Patents by Inventor Rajiv Krishnamurthy

Rajiv Krishnamurthy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11397609
    Abstract: Methods and apparatus for application and/or context-based management of virtual networks using customizable workflows are disclosed. An example apparatus includes a context engine to monitor data traffic from a virtual machine in a data plane of a virtual network to capture context information to identify an application executing on the virtual machine; and a policy manager to receive the context information to instantiate an application entity corresponding to the application in a policy plane of the virtual network and to generate a policy associated with the application entity in the policy plane of the virtual network, the policy and the application entity enabling monitoring and management of the application via the policy plane.
    Type: Grant
    Filed: June 29, 2020
    Date of Patent: July 26, 2022
    Assignee: Nicira, Inc.
    Inventors: Rajiv Krishnamurthy, Laxmikant Gunda
  • Patent number: 11349724
    Abstract: An approach for a software defined networking manager to perform a predictive analysis of proposed modifications to a software defined network (SDN) is presented. A method comprises receiving entity logical associations that are captured in a set of rules implemented in a SDN. Once a proposed modification to the entity logical associations is received, without implementing the proposed modification and without modifying the set of rules, impacted entity associations, from the entity logical associations, are identified. Upon receiving input indicating that the proposed modification is to be accepted, an updated set of rules for the SDN is generated by updating the set of rules based on the proposed modification, and the updated set of rules is implemented in the SDN.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: May 31, 2022
    Assignee: NICIRA, INC.
    Inventors: Ujwala Kawalay, Prashant Ambardekar, Prayas Gaurav, Rajiv Krishnamurthy, Gurprit Johal
  • Patent number: 11296960
    Abstract: Some embodiments provide a method for monitoring a distributed application. The method receives a request to perform data collection for the distributed application. The method identifies data compute nodes (DCNs) that implement the distributed application. The method sends commands to host machines on which the identified DCNs operate to detect events related to the DCNs and provide data regarding the detected events. The method uses the data regarding the detected events to generate a user interface (UI) display of the topology of the distributed application.
    Type: Grant
    Filed: March 8, 2018
    Date of Patent: April 5, 2022
    Assignee: NICIRA, INC.
    Inventors: Bin Wang, Margaret Petrus, Farzad Ghannadian, Rajiv Krishnamurthy
  • Patent number: 11146592
    Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: October 12, 2021
    Assignee: VMware, Inc.
    Inventors: Hamza Aharchaou, Farzad Ghannadian, Amarnath Palavalli, Rajiv Krishnamurthy
  • Publication number: 20210258178
    Abstract: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.
    Type: Application
    Filed: May 3, 2021
    Publication date: August 19, 2021
    Inventors: Alexander Tessmer, Mukesh Hira, Rajiv Krishnamurthy, Ram Dular Singh, Xuan Zhang, Hua Wang
  • Patent number: 10999087
    Abstract: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.
    Type: Grant
    Filed: May 18, 2019
    Date of Patent: May 4, 2021
    Assignee: NICIRA, INC.
    Inventors: Alexander Tessmer, Mukesh Hira, Rajiv Krishnamurthy, Ram Dular Singh, Xuan Zhang, Hua Wang
  • Publication number: 20210099425
    Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.
    Type: Application
    Filed: December 15, 2020
    Publication date: April 1, 2021
    Inventors: Laxmikant Gunda, Rajiv Krishnamurthy
  • Patent number: 10873565
    Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: December 22, 2020
    Assignee: Nicira, Inc.
    Inventors: Laxmikant Gunda, Rajiv Krishnamurthy
  • Patent number: 10862773
    Abstract: Some embodiments of the invention provide a method for performing services on an endpoint machine in a datacenter. On the endpoint machine, the method installs a guest introspection (GI) agent and a service engine. In some embodiments, the GI agent and the service engine are part of one monitor agent that is installed on the endpoint machine. The method then registers with a set of one or more notification services on the endpoint machine, the GI agent to receive notifications regarding new data message flow events on the endpoint machine. Through the notifications, the GI agent captures contextual data items regarding new data message flows, and stores the captured contextual data items. The service engine then performs a service for the data message flow based on the captured contextual data.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: December 8, 2020
    Assignee: NICIRA, INC.
    Inventors: Arijit Chanda, Rajiv Krishnamurthy, Arnold K. Poon, Tori Chen
  • Publication number: 20200334068
    Abstract: Methods and apparatus for application and/or context-based management of virtual networks using customizable workflows are disclosed. An example apparatus includes a context engine to monitor data traffic from a virtual machine in a data plane of a virtual network to capture context information to identify an application executing on the virtual machine; and a policy manager to receive the context information to instantiate an application entity corresponding to the application in a policy plane of the virtual network and to generate a policy associated with the application entity in the policy plane of the virtual network, the policy and the application entity enabling monitoring and management of the application via the policy plane.
    Type: Application
    Filed: June 29, 2020
    Publication date: October 22, 2020
    Inventors: Rajiv Krishnamurthy, Laxmikant Gunda
  • Patent number: 10802893
    Abstract: Some embodiments of the invention provide a method for performing services on an endpoint machine in a datacenter. On the endpoint machine, the method installs a guest introspection (GI) agent and a service engine. In some embodiments, the GI agent and the service engine are part of one monitor agent that is installed on the endpoint machine. The method then registers with a set of one or more notification services on the endpoint machine, the GI agent to receive notifications regarding new data message flow events on the endpoint machine. Through the notifications, the GI agent captures contextual data items regarding new data message flows, and stores the captured contextual data items. The service engine then performs a service for the data message flow based on the captured contextual data.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: October 13, 2020
    Assignee: NICIRA, INC.
    Inventors: Arijit Chanda, Rajiv Krishnamurthy, Arnold K. Poon, Tori Chen
  • Publication number: 20200244702
    Abstract: This disclosure presents processes and systems that translate policies defined for virtual objects, such as virtual servers, applications, and databases, of a distributed computing system into identity information of services provided by virtual objects to computing devices located outside the distributed computing system. Processes and systems form object graphs of computing device identity information, virtual objects, and virtual object identify information. Processes and systems translate polices for controlling network between the computing devices and the virtual objects into identity information of the computing devices and the virtual objects. The identify information of the virtual objects and the computing devices is used to create rules for controlling network traffic between the virtual objects and the computing devices.
    Type: Application
    Filed: December 13, 2019
    Publication date: July 30, 2020
    Inventors: PRASHANT AMBARDEKAR, Rajiv Krishnamurthy, Prayas Gaurav, Ujwala Kawalay, Gurrprit Johal
  • Publication number: 20200228571
    Abstract: Embodiments of the present disclosure relate to enforcing universal security policies across data centers. Embodiments include receiving, from a user, a first universal security policy (USP) related to a first universal policy group. Embodiments include identifying a first data center as an enforcement point for the first USP. Embodiments include automatically generating, at the first data center, a first local security policy based on the first USP. Embodiments include deploying a workload associated with the first universal policy group to the first data center. The first USP is enforced for the workload via the first local security policy.
    Type: Application
    Filed: January 16, 2019
    Publication date: July 16, 2020
    Inventors: Hamza AHARCHAOU, Farzad GHANNADIAN, Amarnath PALAVALLI, Rajiv KRISHNAMURTHY
  • Patent number: 10698714
    Abstract: Methods and apparatus for application and/or context-based management of virtual networks using customizable workflows are disclosed. An example apparatus includes a context engine to monitor data traffic from a virtual machine in a data plane of a virtual network to capture context information to identify an application executing on the virtual machine; and a policy manager to receive the context information to instantiate an application entity corresponding to the application in a policy plane of the virtual network and to generate a policy associated with the application entity in the policy plane of the virtual network, the policy and the application entity enabling monitoring and management of the application via the policy plane.
    Type: Grant
    Filed: April 7, 2017
    Date of Patent: June 30, 2020
    Assignee: Nicira, Inc.
    Inventors: Rajiv Krishnamurthy, Laxmikant Gunda
  • Publication number: 20200186534
    Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.
    Type: Application
    Filed: December 7, 2018
    Publication date: June 11, 2020
    Applicant: VMware, Inc.
    Inventors: Arijit CHANDA, Venkat RAJAGOPALAN, Rajiv MORDANI, Arnold POON, Rajiv KRISHNAMURTHY, Farzad GHANNADIAN, Sirisha MYNENI
  • Patent number: 10545934
    Abstract: A dataset management system (“system”) reduces the amount of data to be stored for future analyses. The system determines a sampling rate of the data based on a required level of accuracy, and samples the data at the determined sampling rate. Initially, all data transactions (“full dataset”) and the sampled data (“sampled dataset”) are logged and stored. Based upon a trigger condition, e.g., after a specified period, the full dataset and the sampled dataset are analyzed separately and the analysis results are compared. If the comparison is sufficiently similar (i.e., the sampling produces a sufficiently accurate set of data or a variance between the analysis results of the datasets is within a specified threshold), the system discontinues full data logging and stores only the sampled dataset. Further, the full dataset is deleted. The sampling thus reduces the required data volume significantly, thereby minimizing consumption of the storage space.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: January 28, 2020
    Assignee: Facebook, Inc.
    Inventors: Hongzhong Jia, Rajiv Krishnamurthy, Lin Qiao, Joshua David Metzler
  • Publication number: 20190280949
    Abstract: Some embodiments provide a method for monitoring a distributed application. The method receives a request to perform data collection for the distributed application. The method identifies data compute nodes (DCNs) that implement the distributed application. The method sends commands to host machines on which the identified DCNs operate to detect events related to the DCNs and provide data regarding the detected events. The method uses the data regarding the detected events to generate a user interface (UI) display of the topology of the distributed application.
    Type: Application
    Filed: March 8, 2018
    Publication date: September 12, 2019
    Inventors: Bin Wang, Margaret Petrus, Farzad Ghannadian, Rajiv Krishnamurthy
  • Publication number: 20190273625
    Abstract: A novel method for performing replication of messages in a network that bridges one or more physical networks to an overlay logical network is provided. A physical gateway provides bridging between network nodes of a physical network and virtual machines in the overlay logical network by serving as an endpoint of the overlay logical network. The physical gateway does not replicate messages from the bridged physical network to destination endpoints in the overlay logical network directly, but instead tunnels the message-to-be-replicated to a designated tunnel endpoint in the overlay logical network. The designated tunnel endpoint in turn replicates the message that was tunneled to it to other endpoints in the overlay logical network.
    Type: Application
    Filed: May 18, 2019
    Publication date: September 5, 2019
    Inventors: Alexander Tessmer, Mukesh Hira, Rajiv Krishnamurthy, Ram Dular Singh, Xuan Zhang, Hua Wang
  • Publication number: 20190238429
    Abstract: Some embodiments of the invention provide a method for performing services on an endpoint machine in a datacenter. On the endpoint machine, the method installs a guest introspection (GI) agent and a service engine. In some embodiments, the GI agent and the service engine are part of one monitor agent that is installed on the endpoint machine. The method then registers with a set of one or more notification services on the endpoint machine, the GI agent to receive notifications regarding new data message flow events on the endpoint machine. Through the notifications, the GI agent captures contextual data items regarding new data message flows, and stores the captured contextual data items. The service engine then performs a service for the data message flow based on the captured contextual data.
    Type: Application
    Filed: January 26, 2018
    Publication date: August 1, 2019
    Inventors: Arijit Chanda, Rajiv Krishnamurthy, Arnold K. Poon, Tori Chen
  • Publication number: 20190235934
    Abstract: Some embodiments of the invention provide a method for performing services on an endpoint machine in a datacenter. On the endpoint machine, the method installs a guest introspection (GI) agent and a service engine. In some embodiments, the GI agent and the service engine are part of one monitor agent that is installed on the endpoint machine. The method then registers with a set of one or more notification services on the endpoint machine, the GI agent to receive notifications regarding new data message flow events on the endpoint machine. Through the notifications, the GI agent captures contextual data items regarding new data message flows, and stores the captured contextual data items. The service engine then performs a service for the data message flow based on the captured contextual data.
    Type: Application
    Filed: January 26, 2018
    Publication date: August 1, 2019
    Inventors: Arijit Chanda, Rajiv Krishnamurthy, Arnold K. Poon, Tori Chen