Patents by Inventor VAIBHAV REKHATE
VAIBHAV REKHATE has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11888899Abstract: Example methods are provided for flow-based forwarding element configuration in a network environment. An example method may comprise obtaining a set of security policies associated with the group of workloads; and based on the set of security policies, identifying an allowed forwarding path between a destination and a first workload. The method may also comprise configuring a whitelist set of flow entries and sending configuration information to the flow-based forwarding element to cause the flow-based forwarding element to apply the whitelist set. The whitelist set may include a first flow entry specifying match fields and a first action to allow communication over the allowed forwarding path, but excludes a second flow entry specifying a second action to block communication over a forbidden forwarding path between the destination and the second workload. The match fields may include transport layer information and network layer information.Type: GrantFiled: March 8, 2018Date of Patent: January 30, 2024Assignee: Nicira, Inc.Inventors: Vasantha Kumar, Sandeep Kasbe, Nidhi Sharma, Vaibhav Rekhate, Sriram Gopalakrishnan
-
Patent number: 11811879Abstract: Described herein are systems, methods, and software to enhance packet processing. In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.Type: GrantFiled: May 16, 2022Date of Patent: November 7, 2023Assignee: Nicira, Inc.Inventors: Nilesh Awate, Vivek Parikh, Amit Vasant Patil, Vaibhav Rekhate
-
Patent number: 11507653Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.Type: GrantFiled: December 27, 2018Date of Patent: November 22, 2022Assignee: VMware, Inc.Inventors: Vaibhav Rekhate, Nilesh Awate, Amit Vasant Patil, Vijay Ganti
-
Publication number: 20220279044Abstract: Described herein are systems, methods, and software to enhance packet processing. In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.Type: ApplicationFiled: May 16, 2022Publication date: September 1, 2022Inventors: Nilesh Awate, Vivek Parikh, Amit Vasant Patil, Vaibhav Rekhate
-
Patent number: 11336733Abstract: Described herein are systems, methods, and software to enhance packet . In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.Type: GrantFiled: September 10, 2018Date of Patent: May 17, 2022Assignee: Nicira, Inc.Inventors: Nilesh Awate, Vivek Parikh, Amit Vasant Patil, Vaibhav Rekhate
-
Publication number: 20200193026Abstract: Techniques for detecting application updates in data centers are disclosed. In one example, process information and corresponding metadata associated with a first process event of an application running on a first application host may be received. Upon receiving, the metadata associated with the first process event may be compared with statistical metadata associated with a previous version of the application using the process information. Further, the first process event may be detected as associated with a valid upgrade of the application based on the comparison and an application in-guest unit running on the first application host may be notified that the first process event is associated with the valid upgrade based on the detection.Type: ApplicationFiled: April 30, 2019Publication date: June 18, 2020Inventors: VAIBHAV REKHATE, Nilesh Awate, Michael Larkin, Yi Sun
-
Patent number: 10645093Abstract: The technology disclosed herein enables reduction of secure protocol overhead when transferring packets between guest elements on different hosts. In a particular embodiment, the method provides, in a first virtual network interface of a first guest element, receiving one or more first packets from a first guest element directed to a second guest element. In response to determining that the first packets will be encapsulated in a secure protocol having a first integrity check procedure provided for by the secure protocol, the method provides refraining to perform a transmit-side portion of a second integrity check procedure on the first packets as provided for by a transport protocol. The method further provides passing the first packets to a first host of the first virtual network interface in the transport protocol.Type: GrantFiled: August 23, 2017Date of Patent: May 5, 2020Assignee: Nicira, Inc.Inventors: Vasantha Kumar, Vaibhav Rekhate, Nidhi Sharma, Sriram Gopalakrishnan
-
Publication number: 20200065478Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.Type: ApplicationFiled: December 27, 2018Publication date: February 27, 2020Inventors: Vaibhav Rekhate, Nilesh Awate, Amit Vasant Patil, Vijay Ganti
-
Publication number: 20190394281Abstract: Described herein are systems, methods, and software to enhance packet . In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.Type: ApplicationFiled: September 10, 2018Publication date: December 26, 2019Inventors: Nilesh Awate, Vivek Parikh, Amit Vasant Patil, Vaibhav Rekhate
-
Publication number: 20190230126Abstract: Example methods are provided for flow-based forwarding element configuration in a network environment. An example method may comprise obtaining a set of security policies associated with the group of workloads; and based on the set of security policies, identifying an allowed forwarding path between a destination and a first workload. The method may also comprise configuring a whitelist set of flow entries and sending configuration information to the flow-based forwarding element to cause the flow-based forwarding element to apply the whitelist set. The whitelist set may include a first flow entry specifying match fields and a first action to allow communication over the allowed forwarding path, but excludes a second flow entry specifying a second action to block communication over a forbidden forwarding path between the destination and the second workload. The match fields may include transport layer information and network layer information.Type: ApplicationFiled: March 8, 2018Publication date: July 25, 2019Inventors: VASANTHA KUMAR, SANDEEP KASBE, NIDHI SHARMA, VAIBHAV REKHATE, SRIRAM GOPALAKRISHNAN
-
Publication number: 20190020662Abstract: The technology disclosed herein enables reduction of secure protocol overhead when transferring packets between guest elements on different hosts. In a particular embodiment, the method provides, in a first virtual network interface of a first guest element, receiving one or more first packets from a first guest element directed to a second guest element. In response to determining that the first packets will be encapsulated in a secure protocol having a first integrity check procedure provided for by the secure protocol, the method provides refraining to perform a transmit-side portion of a second integrity check procedure on the first packets as provided for by a transport protocol. The method further provides passing the first packets to a first host of the first virtual network interface in the transport protocol.Type: ApplicationFiled: August 23, 2017Publication date: January 17, 2019Inventors: VASANTHA KUMAR, VAIBHAV REKHATE, NIKHI SHARMA, SRIRAM GOPALAKRISHNAN