Patents by Inventor David Maltz

David Maltz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11398953
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.
    Type: Grant
    Filed: June 1, 2020
    Date of Patent: July 26, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 11140056
    Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.
    Type: Grant
    Filed: April 4, 2019
    Date of Patent: October 5, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David A. Maltz, Jonathan David Goldstein, Albert Greenberg, Charles Loboz, Parveen K. Patel
  • Publication number: 20210224676
    Abstract: Aspects of the present disclosure relate to incident routing in a cloud environment. In an example, cloud provider teams utilize a scout framework to build a team-specific scout based on that team's expertise. In examples, an incident is detected and a description is sent to each team-specific scout. Each team-specific scout uses the incident description and the scout specifications provided by the team to identify, access, and process monitoring data from cloud components relevant to the incident. Each team-specific scout utilizes one or more machine learning models to evaluate the monitoring data and generate an incident-classification prediction about whether the team is responsible for resolving the incident. In examples, a scout master receives predictions from each of the team-specific scouts and compares the predictions to determine to which team an incident should be routed.
    Type: Application
    Filed: January 17, 2020
    Publication date: July 22, 2021
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Behnaz ARZANI, Jiaqi GAO, Ricardo G. BIANCHINI, Felipe VIEIRA FRUJERI, Xiaohang WANG, Henry LEE, David A. MALTZ
  • Patent number: 10917318
    Abstract: Techniques are disclosed for capturing network traffic in a virtualized computing environment. A packet to be captured in the virtualized environment is identified. The packet is tagged using a pattern of one or more bits in a header of the packet. The pattern indicates that the packet is to be traced. The pattern is propagated to an outer layer during encapsulation of the packet. A header of the encapsulated packet includes the pattern of one or more bits. At least one network device is caused to mirror identified packets based on the reserved bit.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: February 9, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Lihua Yuan, Xinyan Zan, Deepak Bansal, David A. Maltz, Leiwen Deng, Sheng Lu
  • Patent number: 10911527
    Abstract: N nodes are assigned to a first layer of nodes having a first domain name server (DNS) anycast Internet Protocol (IP) address and a first fully qualified domain name (FQDN). M nodes are assigned to a second layer of nodes having a second DNS anycast IP address and a second FQDN. When a request to resolve the first FQDN for the first layer of nodes is received by a DNS of a node of the first layer and a load on the ES of the node is less than a threshold, the DNS handles the request by returning an edge server (ES) anycast IP address for the ES of the node. When the load on the ES is greater than the threshold, the DNS offloads the request by returning the second FQDN so that the second FQDN of the second layer is resolved to the second DNS anycast IP address.
    Type: Grant
    Filed: October 3, 2019
    Date of Patent: February 2, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ashley Flavel, Pradeepkumar Mani, Nick Holt, David Maltz, Jie Liu, Oleg Surmachev
  • Publication number: 20200295999
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.
    Type: Application
    Filed: June 1, 2020
    Publication date: September 17, 2020
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 10762218
    Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: September 1, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Sandeep Koushik Sheshadri, Shikhar Suri, Sharda Murthi, David Maltz, Albert Greenberg, Thomas Keane
  • Patent number: 10708136
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: July 7, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20200099599
    Abstract: Techniques are disclosed for capturing network traffic in a virtualized computing environment. A packet to be captured in the virtualized environment is identified. The packet is tagged using a pattern of one or more bits in a header of the packet. The pattern indicates that the packet is to be traced. The pattern is propagated to an outer layer during encapsulation of the packet. A header of the encapsulated packet includes the pattern of one or more bits. At least one network device is caused to mirror identified packets based on the reserved bit.
    Type: Application
    Filed: September 21, 2018
    Publication date: March 26, 2020
    Inventors: Lihua YUAN, Xinyan ZAN, Deepak BANSAL, David A. MALTZ, Leiwen DENG, Sheng LU
  • Patent number: 10567356
    Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: February 18, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20200036778
    Abstract: N nodes are assigned to a first layer of nodes having a first domain name server (DNS) anycast Internet Protocol (IP) address and a first fully qualified domain name (FQDN). M nodes are assigned to a second layer of nodes having a second DNS anycast IP address and a second FQDN. When a request to resolve the first FQDN for the first layer of nodes is received by a DNS of a node of the first layer and a load on the ES of the node is less than a threshold, the DNS handles the request by returning an edge server (ES) anycast IP address for the ES of the node. When the load on the ES is greater than the threshold, the DNS offloads the request by returning the second FQDN so that the second FQDN of the second layer is resolved to the second DNS anycast IP address.
    Type: Application
    Filed: October 3, 2019
    Publication date: January 30, 2020
    Inventors: Ashley FLAVEL, Pradeepkumar MANI, Nick HOLT, David MALTZ, Jie LIU, Oleg SURMACHEV
  • Publication number: 20190342338
    Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.
    Type: Application
    Filed: May 1, 2018
    Publication date: November 7, 2019
    Inventors: Parvez Anandam, Imran S. Koradia, Zheng Tang, Andrew Mendelsohn, Ankush Grover, Liyuan Zhou, Brandon Michael Klassen, David A. Maltz, Albert Gordon Greenberg
  • Publication number: 20190342296
    Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.
    Type: Application
    Filed: May 1, 2018
    Publication date: November 7, 2019
    Inventors: Parvez Anandam, Imran S. Koradia, Zheng Tang, Andrew Mendelsohn, Ankush Grover, Liyuan Zhou, Brandon Michael Klassen, David A. Maltz, Albert Gordon Greenberg
  • Patent number: 10440104
    Abstract: N nodes are assigned to a first layer of nodes having a first domain name server (DNS) anycast Internet Protocol (IP) address and a first fully qualified domain name (FQDN). M nodes are assigned to a second layer of nodes having a second DNS anycast IP address and a second FQDN. When a request to resolve the first FQDN for the first layer of nodes is received by a DNS of a node of the first layer and a load on the ES of the node is less than a threshold, the DNS handles the request by returning an edge server (ES) anycast IP address for the ES of the node. When the load on the ES is greater than the threshold, the DNS offloads the request by returning the second FQDN so that the second FQDN of the second layer is resolved to the second DNS anycast IP address.
    Type: Grant
    Filed: February 15, 2018
    Date of Patent: October 8, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ashley Flavel, Pradeepkumar Mani, Nick Holt, David Maltz, Jie Liu, Oleg Surmachev
  • Publication number: 20190238437
    Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.
    Type: Application
    Filed: April 4, 2019
    Publication date: August 1, 2019
    Inventors: David A. MALTZ, Jonathan David GOLDSTEIN, Albert GREENBERG, Charles LOBOZ, Parveen K. PATEL
  • Patent number: 10298477
    Abstract: Described is a server monitoring technology that is scalable to large numbers of servers, e.g., in a datacenter. Agents on servers run queries to monitor data sources for that server, such as performance counters and other events. The agents monitor their resource usage and those of monitored events to stay within an administrator-specified resource budget (policy), e.g., by modifying the running queries and/or monitoring parameters. A controller receives results of the monitoring, analyzes the results, and takes action as needed with respect to server operation and monitoring. The controller may dynamically update an agent's queries, monitoring parameters and/or monitored data post-processing operations. The controller may issue alerts and reports, including alerts indicative of inter-server problems between two or more servers.
    Type: Grant
    Filed: January 22, 2016
    Date of Patent: May 21, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David A. Maltz, Jonathan David Goldstein, Albert Greenberg, Charles Loboz, Parveen K. Patel
  • Publication number: 20180364996
    Abstract: Software deployment to network devices in cloud computing environments subject to data control policies is provided in a manner that ensures compliance with the data control policies. A deployment service is located in a remote cloud computing environment separate from the cloud computing environments to which software is being deployed. The deployment service does not have access to restricted data in the cloud computing environments, including access control data, such that the deployment service cannot directly interact with network devices. The deployment service issues deployment requests to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access the network devices and issue commands to install the software on the network devices.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Yun Wu, George Chen, Jie Mao, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20180367407
    Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20180365435
    Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Sandeep Koushik Sheshadri, Shikhar Suri, Sharda Murthi, David Maltz, Albert Greenberg, Thomas Keane
  • Publication number: 20180367515
    Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 20, 2018
    Inventors: Parvez Anandam, Ramnath Prasad, Pradeep Ayyappan Nair, Lihua Yuan, Percy Fitter, Mark Hennessy, Mohammad Qudeisat, Rashid Aga, Deepal Jayasinghe, George Chen, David Maltz, Albert Greenberg, Thomas Keane