Patents by Inventor Rajiv Krishnamurthy
Rajiv Krishnamurthy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11923996Abstract: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.Type: GrantFiled: May 3, 2021Date of Patent: March 5, 2024Assignee: Nicira, Inc.Inventors: Alexander Tessmer, Mukesh Hira, Rajiv Krishnamurthy, Ram Dular Singh, Xuan Zhang, Hua Wang
-
Patent number: 11765174Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.Type: GrantFiled: December 7, 2018Date of Patent: September 19, 2023Assignee: VMware, Inc.Inventors: Arijit Chanda, Venkat Rajagopalan, Rajiv Mordani, Arnold Poon, Rajiv Krishnamurthy, Farzad Ghannadian, Sirisha Myneni
-
Patent number: 11706195Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.Type: GrantFiled: December 15, 2020Date of Patent: July 18, 2023Assignee: Nicira, Inc.Inventors: Laxmikant Gunda, Rajiv Krishnamurthy
-
Publication number: 20230208765Abstract: Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.Type: ApplicationFiled: February 17, 2023Publication date: June 29, 2023Inventors: Arijit Chanda, Rajiv Krishnamurthy
-
Patent number: 11588739Abstract: Described herein are systems, methods, and software to enhance the implementation of communication rules in a computing network. In one example, a method of operating a communication settings system maintains communication rules for a plurality of networks, wherein the communication rules define forwarding actions for ingress and egress packets to and from applications in the plurality of computing networks. The service further identifies a configuration request from a computing network with applications executing in the computing network, identifies a subset of the communication rules based on the plurality of applications, and provides the subset of the communication rules to the computing network.Type: GrantFiled: November 21, 2017Date of Patent: February 21, 2023Assignee: Nicira, Inc.Inventors: Arijit Chanda, Rajiv Krishnamurthy
-
Publication number: 20230018871Abstract: An approach for a software defined networking manager to perform a predictive analysis of proposed modifications to a software defined network (SDN) is presented. A method comprises receiving entity logical associations that are captured in a set of rules implemented in a SDN. Once a proposed modification to the entity logical associations is received, without implementing the proposed modification and without modifying the set of rules, impacted entity associations, from the entity logical associations, are identified. Upon receiving input indicating that the proposed modification is to be accepted, an updated set of rules for the SDN is generated by updating the set of rules based on the proposed modification, and the updated set of rules is implemented in the SDN.Type: ApplicationFiled: May 29, 2022Publication date: January 19, 2023Inventors: UJWALA KAWALAY, PRASHANT AMBARDEKAR, PRAYAS GAURAV, RAJIV KRISHNAMURTHY, GURPRIT JOHAL
-
Patent number: 11397609Abstract: Methods and apparatus for application and/or context-based management of virtual networks using customizable workflows are disclosed. An example apparatus includes a context engine to monitor data traffic from a virtual machine in a data plane of a virtual network to capture context information to identify an application executing on the virtual machine; and a policy manager to receive the context information to instantiate an application entity corresponding to the application in a policy plane of the virtual network and to generate a policy associated with the application entity in the policy plane of the virtual network, the policy and the application entity enabling monitoring and management of the application via the policy plane.Type: GrantFiled: June 29, 2020Date of Patent: July 26, 2022Assignee: Nicira, Inc.Inventors: Rajiv Krishnamurthy, Laxmikant Gunda
-
Patent number: 11349724Abstract: An approach for a software defined networking manager to perform a predictive analysis of proposed modifications to a software defined network (SDN) is presented. A method comprises receiving entity logical associations that are captured in a set of rules implemented in a SDN. Once a proposed modification to the entity logical associations is received, without implementing the proposed modification and without modifying the set of rules, impacted entity associations, from the entity logical associations, are identified. Upon receiving input indicating that the proposed modification is to be accepted, an updated set of rules for the SDN is generated by updating the set of rules based on the proposed modification, and the updated set of rules is implemented in the SDN.Type: GrantFiled: February 28, 2018Date of Patent: May 31, 2022Assignee: NICIRA, INC.Inventors: Ujwala Kawalay, Prashant Ambardekar, Prayas Gaurav, Rajiv Krishnamurthy, Gurprit Johal
-
Patent number: 11296960Abstract: Some embodiments provide a method for monitoring a distributed application. The method receives a request to perform data collection for the distributed application. The method identifies data compute nodes (DCNs) that implement the distributed application. The method sends commands to host machines on which the identified DCNs operate to detect events related to the DCNs and provide data regarding the detected events. The method uses the data regarding the detected events to generate a user interface (UI) display of the topology of the distributed application.Type: GrantFiled: March 8, 2018Date of Patent: April 5, 2022Assignee: NICIRA, INC.Inventors: Bin Wang, Margaret Petrus, Farzad Ghannadian, Rajiv Krishnamurthy
-
Patent number: 11146592Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.Type: GrantFiled: January 16, 2019Date of Patent: October 12, 2021Assignee: VMware, Inc.Inventors: Hamza Aharchaou, Farzad Ghannadian, Amarnath Palavalli, Rajiv Krishnamurthy
-
Publication number: 20210258178Abstract: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.Type: ApplicationFiled: May 3, 2021Publication date: August 19, 2021Inventors: Alexander Tessmer, Mukesh Hira, Rajiv Krishnamurthy, Ram Dular Singh, Xuan Zhang, Hua Wang
-
Patent number: 10999087Abstract: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.Type: GrantFiled: May 18, 2019Date of Patent: May 4, 2021Assignee: NICIRA, INC.Inventors: Alexander Tessmer, Mukesh Hira, Rajiv Krishnamurthy, Ram Dular Singh, Xuan Zhang, Hua Wang
-
Publication number: 20210099425Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.Type: ApplicationFiled: December 15, 2020Publication date: April 1, 2021Inventors: Laxmikant Gunda, Rajiv Krishnamurthy
-
Patent number: 10873565Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.Type: GrantFiled: October 23, 2017Date of Patent: December 22, 2020Assignee: Nicira, Inc.Inventors: Laxmikant Gunda, Rajiv Krishnamurthy
-
Patent number: 10862773Abstract: Some embodiments of the invention provide a method for performing services on an endpoint machine in a datacenter. On the endpoint machine, the method installs a guest introspection (GI) agent and a service engine. In some embodiments, the GI agent and the service engine are part of one monitor agent that is installed on the endpoint machine. The method then registers with a set of one or more notification services on the endpoint machine, the GI agent to receive notifications regarding new data message flow events on the endpoint machine. Through the notifications, the GI agent captures contextual data items regarding new data message flows, and stores the captured contextual data items. The service engine then performs a service for the data message flow based on the captured contextual data.Type: GrantFiled: January 26, 2018Date of Patent: December 8, 2020Assignee: NICIRA, INC.Inventors: Arijit Chanda, Rajiv Krishnamurthy, Arnold K. Poon, Tori Chen
-
Publication number: 20200334068Abstract: Methods and apparatus for application and/or context-based management of virtual networks using customizable workflows are disclosed. An example apparatus includes a context engine to monitor data traffic from a virtual machine in a data plane of a virtual network to capture context information to identify an application executing on the virtual machine; and a policy manager to receive the context information to instantiate an application entity corresponding to the application in a policy plane of the virtual network and to generate a policy associated with the application entity in the policy plane of the virtual network, the policy and the application entity enabling monitoring and management of the application via the policy plane.Type: ApplicationFiled: June 29, 2020Publication date: October 22, 2020Inventors: Rajiv Krishnamurthy, Laxmikant Gunda
-
Patent number: 10802893Abstract: Some embodiments of the invention provide a method for performing services on an endpoint machine in a datacenter. On the endpoint machine, the method installs a guest introspection (GI) agent and a service engine. In some embodiments, the GI agent and the service engine are part of one monitor agent that is installed on the endpoint machine. The method then registers with a set of one or more notification services on the endpoint machine, the GI agent to receive notifications regarding new data message flow events on the endpoint machine. Through the notifications, the GI agent captures contextual data items regarding new data message flows, and stores the captured contextual data items. The service engine then performs a service for the data message flow based on the captured contextual data.Type: GrantFiled: January 26, 2018Date of Patent: October 13, 2020Assignee: NICIRA, INC.Inventors: Arijit Chanda, Rajiv Krishnamurthy, Arnold K. Poon, Tori Chen
-
Publication number: 20200244702Abstract: This disclosure presents processes and systems that translate policies defined for virtual objects, such as virtual servers, applications, and databases, of a distributed computing system into identity information of services provided by virtual objects to computing devices located outside the distributed computing system. Processes and systems form object graphs of computing device identity information, virtual objects, and virtual object identify information. Processes and systems translate polices for controlling network between the computing devices and the virtual objects into identity information of the computing devices and the virtual objects. The identify information of the virtual objects and the computing devices is used to create rules for controlling network traffic between the virtual objects and the computing devices.Type: ApplicationFiled: December 13, 2019Publication date: July 30, 2020Inventors: PRASHANT AMBARDEKAR, Rajiv Krishnamurthy, Prayas Gaurav, Ujwala Kawalay, Gurrprit Johal
-
Publication number: 20200228571Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.Type: ApplicationFiled: January 16, 2019Publication date: July 16, 2020Inventors: Hamza AHARCHAOU, Farzad GHANNADIAN, Amarnath PALAVALLI, Rajiv KRISHNAMURTHY
-
Patent number: 10698714Abstract: Methods and apparatus for application and/or context-based management of virtual networks using customizable workflows are disclosed. An example apparatus includes a context engine to monitor data traffic from a virtual machine in a data plane of a virtual network to capture context information to identify an application executing on the virtual machine; and a policy manager to receive the context information to instantiate an application entity corresponding to the application in a policy plane of the virtual network and to generate a policy associated with the application entity in the policy plane of the virtual network, the policy and the application entity enabling monitoring and management of the application via the policy plane.Type: GrantFiled: April 7, 2017Date of Patent: June 30, 2020Assignee: Nicira, Inc.Inventors: Rajiv Krishnamurthy, Laxmikant Gunda