Patents by Inventor Kausum Kumar
Kausum Kumar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240004689Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: ApplicationFiled: June 19, 2023Publication date: January 4, 2024Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Ashish Shendure, Ashish Patel, Farzad Ghannadian
-
Patent number: 11757940Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.Type: GrantFiled: November 24, 2020Date of Patent: September 12, 2023Assignee: VMWARE, INC.Inventors: Sachin Mohan Vaidya, Kausum Kumar, Jayant Jain, Shadab Shah, Anirban Sengupta
-
Patent number: 11750481Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: GrantFiled: February 21, 2022Date of Patent: September 5, 2023Assignee: NICIRA, INC.Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Patent number: 11693688Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: GrantFiled: May 23, 2022Date of Patent: July 4, 2023Assignee: VMWARE, INC.Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Ashish Shendure, Ashish Patel, Farzad Ghannadian
-
Patent number: 11641305Abstract: Example methods and systems are provided for network diagnosis. One example method may comprise: detecting an egress packet and determining whether each of multiple network issues is detected for the egress packet or a datapath between a first virtualized computing instance and a second virtualized computing instance. The method may also comprise: generating network diagnosis code information specifying whether each of the multiple network issues is detected or not detected; generating an encapsulated packet by encapsulating the egress packet with an outer header that specifies the network diagnosis code information; and sending the encapsulated packet towards the second virtualized computing instance to cause a second computer system to perform one or more remediation actions based on the network diagnosis code information.Type: GrantFiled: December 16, 2019Date of Patent: May 2, 2023Assignee: VMWARE, INC.Inventors: Sirisha Myneni, Kausum Kumar, Nafisa Mandliwala, Venkatakrishnan Rajagopalan
-
Patent number: 11601474Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.Type: GrantFiled: November 24, 2020Date of Patent: March 7, 2023Assignee: VMWARE, INC.Inventors: Sachin Mohan Vaidya, Kausum Kumar, Nikhil Bokare, Mayur Dhas, Shailesh Makhijani, Rushikesh Wagh, Shrinivas Sharad Parashar, Vaibhav Bhandari
-
Patent number: 11601458Abstract: The current document is directed to methods and systems that generate microsegmentation quotients for computational entities and components of a distributed-computer-system. In the described implementation, microsegmentation quotients are generated for each component, subsystem, or computational entity, collectively referred to as “system entities,” of a set of specified system-entity types within the distributed computer system. Microsegmentation quotients are generated for system entities at any of the various hierarchical levels within a distributed computer system, including for the entire distributed computer system. Microsegmentation quotients are generated by an iterative process that refines initial estimates of the microsegmentation quotients for system entities within the distributed computer system.Type: GrantFiled: October 4, 2020Date of Patent: March 7, 2023Assignee: VMware, Inc.Inventors: Jayant Jain, Anirban Sengupta, Rick Lund, Kausum Kumar
-
Patent number: 11595255Abstract: Some embodiments provide a method for visualizing a realization status of configuration changes for a set of logical entities of a logical network. The method generates a first presentation of a list of logical entities and a realization status for each logical entity in the list, where the realization status indicates whether all configuration changes for the logical entity have been realized. In response to a selection of a particular logical entity in the displayed list for which at least one configuration change has not been realized, the method generates a second presentation comprising a view of pending configuration changes for the selected particular logical entity.Type: GrantFiled: December 23, 2020Date of Patent: February 28, 2023Assignee: VMWARE, INC.Inventors: Kapil Goyal, W. Andrew Lambeth, Tea Liukkonen-Olmiala, Kausum Kumar
-
Patent number: 11522835Abstract: A system and method for performing firewall operations on an edge service gateway virtual machine that monitors traffic for a network. The method includes detecting, from a directory service executing on a computing device, a login event on the computing device, obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event, storing the login event information as one or more context attributes in an attribute table, and applying a firewall rule to a data message that corresponds to the one or more context attributes.Type: GrantFiled: July 3, 2018Date of Patent: December 6, 2022Assignee: VMware, Inc.Inventors: Arijit Chanda, Sirisha Myneni, Arnold Poon, Kausum Kumar, Dhivya Srinivasan
-
Publication number: 20220365806Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: ApplicationFiled: May 23, 2022Publication date: November 17, 2022Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Ashish Shendure, Ashish Patel, Farzad Ghannadian
-
Publication number: 20220173985Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: ApplicationFiled: February 21, 2022Publication date: June 2, 2022Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Patent number: 11349876Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: GrantFiled: August 28, 2019Date of Patent: May 31, 2022Assignee: VMWARE, INC.Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Radha Popuri, Kavya Kambi Ravi, Ankur Saran, Farzad Ghannadian
-
Patent number: 11340931Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: GrantFiled: August 28, 2019Date of Patent: May 24, 2022Assignee: VMWARE, INC.Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Ashish Shendure, Ashish Patel, Farzad Ghannadian
-
Publication number: 20220109684Abstract: The current document is directed to methods and systems that generate microsegmentation quotients for computational entities and components of a distributed-computer-system. In the described implementation, microsegmentation quotients are generated for each component, subsystem, or computational entity, collectively referred to as “system entities,” of a set of specified system-entity types within the distributed computer system. Microsegmentation quotients are generated for system entities at any of the various hierarchical levels within a distributed computer system, including for the entire distributed computer system. Microsegmentation quotients are generated by an iterative process that refines initial estimates of the microsegmentation quotients for system entities within the distributed computer system.Type: ApplicationFiled: October 4, 2020Publication date: April 7, 2022Applicant: VMware, Inc.Inventors: Jayant Jain, Anirban Sengupta, Rick Lund, Kausum Kumar
-
Publication number: 20220103598Abstract: Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network.Type: ApplicationFiled: November 24, 2020Publication date: March 31, 2022Inventors: Sachin Mohan Vaidya, Kausum Kumar, Nikhil Bokare, Mayur Dhas, Shailesh Makhijani, Rushikesh Wagh, Shrinivas Sharad Parashar
-
Publication number: 20220103521Abstract: Some embodiments provide a method for a network management and control system that manages a virtual infrastructure deployed across a set of datacenters. The method receives a definition of an application to be deployed in the virtual infrastructure. The application definition specifies a requirement that the application receive data traffic from sources external to the virtual infrastructure. Based on the application definition, the method defines a first set of firewall rules for the application that indicate conditions for allowing data traffic from sources external to the virtual infrastructure. For an existing second set of higher-level firewall rules for data traffic entering and exiting the virtual infrastructure, the method specifies a new firewall rule that directs a network element implementing the sets of firewall rules to apply the first set of firewall rules to any data traffic that is from sources external to the virtual infrastructure and directed to the application.Type: ApplicationFiled: November 24, 2020Publication date: March 31, 2022Inventors: Sachin Mohan Vaidya, Kausum Kumar, Jayant Jain, Shadab Shah, Anirban Sengupta
-
Patent number: 11258681Abstract: A method for visualizing network flows of a network is provided. The method monitors network flows between a group of machines in a network. The method associates identifiers with the monitored network flows. The method aggregates the monitored network flows into a set of groups based on the associated identifiers. The method displays a set of flow records for the each group of the set of groups.Type: GrantFiled: September 25, 2017Date of Patent: February 22, 2022Assignee: NICIRA, INC.Inventors: Kaushal Bansal, Uday Masurekar, Srinivas Nimmagadda, Jingmin Zhou, Abhishek Goliya, Amit Chopra, Kausum Kumar
-
Patent number: 11233770Abstract: Behavior-based security in a datacenter includes monitoring user actions made by users in the datacenter. Behavior-based risk scores are computer for users based on their monitored actions. One or more firewall rules are generated for users based on their behavior-based risk scores. The firewall rules regulate the actions of the users.Type: GrantFiled: July 2, 2019Date of Patent: January 25, 2022Assignee: VMWARE INC.Inventors: Sirisha Myneni, Rajiv Mordani, Kausum Kumar
-
Publication number: 20210365308Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.Type: ApplicationFiled: August 9, 2021Publication date: November 25, 2021Inventors: Sirisha Myneni, Arijit Chanda, Laxmikant Vithal Gunda, Arnold Koon-Chee Poon, Farzad Ghannadian, Kausum Kumar
-
Patent number: 11086700Abstract: A simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. These manifests are application specific. Also, in some cases, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.Type: GrantFiled: August 24, 2018Date of Patent: August 10, 2021Assignee: VMWARE, INC.Inventors: Sirisha Myneni, Arijit Chanda, Laxmikant Vithal Gunda, Arnold Poon, Farzad Ghannadian, Kausum Kumar