Dynamic path selection of VPN endpoint
Granted: October 8, 2024
Patent Number:
12113773
Some embodiments provide a method that identifies multiple paths between a first site and a second site. A security association (SA) is established for transmitting encrypted payload from the first site to the second site in a virtual private network (VPN) session. The method selects a path based on metrics that are obtained for the paths. The selected path is defined by a first endpoint address of the first site and a second endpoint address of the second site. The method sends a…
Using hypervisor to provide virtual hardware accelerators in an O-RAN system
Granted: October 8, 2024
Patent Number:
12113678
Some embodiments provide various methods for offloading operations in an O-RAN (Open Radio Access Network) onto control plane (CP) or edge applications that execute on host computers with hardware accelerators in software defined datacenters (SDDCs). At the CP or edge application operating on a machine executing on a host computer with a hardware accelerator, the method of some embodiments receives data, from an O-RAN E2 unit, to perform an operation. The method uses a driver of the…
Methods and apparatus to manage monitoring agents
Granted: October 8, 2024
Patent Number:
12112190
Methods and apparatus to manage a dynamic deployment environment including one or more virtual machines. A disclosed example involves: (a) automatically scanning the virtual machines in the deployment environment to identify a service installed on any of the virtual machines; (b) automatically determining whether the identified service corresponds to a service monitoring rule; (c) when the service corresponds to the service monitoring rule, automatically determining whether a monitoring…
Efficient replication of file clones
Granted: October 8, 2024
Patent Number:
12111795
A method for managing replication of cloned files is provided. Embodiments include determining, at a source system, that a first file has been cloned to create a second file. Embodiments include sending, from the source system to a replica system, an address of the first extent and an indication that a status of the first extent has changed from non-cloned to cloned. Embodiments include changing, at the replica system, a status of a second extent associated with a replica of the first…
Aggregating block mapping metadata to improve linked clone read performance
Granted: October 8, 2024
Patent Number:
12111771
Linked clone read performance (e.g., retrieving data) is improved at least by minimizing the number of input/output (I/O) operations. For a child clone, a local logical extent and an inherited logical extent are generated. The local logical extent comprises a logical block address (LBA) for data in a data region of the child clone and a physical sector address (PSA) corresponding to the LBA for the data in the data region of the child clone. The inherited logical extent spans logical…
Distributed autonomous lifecycle management of hypervisors in a virtualized computing system
Granted: October 1, 2024
Patent Number:
12106135
An example method of hypervisor lifecycle management in a virtualized computing system having a cluster of hosts is described. The method includes: obtaining, by remediation software executing in a host of the hosts, a host state document from a distributed key-value store, the host state document defining a desired state of software in the host, the software including a hypervisor; and performing, by the remediation software in coordination with other hosts of the hosts through the…
Multi-uplink path quality aware IPsec
Granted: October 1, 2024
Patent Number:
12107834
Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first…
Two tier DNS
Granted: October 1, 2024
Patent Number:
12107821
Some embodiments provide a two-tier DNS (Domain Name System) service for processing DNS requests. In some embodiments, the two-tier DNS service deploys first and second tiers of service machines, with the second-tier having several groups of service machines each of which is configured to resolve DNS requests for a different set of domain names than the other second-tier group(s). Each service machine in the first-tier is configured to identify the second-tier group responsible for each…
Sharing network manager between multiple tenants
Granted: October 1, 2024
Patent Number:
12107722
Some embodiments provide a method for one of multiple shared API processing services in a container cluster that implements a network policy manager shared between multiple tenants. The method receives a configuration request from a particular tenant to modify a logical network configuration for the particular tenant. Configuration requests from the plurality of tenants are balanced across the plurality of shared API processing services. Based on the received configuration request, the…
Neural network model for predicting usage in a hyper-converged infrastructure
Granted: October 1, 2024
Patent Number:
12106203
Systems and methods for analyzing the usage of a set of workloads in a hyper-converged infrastructure are disclosed. A neural network model is trained based upon historical usage data of the set of workloads. The neural network model can make usage predictions of future demands on the set of workloads to minimize over-allocation or under-allocation of resources to the workloads.
Context-aware data requests for a service in a distributed environment
Granted: October 1, 2024
Patent Number:
12105706
The disclosure provides an approach for database query management. Embodiments include receiving, by a service operating on a server, a request for data stored in a database. Embodiments also include determining, by the service, whether to handle the request as an internal request or an external request. Embodiments include, in response to determining to handle the request as an internal request: sending, by the service, a query for at least a portion of the data to the database;…
Migration of control planes across architectures
Granted: October 1, 2024
Patent Number:
12105597
The disclosure provides migration of control plane nodes across multiple architecture platforms. Embodiments include one or more processors configured to backup data of a source control plane node running on a first host, the first host having a first architecture platform, identify a second architecture platform of a second host, the second architecture platform being different than the first architecture platform, select a first control plane binary of a plurality of control plane…
Receiving application-specific data in-flight (DIF) services along a communication path selected based on a DIF services policy associated with a VM
Granted: September 24, 2024
Patent Number:
12101382
Embodiments provide data in-flight (DIF) services to software applications such as virtual machines (VMs) at an application level without requiring modification to established storage protocols. In exemplary embodiments, a storage controller transmits an advertisement of one or more data in-flight (DIF) services supported by a storage container of the storage controller. One or more DIF services communication path is created with attributes corresponding to the DIF services supported by…
Dynamic network address management
Granted: September 24, 2024
Patent Number:
12101292
A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for…
Layer 7 network security for container workloads
Granted: September 24, 2024
Patent Number:
12101244
Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed…
Workload identification for network flows over stretched layer 2 networks
Granted: September 24, 2024
Patent Number:
12101242
Embodiments described herein generally involve identifying workloads in a multi-site networking environment. Embodiments include determining that a given network is stretched across a first network segment at a first site and a second network segment at a second site. Embodiments include creating a stretched administrative domain for the given network and mapping an address of the given network to the stretched administrative domain in a lookup table for an administrative domain…
Hypervisor-assisted secured memory sharing among host and guest operating system
Granted: September 24, 2024
Patent Number:
12099862
Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other…
Tiered memory data structures and algorithms for dynamic searching via balanced binary search trees
Granted: September 24, 2024
Patent Number:
12099731
In one set of embodiments, a computer system can receive a request to insert or delete a key into or from a plurality of keys maintained by a dynamic search data structure, where the dynamic search data structure is implemented using a balanced binary search tree (BBST) comprising a plurality of nodes corresponding to the plurality of keys, where a first subset of the plurality of nodes are stored in the first memory tier, and where a second subset of the plurality of nodes are stored in…
Host storage of container logs
Granted: September 24, 2024
Patent Number:
12099430
A log is received at a user space process of a host from a logical logging component of a virtual computing instance (VCI), the log generated by a container running on the VCI. The log is communicated from the user space process to a logical logging component of the host. The log is communicated from the logical logging component of the host to a logging process of the host. The log is configured and stored in host storage.
On-demand backups for management components in software-defined data centers
Granted: September 17, 2024
Patent Number:
12093133
System and method for backing up management components of a software-defined data center (SDDC) managed by a cloud-based service uses backup rules for the SDDC, which are used to configure a backup manager agent in the SDDC. The backup rules are then used by the backup manager agent to determine whether at least one of system logs generated by the management components in the SDDC, which are monitored by the backup manager agent, satisfies the backup rules to initiate a backup operation…
