Distributed autonomous lifecycle management of hypervisors in a virtualized computing system
Granted: October 1, 2024
Patent Number:
12106135
An example method of hypervisor lifecycle management in a virtualized computing system having a cluster of hosts is described. The method includes: obtaining, by remediation software executing in a host of the hosts, a host state document from a distributed key-value store, the host state document defining a desired state of software in the host, the software including a hypervisor; and performing, by the remediation software in coordination with other hosts of the hosts through the…
Context-aware data requests for a service in a distributed environment
Granted: October 1, 2024
Patent Number:
12105706
The disclosure provides an approach for database query management. Embodiments include receiving, by a service operating on a server, a request for data stored in a database. Embodiments also include determining, by the service, whether to handle the request as an internal request or an external request. Embodiments include, in response to determining to handle the request as an internal request: sending, by the service, a query for at least a portion of the data to the database;…
Migration of control planes across architectures
Granted: October 1, 2024
Patent Number:
12105597
The disclosure provides migration of control plane nodes across multiple architecture platforms. Embodiments include one or more processors configured to backup data of a source control plane node running on a first host, the first host having a first architecture platform, identify a second architecture platform of a second host, the second architecture platform being different than the first architecture platform, select a first control plane binary of a plurality of control plane…
Host storage of container logs
Granted: September 24, 2024
Patent Number:
12099430
A log is received at a user space process of a host from a logical logging component of a virtual computing instance (VCI), the log generated by a container running on the VCI. The log is communicated from the user space process to a logical logging component of the host. The log is communicated from the logical logging component of the host to a logging process of the host. The log is configured and stored in host storage.
Receiving application-specific data in-flight (DIF) services along a communication path selected based on a DIF services policy associated with a VM
Granted: September 24, 2024
Patent Number:
12101382
Embodiments provide data in-flight (DIF) services to software applications such as virtual machines (VMs) at an application level without requiring modification to established storage protocols. In exemplary embodiments, a storage controller transmits an advertisement of one or more data in-flight (DIF) services supported by a storage container of the storage controller. One or more DIF services communication path is created with attributes corresponding to the DIF services supported by…
Dynamic network address management
Granted: September 24, 2024
Patent Number:
12101292
A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for…
Layer 7 network security for container workloads
Granted: September 24, 2024
Patent Number:
12101244
Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed…
Workload identification for network flows over stretched layer 2 networks
Granted: September 24, 2024
Patent Number:
12101242
Embodiments described herein generally involve identifying workloads in a multi-site networking environment. Embodiments include determining that a given network is stretched across a first network segment at a first site and a second network segment at a second site. Embodiments include creating a stretched administrative domain for the given network and mapping an address of the given network to the stretched administrative domain in a lookup table for an administrative domain…
Hypervisor-assisted secured memory sharing among host and guest operating system
Granted: September 24, 2024
Patent Number:
12099862
Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other…
Tiered memory data structures and algorithms for dynamic searching via balanced binary search trees
Granted: September 24, 2024
Patent Number:
12099731
In one set of embodiments, a computer system can receive a request to insert or delete a key into or from a plurality of keys maintained by a dynamic search data structure, where the dynamic search data structure is implemented using a balanced binary search tree (BBST) comprising a plurality of nodes corresponding to the plurality of keys, where a first subset of the plurality of nodes are stored in the first memory tier, and where a second subset of the plurality of nodes are stored in…
Processing queue assignment based on a flag in a Geneve header
Granted: September 17, 2024
Patent Number:
12095889
Described herein are systems, methods, and software to manage the identification of control packets in an encapsulation header. In one implementation, a computing system may receive a Geneve packet at a network interface and determine that the Geneve packet includes an Operations and Management (OAM) flag. Once the OAM flag is identified, the computing system can select a processing queue from a plurality of processing queues for a main processing system of the computing system based on…
Method and system for enforcing intrusion detection signatures curated for workloads based on contextual attributes in an SDDC
Granted: September 17, 2024
Patent Number:
12095780
Some embodiments of the invention provide a method of implementing an intent-based intrusion detection and prevention system in a datacenter, the datacenter including at least one host computer executing multiple machines. The method receives a filtered set of intrusion detection signatures to be enforced on the at least one host computer. The method uses a set of contextual attributes associated with a particular data message to generate an intrusion detection signature for the…
Security association bundling for an interface
Granted: September 17, 2024
Patent Number:
12095736
A method for IPSec communication between a source machine and a destination machine is provided. The method includes receiving, at the destination machine, first and second packets from the source machine through first and second VPN tunnels established between a first VTI of the source machine and a second VTI of the destination machine; determining the first packet corresponds to a first SA and the second packet corresponds to a second SA; processing, by a first processing core, the…
Determining whether to rate limit traffic
Granted: September 17, 2024
Patent Number:
12095668
Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router,…
Security threat detection during service query handling
Granted: September 17, 2024
Patent Number:
12095629
Example methods and systems for a computer system to perform security threat detection during service query handling are described. In one example, a process running on a virtualized computing instance supported by the computer system may generate and send a first service query specifying a query input according to a service protocol. The first service query may be detected by a security agent configured to operate in a secure enclave that is isolated from the process. Next, the security…
Hypervisor-assisted security mechanism
Granted: September 17, 2024
Patent Number:
12093711
The disclosure provides an approach for hypervisor-assisted security analysis. Embodiments include receiving, at a hypervisor on a host computer, events from one or more virtual computing instances (VCIs). Embodiments include analyzing, by the hypervisor, the events according to one or more rules to identify a subset of the events for additional analysis. Embodiments include compressing, by the hypervisor, the subset of the events by performing deduplication to produce a compressed…
Adding a watermark on a document for printing in a virtual desktop infrastructure (VDI) environment
Granted: September 17, 2024
Patent Number:
12093586
Example methods and systems are described to add a watermark for printing in a virtual desktop environment having an agent side and a client side. A watermark can be configured at the agent side for printing at the client side. At the agent side, a fallback font can be determined for text of the watermark, and coordinate space calculation can be performed, so that the watermark prints correctly at the client side.
On-demand backups for management components in software-defined data centers
Granted: September 17, 2024
Patent Number:
12093133
System and method for backing up management components of a software-defined data center (SDDC) managed by a cloud-based service uses backup rules for the SDDC, which are used to configure a backup manager agent in the SDDC. The backup rules are then used by the backup manager agent to determine whether at least one of system logs generated by the management components in the SDDC, which are monitored by the backup manager agent, satisfies the backup rules to initiate a backup operation…
Resiliency and performance for cluster memory
Granted: September 10, 2024
Patent Number:
12086469
Disclosed are various embodiments for improving the resiliency and performance for clustered memory. A computing device can mark a page of the memory as being reclaimed. The computing device can then set the page of the memory as read-only. Next, the computing device can submit a write request for the contents of the page to individual ones of a plurality of memory hosts. Subsequently, the computing device can receive individual confirmations of a successful write of the page from the…
Packet fragmentation using outer header
Granted: September 10, 2024
Patent Number:
12088512
In some embodiments, a method fragments a first packet into a plurality of fragments when a length of an encapsulated first packet is larger than a maximum transmission unit size. For each fragment in the plurality of fragments, fragmentation information is generated. The method encapsulates each fragment in the plurality of fragments with an outer header to form a plurality of encapsulated packets. The respective fragmentation information for each fragment is inserted in a portion of…
