Patents by Inventor David A. Maltz
David A. Maltz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11539611Abstract: In some cases, a network monitoring system may determine an operating or health condition of a node or connection link in a network (e.g., a datacenter network) by preparing an encapsulated data packet according to a tunneling protocol. Depending on a result of routing the encapsulated data packet, the network monitoring system determines whether the node or connection link is functioning normally or is experiencing an issue such as overloading or malfunctioning.Type: GrantFiled: May 8, 2014Date of Patent: December 27, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Haitao Wu, Chuanxiong Guo, David A. Maltz, Lihua Yuan, Yongguang Zhang
-
Patent number: 11398953Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.Type: GrantFiled: June 1, 2020Date of Patent: July 26, 2022Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 11140056Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.Type: GrantFiled: April 4, 2019Date of Patent: October 5, 2021Assignee: Microsoft Technology Licensing, LLCInventors: David A. Maltz, Jonathan David Goldstein, Albert Greenberg, Charles Loboz, Parveen K. Patel
-
Publication number: 20210224676Abstract: Aspects of the present disclosure relate to incident routing in a cloud environment. In an example, cloud provider teams utilize a scout framework to build a team-specific scout based on that team's expertise. In examples, an incident is detected and a description is sent to each team-specific scout. Each team-specific scout uses the incident description and the scout specifications provided by the team to identify, access, and process monitoring data from cloud components relevant to the incident. Each team-specific scout utilizes one or more machine learning models to evaluate the monitoring data and generate an incident-classification prediction about whether the team is responsible for resolving the incident. In examples, a scout master receives predictions from each of the team-specific scouts and compares the predictions to determine to which team an incident should be routed.Type: ApplicationFiled: January 17, 2020Publication date: July 22, 2021Applicant: Microsoft Technology Licensing, LLCInventors: Behnaz ARZANI, Jiaqi GAO, Ricardo G. BIANCHINI, Felipe VIEIRA FRUJERI, Xiaohang WANG, Henry LEE, David A. MALTZ
-
Patent number: 10917318Abstract: Techniques are disclosed for capturing network traffic in a virtualized computing environment. A packet to be captured in the virtualized environment is identified. The packet is tagged using a pattern of one or more bits in a header of the packet. The pattern indicates that the packet is to be traced. The pattern is propagated to an outer layer during encapsulation of the packet. A header of the encapsulated packet includes the pattern of one or more bits. At least one network device is caused to mirror identified packets based on the reserved bit.Type: GrantFiled: September 21, 2018Date of Patent: February 9, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Lihua Yuan, Xinyan Zan, Deepak Bansal, David A. Maltz, Leiwen Deng, Sheng Lu
-
Patent number: 10911527Abstract: N nodes are assigned to a first layer of nodes having a first domain name server (DNS) anycast Internet Protocol (IP) address and a first fully qualified domain name (FQDN). M nodes are assigned to a second layer of nodes having a second DNS anycast IP address and a second FQDN. When a request to resolve the first FQDN for the first layer of nodes is received by a DNS of a node of the first layer and a load on the ES of the node is less than a threshold, the DNS handles the request by returning an edge server (ES) anycast IP address for the ES of the node. When the load on the ES is greater than the threshold, the DNS offloads the request by returning the second FQDN so that the second FQDN of the second layer is resolved to the second DNS anycast IP address.Type: GrantFiled: October 3, 2019Date of Patent: February 2, 2021Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ashley Flavel, Pradeepkumar Mani, Nick Holt, David Maltz, Jie Liu, Oleg Surmachev
-
Publication number: 20200295999Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.Type: ApplicationFiled: June 1, 2020Publication date: September 17, 2020Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 10762218Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.Type: GrantFiled: June 20, 2017Date of Patent: September 1, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Sandeep Koushik Sheshadri, Shikhar Suri, Sharda Murthi, David Maltz, Albert Greenberg, Thomas Keane
-
Patent number: 10708136Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.Type: GrantFiled: June 20, 2017Date of Patent: July 7, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20200099599Abstract: Techniques are disclosed for capturing network traffic in a virtualized computing environment. A packet to be captured in the virtualized environment is identified. The packet is tagged using a pattern of one or more bits in a header of the packet. The pattern indicates that the packet is to be traced. The pattern is propagated to an outer layer during encapsulation of the packet. A header of the encapsulated packet includes the pattern of one or more bits. At least one network device is caused to mirror identified packets based on the reserved bit.Type: ApplicationFiled: September 21, 2018Publication date: March 26, 2020Inventors: Lihua YUAN, Xinyan ZAN, Deepak BANSAL, David A. MALTZ, Leiwen DENG, Sheng LU
-
Patent number: 10567356Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.Type: GrantFiled: June 20, 2017Date of Patent: February 18, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20200036778Abstract: N nodes are assigned to a first layer of nodes having a first domain name server (DNS) anycast Internet Protocol (IP) address and a first fully qualified domain name (FQDN). M nodes are assigned to a second layer of nodes having a second DNS anycast IP address and a second FQDN. When a request to resolve the first FQDN for the first layer of nodes is received by a DNS of a node of the first layer and a load on the ES of the node is less than a threshold, the DNS handles the request by returning an edge server (ES) anycast IP address for the ES of the node. When the load on the ES is greater than the threshold, the DNS offloads the request by returning the second FQDN so that the second FQDN of the second layer is resolved to the second DNS anycast IP address.Type: ApplicationFiled: October 3, 2019Publication date: January 30, 2020Inventors: Ashley FLAVEL, Pradeepkumar MANI, Nick HOLT, David MALTZ, Jie LIU, Oleg SURMACHEV
-
Publication number: 20190342338Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.Type: ApplicationFiled: May 1, 2018Publication date: November 7, 2019Inventors: Parvez Anandam, Imran S. Koradia, Zheng Tang, Andrew Mendelsohn, Ankush Grover, Liyuan Zhou, Brandon Michael Klassen, David A. Maltz, Albert Gordon Greenberg
-
Publication number: 20190342296Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.Type: ApplicationFiled: May 1, 2018Publication date: November 7, 2019Inventors: Parvez Anandam, Imran S. Koradia, Zheng Tang, Andrew Mendelsohn, Ankush Grover, Liyuan Zhou, Brandon Michael Klassen, David A. Maltz, Albert Gordon Greenberg
-
Patent number: 10440104Abstract: N nodes are assigned to a first layer of nodes having a first domain name server (DNS) anycast Internet Protocol (IP) address and a first fully qualified domain name (FQDN). M nodes are assigned to a second layer of nodes having a second DNS anycast IP address and a second FQDN. When a request to resolve the first FQDN for the first layer of nodes is received by a DNS of a node of the first layer and a load on the ES of the node is less than a threshold, the DNS handles the request by returning an edge server (ES) anycast IP address for the ES of the node. When the load on the ES is greater than the threshold, the DNS offloads the request by returning the second FQDN so that the second FQDN of the second layer is resolved to the second DNS anycast IP address.Type: GrantFiled: February 15, 2018Date of Patent: October 8, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Ashley Flavel, Pradeepkumar Mani, Nick Holt, David Maltz, Jie Liu, Oleg Surmachev
-
Publication number: 20190238437Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.Type: ApplicationFiled: April 4, 2019Publication date: August 1, 2019Inventors: David A. MALTZ, Jonathan David GOLDSTEIN, Albert GREENBERG, Charles LOBOZ, Parveen K. PATEL
-
Patent number: 10298477Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.Type: GrantFiled: January 22, 2016Date of Patent: May 21, 2019Assignee: Microsoft Technology Licensing, LLCInventors: David A. Maltz, Jonathan David Goldstein, Albert Greenberg, Charles Loboz, Parveen K. Patel
-
Publication number: 20180367515Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20180367407Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
-
Publication number: 20180364996Abstract: Software deployment to network devices in cloud computing environments subject to data control policies is provided in a manner that ensures compliance with the data control policies. A deployment service is located in a remote cloud computing environment separate from the cloud computing environments to which software is being deployed. The deployment service does not have access to restricted data in the cloud computing environments, including access control data, such that the deployment service cannot directly interact with network devices. The deployment service issues deployment requests to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access the network devices and issue commands to install the software on the network devices.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Yun Wu, George Chen, Jie Mao, David Maltz, Albert Greenberg, Thomas Keane