Patent application number | Description | Published |
20100024034 | DETECTING MACHINES COMPROMISED WITH MALWARE - A computer system can be configured to identify when it has been infected with or otherwise compromised by malware, such as viruses, worms, etc. In one implementation, a computer system receives and installs one or more decoy contacts in a contact store and further installs one or more malware reporting modules that effectively filter outgoing messages. For example, a malware reporting module can redirect messages with a decoy contact address to an alternate inbox associated with the decoy contact. The same malware reporting module, or another module in the system, can also generate one or more reports indicating the presence of malware, either due to detection of the decoy contact address, or due to identifying messages in the decoy contact inbox. The host computer system that sent the message to the decoy contact can then be flagged as infected with malware. | 01-28-2010 |
20120290695 | Distributed Policy Service - According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor. | 11-15-2012 |
20120290703 | Distributed Policy Service - According to one embodiment of the present disclosure, an approach is provided in which a policy server receives a request for a policy from a requestor. The policy server identifies an initiating virtual machine; the initial virtual machine's corresponding virtual network; and a destination virtual machine. Next, a policy corresponding to sending data from the first virtual machine to the second virtual machine is selected. The policy includes one or more logical references to the virtual network and does not include a physical reference to a physical entity located on a physical network. In turn, a physical path translation corresponding to the selected policy is identified and sent to the requestor. | 11-15-2012 |
20120291024 | Virtual Managed Network - According to one embodiment of the present disclosure, an approach is provided in which a policy module receives data that is initiated by a first virtual machine and has a destination at a second virtual machine. The policy module selects a policy that corresponds to sending the data from the first virtual machine to the second virtual machine. The policy includes one or more logical references to one or more virtual networks, and does not include a physical reference to a physical entity located on a physical network. In turn, the policy module encapsulates the data with a physical path translation that is based upon the selected policy, and sends the encapsulated data over the physical network to a second policy module that corresponds to the second virtual machine. | 11-15-2012 |
20120297384 | Virtual Managed Network - According to one embodiment of the present disclosure, an approach is provided in which a policy module receives data that is initiated by a first virtual machine and has a destination at a second virtual machine. The policy module selects a policy that corresponds to sending the data from the first virtual machine to the second virtual machine. The policy includes one or more logical references to one or more virtual networks, and does not include a physical reference to a physical entity located on a physical network. In turn, the policy module encapsulates the data with a physical path translation that is based upon the selected policy, and sends the encapsulated data over the physical network to a second policy module that corresponds to the second virtual machine. | 11-22-2012 |
20130091261 | Defining And Managing Virtual Networks In Multi-Tenant Virtualized Data Centers - An approach is provided in which a computer system selects a virtual domain from multiple virtual domains, which are each overlayed onto a physical network and are independent of physical topology constraints of the physical network. The computer system selects, from the selected virtual domain, a first virtual group that includes one or more first virtual network endpoints. Next, the computer system selects, from the selected virtual domain, a second virtual group that includes one or more second virtual network endpoints. In turn, the computer system creates a logical link policy that includes one or more actions corresponding to sending data between the first virtual group and the second virtual group. | 04-11-2013 |
20130091501 | Defining And Managing Virtual Networks In Multi-Tenant Virtualized Data Centers - An approach is provided in which a computer system selects a virtual domain from multiple virtual domains, which are each overlayed onto a physical network and are independent of physical topology constraints of the physical network. The computer system selects, from the selected virtual domain, a first virtual group that includes one or more first virtual network endpoints. Next, the computer system selects, from the selected virtual domain, a second virtual group that includes one or more second virtual network endpoints. In turn, the computer system creates a logical link policy that includes one or more actions corresponding to sending data between the first virtual group and the second virtual group. | 04-11-2013 |
20130107881 | Distributed Address Resolution Service for Virtualized Networks | 05-02-2013 |
20130142079 | Distributed Dynamic Virtual Machine Configuration Service - An approach is provided in which a local module receives a discovery message from a virtual network endpoint that is devoid of a corresponding virtual IP address. The local module sends one or more unicast network configuration messages to a dynamic configuration service and, in turn, the local module receives one or more unicast network configuration responses from the dynamic configuration service. One of the unicast network configuration responses includes one or more network configuration parameters. The local module configures the virtual network endpoint according to one or more of the network configuration parameters. | 06-06-2013 |
20130144992 | Distributed Dynamic Virtual Machine Configuration Service - An approach is provided in which a local module receives a discovery message from a virtual network endpoint that is devoid of a corresponding virtual IP address. The local module sends one or more unicast network configuration messages to a dynamic configuration service and, in turn, the local module receives one or more unicast network configuration responses from the dynamic configuration service. One of the unicast network configuration responses includes one or more network configuration parameters. The local module configures the virtual network endpoint according to one or more of the network configuration parameters. | 06-06-2013 |
20140156811 | Object Oriented Networks - An approach is provided in which a system creates a network application model that includes network policy objects and connection rules corresponding to sending data between the network policy objects. The system converts the network application model to network configuration information, which links the network policy objects to the connection rules. In turn, a network control plane is configured based upon the network configuration information to map the network application model to a physical infrastructure. | 06-05-2014 |
20140156814 | Object Oriented Networks - An approach is provided in which a system creates a network application model that includes network policy objects and connection rules corresponding to sending data between the network policy objects. The system converts the network application model to network configuration information, which links the network policy objects to the connection rules. In turn, a network control plane is configured based upon the network configuration information to map the network application model to a physical infrastructure. | 06-05-2014 |
20150040121 | Bandwidth Control in Multi-Tenant Virtual Networks - Machines, systems and methods for managing quality of service (QoS) in a multi-tenant virtualized computing environment, the method comprising: collecting transmission rate statistics associated with data communicated in a virtual network, wherein at least one virtual switch monitors communications initiated by at least a virtual machine (VM) executed on a host machine serviced by the virtual switch; determining, by way of the virtual switch, profile parameters associated with a first communication initiated by the VM belonging to at least a first group, wherein a connection request is submitted by the virtual switch to a traffic controller to assist in establishing the first communication; classifying the connection request for establishing the first communication according to the profile parameters associated with the first communication; determining a first aggregated transmission rate associated with the VM that initiated the first communication based on the classifying. | 02-05-2015 |