Patents Assigned to Suse LLC
  • Patent number: 12244625
    Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.
    Type: Grant
    Filed: August 20, 2023
    Date of Patent: March 4, 2025
    Assignee: SUSE LLC
    Inventors: Fei Huang, Gang Duan, Zang Li
  • Patent number: 12190154
    Abstract: Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.
    Type: Grant
    Filed: December 17, 2023
    Date of Patent: January 7, 2025
    Assignee: SUSE LLC
    Inventors: Ignacio Aldama, Ruben Sevilla Giron, Javier Garcia-Lopez
  • Publication number: 20240388573
    Abstract: A security monitor monitors network communications at a loopback interface of a pod in the container system. The pod includes a service mesh proxy and an application container. The application container includes computer-readable instructions and is initiated via a container service and is isolated using operating system-level virtualization. The application container communicates with the service mesh proxy using the loopback interface. The security monitor extracts network address and port information from packet data in the network communications at the loopback interface. The security monitor determines one or more connection contexts of the network communications at the loopback interface, each connection context used to identify a network session of the application container with a remote application container.
    Type: Application
    Filed: July 31, 2024
    Publication date: November 21, 2024
    Applicant: SUSE LLC
    Inventors: Yuncong Feng, Gang Duan
  • Patent number: 12088560
    Abstract: A security monitor monitors network communications at a loopback interface of a pod in the container system. The pod includes a service mesh proxy and an application container. The application container includes computer-readable instructions and is initiated via a container service and is isolated using operating system-level virtualization. The application container communicates with the service mesh proxy using the loopback interface. The security monitor extracts network address and port information from packet data in the network communications at the loopback interface. The security monitor determines one or more connection contexts of the network communications at the loopback interface, each connection context used to identify a network session of the application container with a remote application container.
    Type: Grant
    Filed: July 9, 2021
    Date of Patent: September 10, 2024
    Assignee: SUSE LLC
    Inventors: Yuncong Feng, Gang Duan
  • Patent number: 12061896
    Abstract: The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system.
    Type: Grant
    Filed: May 30, 2023
    Date of Patent: August 13, 2024
    Assignee: SUSE LLC
    Inventor: Peter Bowen
  • Publication number: 20240267305
    Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.
    Type: Application
    Filed: April 18, 2024
    Publication date: August 8, 2024
    Applicant: SUSE LLC
    Inventor: Sandhya BALAKRISHNAN
  • Patent number: 12020014
    Abstract: A method, system, and program product are provided for updating software deployed on computers in an enterprise computer network wherein each computer has a software update agent installed to enable the computer to receive software patch updates. The method includes determining a required software component and updates; determining a version of the agent and updating the agent if required; selecting a server from which required updates are to be downloaded; scanning a plurality of software components on a selected computer and comparing the components with updates available on the server to determine required updates; downloading the required patches from the server; and installing the patches on the selected computer. The system includes components that perform the method steps when operated on a computer in the network. A computer readable medium implements the method for updating software deployed on computers in a network.
    Type: Grant
    Filed: December 7, 2021
    Date of Patent: June 25, 2024
    Assignee: SUSE LLC
    Inventor: Colin Lee Feeser
  • Patent number: 11996994
    Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.
    Type: Grant
    Filed: May 31, 2023
    Date of Patent: May 28, 2024
    Assignee: SUSE LLC
    Inventor: Sandhya Balakrishnan
  • Publication number: 20240169053
    Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.
    Type: Application
    Filed: January 27, 2024
    Publication date: May 23, 2024
    Applicant: SUSE LLC
    Inventors: Glen K. Kosaka, Gang Duan, Fei Huang
  • Patent number: 11966463
    Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.
    Type: Grant
    Filed: January 14, 2022
    Date of Patent: April 23, 2024
    Assignee: SUSE LLC
    Inventors: Glen K. Kosaka, Gang Duan, Fei Huang
  • Publication number: 20240086521
    Abstract: A threat level analyzer probes for one or more threats within an application container in a container system. Each threat is a vulnerability or a non-conformance with a benchmark setting. The threat level analyzer further probes for one or more threats within a host of the container service. The threat level analyzer generates a threat level assessment score based on results from the probing of the one or more threats of the application container and the one or more threats of the host, and generates a report for presentation in a user interface including the threat level assessment score and a list of threats discovered from the probe of the application container and the host. A report is transmitted by the threat level analyzer to a client device of a user for presentation in the user interface.
    Type: Application
    Filed: November 21, 2023
    Publication date: March 14, 2024
    Applicant: SUSE LLC
    Inventors: Henrik Rosendahl, Fei Huang, Gang Duan
  • Patent number: 11915051
    Abstract: Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.
    Type: Grant
    Filed: March 22, 2023
    Date of Patent: February 27, 2024
    Assignee: SUSE LLC
    Inventors: Ignacio Aldama, Ruben Sevilla Giron, Javier Garcia-Lopez
  • Patent number: 11886573
    Abstract: A threat level analyzer probes for one or more threats within an application container in a container system. Each threat is a vulnerability or a non-conformance with a benchmark setting. The threat level analyzer further probes for one or more threats within a host of the container service. The threat level analyzer generates a threat level assessment score based on results from the probing of the one or more threats of the application container and the one or more threats of the host, and generates a report for presentation in a user interface including the threat level assessment score and a list of threats discovered from the probe of the application container and the host. A report is transmitted by the threat level analyzer to a client device of a user for presentation in the user interface.
    Type: Grant
    Filed: August 27, 2021
    Date of Patent: January 30, 2024
    Assignee: SUSE LLC
    Inventors: Henrik Rosendahl, Fei Huang, Gang Duan
  • Publication number: 20230412628
    Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.
    Type: Application
    Filed: August 20, 2023
    Publication date: December 21, 2023
    Applicant: SUSE LLC
    Inventors: Fei Huang, Gang Duan, Zang Li
  • Patent number: 11792216
    Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: October 17, 2023
    Assignee: SUSE LLC
    Inventors: Fei Huang, Gang Duan, Zang Li
  • Publication number: 20230318939
    Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.
    Type: Application
    Filed: May 31, 2023
    Publication date: October 5, 2023
    Applicant: SUSE LLC
    Inventor: Sandhya BALAKRISHNAN
  • Publication number: 20230297364
    Abstract: The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system.
    Type: Application
    Filed: May 30, 2023
    Publication date: September 21, 2023
    Applicant: SUSE LLC
    Inventor: Peter Bowen
  • Publication number: 20230229496
    Abstract: Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.
    Type: Application
    Filed: March 22, 2023
    Publication date: July 20, 2023
    Applicant: SUSE LLC
    Inventors: Ignacio Aldama, Ruben Sevilla Giron, Javier Garcia-Lopez
  • Patent number: 11698781
    Abstract: The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: July 11, 2023
    Assignee: Suse LLC
    Inventor: Peter Bowen
  • Patent number: 11700188
    Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.
    Type: Grant
    Filed: February 1, 2022
    Date of Patent: July 11, 2023
    Assignee: SUSE LLC
    Inventor: Sandhya Balakrishnan