Abstract: A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.

Abstract: A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS.

Abstract: State information is received from a server indicating an identity of a user logged into the server. An administrative domain wide policy is determined that specifies a relationship between user a group and services or servers accessible to users belonging to the user group. Relevant servers are sent updated management instructions corresponding to rules of the administrative domain wide policy. Such rules provide access to a service or server to users belonging to user groups related to the service. As a result, the servers allow communications that provide access to users based on the specified relationships.

Abstract: A segmentation server enables user-based management of a segmentation policy. Administrators belonging to different user groups may have different limited visibility into traffic flows controlled by the segmentation policy and may be assigned different privileges with respect to viewing, creating, and modifying rules of the segmentation policy. Thus, the burden of administering the segmentation policy may be distributed between administrators associated with different user groups that each may have responsibility for a different segment.

Abstract: A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.

Abstract: A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.

Abstract: A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS.

Abstract: State information is received from a server indicating an identity of a user logged into the server. An administrative domain wide policy is determined that specifies a relationship between user a group and services or servers accessible to users belonging to the user group. Relevant servers are sent updated management instructions corresponding to rules of the administrative domain wide policy. Such rules provide access to a service or server to users belonging to user groups related to the service. As a result, the servers allow communications that provide access to users based on the specified relationships.

Abstract: A change to a state of a particular managed server within an administrative domain is processed. The administrative domain includes a plurality of managed servers that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. A first description of the particular managed server is modified to indicate the particular managed server's changed state, thereby specifying a second description of the particular managed server. The unmodified first description is compared to the second description, thereby specifying a description change. A determination is made, based on the description change, regarding whether to update management instructions previously sent to the particular managed server.

Abstract: Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. The administrative domain includes a plurality of managed servers. A determination is made regarding which rules within the set of rules are relevant to the particular managed server. Function-level instructions are generated based on the rules that were determined to be relevant. A determination is made regarding which managed servers within the plurality of managed servers are relevant to the particular managed server. The function-level instructions and information regarding the managed servers that were determined to be relevant are sent to the particular managed server.

Abstract: Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. The administrative domain includes a plurality of managed servers. A determination is made regarding which rules within the set of rules are relevant to the particular managed server. Function-level instructions are generated based on the rules that were determined to be relevant. A determination is made regarding which managed servers within the plurality of managed servers are relevant to the particular managed server. The function-level instructions and information regarding the managed servers that were determined to be relevant are sent to the particular managed server.

Abstract: A segmentation server enables user-based management of a segmentation policy. Administrators belonging to different user groups may have different limited visibility into traffic flows controlled by the segmentation policy and may be assigned different privileges with respect to viewing, creating, and modifying rules of the segmentation policy. Thus, the burden of administering the segmentation policy may be distributed between administrators associated with different user groups that each may have responsibility for a different segment.

Abstract: A global manager computer generates management instructions for a particular managed server within an administrative domain according to a set of rules. A global manager computer identifies a traffic midpoint device through which the provider managed server provides a service to a user device. The global manager determines a relevant rule from the set of rules that is applicable to communication between the provider managed server and the user device and generates a backend rule that is applicable to communication between the provider managed server and the traffic midpoint device. The global managed generates a backend function-level instruction including a reference to an actor-set authorized to communicate with the provider managed server to use the service. The global manager sends the backend function-level instruction to the provider managed server to configure the provider managed server to enforce the backend rule on communication with the actor-set including the traffic midpoint device.

Abstract: A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS.

Abstract: Management instructions for a managed servers are updated according to a set of rules included in management policy. A global manager computer receives information describing a change in a bound service executed by the particular managed server. The global manager generates an updated description of the particular managed server is generated by modifying an initial description of the particular managed server according to the received information describing the change in the bound service. The global manager determines currently relevant rules for the particular managed server. If the currently-relevant rules differ from previously-relevant rules, the global manager determines a rule is that should be added. The global manager generates a function-level instruction including a reference to an authorized actor-set of actors permitted to communicate with the bound service. The global manager configures the particular managed server to enforce the function-level instruction.

Abstract: A system enforces administrative domain wide policies specified using labels that describe characteristics of servers or services. A label comprises a label value describing a characteristic of one or more computing devices for a label dimension. The system infers label values for devices using features describing characteristics of the computing devices, for example, hardware characteristics, software characteristics, or connectivity characteristics. The system obtains communication information indicating the destination, source, volume, and duration of network traffic between computing devices. The system identifies providers of services and consumers of services based on the communication information. The system generates rules for regulating communications between computing devices and enforces the rules.

Abstract: A global manager computer generates management instructions for a particular managed server within an administrative domain according to a set of rules. A global manager computer identifies a traffic midpoint device through which the provider managed server provides a service to a user device. The global manager determines a relevant rule from the set of rules that is applicable to communication between the provider managed server and the user device and generates a backend rule that is applicable to communication between the provider managed server and the traffic midpoint device. The global managed generates a backend function-level instruction including a reference to an actor-set authorized to communicate with the provider managed server to use the service. The global manager sends the backend function-level instruction to the provider managed server to configure the provider managed server to enforce the backend rule on communication with the actor-set including the traffic midpoint device.

Abstract: A global manager computer generates management instructions for a particular managed server within an administrative domain according to a set of rules. A global manager computer identifies a traffic midpoint device through which the provider managed server provides a service to a user device. The global manager determines a relevant rule from the set of rules that is applicable to communication between the provider managed server and the user device and generates a backend rule that is applicable to communication between the provider managed server and the traffic midpoint device. The global managed generates a backend function-level instruction including a reference to an actor-set authorized to communicate with the provider managed server to use the service. The global manager sends the backend function-level instruction to the provider managed server to configure the provider managed server to enforce the backend rule on communication with the actor-set including the traffic midpoint device.

Abstract: A segmentation server enables user-based management of a segmentation policy. Administrators belonging to different user groups may have different limited visibility into traffic flows controlled by the segmentation policy and may be assigned different privileges with respect to viewing, creating, and modifying rules of the segmentation policy. Thus, the burden of administering the segmentation policy may be distributed between administrators associated with different user groups that each may have responsibility for a different segment.

Abstract: Management instructions for a managed servers are updated according to a set of rules included in management policy. A global manager computer receives information describing a change in a bound service executed by the particular managed server. The global manager generates an updated description of the particular managed server is generated by modifying an initial description of the particular managed server according to the received information describing the change in the bound service. The global manager determines currently relevant rules for the particular managed server. If the currently-relevant rules differ from previously-relevant rules, the global manager determines a rule is that should be added. The global manager generates a function-level instruction including a reference to an authorized actor-set of actors permitted to communicate with the bound service. The global manager configures the particular managed server to enforce the function-level instruction.