Patent application number | Description | Published |
20120110185 | Distributed Hierarchical Rendering and Provisioning of Cloud Services - Techniques are provided herein for distributed and hierarchical rendering and provisioning of cloud services. At a device in a cloud computing system comprising a plurality of hierarchical levels, a cloud service request is received for rendering and provisioning of a virtual data center. A determination is made as to which aspects of the cloud service request are to be satisfied by devices in a first hierarchical level and which aspects of the cloud service request are to be satisfied by devices in a second hierarchical level and in subsequent hierarchical levels. Rendering and provisioning commands are provided to one or more devices in the first hierarchical level that are selected to satisfy aspects of the cloud service request in the first hierarchical level. A subset cloud service request for aspects of the cloud service request that are to be satisfied by devices in the second hierarchical level is sent to a device in the second hierarchical level. | 05-03-2012 |
20120110186 | Disaster Recovery and Automatic Relocation of Cloud Services - Techniques are provided to move the services performed on one device to another device in a cloud computing system for a variety of reasons including failure, maintenance or upgrade of the device. A notification is received that services performed by an impacted device in a domain of a plurality of hierarchical domains need to be moved. A determination is made as to whether there are replacement resources available in the domain to perform the services, and if so, the replacement resources are automatically rendered to perform the services. The process continues to higher level domains that have a view into the capabilities of subordinate domains in order to determine where to move the services within the cloud computing system. | 05-03-2012 |
20120226789 | Hiearchical Advertisement of Data Center Capabilities and Resources - A cloud computing system is provided comprising a plurality of data centers, each data center comprising a plurality of pods each of which comprises network, compute, storage and service node devices. At a designated device of a data center, data center level capabilities summary data is generated that summarizes the capabilities of the data center. Messages advertising the data center level capabilities summary data is sent from a designated device of each data center to a designated device at a provider edge network level of the computing system. At the designated device at the provider edge network level, provider edge network level capabilities summary data is generated that summarizes capabilities of compute, storage and network devices for each data center as a whole and without exposing individual compute, storage and service node devices in each data center. | 09-06-2012 |
20120226790 | Extensible Attribute Summarization - In one embodiment a method includes at first a network device, identifying an attribute of the first network device, selecting a function that defines how the attribute is to be summarized together with a same attribute of a second network device, generating a message that comprises a set of information comprising an identification of the attribute and the function, and sending the message to, e.g., a next higher node in a network hierarchy of which the network device is a part. Multiple such messages may be received at an aggregation node that then summarizes the attributes according to respective functions, and sends or publishes a summarized version of the attributes to a still next higher node in the network hierarchy. | 09-06-2012 |
20120303618 | Clustering-Based Resource Aggregation within a Data Center - Data representing capabilities of devices in a data is aggregated on a cluster-basis. Information representing capability attributes of devices in the data center is received. The information representing the capability attributes is analyzed to generate data that groups devices based on similarity of at least one capability attribute. Aggregation data is stored that represents the grouping of the devices based on similarity of the at least one capability attribute and identifies the devices in corresponding groups. | 11-29-2012 |
20130297752 | PROVISIONING NETWORK SEGMENTS BASED ON TENANT IDENTITY - In one embodiment, a request is generated for a particular device of a computer network for a unique segment identifier (ID) for a network segment comprising one or more devices sharing a unique tenant ID. The request has a request-context that includes the tenant ID and a protocol of the network segment. The request is transmitted a segment ID manager and, as a result, the segment ID manager generates and transmits a response that indicates the unique segment ID for the network segment based on the request-context. Subsequently, the particular device may then be configured to communicate on the network segment with the one or more devices based on the unique segment ID of the response. | 11-07-2013 |
20140280836 | WORKLOAD BASED SERVICE CHAIN INSERTION IN A NETWORK ENVIRONMENT - An example method for workload based service chain insertion in a network environment is provided and includes partitioning a service-path into fragments at a service controller, where the service-path comprises an ordered sequence of services to be provided to a packet associated with a workload in a network. The method also includes determining a location of service nodes providing the services; and provisioning the fragments at interfaces at a distributed virtual switch. The method could further include generating a plurality of service insertion points corresponding to the fragments at a service dispatcher. The service dispatcher can include a plurality of data plane components, and the service insertion points are generated at the data plane components. | 09-18-2014 |
20150036480 | POLICY-DRIVEN AUTOMATIC REDUNDANT FABRIC PLACEMENT MECHANISM FOR VIRTUAL DATA CENTERS - In one embodiment, a service provider management device provides a plurality of redundant fabric motifs, each indicating a subgraph pattern of logical connections for network segments of a virtual data center, and receives virtual data center tenant selection of one or more of the redundant fabric motifs for particular pairs of data center segments of the virtual data center. After determining available physical data center resources that correspond to the tenant selection of one or more of the redundant fabric motifs for particular pairs of data center segments, logical connections may then be established between particular network segments for the virtual data center according to the available physical data center resources corresponding to the tenant selection of one or more of the redundant fabric motifs for particular pairs of data center segments. | 02-05-2015 |
20150207662 | NETWORK CONTROL SOFTWARE NOTIFICATION WITH ADVANCE LEARNING - Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch detects packets sent by a new or migrated virtual machine, and sends a copy of a detected packet to the network control software as a notification. The switch further learns the source MAC address, thereby permitting the entry to be used for normal forwarding prior to validation of the entry and the VM associated therewith by the network control software. Until the network control software has validated the VM, the switch may periodically retry the notification to the network control software. “No_Redirect” and “Not_Validated” flags may be used to indicate whether a notification has already been attempted and thus no retry is necessary, and that the VM associated with the VM has not yet been validated, respectively. | 07-23-2015 |
20150207663 | NETWORK CONTROL SOFTWARE NOTIFICATION AND INVALIDATION OF STATIC ENTRIES - Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set. | 07-23-2015 |
20150207664 | NETWORK CONTROL SOFTWARE NOTIFICATION WITH DENIAL OF SERVICE PROTECTION - Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set. | 07-23-2015 |
20150207665 | NETWORK CONTROL SOFTWARE NOTIFICATION WITH DENIAL OF SERVICE PROTECTION - Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set. | 07-23-2015 |
20150207666 | NETWORK CONTROL SOFTWARE NOTIFICATION AND INVALIDATION OF STATIC ENTRIES - Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch may redirect a packet sent by a new or migrated virtual machine to the network control software as a notification. The switch does not forward the packet, thereby protecting against denial of service attacks. The switch further adds to a forwarding database a temporary entry which includes a “No_Redirect” flag for a new source MAC address, or updates an existing entry for a source MAC address that hits in the forwarding database by setting the “No_Redirect” flag. The “No_Redirect” flag indicates whether a notification has already been sent to the network control software for this source MAC address. The switch may periodically retry the notification to the network control software, until the network control software validates the source MAC address, depending on whether the “No_Redirect” is set. | 07-23-2015 |
20150207667 | NETWORK CONTROL SOFTWARE NOTIFICATION WITH ADVANCE LEARNING - Techniques are disclosed for notifying network control software of new and moved source MAC addresses. In one embodiment, a switch detects packets sent by a new or migrated virtual machine, and sends a copy of a detected packet to the network control software as a notification. The switch further learns the source MAC address, thereby permitting the entry to be used for normal forwarding prior to validation of the entry and the VM associated therewith by the network control software. Until the network control software has validated the VM, the switch may periodically retry the notification to the network control software. “No_Redirect” and “Not_Validated” flags may be used to indicate whether a notification has already been attempted and thus no retry is necessary, and that the VM associated with the VM has not yet been validated, respectively. | 07-23-2015 |
20150326505 | LOGICAL SWITCH ARCHITECTURE FOR NETWORK VIRTUALIZATION - A tool for partitioning a switch into one or more logical switches in a distributed system. The tool creates, by one or more computer processors, one or more logical switch routers, based, at least in part, on a user configuration. The tool assigns, by one or more computer processors, based, at least in part, on a user configuration, one or more ports to the one or more logical switch routers. The tool manages, by one or more computer processors, the one or more logical switch routers. | 11-12-2015 |
20150326506 | VIRTUAL PORT SUPPORT IN A LOGICAL SWITCH ARCHITECTURE - A tool for assigning virtual port channels to one or more logical switch routers in a distributed system. The tool receives, by one or more computer processors, a request to assign a virtual port channel to a second logical switch router. The tool sends, by one or more computer processors, a request to negotiate a link-down on the channel on a first logical switch router to a universal fiber port on the first logical switch router for processing. The tool sends, by one or more computer processors, a request to create the channel on the second logical switch router to a second interface manager on the second logical switch router for processing. The tool sends, by one or more computer processors, a request to negotiate a link up on the channel on the second logical switch router to the universal fiber port on the first logical switch router for processing. | 11-12-2015 |
Patent application number | Description | Published |
20100332640 | METHOD AND APPARATUS FOR UNIFIED VIEW - Visibility and control are provided for a variety of different assets as found in a particular networked environment, such as, for example an enterprise network environment. Visibility and control of properties of assets are achieved by way of native agents, pseudo-agents that provide visibility and control of properties of assets of external systems by inspecting and applying changes into such assets, and bridges that provide visibility of other external data sources that cannot be controlled. A technique is provided that brings such visibility and control into a unified view that can be displayed in front of a console operator, for example. The controllable assets may be managed directly from the unified view at the console. | 12-30-2010 |
20110066841 | PLATFORM FOR POLICY-DRIVEN COMMUNICATION AND MANAGEMENT INFRASTRUCTURE - A policy-driven communication and management infrastructure may include components such as Agent, Server and Console, policy messages, and Relays to deliver security and system management to networked devices. An Agent resides on a Client, acting as a universal policy engine for delivering multiple management services. Relays, Clients additionally configured to each behave as though they were a root Server, Relaying information to and from other Clients, permit Clients to interact with the root Server through the Relay, enabling information exchange between Client and Server. Such information exchange allows Clients to gather information, such as new policy messages, from the Server, to pass status messages to the Server and to register their network address so that they can be readily located. Automatic Relay selection enables Clients and Relays to select their own parent Relays, thus allowing Clients and Relays to discover new routing paths through the network without administrator input. | 03-17-2011 |
20110066951 | CONTENT-BASED USER INTERFACE, APPARATUS AND METHOD - A Policy- and Relevance-based User Interface (UI) for an enterprise suite Console provides a Console Operator access to information about systems on a network under management. By means of such UI, a user experience is dynamically constructed within product domains particular to the system under management using content elements that flow from content sites into the user environment, populating user interface and driving the Operator experience. Specifications distributed with the content determine how the local Console UI organizes and presents information. The UI is further determined by each Console operator's content access rights. The UI allows for re-flowing the Console UI without reinstalling or updating the Console application, seamlessly integrating new content in to the UI and targeting language to specific working areas. | 03-17-2011 |
20120203818 | PSEUDO-AGENT - A pseudo-agent is disclosed herein that bridges this divide. For purposes of the discussion herein, a pseudo-agent is a machine that is installed on a fully capable host machine, such as a Windows or UNIX machine, and that gathers and evaluates content from a management server, takes actions if so instructed, and reports the results of its evaluation upstream. However, unlike an agent in a traditional management system, which inspects and acts on the local machine, the pseudo-agent actually inspects and acts on a remote device, or many remote devices. | 08-09-2012 |
20140223324 | CONTENT-BASED USER INTERFACE, APPARATUS AND METHOD - A Policy- and Relevance-based User Interface (UI) for an enterprise suite Console provides a Console Operator access to information about systems on a network under management. By means of such UI, a user experience is dynamically constructed within product domains particular to the system under management using content elements that flow from content sites into the user environment, populating user interface and driving the Operator experience. Specifications distributed with the content determine how the local Console UI organizes and presents information. The UI is further determined by each Console operator's content access rights. The UI allows for re-flowing the Console UI without reinstalling or updating the Console application, seamlessly integrating new content in to the UI and targeting language to specific working areas. | 08-07-2014 |