein the…
Segregating VPN traffic based on the originating application
Granted: June 27, 2023
Patent Number:
11689581
Disclosed are various examples for segregating virtual private network (VPN) traffic based on the originating client application. A network gateway receives network traffic from a tunnel endpoint of an application-specific virtual private network tunnel. The network traffic originates from a client application executed in a client device. The network gateway identifies a particular virtual local area network through which the network traffic is received. The network gateway determines,…
System and method for embedding external infrastructure services into management nodes
Granted: June 27, 2023
Patent Number:
11689578
In one example, a management node and an infrastructure node external to the management node may be identified in a cloud computing environment. The management node may execute a centralized management service and the external infrastructure node may execute a first infrastructure service that handles at least one infrastructure network function for the centralized management service. Further, a second infrastructure service may be deployed on the management node. Data in the first…
Network access by applications in an enterprise managed device system
Granted: June 27, 2023
Patent Number:
11689575
Disclosed are various examples for enforcing network access permissions on applications that are installed on a client device. A network whitelist or network blacklist can be deployed by a management service onto a managed client device. A management component can facilitate enforcement of the whitelist and/or blacklist to enforce network access rules on installed applications.
Performing cybersecurity operations based on impact scores of computing events over a rolling time interval
Granted: June 27, 2023
Patent Number:
11689545
The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the…
Method and apparatus for secure hybrid cloud connectivity
Granted: June 27, 2023
Patent Number:
11689522
System and computer-implemented method for secure hybrid cloud connectivity between an application in a public cloud service and an on-premises service supported by an on-premises appliance includes launching a public cloud gateway appliance in the public cloud service. The public cloud gateway appliance is configured with security information associated with the on-premises appliance. The on-premises appliance is provided with contact information associated with the public cloud gateway…
Management of endpoint address discovery in a software defined networking environment
Granted: June 27, 2023
Patent Number:
11689499
Described herein are systems and methods to manage Internet Protocol (IP) address discovery in a software defined networking (SDN) environment. In one example, a manager may generate an IP address discovery configuration and pass the IP address discovery configuration to a controller. Once received, the controller may obtain a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports and update a realized list for the one or more logical…
Methods and apparatus for determining low latency network connectivity in computing systems
Granted: June 27, 2023
Patent Number:
11689438
An example apparatus comprises at least one memory, instructions in the apparatus, and at least one processor to execute the instructions to identify an agent identifier from a plurality of network command responses, the plurality of network command responses including a plurality of network parameters, apply weighted values to the plurality of network parameters, and determine a total weighted sum of the plurality of network parameters, the total weighted sum corresponding to a…
Linking virtualized application namespaces at runtime
Granted: June 20, 2023
Patent Number:
11681535
A method for linking a plurality of virtualized application packages for execution on a computer system is described. A runtime executable of a primary virtualized application package is launched. A secondary virtualized application package to be merged with the primary virtualized application package is identified. In one embodiment, application settings and file data for the first and second virtualized application packages are merged into a single data structure. An execution layer is…
Support for multi-AZ management appliance networking
Granted: June 20, 2023
Patent Number:
11683267
Processes for managing computing processes within a plurality of data centers configured to provide a cloud computing environment are described. An exemplary process includes executing a process on a first host of a plurality of hosts. When the process is executing on the first host, a first network identifier associated with the plurality of hosts is not a network identifier of a pool of network identifiers associated with the cloud computing environment and first and second route…
Specializing virtual network device processing to avoid interrupt processing for high packet rate applications
Granted: June 20, 2023
Patent Number:
11683256
A method of optimizing network processing in a system comprising a physical host and a set of physical network interface controllers (PNICs) is provided. The physical host includes a forwarding element. The method includes determining that a set of conditions is satisfied to bypass the forwarding element for exchanging packets between a particular data compute node (DCN) and a particular PNIC. The set of conditions includes the particular DCN being the only DCN connected to the…
Methods and apparatus to implement cloud specific functionality in a cloud agnostic system
Granted: June 20, 2023
Patent Number:
11683232
Methods, apparatus, systems and articles of manufacture are disclosed that implement cloud functionality in a cloud agnostic system. An example apparatus includes: at least one memory; instructions in the apparatus; and processor circuitry to execute the instructions to: generate a blueprint including components of requested cloud resources and their relationships; provide an allocation flag to the blueprint, the allocation flag indicating the requested cloud resources are to be…
Fast provisioning of machines using network cloning
Granted: June 20, 2023
Patent Number:
11683201
Some embodiments of the invention provide a method for cloning a set of one or more applications implemented by a first set of machines connected through a first logical network that defines a virtual private cloud (VPC) in a set of one or more datacenters. The method detects that the first logical network does not have sufficient resources to process a set of network traffic destined for the set of one or more applications implemented by the first set of machines. Based on said…
Hybrid synchronization using a shadow component
Granted: June 20, 2023
Patent Number:
11681661
Hybrid synchronization using a shadow component includes detecting a first component of a plurality of mirrored components of a distributed data object becoming unavailable. The mirrored components include a delta component (a special shadow component) and a regular mirror (shadow) component. The delta component indicates a shorter history of changes to data blocks of a log-structured file system (LFS) than is indicated by the regular mirror component. During the unavailability of the…
Direct access to a hardware device for virtual machines of a virtualized computer system
Granted: June 20, 2023
Patent Number:
11681639
In a virtualized computer system in which a guest operating system runs on a virtual machine of a virtualized computer system, a computer-implemented method of providing the guest operating system with direct access to a hardware device coupled to the virtualized computer system via a communication interface, the method including: (a) obtaining first configuration register information corresponding to the hardware device, the hardware device connected to the virtualized computer system…
Interference-aware scheduling service for virtual GPU enabled systems
Granted: June 20, 2023
Patent Number:
11681544
Disclosed are aspects of interference-aware virtual machine assignment for systems that include graphics processing units (GPUs) that are virtual GPU (vGPU) enabled. In some examples, an interference function is used to predict interference for assignment of a workload to a graphics processing unit (GPU). The interference function outputs a predicted interference to place the workload on the GPU. The workload is assigned to the GPU based on a comparison of the predicted interference to a…
Integrating virtualization and host networking
Granted: June 20, 2023
Patent Number:
11681542
The disclosure provides for integrating virtual machine (VM) and host networking, forwarding port data and occupation status to host and VM endpoints. Examples synchronize, by a host agent, port reservations with a guest agent on a first VM on the host; receive an indication that a VM port on the first VM is occupied; based at least on receiving the indication that the VM port is occupied, update the port reservations to include that a host port corresponding to the VM port is occupied;…
