Patents by Inventor Maurilio Cometto
Maurilio Cometto has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250094204Abstract: A system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource provider.Type: ApplicationFiled: November 30, 2024Publication date: March 20, 2025Applicant: Google LLCInventors: Ilya Beyer, Manoj Sharma, Gururaj Pangal, Maurilio Cometto
-
Publication number: 20250068762Abstract: The present disclosure describes an architecture and design of Unauthorized-Blocking-Role (UAB). UAB is a mechanism which prevents higher privileged users of cloud-hosted software from performing unauthorized activities on protected objects, such as management objects. UAB works by periodically monitoring the permissions of customer users on key management objects in an object hierarchy in management software. If a customer user is detected to have privileges higher than the user should have on those objects, UAB applies restrictive role-based access controls (RBACs) on the user. Similarly, UAB also monitors protected principals and protected roles to ensure that their privileges are not modified by a customer user.Type: ApplicationFiled: November 13, 2024Publication date: February 27, 2025Inventors: Atul Goel, Diganta Paladhi, Manoj Sharma, Maurilio Cometto
-
Patent number: 12175277Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resourceType: GrantFiled: November 22, 2023Date of Patent: December 24, 2024Assignee: Google LLCInventors: Ilya Beyer, Manoj Sharma, Gururaj Pangal, Maurilio Cometto
-
Patent number: 12158964Abstract: The present disclosure describes an architecture and design of Unauthorized-Blocking-Role (UAB). UAB is a mechanism which prevents higher privileged users of cloud-hosted software from performing unauthorized activities on protected objects, such as management objects. UAB works by periodically monitoring the permissions of customer users on key management objects in an object hierarchy in management software. If a customer user is detected to have privileges higher than the user should have on those objects, UAB applies restrictive role-based access controls (RBACs) on the user. Similarly, UAB also monitors protected principals and protected roles to ensure that their privileges are not modified by a customer user.Type: GrantFiled: October 8, 2021Date of Patent: December 3, 2024Assignee: Google LLCInventors: Atul Goel, Diganta Paladhi, Manoj Sharma, Maurilio Cometto
-
Publication number: 20240372870Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.Type: ApplicationFiled: July 18, 2024Publication date: November 7, 2024Applicant: Google LLCInventors: Manoj Sharma, Choudhury Sarada Prasanna Nanda, Ilya Beyer, Maurilio Cometto
-
Publication number: 20240356897Abstract: In one embodiment, a system includes a plurality of first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises at least one public-cloud virtual machine (VM) that performs network address translation; and a plurality of second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein the public-cloud VM is configured to receive, via a network tunnel from the private-cloud VM, one or more first packets to be sent to a public Internet Protocol (IP) address of a public network host, translate, using a NAT mapping, a source address of each first packet from a private IP address of the private-cloud VM to an IP address of the public-cloud VM, and send the first packet to the IP address of the public-cloud VM.Type: ApplicationFiled: May 9, 2024Publication date: October 24, 2024Applicant: Google LLCInventors: Maurilio Cometto, Mate Ferenczy, Sriganesh Kini, Mohammad Y. Hajjat, Manoj Sharma
-
Patent number: 12052254Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.Type: GrantFiled: September 2, 2021Date of Patent: July 30, 2024Assignee: Google LLCInventors: Manoj Sharma, Choudhury Sarada Prasanna Nanda, Ilya Beyer, Maurilio Cometto
-
Patent number: 12010097Abstract: In one embodiment, a system includes a plurality of first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises at least one public-cloud virtual machine (VM) that performs network address translation; and a plurality of second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein the public-cloud VM is configured to receive, via a network tunnel from the private-cloud VM, one or more first packets to be sent to a public Internet Protocol (IP) address of a public network host, translate, using a NAT mapping, a source address of each first packet from a private IP address of the private-cloud VM to an IP address of the public-cloud VM, and send the first packet to the IP address of the public-cloud VM.Type: GrantFiled: February 16, 2022Date of Patent: June 11, 2024Assignee: Google LLCInventors: Maurilio Cometto, Mate Ferenczy, Sriganesh Kini, Mohammad Y. Hajjat, Manoj Sharma
-
Publication number: 20240086227Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resourceType: ApplicationFiled: November 22, 2023Publication date: March 14, 2024Applicant: Google LLCInventors: Ilya Beyer, Manoj Sharma, Gururaj Pangal, Maurilio Cometto
-
Patent number: 11853789Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resourceType: GrantFiled: November 23, 2022Date of Patent: December 26, 2023Assignee: Google LLCInventors: Ilya Beyer, Manoj Sharma, Gururaj Pangal, Maurilio Cometto
-
Publication number: 20230090171Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resourceType: ApplicationFiled: November 23, 2022Publication date: March 23, 2023Applicant: Google LLCInventors: Ilya Beyer, Manoj Sharma, Gururaj Pangal, Maurilio Cometto
-
Publication number: 20220417091Abstract: A method for provisioning private-cloud server nodes by receiving a request to provision a specified number of server nodes for a private cloud, wherein the request is associated with a user, identifying a plurality of server nodes including (a) the specified number of hypervisor server nodes from a first pool that includes prepared hypervisor server nodes, each of which includes a previously-installed hypervisor, and (b) a management server node from a second pool that includes prepared management server nodes, each of which includes a previously-installed hypervisor and one or more previously-installed management components, configuring the identified server nodes to use a network associated with the user, creating a private cloud that includes the identified server nodes, and providing, to the user, permission to access the identified server nodes.Type: ApplicationFiled: August 30, 2022Publication date: December 29, 2022Applicant: Google LLCInventors: Manoj Sharma, Choudhury Sarada Prasanna Nanda, Gururaj Pangal, Maurilio Cometto, llya Beyer
-
Patent number: 11531561Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resourType: GrantFiled: October 30, 2020Date of Patent: December 20, 2022Assignee: Google LLCInventors: Ilya Beyer, Manoj Sharma, Gururaj Pangal, Maurilio Cometto
-
Patent number: 11463306Abstract: In one embodiment, a method includes a method for provisioning private-cloud server nodes by receiving a request to provision a specified number of server nodes for a private cloud, wherein the request is associated with a user, identifying a plurality of server nodes including (a) the specified number of hypervisor server nodes from a first pool that includes prepared hypervisor server nodes, each of which includes a previously-installed hypervisor, and (b) a management server node from a second pool that includes prepared management server nodes, each of which includes a previously-installed hypervisor and one or more previously-installed management components, configuring the identified server nodes to use a network associated with the user, creating a private cloud that includes the identified server nodes, and providing, to the user, permission to access the identified server nodes.Type: GrantFiled: April 14, 2021Date of Patent: October 4, 2022Assignee: Google LLCInventors: Manoj Sharma, Choudhury Sarada Prasanna Nanda, Gururaj Pangal, Maurilio Cometto, Ilya Beyer
-
Publication number: 20220174042Abstract: In one embodiment, a system includes a plurality of first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises at least one public-cloud virtual machine (VM) that performs network address translation; and a plurality of second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein the public-cloud VM is configured to receive, via a network tunnel from the private-cloud VM, one or more first packets to be sent to a public Internet Protocol (IP) address of a public network host, translate, using a NAT mapping, a source address of each first packet from a private IP address of the private-cloud VM to an IP address of the public-cloud VM, and send the first packet to the IP address of the public-cloud VM.Type: ApplicationFiled: February 16, 2022Publication date: June 2, 2022Applicant: Google LLCInventors: Maurilio Cometto, Mate Ferenczy, Sriganesh Kini, Mohammad Y. Hajjat, Manoj Sharma
-
Publication number: 20220129575Abstract: The present disclosure describes an architecture and design of Unauthorized-Blocking-Role (UAB). UAB is a mechanism which prevents higher privileged users of cloud-hosted software from performing unauthorized activities on protected objects, such as management objects. UAB works by periodically monitoring the permissions of customer users on key management objects in an object hierarchy in management software. If a customer user is detected to have privileges higher than the user should have on those objects, UAB applies restrictive role-based access controls (RBACs) on the user. Similarly, UAB also monitors protected principals and protected roles to ensure that their privileges are not modified by a customer user.Type: ApplicationFiled: October 8, 2021Publication date: April 28, 2022Inventors: Atul Goel, Diganta Paladhi, Manoj Sharma, Maurilio Cometto
-
Patent number: 11271905Abstract: In one embodiment, a system includes a plurality of first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises at least one public-cloud virtual machine (VM) that performs network address translation; and a plurality of second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein the public-cloud VM is configured to receive, via a network tunnel from the private-cloud VM, one or more first packets to be sent to a public Internet Protocol (IP) address of a public network host, translate, using a NAT mapping, a source address of each first packet from a private IP address of the private-cloud VM to an IP address of the public-cloud VM, and send the first packet to the IP address of the public-cloud VM.Type: GrantFiled: October 22, 2018Date of Patent: March 8, 2022Assignee: Google LLCInventors: Maurilio Cometto, Máté Ferenczy, Sriganesh Kini, Mohammad Y. Hajjat, Manoj Sharma
-
Publication number: 20210400051Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.Type: ApplicationFiled: September 2, 2021Publication date: December 23, 2021Applicant: Google LLCInventors: Manoj Sharma, Choudhury Sarada Prasanna Nanda, Ilya Beyer, Maurilio Cometto
-
Patent number: 11128629Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.Type: GrantFiled: September 19, 2018Date of Patent: September 21, 2021Assignee: Google LLCInventors: Manoj Sharma, Choudhury Sarada Prasanna Nanda, Ilya Beyer, Maurilio Cometto
-
Publication number: 20210286770Abstract: Setting up and supporting the computer infrastructure for a remote satellite office is a difficult task for any information technology department. To simplify the task, an integrated server system with a hierarchical storage system is proposed. The hierarchical storage system includes the ability to store data at an off-site cloud storage service. The server system is remotely configurable and thus allows the server to be configured and populated with data from a remote location.Type: ApplicationFiled: May 28, 2021Publication date: September 16, 2021Inventors: Maurilio COMETTO, Gururaj PANGAL, Ady DEGANY