专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130268588A1 Location-Aware Virtual Service Provisioning in a Hybrid Cloud Environment 有权
标题翻译：混合云环境中的位置感知虚拟服务配置
公开(公告)号：US20130268588A1
公开(公告)日：2013-10-10
申请号：US13438861
申请日：2012-04-04
申请人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Murali Anantha
发明人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Murali Anantha
IPC分类号： G06F15/16
CPC分类号： G06F9/45558 , G06F2009/45595 , H04L12/6418 , H04L41/12 , H04L49/70 , H04L67/10
摘要： A sense of location is provided for distributed virtual switch components into the service provisioning scheme to reduce latency observed in conducting policy evaluations across a network in a hybrid cloud environment. A management application in a first virtual network subscribes to virtual network services provided by a second virtual network. A first message is sent to the second virtual network, the first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network. A second message is sent to the second virtual network, the second message comprising information configured to start a virtual service node in the second virtual network that provides network traffic services for the one or more virtual machines.
摘要翻译：将分布式虚拟交换机组件的位置感提供到服务提供方案中，以减少在混合云环境中跨网络进行策略评估时观察到的延迟。第一虚拟网络中的管理应用订阅由第二虚拟网络提供的虚拟网络服务。将第一消息发送到第二虚拟网络，第一消息包括被配置为启动第二虚拟网络中的虚拟交换机的信息，该第二虚拟网络切换第二虚拟网络中的一个或多个虚拟机的网络流量，所述虚拟机被配置为扩展由第一个虚拟网络进入第二个虚拟网络。第二消息被发送到第二虚拟网络，第二消息包括被配置为启动在第二虚拟网络中为一个或多个虚拟机提供网络业务服务的虚拟服务节点的信息。

2. 发明授权

US09313048B2 Location aware virtual service provisioning in a hybrid cloud environment 有权
标题翻译：在混合云环境中进行位置感知的虚拟服务配置
公开(公告)号：US09313048B2
公开(公告)日：2016-04-12
申请号：US13438861
申请日：2012-04-04
申请人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Murali Anantha
发明人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Murali Anantha
IPC分类号： G06F15/16 , H04L12/64
CPC分类号： G06F9/45558 , G06F2009/45595 , H04L12/6418 , H04L41/12 , H04L49/70 , H04L67/10
摘要： A sense of location is provided for distributed virtual switch components into the service provisioning scheme to reduce latency observed in conducting policy evaluations across a network in a hybrid cloud environment. A management application in a first virtual network subscribes to virtual network services provided by a second virtual network. A first message is sent to the second virtual network, the first message comprising information configured to start a virtual switch in the second virtual network that switches network traffic for one or more virtual machines in the second virtual network that are configured to extend services provided by the first virtual network into the second virtual network. A second message is sent to the second virtual network, the second message comprising information configured to start a virtual service node in the second virtual network that provides network traffic services for the one or more virtual machines.
摘要翻译：将分布式虚拟交换机组件的位置感提供到服务提供方案中，以减少在混合云环境中跨网络进行策略评估时观察到的延迟。第一虚拟网络中的管理应用订阅由第二虚拟网络提供的虚拟网络服务。将第一消息发送到第二虚拟网络，第一消息包括被配置为启动第二虚拟网络中的虚拟交换机的信息，该第二虚拟网络切换第二虚拟网络中的一个或多个虚拟机的网络流量，所述虚拟机被配置为扩展由第一个虚拟网络进入第二个虚拟网络。第二消息被发送到第二虚拟网络，第二消息包括被配置为启动在第二虚拟网络中为一个或多个虚拟机提供网络业务服务的虚拟服务节点的信息。

3. 发明授权

US08516241B2 Zone-based firewall policy model for a virtualized data center 有权
公开(公告)号：US08516241B2
公开(公告)日：2013-08-20
申请号：US13180678
申请日：2011-07-12
申请人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Rajesh Kumar Sethuraghavan
发明人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Rajesh Kumar Sethuraghavan
IPC分类号： H04L1/14 , H04L29/08 , H04L29/02
CPC分类号： H04L63/0263 , G06F9/45558 , G06F2009/45587 , G06F2009/45595 , H04L29/08927 , H04L29/08972 , H04L49/356 , H04L49/70 , H04L63/0218 , H04L63/0227
摘要： Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

4. 发明授权

US08730980B2 Architecture for scalable virtual network services 有权
标题翻译：可扩展虚拟网络服务架构
公开(公告)号：US08730980B2
公开(公告)日：2014-05-20
申请号：US13337379
申请日：2011-12-27
申请人： Nagaraj Bagepalli , Abhijit Patra , David Chang
发明人： Nagaraj Bagepalli , Abhijit Patra , David Chang
IPC分类号： H04L12/56
CPC分类号： H04L49/356 , H04L49/70
摘要： Techniques are provided to start a virtual service node that is configured to provide network traffic services for one or more virtual machines. The virtual service node has at least one associated service profile comprising identifiers for corresponding service policies for network traffic services. The service policies identified in the at least one associated service profile are retrieved. A virtual machine is started with an associated virtual interface and a port profile is applied to the virtual interface, including information identifying the service profile. Information is provided to the virtual service node that informs the virtual service node of network parameters and assigned service profile of the virtual machine. Network traffic associated with the virtual machine is intercepted and redirected to the virtual service node. A virtual service data path is provided that enables dynamic service binding, virtual machine mobility support, and virtual service node chaining and/or clustering.
摘要翻译：提供技术来启动被配置为为一个或多个虚拟机提供网络流量服务的虚拟服务节点。虚拟服务节点具有包括用于网络业务服务的相应服务策略的标识符的至少一个相关联的服务简档。检索在至少一个关联服务简档中标识的服务策略。启动一个虚拟机与一个关联的虚拟接口，端口配置文件应用于虚拟接口，包括标识服务配置文件的信息。信息被提供给向虚拟服务节点通知虚拟机的网络参数和分配的服务简档的虚拟服务节点。与虚拟机关联的网络流量被拦截并重定向到虚拟服务节点。提供虚拟服务数据路径，其实现动态服务绑定，虚拟机移动性支持以及虚拟服务节点链接和/或聚类。

5. 发明授权

US08677453B2 Highly parallel evaluation of XACML policies 有权
标题翻译：高度并行评估XACML策略
公开(公告)号：US08677453B2
公开(公告)日：2014-03-18
申请号：US12123227
申请日：2008-05-19
申请人： David Chang , Nagaraj Bagepalli , Harsha Narayan , Abhijit Patra
发明人： David Chang , Nagaraj Bagepalli , Harsha Narayan , Abhijit Patra
IPC分类号： H04L29/06
CPC分类号： G06F21/6227 , G06F21/6218 , G06F2221/2141 , H04L63/101
摘要： Techniques for highly parallel evaluation of XACML policies are described herein. In one embodiment, attributes are extracted from a request for accessing a resource including at least one of a user attribute and an environment attribute. Multiple individual searches are concurrently performed, one for each of the extracted attributes, in a policy store having stored therein rules and policies written in XACML, where the rules and policies are optimally stored using a bit vector algorithm. The individual search results associated with the attributes are then combined to generate a single final result using a predetermined policy combination algorithm. It is then determined whether the client is eligible to access the requested resource of the datacenter based on the single final result, including performing a layer-7 access control process, where the network element operates as an application service gateway to the datacenter. Other methods and apparatuses are also described.
摘要翻译：本文描述了用于高度并行评估XACML策略的技术。在一个实施例中，从包括用户属性和环境属性中的至少一个的资源的访问请求中提取属性。在存储有以XACML编写的规则和策略的策略存储器中，并行地执行多个单独搜索，每个搜索属性中的每一个，其中使用位向量算法优化地存储规则和策略。然后将与属性相关联的单独搜索结果组合以使用预定的策略组合算法来生成单个最终结果。然后，基于单个最终结果确定客户端是否有资格访问数据中心的所请求的资源，包括执行第七层访问控制过程，其中网络元件作为到数据中心的应用服务网关操作。还描述了其它方法和装置。

6. 发明申请

US20090288136A1 HIGHLY PARALLEL EVALUATION OF XACML POLICIES 有权
标题翻译： XACML政策的高度平行评估
公开(公告)号：US20090288136A1
公开(公告)日：2009-11-19
申请号：US12123227
申请日：2008-05-19
申请人： David Chang , Nagaraj Bagepalli , Harsha Narayan , Abhijit Patra
发明人： David Chang , Nagaraj Bagepalli , Harsha Narayan , Abhijit Patra
IPC分类号： G06F21/00
CPC分类号： G06F21/6227 , G06F21/6218 , G06F2221/2141 , H04L63/101
摘要： Techniques for highly parallel evaluation of XACML policies are described herein. In one embodiment, attributes are extracted from a request for accessing a resource including at least one of a user attribute and an environment attribute. Multiple individual searches are concurrently performed, one for each of the extracted attributes, in a policy store having stored therein rules and policies written in XACML, where the rules and policies are optimally stored using a bit vector algorithm. The individual search results associated with the attributes are then combined to generate a single final result using a predetermined policy combination algorithm. It is then determined whether the client is eligible to access the requested resource of the datacenter based on the single final result, including performing a layer-7 access control process, where the network element operates as an application service gateway to the datacenter. Other methods and apparatuses are also described.
摘要翻译：本文描述了用于高度并行评估XACML策略的技术。在一个实施例中，从包括用户属性和环境属性中的至少一个的资源的访问请求中提取属性。在存储有以XACML编写的规则和策略的策略存储器中，并行地执行多个单独搜索，每个搜索属性中的每一个，其中使用位向量算法优化地存储规则和策略。然后将与属性相关联的单独搜索结果组合以使用预定的策略组合算法来生成单个最终结果。然后，基于单个最终结果确定客户端是否有资格访问数据中心的所请求的资源，包括执行第七层访问控制过程，其中网络元件作为到数据中心的应用服务网关操作。还描述了其它方法和装置。

7. 发明申请

US20090288104A1 EXTENSIBILITY FRAMEWORK OF A NETWORK ELEMENT 审中-公开
标题翻译：网络元素的可扩展框架
公开(公告)号：US20090288104A1
公开(公告)日：2009-11-19
申请号：US12123225
申请日：2008-05-19
申请人： Nagaraj Bagepalli , David Chang , Surendra Kumar , Abhijit Patra
发明人： Nagaraj Bagepalli , David Chang , Surendra Kumar , Abhijit Patra
IPC分类号： G06F9/54 , G06F15/173
CPC分类号： H04L67/2804 , H04L63/10 , H04L67/02 , H04L67/2819 , H04L69/22
摘要： Techniques for providing extensibility framework for processing network packets are described herein. In one embodiment, in response to a packet received at a network element, the packet is processed using a generic process for performing a first type of operations required by the packet, wherein the first type of operations is common to a type of the packet. An extended process is invoked, via an extensibility application programming interface (API), to perform a custom operation that is not common to the generic process and is not statically known to the generic process, in order to determine whether the packet is eligible to access a resource of at least one of a plurality of application servers of a datacenter, including a layer-7 access control process. The network element operates as an application service gateway for the datacenter. Other methods and apparatuses are also described.
摘要翻译：本文描述了用于提供用于处理网络分组的可扩展性框架的技术。在一个实施例中，响应于在网络元件处接收到的分组，使用用于执行分组所需的第一类型的操作的通用处理来处理分组，其中第一类型的操作对于分组的类型是共同的。通过可扩展性应用程序编程接口（API）调用扩展过程，以执行通用过程不常见的定制操作，并且通用过程不是静态知道的，以便确定数据包是否有资格访问数据中心的多个应用服务器中的至少一个的资源，包括第7层访问控制过程。网络元件作为数据中心的应用服务网关运行。还描述了其它方法和装置。

8. 发明申请

US20130163606A1 Architecture for Scalable Virtual Network Services 有权
标题翻译：可扩展虚拟网络服务架构
公开(公告)号：US20130163606A1
公开(公告)日：2013-06-27
申请号：US13337379
申请日：2011-12-27
申请人： Nagaraj Bagepalli , Abhijit Patra , David Chang
发明人： Nagaraj Bagepalli , Abhijit Patra , David Chang
IPC分类号： H04L12/56
CPC分类号： H04L49/356 , H04L49/70
摘要： Techniques are provided to start a virtual service node that is configured to provide network traffic services for one or more virtual machines. The virtual service node has at least one associated service profile comprising identifiers for corresponding service policies for network traffic services. The service policies identified in the at least one associated service profile are retrieved. A virtual machine is started with an associated virtual interface and a port profile is applied to the virtual interface, including information identifying the service profile. Information is provided to the virtual service node that informs the virtual service node of network parameters and assigned service profile of the virtual machine. Network traffic associated with the virtual machine is intercepted and redirected to the virtual service node. A virtual service data path is provided that enables dynamic service binding, virtual machine mobility support, and virtual service node chaining and/or clustering.
摘要翻译：提供技术来启动被配置为为一个或多个虚拟机提供网络流量服务的虚拟服务节点。虚拟服务节点具有包括用于网络业务服务的相应服务策略的标识符的至少一个相关联的服务简档。检索在至少一个关联服务简档中标识的服务策略。启动一个虚拟机与一个关联的虚拟接口，端口配置文件应用于虚拟接口，包括标识服务配置文件的信息。信息被提供给向虚拟服务节点通知虚拟机的网络参数和分配的服务简档的虚拟服务节点。与虚拟机关联的网络流量被拦截并重定向到虚拟服务节点。提供虚拟服务数据路径，其实现动态服务绑定，虚拟机移动性支持以及虚拟服务节点链接和/或聚类。

9. 发明申请

US20130019277A1 Zone-Based Firewall Policy Model for a Virtualized Data Center 有权
公开(公告)号：US20130019277A1
公开(公告)日：2013-01-17
申请号：US13180678
申请日：2011-07-12
申请人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Rajesh Kumar Sethuraghavan
发明人： David Chang , Abhijit Patra , Nagaraj Bagepalli , Rajesh Kumar Sethuraghavan
IPC分类号： G06F21/00
CPC分类号： H04L63/0263 , G06F9/45558 , G06F2009/45587 , G06F2009/45595 , H04L29/08927 , H04L29/08972 , H04L49/356 , H04L49/70 , H04L63/0218 , H04L63/0227
摘要： Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

10. 发明申请

US20060095969A1 System for SSL re-encryption after load balance 有权
标题翻译：负载平衡后的SSL重新加密系统
公开(公告)号：US20060095969A1
公开(公告)日：2006-05-04
申请号：US11124003
申请日：2005-05-06
申请人： Maurizio Portolani , Mauricio Arregoces , David Chang , Nagaraj Bagepalli , Stefano Testa
发明人： Maurizio Portolani , Mauricio Arregoces , David Chang , Nagaraj Bagepalli , Stefano Testa
IPC分类号： G06F12/14
CPC分类号： H04L63/0254 , H04L63/0464 , H04L63/166 , H04L67/1002 , H04L67/1006 , H04L67/101 , H04L67/1027
摘要： A data center provides secure handling of HTTPS traffic using backend SSL decryption and encryption in combination with a load balancer such as a content switch. The load balancer detects HTTPS traffic and redirects it to an SSL offloading device for decryption and return to the load balancer. The load balancer then uses the clear text traffic for load balancing purposes before it redirects the traffic back to the SSL offloading device for re-encryption. Thereafter, the re-encrypted traffic is sent to the destination servers in the data center. In one embodiment, the combination with the back-end SSL with an intrusion detection system improves security by performing intrusion detection on the decrypted HTTPS traffic.
摘要翻译：数据中心使用后端SSL解密和加密以及诸如内容交换机之类的负载平衡器来提供对HTTPS流量的安全处理。负载平衡器检测HTTPS流量并将其重定向到SSL卸载设备进行解密并返回到负载均衡器。然后，负载平衡器在将流量重定向到SSL卸载设备以进行重新加密之前，使用明文流量进行负载平衡。此后，重新加密的流量被发送到数据中心中的目的地服务器。在一个实施例中，与具有入侵检测系统的后端SSL的组合通过对解密的HTTPS业务进行入侵检测来提高安全性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式