Patent application number | Description | Published |
20110125887 | MANAGING COMMUNICATION BETWEEN NODES IN A VIRTUAL NETWORK - A method for managing communication between nodes in a virtual network is provided. A first computing system utilizes first information to forward first data to the second computing system in a physical network. If the first information is incorrect, the second computing system forwards an unlearning request to the first computing system, and the first computing system updates or deletes the first information. If the first information is not available, the first computing system forwards the first data to a group of computing systems in the physical network by way of a multicast service. Upon receiving the first data, the second computing system or a third computing system in the physical network forwards a learning request to the first computing system, and the first computing system utilizes the learning request to generate the first information. | 05-26-2011 |
20120023208 | MANAGING COMMUNICATION BETWEEN NODES IN A VIRTUAL NETWORK - A method for managing communication between nodes in a virtual network is provided. A first computing system utilizes first information to forward first data to the second computing system in a physical network. If the first information is incorrect, the second computing system forwards an unlearning request to the first computing system, and the first computing system updates or deletes the first information. If the first information is not available, the first computing system forwards the first data to a group of computing systems in the physical network by way of an unknown network service. Upon receiving the first data, the second computing system or a third computing system in the physical network forwards a learning request to the first computing system, and the first computing system utilizes the learning request to generate the first information. | 01-26-2012 |
20120182993 | HYPERVISOR APPLICATION OF SERVICE TAGS IN A VIRTUAL NETWORKING ENVIRONMENT - A physical host executes a virtual machine monitor (VMM) in communication with a plurality of consumer virtual machines (VMs). In response to receipt of a packet, the VMM determines whether a service is to be performed for the packet by a service virtual machine (VM) in communication with the VMM. In response to determining that the service is to be performed for the packet by the service VM, the VMM applies a tag to the packet that differentiates the packet from any other packet sharing a common address with the packet but having a different associated consumer, passes the packet to the service VM for performance of the service, and thereafter removes the tag from the packet in response to receipt of the packet from the service VM following performance of the service. In response to receipt of the packet from the service VM, the VMM forwards the packet. | 07-19-2012 |
20120216194 | HYPERVISOR APPLICATION OF SERVICE TAGS IN A VIRTUAL NETWORKING ENVIRONMENT - A physical host executes a virtual machine monitor (VMM) in communication with a plurality of consumer virtual machines (VMs). In response to receipt of a packet, the VMM determines whether a service is to be performed for the packet by a service virtual machine (VM) in communication with the VMM. In response to determining that the service is to be performed for the packet by the service VM, the VMM applies a tag to the packet that differentiates the packet from any other packet sharing a common address with the packet but having a different associated consumer, passes the packet to the service VM for performance of the service, and thereafter removes the tag from the packet in response to receipt of the packet from the service VM following performance of the service. In response to receipt of the packet from the service VM, the VMM forwards the packet. | 08-23-2012 |
20120303799 | Migration of virtual resources over remotely connected networks - Systems and methods for migrating a virtual resource from a source host in a source network to a destination host in a destination network are provided. In one embodiment, the method comprises establishing a secure communication connection between a source proxy in the source network and a destination proxy in the destination network; and monitoring migration traffic directed from the source host to the source proxy and forwarding said traffic to the destination proxy which in turn forwards the traffic to the destination host over the secure communication connection between the source proxy and the destination proxy, such that the communication addresses of the source host and the destination host remain guarded from direct access by an entity outside of the source network or the destination network. | 11-29-2012 |
20140068620 | TASK EXECUTION & MANAGEMENT IN A CLUSTERED COMPUTING ENVIRONMENT - Machines, systems and methods for task management in a computer implemented system. The method comprises registering a task with brokers residing on one or more nodes to manage the execution of a task to completion, wherein a first broker is accompanied by a first set of worker threads co-located on the node on which the first broker is executed, wherein the first broker assigns responsibility of execution for the task to the one or more worker threads in the first set of co-located worker threads, wherein in response to a failure associated with a first worker thread in the first set, the first broker reassigns the responsibility of execution for the task to a second worker thread in the first set, wherein in response to a failure associated with the first broker, a second broker assigns responsibility of execution for the task to one or more co-located worker threads. | 03-06-2014 |
20140181950 | Performance Optimization in a Secured Computing Environment - Systems and methods for associating a first process with a first state and a first computing environment initialized according to a first set of parameters, wherein a first task is to be performed under a first security context. The method further comprising associating a second process with a second state and a second computing environment initialized according to a second set of parameters; in response to the first process submitting a first request, the second process spawning a third process which has the second state; wherein the third process sets a security context for the third process to the first security context and the third process sets the computing environment for the third process according to a first a set of parameters; executing the third process under the first security context and in association with the second state; and executing the first task in the first computing environment. | 06-26-2014 |
20140330869 | SECURE ISOLATION OF TENANT RESOURCES IN A MULTI-TENANT STORAGE SYSTEM USING A SECURITY GATEWAY - Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic. | 11-06-2014 |
20140330936 | SECURE ISOLATION OF TENANT RESOURCES IN A MULTI-TENANT STORAGE SYSTEMWITH INTER-SERVER COMMUNICATION - A distributed system, machine and method in which execution of a client request is performed by entities located on multiple server nodes, the system comprising a proxy and guard component serving as sole communication exit and entry points on a source node and a target nodes respectively, wherein the source node hands off a request to the target node to service via the proxy and guard component; a mechanism via which the proxy locally extracts a set of tenant-related privileges associated with a client submitting the request for service; wherein the proxy sends the request to the guard via a secured network while attaching a description of the sender's set of tenant privileges to the request. | 11-06-2014 |
20140331337 | SECURE ISOLATION OF TENANT RESOURCES IN A MULTI-TENANT STORAGE SYSTEM USING A GATEKEEPER - Machines, systems and methods for controlling access to data stored on shared storage, servicing a plurality of tenants, the method comprising receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and providing access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant. | 11-06-2014 |