Patents by Inventor Serge Maskalik

Serge Maskalik has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210409453
    Abstract: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced).
    Type: Application
    Filed: September 13, 2021
    Publication date: December 30, 2021
    Inventors: Kaushal Bansal, Uday Masurekar, Aravind Srinivasan, Shadab Shah, Serge Maskalik
  • Patent number: 11194608
    Abstract: Techniques disclosed herein relate to migrating virtual computing instances such as virtual machines (VMs). In one embodiment, VMs are migrated across different virtual infrastructure platforms by, among other things, translating between resource models used by virtual infrastructure managers (VIMs) that manage the different virtual infrastructure platforms. VM migrations may also be validated prior to being performed, including based on resource policies that define what is and/or is not allowed to migrate, thereby providing compliance and controls for borderless data centers. In addition, an agent-based technique may be used to migrate VMs and physical servers to virtual infrastructure, without requiring access to an underlying hypervisor layer.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: December 7, 2021
    Assignee: VMware, Inc.
    Inventors: Allwyn Sequeira, Sachin Thakkar, Serge Maskalik, Debashis Basak, Mark Whipple
  • Patent number: 11184397
    Abstract: An example method of migrating a firewall policy between a first virtual data center and a second virtual data center includes: generating a static firewall from a firewall document at a first firewall server in the first virtual data center, the firewall document defining polices applied to groups of objects in the first virtual data center, the static firewall including firewall rule tuples; sending the static firewall from the first firewall server to a second firewall server in the second virtual data center; migrating a plurality of virtual machines (VMs) from the first virtual data center to the second virtual data center; and importing the firewall document from the first firewall server to the second firewall server by mapping the policies of the first firewall to groups of objects in an inventory of the second virtual data center.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: November 23, 2021
    Assignee: VMware, Inc.
    Inventors: Bhaskar Subramanyam Annadata, Abhinav Vijay Bhagwat, Sachin Thakkar, Debashis Basak, Serge Maskalik
  • Publication number: 20210359945
    Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN.
    Type: Application
    Filed: July 26, 2021
    Publication date: November 18, 2021
    Inventors: Jayant Jain, Anirban Sengupta, Mohan Parthasarathy, Allwyn Sequeira, Serge Maskalik, Rick Lund
  • Patent number: 11122085
    Abstract: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced).
    Type: Grant
    Filed: March 9, 2019
    Date of Patent: September 14, 2021
    Assignee: NICIRA, INC.
    Inventors: Kaushal Bansal, Uday Masurekar, Aravind Srinivasan, Shadab Shah, Serge Maskalik
  • Publication number: 20210258254
    Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.
    Type: Application
    Filed: May 4, 2021
    Publication date: August 19, 2021
    Inventors: Ariel Tubaltsev, Ronghua Zhang, Benjamin C. Basler, Serge Maskalik, Rajiv Ramanathan, David J. Leroy, Srinivas Neginhal, Kai-Wei Fan, Ansis Atteka
  • Patent number: 11095709
    Abstract: A hybrid cloud computing system having a private data center and a public cloud computing system is discussed. The private data center is managed by a first organization. The public cloud computing system is managed by a second organization, and the first organization is a tenant in the public cloud computing system. The hybrid cloud computing system is configured to generate a mapping that contextualizes virtual objects migrated between the private data center and the public cloud computing system based on the objects' location. Such a mapping is maintained to expose the true hybridity of the hybrid cloud rather than present two distinct views of a private data center (or private cloud) and a public cloud.
    Type: Grant
    Filed: August 12, 2019
    Date of Patent: August 17, 2021
    Assignee: VMware, Inc.
    Inventors: Sachin Thakkar, Debashis Basak, Serge Maskalik, Mark Bryan Whipple, Aarti Kumar Gupta
  • Patent number: 11075842
    Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: July 27, 2021
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Mohan Parthasarathy, Allwyn Sequeira, Serge Maskalik, Rick Lund
  • Publication number: 20210203550
    Abstract: A method of deploying a network service across a plurality of data centers, includes the steps of: in response to a request for or relating to a network service, identifying virtual network functions associated with the network service and determining network connectivity requirements of the virtual network functions, issuing commands to provision a first virtual link between at least two of the data centers in which the virtual network functions are to be deployed, and issuing commands to provision a second virtual link to one of the data centers in which the virtual network functions are to be deployed.
    Type: Application
    Filed: December 22, 2020
    Publication date: July 1, 2021
    Inventors: Sachin Thakkar, Abhinav Vijay Bhagwat, Weiqing Wu, Serge Maskalik, Uday Suresh Masurekar
  • Patent number: 11025543
    Abstract: Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router.
    Type: Grant
    Filed: January 29, 2020
    Date of Patent: June 1, 2021
    Assignee: NICIRA, INC.
    Inventors: Ariel Tubaltsev, Ronghua Zhang, Benjamin C Basler, Serge Maskalik, Rajiv Ramanathan, David J Leroy, Srinivas Neginhal, Kai-Wei Fan, Ansis Atteka
  • Patent number: 11012507
    Abstract: Techniques leveraging CPU flow affinity to increase throughput of a layer 2 (L2) extension network are disclosed. In one embodiment, an L2 concentrator appliance, which bridges a local area network (LAN) and a wide area network (WAN) in a stretched network, is configured such that multiple Internet Protocol Security (IPsec) tunnels are pinned to respective CPUs or cores, which each process traffic flows for one of the IPsec tunnels. Such parallelism can increase the throughput of the stretched network. Further, an L2 concentrator appliance that receives FOU packets is configured to distribute the received FOU packets across receive queues based a deeper inspection of inner headers of such packets.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: May 18, 2021
    Assignee: VMware, Inc.
    Inventors: Laxminarayana Tumuluru, Todd Sabin, Weiqing Wu, Serge Maskalik, Sachin Thakkar
  • Patent number: 11005963
    Abstract: Connectivity between data centers in a hybrid cloud system is optimized by pre-loading a wide area network (WAN) optimization appliance in a first data center with data to initialize at least one WAN optimization of application. The first data center is managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center. The described technique includes receiving application packets having the application data generated by an application executing in the first data center at the WAN optimization appliance from a first gateway in the first data center, and performing the at least one WAN optimization on the application packets using the pre-loaded data to initialize the at least one WAN optimization.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: May 11, 2021
    Assignee: VMware, Inc.
    Inventors: Serge Maskalik, Govind Haridas, Weiqing Wu, Aravind Srinivasan, Sachin Thakkar
  • Publication number: 20210132981
    Abstract: A method of deploying a virtual network function of a network service in a data center having a cloud management server running a cloud computing management software to provision virtual infrastructure resources of the data center to at least one tenant, includes generating at least first and second API calls to the cloud computing management software in response to external commands received at the data center to deploy a virtual network function, and executing at least the first and second API calls by the cloud computing management software to deploy the virtual network function. The cloud computing management software creates at least one virtual machine by executing the first API call and at least one virtual disk by executing the second API call.
    Type: Application
    Filed: November 4, 2020
    Publication date: May 6, 2021
    Inventors: Sachin THAKKAR, Allwyn M. SEQUEIRA, Serge MASKALIK, Debashis BASAK, Akshatha SATHYANARAYAN
  • Publication number: 20210135957
    Abstract: A method of deploying a network service across multiple data centers, each having a cloud management server running a cloud computing management software to provision virtual infrastructure resources thereof for a first tenant among a plurality of tenants, includes maintaining for each data center static inventory data that indicate virtual infrastructure resources that are available thereat to the first tenant, identifying, in response to a network service request for the first tenant, a virtual network function associated with the network service, generating commands to deploy the virtual network function based on a descriptor of the virtual network function, selecting one of the data centers in which the virtual network function is to be deployed based on the descriptor of the virtual network function and the static inventory data of each data center, and issuing the commands to the selected data center to deploy the virtual network function.
    Type: Application
    Filed: November 4, 2020
    Publication date: May 6, 2021
    Inventors: Sachin THAKKAR, Allwyn M. SEQUEIRA, Serge MASKALIK, Debashis BASAK, Mark Bryan WHIPPLE
  • Publication number: 20210132980
    Abstract: A method of deploying a network service (NS) across multiple data centers includes identifying virtual network functions (VNFs) associated with the NS in response to a request for or relating to the NS, generating commands to deploy VNFs based on VNF descriptors, and issuing the commands to the data centers to deploy VNFs. The data centers each have a cloud management server in which cloud computing management software is run to provision virtual infrastructure resources thereof for a plurality of tenants. The cloud computing management software of a first data center is different from the cloud computing management software of a second data center, and the commands issued to the first and second data centers are each a generic command that is not in a command format of the cloud computing management software of either the first data center or the second data center.
    Type: Application
    Filed: November 4, 2020
    Publication date: May 6, 2021
    Inventors: Sachin THAKKAR, Allwyn M. SEQUEIRA, Serge MASKALIK, Debashis BASAK, Akshatha SATHYANARAYAN
  • Patent number: 10757170
    Abstract: Conditional address translation is performed in a multi-tenant cloud infrastructure to effectively support tenant-assigned addresses. For each tenant, the multi-tenant cloud infrastructure deploys both a private network used to communicate between the tenant and the cloud and a tenant-facing gateway to manage the private network. The multi-tenant cloud infrastructure also includes an externally-facing gateway used to communicate between the multi-tenant cloud and a public network. The tenant-facing gateways are configured to bypass address translation—providing consistent addressing across each private network irrespective of the physical location of resources linked by the private network. By contrast, the public-facing gateway is configured to translate source addresses in outgoing packets to addresses that are unique within the public network.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: August 25, 2020
    Assignee: VMware, Inc.
    Inventors: Sachin Thakkar, Debashis Basak, Serge Maskalik, Weiqing Wu, Aravind Srinivasan
  • Patent number: 10754577
    Abstract: A method of transferring data between local and remote computing systems includes the step of transferring data between the local and remote computing systems via a local buffer in the local computing system and a series of steps carried out during transferring of data from the local to the remote computing system. The steps include receiving a statistic from the remote computing system, computing an average transfer rate of the data transfer between the local and remote computing systems based on the statistic, determining whether or not a throttle condition is in effect based on the computed average transfer rate, and upon determining that the throttle condition is in effect, throttling the transferring of data into the local buffer.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: August 25, 2020
    Assignee: VMware, Inc.
    Inventors: Siddharth Ekbote, Todd Sabin, Serge Maskalik
  • Patent number: 10735452
    Abstract: A method of transferring a virtual machine between a virtualized computing system and a cloud computing system includes determining that a virtual machine is to be transferred from a virtualized computing system to a cloud computing system and determining a connection between a first resource in the virtualized computing system and a second resource in the cloud computing system. Files that enable implementation of the virtual machine at the virtualized computing system and identified, as are file portions of the files for transfer from the virtualized computing system to the cloud computing system. At least one compliance check is executed on each of the file portions using at least one compliance checker. Each of the file portions that fails a compliance check is blocked from being maintained in the cloud computing system.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: August 4, 2020
    Assignee: VMware, Inc.
    Inventors: Sachin Thakkar, Serge Maskalik, Debashis Basak, Allwyn Sequeira, Govind Haridas
  • Publication number: 20200244550
    Abstract: One or more examples provide techniques for providing a multi-site wide area network in a cloud computing system. In an example, a method of providing a multi-site wide area network (WAN) in a cloud computing system includes: creating a plurality of sites; creating a compute profile in each of the plurality of sites, each compute profile having a compute cluster of virtual machines (VMs); creating a service mesh having the compute profile of each of the plurality of sites; and deploying an application to the service mesh.
    Type: Application
    Filed: May 17, 2019
    Publication date: July 30, 2020
    Inventors: SERGE MASKALIK, Sachin Thakkar, Abhinav Vijay Bhagwat, Uday Masurekar, Weiqing Wu, Narendra Kumar Basur Shankarappa, Hemanth Kumar Pannem, Aravind Srinivasan
  • Patent number: 10721161
    Abstract: An example method of optimizing connectivity between data centers in a hybrid cloud system having a first data center managed by a first organization and a second data center managed by a second organization, the first organization being a tenant in the second data center. The method includes probing a wide area network (WAN) with test packets by varying an internet protocol (IP) flow tuple of the test packets across a set of IP flows. The method includes identifying a plurality of paths between a gateway of the first data center and another gateway of the second data center associated with the set of IP flows. The method further includes selecting an IP flow from the set of IP flows for an application executing in the first data center. The method further includes establishing a path-optimized connection between the gateway and the other gateway through the WAN having the selected IP flow for use by the application.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: July 21, 2020
    Assignee: VMware, Inc.
    Inventors: Serge Maskalik, Weiqing Wu, Debashis Basak, Sachin Thakkar, Allwyn Sequeira