Patents Assigned to VMware
-
Publication number: 20220021686Abstract: Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination.Type: ApplicationFiled: July 14, 2020Publication date: January 20, 2022Applicant: VMware, Inc.Inventors: Baibhav SINGH, Jayant JAIN
-
Patent number: 11227425Abstract: Techniques for emulating geometry shaders and stream output using compute shaders are provided. In one set of embodiments, a geometry shader/stream output (GS/SO) emulation module can receive a geometry shader defined by an application for execution via a geometry shader stage of a graphics processing unit (GPU) of a computer system, where the geometry shader comprises program code for processing an input primitive. The GS/SO emulation module can further convert the geometry shader into one or more compute shaders, where the one or more compute shaders incorporate the program code of the geometry shader. The GS/SO emulation module can then issue the one or more compute shaders to a graphics driver of the computer system for execution via a compute shader stage of the GPU.Type: GrantFiled: May 7, 2020Date of Patent: January 18, 2022Assignee: VMWARE, INC.Inventors: Zack Rusin, Jose Fonseca
-
Patent number: 11228527Abstract: The technology disclosed herein enables load balancing between a pair of virtual edge systems configured for high availability at an edge of a local network environment. In a particular embodiment, a method provides assigning a virtual network address to the pair of virtual edge systems. The method further provides generating state information used by one or more stateful functions of a first virtual edge system of the pair of virtual edge systems and transferring the state information to a second virtual edge system of the pair of virtual edge systems. Also, the method provides directing a first portion of network traffic to the first virtual edge system and a second portion of the network traffic to the second virtual edge system. The network traffic comprises packets addressed with the virtual network address.Type: GrantFiled: May 2, 2017Date of Patent: January 18, 2022Assignee: VMware, Inc.Inventor: Sudheendra Bangalore Krishnamurthy
-
Patent number: 11228637Abstract: A system for managing a virtualized computing system is disclosed. The system enables a user of a mobile device to efficiently track and manage computing resources via a management application that includes a graphical user interface that is designed to be operated using a conventional terminal (e.g., via a mouse and keyboard). The system may receive commands from the user of the mobile device in a first format and translate the commands into a second format that can be executed by a management application. Embodiments of the present disclosure further enable a management application to verify and securely communicate with users via existing communications services (e.g., social networking services) without expending additional resources to develop custom, secure interfaces for multiple mobile software and hardware platforms.Type: GrantFiled: June 26, 2014Date of Patent: January 18, 2022Assignee: VMWARE, INC.Inventors: Intesar Mohammed, Rakesh Sinha, Nikunj Nemani, Assaf Berg, Vishwas Nagaraja
-
Patent number: 11226760Abstract: Techniques for supporting large segments when issuing writes to an erasure coded storage object in a distributed storage system are provided. In one set of embodiments, a node of the system can receive a write request for updating a logical data block of the storage object, write data/metadata for the block to a record in a data log of a metadata object of the storage object (where the metadata object is stored on a performance storage tier), and determine whether the data log has accumulated a threshold number of records. If so, the node can further allocate an in-memory bank, place the data from the data log records into free slots of the bank, allocate a segment in a capacity object of the storage object for holding contents of the bank (where the capacity object is stored on a capacity storage tier), and write the bank contents via a full stripe write to the allocated segment.Type: GrantFiled: April 7, 2020Date of Patent: January 18, 2022Assignee: VMware, Inc.Inventors: Wenguang Wang, Vamsi Gunturu
-
Patent number: 11228531Abstract: Described herein are systems and methods to filter and classify multicast network traffic. In one example, a first computing node may receive a multicast communication from a second computing node and register a for a flow associated with the multicast communication, wherein the context includes at least the multicast port associated with the multicast communication. The first computing node further identifies an outbound communication destined for the second computing node and determines that addressing attributes in the outbound communication match the context for the flow. Once it is determined that the attributes match the context for the flow, the first computing node associates the outbound communication with the flow.Type: GrantFiled: March 26, 2020Date of Patent: January 18, 2022Assignee: VMware, Inc.Inventors: Vaibhav Mohan Rekhate, Leena Shuklendu Soman
-
Patent number: 11221981Abstract: In an asynchronous channel based bus architecture enabling decoupled services, there is an asynchronous channel based bus having at least one channel. A first service is coupled to the asynchronous channel based bus, the first service passes messages to and receives messages on the at least one channel. A second service is also coupled to the asynchronous channel based bus, the second service also passes messages to and receive messages on the at least one channel.Type: GrantFiled: June 8, 2020Date of Patent: January 11, 2022Assignee: VMware, Inc.Inventor: Dave Shanley
-
Patent number: 11223494Abstract: Some embodiments of the invention provide novel methods for providing transparent services for multicast data messages traversing a network edge device operating at a boundary between two networks. The method analyzes data messages received at the network edge device to determine whether they require a service provided at the boundary and whether they are unicast or multicast (including broadcast). The method modifies a multicast destination media access control (MAC) address of a multicast data message requiring a service to be a unicast destination MAC address and provides, without processing by a standard routing function, the modified data message directly to an interface associated with a service node that provides the particular service required by the data message. The method receives the serviced data message, restores the multicast destination MAC address, and forwards the serviced data message to a set of destinations associated with the multicast destination address.Type: GrantFiled: January 13, 2020Date of Patent: January 11, 2022Assignee: VMWARE, INC.Inventors: Rahul Mishra, Pierluigi Rolando, Stephen Tan, Raju Koganty
-
Patent number: 11221767Abstract: The disclosure provides an approach for testing if a cache line of a cache has been flushed to non-volatile memory (NVM). The approach generally includes reading, by a central processing unit (CPU), data from the NVM. The approach further includes storing, by the CPU, a copy of the data in the cache as a cache line. The approach further includes modifying, by the CPU, at least a portion of the copy of the data in the cache. The approach further includes requesting, by the CPU, the cache line be flushed to the NVM. The approach further includes performing, by the CPU, one or more instructions in parallel to the cache line being flushed to the NVM. The approach further includes requesting, by the CPU, a state of the cache line and determining if the cache line has been persisted in the NVM based on the state of the cache line.Type: GrantFiled: October 16, 2017Date of Patent: January 11, 2022Assignee: VMware, Inc.Inventors: Irina Calciu, Aasheesh Kolli
-
Patent number: 11221944Abstract: A method for managing metadata for data stored in a cloud storage is provided. The method receives, at a first of a plurality of metadata servers, information associated with an object stored in the cloud storage, the information comprising a plurality of LBAs for where the object is stored. Each metadata server allocates contiguous chunk IDs for a group of objects. The method generates a new chunk ID for the object, which is a combination of a unique fixed value and a monotonically incrementing local value associated with each LBA, such that a first LBA is mapped to a first chunk ID having a first local value and a next LBA is mapped to a second chunk ID having the first local value incremented as a second local value. The method stores the new chunk ID and other metadata in one or more tables stored in a metadata storage.Type: GrantFiled: August 25, 2020Date of Patent: January 11, 2022Assignee: VMware, Inc.Inventors: Wenguang Wang, Vamsi Gunturu, Junlong Gao, Ilya Languev, Petr Vandrovec, Maxime Austruy, Ilia Sokolinski, Satish Pudi
-
Publication number: 20220006792Abstract: This disclosure describes a process for securely instantiating a virtual machine on a server cluster. The virtual machine just after instantiation has access to persistent storage that includes an encrypted region and lacks access to an encryption key configured to provide access to data stored within the encrypted region. The virtual machine receives a communication from a management server associated with the server cluster that includes the encryption key configured to provide access to the data stored within the encrypted region. After the virtual machine receives the encryption key, the server cluster runs services that depend upon the data stored within the encrypted region to operate after receiving the communication from the management server.Type: ApplicationFiled: July 1, 2020Publication date: January 6, 2022Applicant: VMware, Inc.Inventors: Michal A. JANKOWSKI, Benjamin J. CORRIE, George HICKEN, Christian LITA
-
Publication number: 20220006734Abstract: Example methods and computer systems for encapsulated fragmented packet handling. One example may comprise a first computer system detecting an egress packet that requires fragmentation and determining an outer connectionless transport layer value based on content of an inner transport layer header of the egress packet. The first computer system may generate a first encapsulated fragmented packet that includes a first fragment of the inner payload, the inner transport layer header and a first outer header specifying the outer connectionless transport layer value; and a second encapsulated fragmented packet that includes a second fragment of the inner payload and a second outer header specifying the outer connectionless transport layer value. The first encapsulated fragmented packet and the second encapsulated fragmented packet may be forwarded towards a second computer system to cause receive-side processing based on the outer connectionless transport layer value.Type: ApplicationFiled: July 6, 2020Publication date: January 6, 2022Applicant: VMware, Inc.Inventors: Yong WANG, Dexiang WANG, Xinhua HONG, Jia YU
-
Publication number: 20220004431Abstract: The present disclosure relates generally to virtualization, and more particularly to techniques for deploying containers in a virtual environment. The container scheduling can be based on information determined by a virtual machine scheduler. For example, a container scheduler can receive a request to deploy a container. The container scheduler can send container information to the virtual machine scheduler. The virtual machine scheduler can use the container information along with resource utilization of one or more virtual machines to determine an optimal virtual machine for the container. The virtual machine scheduler can send an identification of the optimal virtual machine back to the container scheduler so that the container scheduler can deploy the container on the optimal virtual machine.Type: ApplicationFiled: September 20, 2021Publication date: January 6, 2022Applicant: VMware, Inc.Inventors: Thaleia Dimitra DOUDALI, Zhelong PAN, Pranshu JAIN
-
Publication number: 20220006801Abstract: This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.Type: ApplicationFiled: July 1, 2020Publication date: January 6, 2022Applicant: VMware, Inc.Inventors: Michal A. JANKOWSKI, Mark JOHNSON, Fanny STRUDEL, Zachary James SHEPHERD
-
Patent number: 11216295Abstract: An example method is provided for recommending VM configurations, including one or more servers upon which one or more VMs can run. A user wishing to run these VMs can request a recommendation for an appropriate server or set of servers. The user can indicate a category corresponding to the type of workload that pertains to the VMs. The system can receive the request and identify a pool of servers available to the user. Using industry specifications and benchmarks, the system can classify the available servers into multiple categories. Within those categories, similar servers can be clustered and then ranked based on their levels of optimization. The sorted results can be displayed to the user, who can select a particular server (or group of servers) and customize the deployment as needed. This process allows a user to identify and select an optimized setup quickly and accurately.Type: GrantFiled: March 29, 2019Date of Patent: January 4, 2022Assignee: VMWARE, INC.Inventors: Yash Bhatnagar, Dileep Varma Kalidindi, Sivaraj M, Venkata Naga Manohar Kondamudi, Amit Kumar
-
Publication number: 20210406001Abstract: Example methods are provided for performing fast building and testing a software suite with multiple software components. In one example, the method may include obtaining a changed code file, identifying a software component of the software suite impacted by the changed code file, and instructing to generate a software component build based on the software component but without other software components of the software suite. Before completing generating the software component build, the method may also include selecting a software suite build. The method further includes instructing to prepare a testbed based on the software suite build and instructing to test the software component build on the testbed.Type: ApplicationFiled: August 17, 2020Publication date: December 30, 2021Applicant: VMware, Inc.Inventors: Yang YANG, Yang YANG, Zhou HUANG, RunQing LI, Jin FENG, Wenguang WANG, He Kun WANG, Xinyu ZHANG
-
Patent number: 11210120Abstract: Systems, methods, and software described herein manage volumes and virtual machines using a location database gathered from a hypervisor management system. In one example, a method of operating a volume attachment service to manage volumes and virtual machines includes transferring a location request to a hypervisor management service to identify locations of one or more virtual machines. The method further provides, receiving the locations of the one or more virtual machines and storing the locations in a location database. The method also includes identifying a volume action request for a first virtual machine, and directing the volume action request to a hypervisor of the first virtual machine based on the locations in the location database.Type: GrantFiled: March 25, 2015Date of Patent: December 28, 2021Assignee: VMware, Inc.Inventors: Matthew Conover, Steven Lawson, Jeffrey Paul Ulatoski
-
Patent number: 11212356Abstract: For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.Type: GrantFiled: June 17, 2020Date of Patent: December 28, 2021Assignee: VMWARE, INC.Inventors: Pierluigi Rolando, Jayant Jain, Raju Koganty, Kantesh Mundaragi, Yuxiao Zhang, Rahul Mishra, Akhila Naveen
-
Patent number: 11212238Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.Type: GrantFiled: October 24, 2019Date of Patent: December 28, 2021Assignee: VMWARE, INC.Inventors: Israel Cidon, Prashanth Venugopal, Aran Bergman, Chen Dar, Alex Markuze, Eyal Zohar
-
Patent number: 11210222Abstract: An example method of maintaining cache coherency in a virtualized computing system includes: trapping access to a memory page by guest software in a virtual machine at a hypervisor managing the virtual machine, where the memory page is not mapped in a second stage page table managed by the hypervisor; performing cache coherency maintenance for instruction and data caches of a central processing unit (CPU) in the virtualized computing system in response to the trap; mapping the memory page in the second stage page table with execute permission; and resuming execution of the virtual machine.Type: GrantFiled: January 23, 2018Date of Patent: December 28, 2021Assignee: VMware, Inc.Inventors: Ye Li, Cyprien Laplace, Andrei Warkentin, Alexander Fainkichen, Regis Duchesne