Patents by Inventor Aditi Vutukuri
Aditi Vutukuri has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11176157Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, identifies at least two received attribute sets from two different host computers that relate to a same set of flows between a same set of source machines and a same set of destination machines. The appliance merges the two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two identified attribute sets, in some embodiments.Type: GrantFiled: July 23, 2019Date of Patent: November 16, 2021Assignee: VMWARE, INC.Inventors: Rajiv Mordani, Arnold Poon, Aditi Vutukuri, Vinith Podduturi
-
Patent number: 11140090Abstract: Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule.Type: GrantFiled: July 23, 2019Date of Patent: October 5, 2021Assignee: VMWARE, INC.Inventors: Rajiv Mordani, Arnold Poon, Aditi Vutukuri, Anita Lu, Ming Wen
-
Patent number: 11115379Abstract: Described herein are systems and methods to manage Internet Protocol (IP) address discovery in a software defined networking (SDN) environment. In one example, a manager may generate an IP address discovery configuration and pass the IP address discovery configuration to a controller. Once received, the controller may obtain a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports and update a realized list for the one or more logical ports based on the discovered list and the IP address discovery configuration.Type: GrantFiled: February 28, 2020Date of Patent: September 7, 2021Assignee: VMware, Inc.Inventors: Parasuramji Rajendran, Rishi Kanth Alapati, Shireesh Kumar Singh, Aditi Vutukuri, Chidambareswaran Raman, Margaret Angeline Petrus, Anuprem Chalvadi, Pallavi Moghe, Weiming Xu
-
Patent number: 11106480Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve containerized application visibility. An example apparatus includes a container application manager to build an inventory of the containerized application, the containerized application including a virtual machine, the virtual machine hosting one or more containers, and a network topology builder to invoke a virtual machine agent of the virtual machine to obtain network traffic events from the one or more containers to generate network topology information associated with the containerized application based on the inventory, generate a network topology for the containerized application based on the network topology information, build the visualization based on the network topology, the visualization including the inventory and the network topology information, and launch a user interface to display the visualization to execute one or more computing tasks.Type: GrantFiled: January 25, 2019Date of Patent: August 31, 2021Assignee: VMWARE, INC.Inventors: Bin Wang, Aditi Vutukuri, Lan Luo, Margaret Petrus
-
Patent number: 11032246Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. One of these service engines is a firewall engine. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines.Type: GrantFiled: December 10, 2017Date of Patent: June 8, 2021Assignee: NICIRA, INC.Inventors: Laxmikant Vithal Gunda, Arnold Poon, Jayant Jain, Aditi Vutukuri
-
Patent number: 10911335Abstract: Some embodiments provide a novel method for analyzing the incoming flow data to detect anomalous behavior. The analysis, in some embodiments, is performed after a deduplication/aggregation operation. In some embodiments, the analysis identifies flows for further investigation by an administrator. The analysis, in some embodiments is also performed based on other received data sets (e.g., context data and configuration data), stored flow data, or both.Type: GrantFiled: July 23, 2019Date of Patent: February 2, 2021Assignee: VMWARE, INC.Inventors: Rajiv Mordani, Santhana Krishna Kallya Perumal, Aditi Vutukuri
-
Publication number: 20210029051Abstract: Some embodiments provide a novel method for correlating configuration data received from the network manager computer with flow group records. In some embodiments, the correlation with the configuration data identifies a group associated with at least one of: (i) the source machine, (ii) destination machine, and (iii) service rules applied to the flows. The correlation with the configuration data, in some embodiments, also identifies whether a service rule applied to the flows is a default service rule. In some embodiments, the correlation with the configuration is based on a tag included in the flow group record that identifies a configuration version, and a configuration associated with the identified configuration version is used to identify the group association or the identity of the default service rule.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Rajiv Mordani, Arnold Poon, Aditi Vutukuri, Anita Lu, Ming Wen
-
Publication number: 20210026863Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, identifies at least two received attribute sets from two different host computers that relate to a same set of flows between a same set of source machines and a same set of destination machines. The appliance merges the two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two identified attribute sets, in some embodiments.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Rajiv Mordani, Arnold Poon, Aditi Vutukuri, Vinith Podduturi
-
Publication number: 20210029002Abstract: Some embodiments provide a novel method for analyzing the incoming flow data to detect anomalous behavior. The analysis, in some embodiments, is performed after a deduplication/aggregation operation. In some embodiments, the analysis identifies flows for further investigation by an administrator. The analysis, in some embodiments is also performed based on other received data sets (e.g., context data and configuration data), stored flow data, or both.Type: ApplicationFiled: July 23, 2019Publication date: January 28, 2021Inventors: Rajiv Mordani, Santhana Krishna Kallya Perumal, Aditi Vutukuri
-
Publication number: 20200296077Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.Type: ApplicationFiled: March 12, 2019Publication date: September 17, 2020Applicant: VMware, Inc.Inventors: Arnold POON, Sirisha MYNENI, Rajiv MORDANI, Aditi VUTUKURI
-
Publication number: 20200280537Abstract: Described herein are systems and methods to manage blacklists and duplicate addresses in software defined networks (SDNs). In one implementation, a method includes, in a control plane and data plane of an SDN environment, obtaining a blacklist for a logical port in the SDN environment. The method further includes deleting realized address bindings in a realized address list for the logical port that match the one or more address bindings in the blacklist and preventing subsequent address bindings that match the one or more address bindings in the blacklist from being added to the realized address list.Type: ApplicationFiled: January 17, 2020Publication date: September 3, 2020Inventors: Rishi Kanth Alapati, Parasuramji Rajendran, Weiming Xu, Shireesh Kumar Singh, Aditi Vutukuri, Anuprem Chalvadi, Chidambareswaran Raman, Margaret Angeline Petrus
-
Publication number: 20200280534Abstract: Described herein are systems and methods to manage Internet Protocol (IP) address discovery in a software defined networking (SDN) environment. In one example, a manager may generate an IP address discovery configuration and pass the IP address discovery configuration to a controller. Once received, the controller may obtain a discovered list from a hypervisor of one or more IP addresses associated with one or more logical ports and update a realized list for the one or more logical ports based on the discovered list and the IP address discovery configuration.Type: ApplicationFiled: February 28, 2020Publication date: September 3, 2020Inventors: Parasuramji Rajendran, Rishi Kanth Alapati, Shireesh Kumar Singh, Aditi Vutukuri, Chidambareswaran Raman, Margaret Angeline Petrus, Anuprem Chalvadi, Pallavi Moghe, Weiming Xu
-
Publication number: 20200241903Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve containerized application visibility. An example apparatus includes a container application manager to build an inventory of the containerized application, the containerized application including a virtual machine, the virtual machine hosting one or more containers, and a network topology builder to invoke a virtual machine agent of the virtual machine to obtain network traffic events from the one or more containers to generate network topology information associated with the containerized application based on the inventory, generate a network topology for the containerized application based on the network topology information, build the visualization based on the network topology, the visualization including the inventory and the network topology information, and launch a user interface to display the visualization to execute one or more computing tasks.Type: ApplicationFiled: January 25, 2019Publication date: July 30, 2020Inventors: Bin Wang, Aditi Vutukuri, Lan Luo, Margaret Petrus
-
Patent number: 10021033Abstract: A computer system provides a method for context-based packet scanning in a computing environment. The method includes the steps of receiving a packet from a virtual machine, determining if a network flow associated with the packet exists in a context data structure, and upon determining that a context entry associated with the network flow exists in the context data structure, tagging the packet with context information included in the context entry, comparing the context information and network flow information to context and network flow criteria in one or more packet capture policies, and recording contents of the packet when the context information and network flow information match one of the one or more packet capture policies.Type: GrantFiled: December 7, 2016Date of Patent: July 10, 2018Assignee: Nicira, Inc.Inventors: Rahul Madan, Farzad Ghannadian, Hamza Aharchaou, Aditi Vutukuri
-
Publication number: 20180183759Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. One of these service engines is a firewall engine. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines.Type: ApplicationFiled: December 10, 2017Publication date: June 28, 2018Inventors: Laxmikant Vithal Gunda, Arnold Poon, Jayant Jain, Aditi Vutukuri
-
Publication number: 20180159782Abstract: A computer system provides a method for context-based packet scanning in a computing environment. The method includes the steps of receiving a packet from a virtual machine, determining if a network flow associated with the packet exists in a context data structure, and upon determining that a context entry associated with the network flow exists in the context data structure, tagging the packet with context information included in the context entry, comparing the context information and network flow information to context and network flow criteria in one or more packet capture policies, and recording contents of the packet when the context information and network flow information match one of the one or more packet capture policies.Type: ApplicationFiled: December 7, 2016Publication date: June 7, 2018Inventors: Rahul MADAN, Farzad GHANNADIAN, Hamza AHARCHAOU, Aditi VUTUKURI
-
Patent number: 9779240Abstract: Aspects of the present invention include hypervisor based security using a hypervisor to monitor a VM. In embodiments of the present invention, the information gathered by the hypervisor in the monitoring is compared against a reference image to determine if there are possible rootkits present on the VM. If there are potential rootkits, the VM can be quarantined.Type: GrantFiled: January 30, 2015Date of Patent: October 3, 2017Assignee: VMware, Inc.Inventors: Azeem Feroz, Rahul Mathias Madan, Arnold Poon, Aditi Vutukuri
-
Publication number: 20160224789Abstract: Aspects of the present invention include hypervisor based security using a hypervisor to monitor a VM. In embodiments of the present invention, the information gathered by the hypervisor in the monitoring is compared against a reference image to determine if there are possible rootkits present on the VM. If there are potential rootkits, the VM can be quarantined.Type: ApplicationFiled: January 30, 2015Publication date: August 4, 2016Applicant: VMware, Inc.Inventors: Azeem Feroz, Rahul Mathias Madan, Arnold Poon, Aditi Vutukuri