Patents by Inventor Rajiv Mordani
Rajiv Mordani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240154865Abstract: Some embodiments provide a method for a connection server that handles connections between a network management system in a public cloud and datacenters managed by the network management system. The method receives (i) a first application programming interface (API) request for a first local network manager located at a first datacenter belonging to a first datacenter group of a first tenant and (ii) a second API request for a second local network manager located at a second datacenter belonging to a second datacenter group of a second tenant. Based on site identifiers respectively associated with the first and second datacenters and included in the first and second API requests, the method respectively sends the first and second API requests to the first and second local network managers via first and second connections previously initiated by the first and second local network managers.Type: ApplicationFiled: May 10, 2023Publication date: May 9, 2024Inventors: Sudipta Biswas, Rajiv Mordani, Aditya Prakash Vaja, Monotosh Das
-
TRANSLATION OF API REQUESTS FOR CONNECTION BETWEEN NETWORK MANAGEMENT SYSTEM AND MANAGED DATACENTERS
Publication number: 20240152376Abstract: Some embodiments provide a method for a connection server that handles a connection between a network management system in a public cloud and a datacenter belonging to a datacenter group managed by the network management system. The method receives an API request, having a first format, for a local network manager located at the datacenter. The method translates the API request into a second format used by the connection between the network management system and the datacenter. The connection is a type that (i) allows for the connection server to push data onto the connection when the connection is initiated by a connection agent at the datacenter and (ii) uses the second format. The method sends the translated API request in the second format to the connection agent via the connection. The connection agent translates the API request into the first format for execution at the local network manager.Type: ApplicationFiled: May 10, 2023Publication date: May 9, 2024Inventors: Sudipta Biswas, Rajiv Mordani, Aditya Prakash Vaja, Monotosh Das -
Publication number: 20240152379Abstract: Some embodiments provide a method for generating microsegmentation recommendations, performed by a network monitoring service implemented in a public cloud to monitor data flows for a group of datacenters. The method receives a selection of a set of logical network compute nodes (LNCNs) located at a particular datacenter for which to generate recommended rules. The method analyzes flows collected by the network monitoring service in order to generate a set of recommended rules relating to the set of LNCNs. The method provides the set of rules to a local manager at the particular datacenter for the local manager to configure network elements at the particular datacenter to enforce the set of rules. The rules use compute node identifiers for LNCNs located at the particular datacenter and network addresses for LNCNs located at other datacenters as the local manager does not store data regarding compute nodes located at the other datacenters.Type: ApplicationFiled: May 10, 2023Publication date: May 9, 2024Inventors: Sunitha Krishna, Rajiv Mordani, Radha Popuri, Yaqi Wang, Yiwei Zhang
-
Publication number: 20240154878Abstract: Some embodiments provide a method for providing a visualization of data flows for a logical network spanning a group of datacenters. The method receives a selection of a particular datacenter in the group of datacenters for which to display a flow visualization. The method generates a flow visualization for the particular datacenter including (i) representations of data flows between pairs of logical network compute nodes located within the particular datacenter, (ii) representations of data flows between logical network compute nodes located within the particular datacenter and logical network compute nodes at other datacenters in the group of datacenters, and (iii) representations of data flows between logical network compute nodes located within the particular datacenter and endpoints external to the group of datacenters. The method displays the generated flow visualization within a graphical user interface (GUI).Type: ApplicationFiled: May 10, 2023Publication date: May 9, 2024Inventors: Sunitha Krishna, Rajiv Mordani, Radha Popuri, Bofeng Hu, Suresh Nagar, Yili Zou
-
Patent number: 11949660Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.Type: GrantFiled: July 25, 2022Date of Patent: April 2, 2024Assignee: VMware, Inc.Inventors: Arnold Poon, Sirisha Myneni, Rajiv Mordani, Aditi Vutukuri
-
Publication number: 20240031246Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, merges two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two attribute sets. In some embodiments, a visualization process includes identifying machines as members of groups and identifying machines that are connected. The visualization process, in some embodiments, also generates a graphical user interface that can be used to select groups of machines, domains, or individual machines and displays contextual attributes relevant to the selected group, domain, or machine.Type: ApplicationFiled: July 27, 2023Publication date: January 25, 2024Inventors: Rajiv Mordani, Shankar Vilayannur Natarajan, Suresh Nagar, Ashish Patel, Vinith Podduturi, Tea Liukkonen-Olmiala, Vaishnavi Ramamoorthy, Ashish Shendure
-
Patent number: 11880679Abstract: In accordance with an embodiment, described herein is a system and method for supporting patching in a multi-tenant application server environment. The system can associate one or more partitions with a tenant, for use by that tenant, wherein a partition is a runtime and administrative subdivision or slice of a domain. A patching process can take advantage of high-availability features provided by an application server clustering environment, to apply patches in a controlled, rolling restart, which maintains a domain's ability to operate without interruption, or with zero downtime. The process can be used to automate complex or long running tasks, including preserving an unpatched or prior version of an application server, application, or other software component for possible rollback, or providing automatic reversion in the event of an unrecoverable error.Type: GrantFiled: September 19, 2022Date of Patent: January 23, 2024Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Nazrul Islam, Jacob Lindholm, Josh Dorr, Christopher Kasso, Yamini K Balasubramanyam, Steven Liu, Rajiv Mordani, Abhijit Kumar
-
Publication number: 20240004689Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: ApplicationFiled: June 19, 2023Publication date: January 4, 2024Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Ashish Shendure, Ashish Patel, Farzad Ghannadian
-
Patent number: 11831667Abstract: Some embodiments provide a method for detecting a threat to a datacenter. The method generates a graph of connections between data compute nodes (DCNs) in the datacenter. Each connection has an associated time period during which the connection is active. The method receives an anomalous event occurring during a particular time period at a particular DCN operating in the datacenter. The method analyzes the generated graph to determine a set of paths between DCNs in the datacenter that include connections to the particular DCN during the particular time period. The method uses the set of paths to identify a threat to the datacenter.Type: GrantFiled: July 9, 2021Date of Patent: November 28, 2023Assignee: VMWARE, INC.Inventors: Tejas Sanjeev Panse, Aditi Vutukuri, Arnold Koon-Chee Poon, Rajiv Mordani, Margaret Petrus
-
Patent number: 11792151Abstract: Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.Type: GrantFiled: October 21, 2021Date of Patent: October 17, 2023Assignee: VMWARE, INC.Inventors: Tejas Sanjeev Panse, Aditi Vutukuri, Arnold Koon-Chee Poon, Rajiv Mordani, Margaret Petrus
-
Patent number: 11785032Abstract: Some embodiments provide a method for identifying security threats to a datacenter. From multiple host computers in the datacenter, the method receives data indicating port usage for a particular time period for each of multiple destination data compute nodes (DCNs) executing on the host computers. For each DCN of a set of the destination DCNs, identifies whether the port usage for the particular time period deviates from a historical baseline port usage for the DCN. When the port usage for a particular DCN deviates from the historical baseline for the particular DCN, the method identifies the particular DCN as a target of a security threat.Type: GrantFiled: April 1, 2021Date of Patent: October 10, 2023Assignee: VMWARE, INC.Inventors: Santhanakrishnan Kaliya Perumal, Tejas Sanjeev Panse, Aditi Vutukuri, Rajiv Mordani, Margaret Petrus
-
SYSTEM AND METHOD FOR SUPPORTING MULTI-TENANCY IN AN APPLICATION SERVER, CLOUD, OR OTHER ENVIRONMENT
Publication number: 20230300083Abstract: In accordance with an embodiment, described herein is a system and method for supporting multi-tenancy in an application server, cloud, on-premise, or other environment, which enables categories of components and configurations to be associated with particular application instances or partitions. Resource group templates define, at a domain level, collections of deployable resources that can be referenced from resource groups. Each resource group is a named, fully-qualified collection of deployable resources that can reference a resource group template. A partition provides an administrative and runtime subdivision of the domain, and contains one or more resource groups. Each resource group can reference a resource group template, to bind deployable resources to partition-specific values, for use by the referencing partition. A tenant of the application server or cloud environment can be associated with a partition, or applications deployed therein, for use by that tenant.Type: ApplicationFiled: May 26, 2023Publication date: September 21, 2023Inventors: Rajiv Mordani, Nazrul Islam, Abhijit Kumar, Timothy Quinn, Peter Bower, Lawrence Feigen, Joseph DiPol -
Patent number: 11765174Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.Type: GrantFiled: December 7, 2018Date of Patent: September 19, 2023Assignee: VMware, Inc.Inventors: Arijit Chanda, Venkat Rajagopalan, Rajiv Mordani, Arnold Poon, Rajiv Krishnamurthy, Farzad Ghannadian, Sirisha Myneni
-
Patent number: 11743135Abstract: Some embodiments provide a novel method for receiving a plurality of attribute sets from a set of host computers, each attribute set associated with a group of one or more flows that is created by using a key to associate individual flows into the group of flows. The appliance, in some embodiments, merges two identified attribute sets into one merged attribute set and analyzes the merged attribute set to identify a set of properties of the flows in the groups of flows associated with the two attribute sets. In some embodiments, a visualization process includes identifying machines as members of groups and identifying machines that are connected. The visualization process, in some embodiments, also generates a graphical user interface that can be used to select groups of machines, domains, or individual machines and displays contextual attributes relevant to the selected group, domain, or machine.Type: GrantFiled: July 23, 2019Date of Patent: August 29, 2023Assignee: VMWARE, INC.Inventors: Rajiv Mordani, Shankar Vilayannur, Suresh Nagar, Ashish Patel, Vinith Podduturi, Tea Liukkonen-Olmiala, Vaishnavi Ramamoorthy, Ashish Shendure
-
Patent number: 11722356Abstract: Certain embodiments described herein are directed to a method of receiving information associated with a service provided by a management plane for managing a remote network. The method, in one example, includes registering, at an adapter container, with a data store or an entity within a service instance of a service deployment associated with a service within a software-defined networking environment associated with the remote network, wherein the service is provided for managing a remote network, and wherein registering with the data store or the entity causes the data store or the entity to send information associated with the service instance to the adapter when information is available. The method also includes receiving, at the adapter container, information from the data store or the entity. The method also includes transforming the information from a first format to a second format. The method also includes transmitting the information to an endpoint.Type: GrantFiled: January 9, 2020Date of Patent: August 8, 2023Assignee: VMware, Inc.Inventors: Amarnath Palavalli, Rajiv Mordani, Josh Dorr
-
Patent number: 11693688Abstract: Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance and providing visual representations of the data to a user. Some embodiments provide a visual representation of the collected data that allows a user to select a set of machines and flows and initiate recommendation generation based on the selected machines and flows. The recommendation generation, in some embodiments, includes identifying flows for which rules have not been defined and filtering the identified rules to remove flows for which rules should not be defined. Some embodiments use the identified rues to identify services and groups associated with the rules and generate recommendations for rules, groups and services based on the identified flows, groups and services. The recommendations, in some embodiments, are implemented as a single PATCH API.Type: GrantFiled: May 23, 2022Date of Patent: July 4, 2023Assignee: VMWARE, INC.Inventors: Sunitha Krishna, Kausum Kumar, Rajiv Mordani, Ashish Shendure, Ashish Patel, Farzad Ghannadian
-
System and method for supporting multi-tenancy in an application server, cloud, or other environment
Patent number: 11683274Abstract: In accordance with an embodiment, described herein is a system and method for supporting multi-tenancy in an application server, cloud, on-premise, or other environment, which enables categories of components and configurations to be associated with particular application instances or partitions. Resource group templates define, at a domain level, collections of deployable resources that can be referenced from resource groups. Each resource group is a named, fully-qualified collection of deployable resources that can reference a resource group template. A partition provides an administrative and runtime subdivision of the domain, and contains one or more resource groups. Each resource group can reference a resource group template, to bind deployable resources to partition-specific values, for use by the referencing partition. A tenant of the application server or cloud environment can be associated with a partition, or applications deployed therein, for use by that tenant.Type: GrantFiled: April 28, 2022Date of Patent: June 20, 2023Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Rajiv Mordani, Nazrul Islam, Abhijit Kumar, Timothy Quinn, Peter Bower, Lawrence Feigen, Joseph DiPol -
Publication number: 20230131894Abstract: Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.Type: ApplicationFiled: October 21, 2021Publication date: April 27, 2023Inventors: Tejas Sanjeev Panse, Aditi Vutukuri, Arnold Koon-Chee Poon, Rajiv Mordani, Margaret Petrus
-
Publication number: 20230032267Abstract: In accordance with an embodiment, described herein is a system and method for supporting partitions in a multitenant application server environment. In accordance with an embodiment, an application server administrator (e.g., a WLS administrator) can create or delete partitions; while a partition administrator can administer various aspects of a partition, for example create resource groups, deploy applications to a specific partition, and reference specific realms for a partition. Resource groups can be globally defined at the domain, or can be specific to a partition. Applications can be deployed to a resource group template at the domain level, or to a resource group scoped to a partition or scoped to the domain. The system can optionally associate one or more partitions with a tenant, for use by the tenant.Type: ApplicationFiled: October 17, 2022Publication date: February 2, 2023Inventors: RAJIV MORDANI, NAZRUL ISLAM, JOSEPH DIPOL, PETER BOWER, TIMOTHY QUINN, LAWRENCE FEIGEN, ABHIJIT KUMAR
-
Publication number: 20230023262Abstract: In accordance with an embodiment, described herein is a system and method for supporting patching in a multi-tenant application server environment. The system can associate one or more partitions with a tenant, for use by that tenant, wherein a partition is a runtime and administrative subdivision or slice of a domain. A patching process can take advantage of high-availability features provided by an application server clustering environment, to apply patches in a controlled, rolling restart, which maintains a domain's ability to operate without interruption, or with zero downtime. The process can be used to automate complex or long running tasks, including preserving an unpatched or prior version of an application server, application, or other software component for possible rollback, or providing automatic reversion in the event of an unrecoverable error.Type: ApplicationFiled: September 19, 2022Publication date: January 26, 2023Inventors: Nazrul Islam, Jacob Lindholm, Josh Dorr, Christopher Kasso, Yamini K. Balasubramanyam, Steven Liu, Rajiv Mordani, Abhijit Kumar