Patents by Inventor Zvi Cahana
Zvi Cahana has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11570178Abstract: A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved.Type: GrantFiled: October 26, 2020Date of Patent: January 31, 2023Assignee: International Business Machines CorporationInventors: Etai Lev Ran, Alexey Roytman, Zvi Cahana, Idan Zach, Michal Malka, Vita Bortnikov
-
Publication number: 20220131865Abstract: A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved.Type: ApplicationFiled: October 26, 2020Publication date: April 28, 2022Inventors: Etai Lev Ran, Alexey Roytman, Zvi Cahana, Idan Zach, Michal Malka, Vita Bortnikov
-
Patent number: 10841336Abstract: Examples of techniques for selectively providing mTLS using alternative server names are described herein. An example system includes a processor to generate an alternative server name in response to detecting a legacy indicator. The processor is to also associate the alternative server name with an address of a pod. The processor is to further configure a proxy associated with the pod to selectively provide mutual transport layer security (mTLS) based on the alternative server name.Type: GrantFiled: May 21, 2018Date of Patent: November 17, 2020Assignee: International Business Machines CorporationInventors: Zvi Cahana, Etai Lev-Ran, Idan Zach, Shriram Rajagopalan
-
Patent number: 10521447Abstract: An example system and method includes a processor to receive an image ID corresponding to a container image of a container to be run. The processor is to also send the image ID to a registry. The processor is also to receive an image metadata corresponding to the image ID from the registry. The processor is to store the image metadata on a local file system. The processor is to generate a container comprising an application. The processor is to execute the application using the image metadata.Type: GrantFiled: November 14, 2016Date of Patent: December 31, 2019Assignee: International Business Machines CorporationInventors: Zvi Cahana, Etai Lev-Ran, Idan Zach
-
Publication number: 20190356693Abstract: Examples of techniques for selectively providing mTLS using alternative server names are described herein. An example system includes a processor to generate an alternative server name in response to detecting a legacy indicator. The processor is to also associate the alternative server name with an address of a pod. The processor is to further configure a proxy associated with the pod to selectively provide mutual transport layer security (mTLS) based on the alternative server name.Type: ApplicationFiled: May 21, 2018Publication date: November 21, 2019Inventors: Zvi Cahana, Etai Lev-Ran, Idan Zach, Shriram Rajagopalan
-
Publication number: 20190354386Abstract: A system for executing one or more operating-system-level virtualization software objects (virtualization containers), comprising at least one controller hardware processor, adapted to: receive a request to connect one or more target virtualization containers, executed by at least one target hardware processor, to at least one digital storage connected to the at least one target hardware processor via at least one data communication network interface; and instruct execution of one or more management virtualization containers on the at least one target hardware processor, such that executing the one or more management virtualization containers configures the one or more target virtualization containers to direct at least one access to the at least one file system of the one or more target virtualization containers to the at least one digital storage.Type: ApplicationFiled: May 21, 2018Publication date: November 21, 2019Inventors: Zvi Cahana, Etai Lev-Ran, Or Ozeri, Idan Zach
-
Patent number: 10425475Abstract: In some examples, a system for managing distributed data can include a processor to detect an update notification from a client device to update a managing server, the update notification indicating that a remote server node is unavailable. The processor can also generate a comparison value by comparing a first time stamp to a second time stamp, wherein the first time stamp corresponds to a time at which the system receives the update notification from the client device and the second time stamp corresponds to a time the remote server node transmits a set of renewal data. Furthermore, the processor can determine that the comparison value indicates the remote server node is unavailable and remove the remote server node from the managing server.Type: GrantFiled: February 27, 2017Date of Patent: September 24, 2019Assignee: International Business Machines CorporationInventors: Zvi Cahana, Etai Lev-Ran, Idan Zach
-
Patent number: 10360410Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.Type: GrantFiled: November 14, 2016Date of Patent: July 23, 2019Assignee: International Business Machines CorporationInventors: Zvi Cahana, Etai Lev-Ran, Idan Zach
-
Patent number: 10341181Abstract: A method and system for implementing a replica network configuration in a distributed system is provided. The system includes a memory having computer readable instructions, and one or more processors for executing the computer readable instructions. The computer readable instructions include generating a replica node that is assigned a computer readable storage medium and a processor, receiving, at the computer readable storage medium, a network configuration of the replica node from a system administrator, automatically generating, using the processor, a unique identifier (UUID) for the replica node, transmitting the UUID to a plurality of replica nodes of the distributed system arranged in the replica network configuration, and storing the UUID in the computer readable storage medium, wherein the computer readable storage medium is a persistent storage.Type: GrantFiled: March 7, 2016Date of Patent: July 2, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Vita Bortnikov, Zvi Cahana, Steven D. Clay, Ifergan S. Shachor, Ilya Shnayderman, Christopher P. Vignola
-
Patent number: 10083217Abstract: A computer-implemented method, computerized apparatus and computer program product, the method comprising: receiving a proposed reconfiguration command, the proposed reconfiguration command indicating a modification of a protocol version employed by a plurality of replica-set processes to an updated protocol version; tentatively agreeing on at least one proposed command following the proposed reconfiguration command, the at least one proposed command being in accordance with the updated protocol version, wherein said tentatively agreeing is decided prior to agreeing on the reconfiguration command; and, responsive to agreeing on the reconfiguration command, committing the tentatively agreed at least one proposed command.Type: GrantFiled: November 26, 2015Date of Patent: September 25, 2018Assignee: International Business Machines CorporationInventors: Vita Bortnikov, Zvi Cahana, Shlomit Ifergan-Shachor, Ilya Shnayderman
-
Publication number: 20180248940Abstract: In some examples, a system for managing distributed data can include a processor to detect an update notification from a client device to update a managing server, the update notification indicating that a remote server node is unavailable. The processor can also generate a comparison value by comparing a first time stamp to a second time stamp, wherein the first time stamp corresponds to a time at which the system receives the update notification from the client device and the second time stamp corresponds to a time the remote server node transmits a set of renewal data. Furthermore, the processor can determine that the comparison value indicates the remote server node is unavailable and remove the remote server node from the managing server.Type: ApplicationFiled: February 27, 2017Publication date: August 30, 2018Inventors: Zvi Cahana, Etai Lev-Ran, Idan Zach
-
Patent number: 10049011Abstract: A processor-implemented method, for continuing operation of a quorum based system is provided. The method detects a loss of quorum. A plurality of speculative configurations is created, whereby each speculative configuration is isolated from other speculative configurations in the quorum based system. Each speculative configuration continues to order requests during the creation of speculative configurations. The method selects and starts one of the plurality of speculative configurations as a new operational configuration. Ordered requests continue to the new operational configuration. The original configuration of the quorum based system is restarted in response to the plurality of speculative configurations not being isolated.Type: GrantFiled: May 3, 2016Date of Patent: August 14, 2018Assignee: International Business Machines CorporationInventors: Vita Bortnikov, Zvi Cahana, Shlomit I. Shachor, Ilya Shnayderman
-
Publication number: 20180137296Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.Type: ApplicationFiled: November 14, 2016Publication date: May 17, 2018Inventors: Zvi Cahana, Etai Lev-Ran, Idan Zach
-
Publication number: 20180137174Abstract: An example system and method includes a processor to receive an image ID corresponding to a container image of a container to be run. The processor is to also send the image ID to a registry. The processor is also to receive an image metadata corresponding to the image ID from the registry. The processor is to store the image metadata on a local file system. The processor is to generate a container comprising an application. The processor is to execute the application using the image metadata.Type: ApplicationFiled: November 14, 2016Publication date: May 17, 2018Inventors: Zvi Cahana, Etai Lev-Ran, Idan Zach
-
Publication number: 20170322848Abstract: A processor-implemented method, for continuing operation of a quorum based system is provided. The method detects a loss of quorum. A plurality of speculative configurations is created, whereby each speculative configuration is isolated from other speculative configurations in the quorum based system. Each speculative configuration continues to order requests during the creation of speculative configurations. The method selects and starts one of the plurality of speculative configurations as a new operational configuration. Ordered requests continue to the new operational configuration. The original configuration of the quorum based system is restarted in response to the plurality of speculative configurations not being isolated.Type: ApplicationFiled: May 3, 2016Publication date: November 9, 2017Inventors: Vita Bortnikov, Zvi Cahana, Shlomit I. Shachor, Ilya Shnayderman
-
Publication number: 20170257263Abstract: A method and system for implementing a replica network configuration in a distributed system is provided. The system includes a memory having computer readable instructions, and one or more processors for executing the computer readable instructions. The computer readable instructions include generating a replica node that is assigned a computer readable storage medium and a processor, receiving, at the computer readable storage medium, a network configuration of the replica node from a system administrator, automatically generating, using the processor, a unique identifier (UUID) for the replica node, transmitting the UUID to a plurality of replica nodes of the distributed system arranged in the replica network configuration, and storing the UUID in the computer readable storage medium, wherein the computer readable storage medium is a persistent storage.Type: ApplicationFiled: March 7, 2016Publication date: September 7, 2017Inventors: Vita Bortnikov, Zvi Cahana, Steven D. Clay, Ifergan S. Shachor, Ilya Shnayderman, Christopher P. Vignola
-
Publication number: 20170153881Abstract: A computer-implemented method, computerized apparatus and computer program product, the method comprising: receiving a proposed reconfiguration command, the proposed reconfiguration command indicating a modification of a protocol version employed by a plurality of replica-set processes to an updated protocol version; tentatively agreeing on at least one proposed command following the proposed reconfiguration command, the at least one proposed command being in accordance with the updated protocol version, wherein said tentatively agreeing is decided prior to agreeing on the reconfiguration command; and, responsive to agreeing on the reconfiguration command, committing the tentatively agreed at least one proposed command.Type: ApplicationFiled: November 26, 2015Publication date: June 1, 2017Inventors: Vita Bortnikov, Zvi Cahana, Shlomit Ifergan-Shachor, Ilya Shnayderman