Patents by Inventor Benny Rochwerger
Benny Rochwerger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8782323Abstract: A method for accessing data stored in a distributed storage system is provided. The method comprises determining whether a copy of first data is stored in a distributed cache system, where data in the distributed cache system is stored in free storage space of the distributed storage system; accessing the copy of the first data from the distributed cache system if the copy of the first data is stored in a first data storage medium at a first computing system in a network; and requesting a second computing system in the network to access the copy of the first data from the distributed cache system if the copy of the first data is stored in a second data storage medium at the second computing system. If the copy of the first data is not stored in the distributed cache system, the first data is accessed from the distributed storage system.Type: GrantFiled: October 30, 2009Date of Patent: July 15, 2014Assignee: International Business Machines CorporationInventors: Alex Glikson, Shay Goikhman, Benny Rochwerger
-
Publication number: 20140156814Abstract: An approach is provided in which a system creates a network application model that includes network policy objects and connection rules corresponding to sending data between the network policy objects. The system converts the network application model to network configuration information, which links the network policy objects to the connection rules. In turn, a network control plane is configured based upon the network configuration information to map the network application model to a physical infrastructure.Type: ApplicationFiled: January 14, 2013Publication date: June 5, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Liane Lewin-Eytan, Benny Rochwerger, Yaron Wolfsthal
-
Publication number: 20140156811Abstract: An approach is provided in which a system creates a network application model that includes network policy objects and connection rules corresponding to sending data between the network policy objects. The system converts the network application model to network configuration information, which links the network policy objects to the connection rules. In turn, a network control plane is configured based upon the network configuration information to map the network application model to a physical infrastructure.Type: ApplicationFiled: December 4, 2012Publication date: June 5, 2014Applicant: International Business Machines CorporationInventors: Katherine Barabash, Rami Cohen, Liane Lewin-Eytan, Benny Rochwerger, Yaron Wolfsthal
-
Patent number: 8732310Abstract: Systems and methods for policy-driven capacity management in a resource provisioning environment, the method comprising storing, in an operational database one or more virtual resource sets (VRSs) and elasticity ranges for components to be deployed in a resource provisioning environment, and probabilistic guarantees on the elasticity ranges defined in a service manifest provided by a service subscriber; collecting historical data about capacity usage in the resource provisioning environment and failure statistics from the operational database, in addition to prior service commitments due to previously contracted service level agreements (SLAs) stored in a SLA repository; calculating equivalent capacity for the resource provisioning environment based on a defined residual benefit goal, and other business goals instrumented by way of a policy engine; and placing requested virtual resources on physical resources, in response to determining that sufficient physical capacity is available to host the calculated equType: GrantFiled: April 22, 2010Date of Patent: May 20, 2014Assignee: International Business Machines CorporationInventors: David Breitgand, Benny Rochwerger, Julian Satran
-
Patent number: 8606890Abstract: A method for managing communication between nodes in a virtual network is provided. A first computing system utilizes first information to forward first data to the second computing system in a physical network. If the first information is incorrect, the second computing system forwards an unlearning request to the first computing system, and the first computing system updates or deletes the first information. If the first information is not available, the first computing system forwards the first data to a group of computing systems in the physical network by way of an unknown network service. Upon receiving the first data, the second computing system or a third computing system in the physical network forwards a learning request to the first computing system, and the first computing system utilizes the learning request to generate the first information.Type: GrantFiled: January 14, 2011Date of Patent: December 10, 2013Assignee: International Business Machines CorporationInventors: David Hadas, Irit Loy, Benny Rochwerger, Julian Satran
-
Publication number: 20130227113Abstract: Systems and methods for optimizing a virtualized communication network are provided. The method comprises monitoring traffic among nodes in a virtualized communication network to determine one or more relationships among the nodes, wherein the nodes include physical and logically defined components; determining whether one or more edges connecting the nodes in the communications network satisfy a rule; grouping the nodes connected by the one or more edges that satisfy the rule into at least one group; ranking the nodes in the group in accordance with a parameter; and implementing a policy to optimize the virtualized communication network in accordance with information determined from the ranking or the grouping of the nodes.Type: ApplicationFiled: February 26, 2012Publication date: August 29, 2013Applicant: International Business Machines CorporationInventors: Dorit Baras, Akram Bitar, Benny Rochwerger, Amir Ronen
-
Publication number: 20130107889Abstract: An approach is provided in which a local module receives an egress data packet and extracts a virtual IP address from the data packet that corresponds to a virtual network endpoint that generated the data packet. The local module identifies an endpoint address entry corresponding to the virtual network endpoint, and determines that the endpoint address entry fails to include the extracted virtual IP address. As a result, the local module updates the endpoint address entry with the extracted virtual IP address and notifies a distributed policy service of the endpoint address entry update.Type: ApplicationFiled: November 2, 2011Publication date: May 2, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Benny Rochwerger
-
Publication number: 20130107881Abstract: An approach is provided in which a local module receives an egress data packet and extracts a virtual IP address from the data packet that corresponds to a virtual network endpoint that generated the data packet. The local module identifies an endpoint address entry corresponding to the virtual network endpoint, and determines that the endpoint address entry fails to include the extracted virtual IP address. As a result, the local module updates the endpoint address entry with the extracted virtual IP address and notifies a distributed policy service of the endpoint address entry update.Type: ApplicationFiled: April 30, 2012Publication date: May 2, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Benny Rochwerger
-
Publication number: 20130091501Abstract: An approach is provided in which a computer system selects a virtual domain from multiple virtual domains, which are each overlayed onto a physical network and are independent of physical topology constraints of the physical network. The computer system selects, from the selected virtual domain, a first virtual group that includes one or more first virtual network endpoints. Next, the computer system selects, from the selected virtual domain, a second virtual group that includes one or more second virtual network endpoints. In turn, the computer system creates a logical link policy that includes one or more actions corresponding to sending data between the first virtual group and the second virtual group.Type: ApplicationFiled: August 14, 2012Publication date: April 11, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Vinit Jain, Renato J. Recio, Benny Rochwerger
-
Publication number: 20130091261Abstract: An approach is provided in which a computer system selects a virtual domain from multiple virtual domains, which are each overlayed onto a physical network and are independent of physical topology constraints of the physical network. The computer system selects, from the selected virtual domain, a first virtual group that includes one or more first virtual network endpoints. Next, the computer system selects, from the selected virtual domain, a second virtual group that includes one or more second virtual network endpoints. In turn, the computer system creates a logical link policy that includes one or more actions corresponding to sending data between the first virtual group and the second virtual group.Type: ApplicationFiled: October 5, 2011Publication date: April 11, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Vinit Jain, Renato J. Recio, Benny Rochwerger
-
Publication number: 20130019011Abstract: Systems and methods for policy-driven capacity management in a resource provisioning environment, the method comprising storing, in an operational database one or more virtual resource sets (VRSs) and elasticity ranges for components to be deployed in a resource provisioning environment, and probabilistic guarantees on the elasticity ranges defined in a service manifest provided by a service subscriber; collecting historical data about capacity usage in the resource provisioning environment and failure statistics from the operational database, in addition to prior service commitments due to previously contracted service level agreements (SLAs) stored in a SLA repository; calculating equivalent capacity for the resource provisioning environment based on a defined residual benefit goal, and other business goals instrumented by way of a policy engine; and placing requested virtual resources on physical resources, in response to determining that sufficient physical capacity is available to host the calculated equType: ApplicationFiled: September 14, 2012Publication date: January 17, 2013Applicant: INTERNATIONAL BUSINESS MACHINESInventors: David Breitgand, Benny Rochwerger, Julian Satran
-
Publication number: 20120303799Abstract: Systems and methods for migrating a virtual resource from a source host in a source network to a destination host in a destination network are provided. In one embodiment, the method comprises establishing a secure communication connection between a source proxy in the source network and a destination proxy in the destination network; and monitoring migration traffic directed from the source host to the source proxy and forwarding said traffic to the destination proxy which in turn forwards the traffic to the destination host over the secure communication connection between the source proxy and the destination proxy, such that the communication addresses of the source host and the destination host remain guarded from direct access by an entity outside of the source network or the destination network.Type: ApplicationFiled: May 29, 2011Publication date: November 29, 2012Applicant: International Business Machines CorporationInventors: David Hadas, Irit Loy, Kenneth Nagin, Benny Rochwerger
-
Publication number: 20120297384Abstract: According to one embodiment of the present disclosure, an approach is provided in which a policy module receives data that is initiated by a first virtual machine and has a destination at a second virtual machine. The policy module selects a policy that corresponds to sending the data from the first virtual machine to the second virtual machine. The policy includes one or more logical references to one or more virtual networks, and does not include a physical reference to a physical entity located on a physical network. In turn, the policy module encapsulates the data with a physical path translation that is based upon the selected policy, and sends the encapsulated data over the physical network to a second policy module that corresponds to the second virtual machine.Type: ApplicationFiled: July 26, 2012Publication date: November 22, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Vinit Jain, Renato J. Recio, Benny Rochwerger
-
Publication number: 20120291024Abstract: According to one embodiment of the present disclosure, an approach is provided in which a policy module receives data that is initiated by a first virtual machine and has a destination at a second virtual machine. The policy module selects a policy that corresponds to sending the data from the first virtual machine to the second virtual machine. The policy includes one or more logical references to one or more virtual networks, and does not include a physical reference to a physical entity located on a physical network. In turn, the policy module encapsulates the data with a physical path translation that is based upon the selected policy, and sends the encapsulated data over the physical network to a second policy module that corresponds to the second virtual machine.Type: ApplicationFiled: May 13, 2011Publication date: November 15, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Vinit Jain, Renato J. Recio, Benny Rochwerger
-
Publication number: 20120290695Abstract: According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor.Type: ApplicationFiled: May 13, 2011Publication date: November 15, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Vinit Jain, Renato J. Recio, Benny Rochwerger
-
Publication number: 20120290703Abstract: According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor.Type: ApplicationFiled: July 24, 2012Publication date: November 15, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Katherine Barabash, Rami Cohen, Vinit Jain, Renato J. Recio, Benny Rochwerger
-
Patent number: 8302091Abstract: Systems and methods for remotely installing software on a computing system while the computing system is running on a first bootable image, so that the computing system is not removed from operation during the installation of a second bootable image. The method comprises constructing the second bootable image on a storage medium accessible to the computing system while the computing system is operating in a first operating environment in association with the first bootable image, customizing the second bootable image so that the computing system can operate in a second operating environment in association with the second bootable image, disassociating the computing system from the first bootable image, and associating the computing system with the second bootable image.Type: GrantFiled: June 5, 2006Date of Patent: October 30, 2012Assignee: International Business Machines CorporationInventors: Yariv Aridor, Alex Glikson, Oleg Goldshmidt, Benny Rochwerger
-
Publication number: 20120240110Abstract: Systems and methods for deploying a virtual machine (VM) on a host are provided. An exemplary method comprises notifying a host to download a master copy of a VM image from a remotely located network storage device, in response to a service provider providing a definition manifest for a service request supported by the VM, wherein the host deploys the VM directly from the VM image downloaded to a storage medium locally connected to the host machine, wherein deployment of the VM allows the host to locally service the service request associated with the definition manifest, wherein the host replicates copies of the VM image, in response to receiving additional service requests to create one or more VM clones; wherein the host customizes the one or more VM clones based on the definition manifest.Type: ApplicationFiled: March 16, 2011Publication date: September 20, 2012Applicant: International Business Machines CorporationInventors: David Breitgand, Irit Loy, Kenneth Nagin, Benny Rochwerger, Ezra Silvera
-
Publication number: 20120216194Abstract: A physical host executes a virtual machine monitor (VMM) in communication with a plurality of consumer virtual machines (VMs). In response to receipt of a packet, the VMM determines whether a service is to be performed for the packet by a service virtual machine (VM) in communication with the VMM. In response to determining that the service is to be performed for the packet by the service VM, the VMM applies a tag to the packet that differentiates the packet from any other packet sharing a common address with the packet but having a different associated consumer, passes the packet to the service VM for performance of the service, and thereafter removes the tag from the packet in response to receipt of the packet from the service VM following performance of the service. In response to receipt of the packet from the service VM, the VMM forwards the packet.Type: ApplicationFiled: April 26, 2012Publication date: August 23, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: DAVID HADAS, VIVEK KASHYAP, JAYAKRISHNA KIDAMBI, RENATO J. RECIO, BENNY ROCHWERGER
-
Publication number: 20120182993Abstract: A physical host executes a virtual machine monitor (VMM) in communication with a plurality of consumer virtual machines (VMs). In response to receipt of a packet, the VMM determines whether a service is to be performed for the packet by a service virtual machine (VM) in communication with the VMM. In response to determining that the service is to be performed for the packet by the service VM, the VMM applies a tag to the packet that differentiates the packet from any other packet sharing a common address with the packet but having a different associated consumer, passes the packet to the service VM for performance of the service, and thereafter removes the tag from the packet in response to receipt of the packet from the service VM following performance of the service. In response to receipt of the packet from the service VM, the VMM forwards the packet.Type: ApplicationFiled: January 14, 2011Publication date: July 19, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: DAVID HADAS, VIVEK KASHYAP, JAYAKRISHNA KIDAMBI, RENATO J. RECIO, BENNY ROCHWERGER