Debashis BASAK - San Jose CA, US Rohit Toshniwal - San Jose CA, US Allwyn Sequeira - Saratoga CA, US
Assignee:
VMware, Inc. - Palo Alto CA
International Classification:
G06F 17/00
US Classification:
726 1, 726 11
Abstract:
A method is provided to control the flow of packets within a system that includes one or more computer networks comprising: policy rules are provided that set forth attribute dependent conditions for communications among machines on the one or more networks; machine attributes and corresponding machine identifiers are obtained for respective machines on the networks; and policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules.
- Palo Alto CA, US Anirban Sengupta - Saratoga CA, US Mohan Parthasarathy - Cupertino CA, US Allwyn Sequeira - Saratoga CA, US Serge Maskalik - Los Gatos CA, US Rick Lund - Livermore CA, US
Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.
Multi-Site Virtual Infrastructure Orchestration Of Network Service In Hybrid Cloud Environments
- Palo Alto CA, US Allwyn M. SEQUEIRA - Saratoga CA, US Serge MASKALIK - Los Gatos CA, US Debashis BASAK - Saratoga CA, US Akshatha SATHYANARAYAN - San Jose CA, US
International Classification:
G06F 9/455 H04L 29/08
Abstract:
A method of deploying a network service (NS) across multiple data centers includes identifying virtual network functions (VNFs) associated with the NS in response to a request for or relating to the NS, generating commands to deploy VNFs based on VNF descriptors, and issuing the commands to the data centers to deploy VNFs. The data centers each have a cloud management server in which cloud computing management software is run to provision virtual infrastructure resources thereof for a plurality of tenants. The cloud computing management software of a first data center is different from the cloud computing management software of a second data center, and the commands issued to the first and second data centers are each a generic command that is not in a command format of the cloud computing management software of either the first data center or the second data center.
Multi-Site Virtual Infrastructure Orchestration Of Network Service In Hybrid Cloud Environments
- Palo Alto CA, US Allwyn M. SEQUEIRA - Saratoga CA, US Serge MASKALIK - Los Gatos CA, US Debashis BASAK - Saratoga CA, US Akshatha SATHYANARAYAN - San Jose CA, US
International Classification:
G06F 9/455 G06F 9/54 H04L 29/08
Abstract:
A method of deploying a virtual network function of a network service in a data center having a cloud management server running a cloud computing management software to provision virtual infrastructure resources of the data center to at least one tenant, includes generating at least first and second API calls to the cloud computing management software in response to external commands received at the data center to deploy a virtual network function, and executing at least the first and second API calls by the cloud computing management software to deploy the virtual network function. The cloud computing management software creates at least one virtual machine by executing the first API call and at least one virtual disk by executing the second API call.
Intelligent Distributed Multi-Site Application Placement Across Hybrid Infrastructure
- Palo Alto CA, US Allwyn M. SEQUEIRA - Saratoga CA, US Serge MASKALIK - Los Gatos CA, US Debashis BASAK - Saratoga CA, US Mark Bryan WHIPPLE - Cupertino CA, US
International Classification:
H04L 12/24
Abstract:
A method of deploying a network service across multiple data centers, each having a cloud management server running a cloud computing management software to provision virtual infrastructure resources thereof for a first tenant among a plurality of tenants, includes maintaining for each data center static inventory data that indicate virtual infrastructure resources that are available thereat to the first tenant, identifying, in response to a network service request for the first tenant, a virtual network function associated with the network service, generating commands to deploy the virtual network function based on a descriptor of the virtual network function, selecting one of the data centers in which the virtual network function is to be deployed based on the descriptor of the virtual network function and the static inventory data of each data center, and issuing the commands to the selected data center to deploy the virtual network function.
Firewall Configured With Dynamic Membership Sets Representing Machine Attributes
- Palo Alto CA, US Rohit TOSHNIWAL - San Jose CA, US Allwyn SEQUEIRA - Saratoga CA, US
International Classification:
H04L 29/06
Abstract:
A method is provided to control the flow of packets within a system that includes one or more computer networks comprising: policy rules are provided that set forth attribute dependent conditions for communications among machines on the one or more networks; machine attributes and corresponding machine identifiers are obtained for respective machines on the networks; and policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the obtained machine attributes that satisfy the attribute dependent policy rules.
Service Chaining Of Virtual Network Functions In A Cloud Computing System
- Palo Alto CA, US Allwyn Sequeira - Saratoga CA, US Serge Maskalik - Los Gatos CA, US Debashis Basak - San Jose CA, US
International Classification:
H04L 12/24 H04L 29/08
Abstract:
An example method of provisioning a network service in a cloud computing system includes: defining, at an orchestrator, the network service to include a plurality of network functions; defining, at the orchestrator, network connectivity among the plurality of network functions; identifying a plurality of vendor device managers (VDMs) configured to provision virtual network functions that implement the plurality of network functions; and instructing, by the orchestrator, the VDMs to deploy the virtual network functions having the defined network connectivity.
Mobility Passport For Cross-Datacenter Migrations Of Virtual Computing Instances
- Palo Alto CA, US Serge MASKALIK - Los Gatos CA, US Allwyn SEQUEIRA - Saratoga CA, US Debashis BASAK - San Jose CA, US
International Classification:
G06F 9/455 H04L 29/08
Abstract:
Techniques disclosed herein relate to migrating virtual computing instances such as virtual machines (VMs). In one embodiment, VMs are migrated across different virtual infrastructure platforms by, among other things, translating between resource models used by virtual infrastructure managers (VIMs) that manage the different virtual infrastructure platforms. VM migrations may also be validated prior to being performed, including based on resource policies that define what is and/or is not allowed to migrate, thereby providing compliance and controls for borderless data centers. In addition, an agent-based technique may be used to migrate VMs and physical servers to virtual infrastructure, without requiring access to an underlying hypervisor layer.
Vmware
Senior Vice President and Gm, Telco Edge Cloud Products and Hcx Bu
Vmware Jan 1, 2016 - Aug 2017
Chief Technology Officer, Vice President, Cloud Networking and Security
Vmware 2008 - 2013
Chief Technology Officer and Vp, Cloud Networking and Security
Blue Lane Technologies Apr 1, 2004 - Oct 1, 2008
Chief Technology Officer and Senior Vice President Products
Netvmg Inc 2000 - 2004
Executive Vice President Products and Operations, Board Member
Education:
University of Wisconsin - Madison 1983 - 1984
Master of Science, Masters, Computer Science
Indian Institute of Technology, Bombay 1978 - 1983