Patents by Inventor Albert Greenberg
Albert Greenberg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11398953Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.Type: GrantFiled: June 1, 2020Date of Patent: July 26, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 11140056Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.Type: GrantFiled: April 4, 2019Date of Patent: October 5, 2021Assignee: Microsoft Technology Licensing, LLCInventors: David A. Maltz, Jonathan David Goldstein, Albert Greenberg, Charles Loboz, Parveen K. Patel
-
Patent number: 10924404Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.Type: GrantFiled: January 10, 2019Date of Patent: February 16, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Deepak Bansal, Parveen Patel, Albert Greenberg
-
Publication number: 20200295999Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.Type: ApplicationFiled: June 1, 2020Publication date: September 17, 2020Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 10762218Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.Type: GrantFiled: June 20, 2017Date of Patent: September 1, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Sandeep Koushik Sheshadri, Shikhar Suri, Sharda Murthi, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 10708136Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.Type: GrantFiled: June 20, 2017Date of Patent: July 7, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 10567356Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.Type: GrantFiled: June 20, 2017Date of Patent: February 18, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20190253352Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.Type: ApplicationFiled: January 10, 2019Publication date: August 15, 2019Inventors: Deepak Bansal, Parveen Patel, Albert Greenberg
-
Publication number: 20190238437Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.Type: ApplicationFiled: April 4, 2019Publication date: August 1, 2019Inventors: David A. MALTZ, Jonathan David GOLDSTEIN, Albert GREENBERG, Charles LOBOZ, Parveen K. PATEL
-
Patent number: 10298477Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.Type: GrantFiled: January 22, 2016Date of Patent: May 21, 2019Assignee: Microsoft Technology Licensing, LLCInventors: David A. Maltz, Jonathan David Goldstein, Albert Greenberg, Charles Loboz, Parveen K. Patel
-
Patent number: 10212085Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.Type: GrantFiled: June 30, 2017Date of Patent: February 19, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Deepak Bansal, Parveen Patel, Albert Greenberg
-
Patent number: 10187410Abstract: Various embodiments described herein are directed to optimizing cloud computing infrastructures functionality based on an abuse prevention and remediation platform. A tenant profile may have a tenant confidence score for a tenant, the tenant confidence score being an indicator of the reputation of the tenant usage of cloud computing resources. Based on the confidence score of the tenant, one or more policies for the tenant may be identified limiting access to cloud computing resources. If the virtual internet protocol address (VIP) of the tenant is determined to be tainted, the VIP may be quarantined in a tainted VIP pool, the quarantining excluding the VIP from being selected for use until the VIP is clean. A cleanup routine may be executed, the cleanup routine communicating remedial actions for the tainted VIP. Upon completion of the cleanup routine, the VIP may be restored to a clean VIP pool.Type: GrantFiled: June 30, 2015Date of Patent: January 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Albert Greenberg, Deepak Bansal
-
Publication number: 20180367407Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20180367515Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20180365435Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Sandeep Koushik Sheshadri, Shikhar Suri, Sharda Murthi, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20180364996Abstract: Software deployment to network devices in cloud computing environments subject to data control policies is provided in a manner that ensures compliance with the data control policies. A deployment service is located in a remote cloud computing environment separate from the cloud computing environments to which software is being deployed. The deployment service does not have access to restricted data in the cloud computing environments, including access control data, such that the deployment service cannot directly interact with network devices. The deployment service issues deployment requests to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access the network devices and issue commands to install the software on the network devices.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Yun Wu, George Chen, Jie Mao, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20170302579Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.Type: ApplicationFiled: June 30, 2017Publication date: October 19, 2017Inventors: Deepak Bansal, Parveen Patel, Albert Greenberg
-
Patent number: 9705796Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.Type: GrantFiled: February 2, 2016Date of Patent: July 11, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Deepak Bansal, Parveen Patel, Albert Greenberg
-
Patent number: 9621573Abstract: Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic.Type: GrantFiled: April 21, 2016Date of Patent: April 11, 2017Assignee: AT&T INTELLECTUAL PROPERTY II, LP.Inventors: Edward Amoroso, Albert Greenberg, Balachander Krishnamurthy
-
Publication number: 20170006053Abstract: Various embodiments described herein are directed to optimizing cloud computing infrastructures functionality based on an abuse prevention and remediation platform. A tenant profile may have a tenant confidence score for a tenant, the tenant confidence score being an indicator of the reputation of the tenant usage of cloud computing resources. Based on the confidence score of the tenant, one or more policies for the tenant may be identified limiting access to cloud computing resources. If the virtual internet protocol address (VIP) of the tenant is determined to be tainted, the VIP may be quarantined in a tainted VIP pool, the quarantining excluding the VIP from being selected for use until the VIP is clean. A cleanup routine may be executed, the cleanup routine communicating remedial actions for the tainted VIP. Upon completion of the cleanup routine, the VIP may be restored to a clean VIP pool.Type: ApplicationFiled: June 30, 2015Publication date: January 5, 2017Inventors: ALBERT GREENBERG, DEEPAK BANSAL