logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 10999328 B1

PDFFull Text
Date of Patent:
May. 04, 2021

Filed:

Jun. 03, 2019

Tag-based policy architecture

Applicant:

Vmware, Inc., Palo Alto, CA (US);

Inventors:

Jason A. Lango, Mountain View, CA (US);

Grant Callaghan, San Jose, CA (US);

Marcel Moolenaar, Mountain View, CA (US);

Vinay Wagh, San Jose, CA (US);

Rohan Desai, Pleasanton, CA (US);

Matthew Page, Mountain View, CA (US);

Gary Menezes, Sunnyvale, CA (US);

Antoine Pourchet, Sunnyvale, CA (US);

Ramya Olichandran, Sunnyvale, CA (US);

Assignee:

VMware, Inc., Palo Alto, CA (US);

Attorney:

Patterson + Sheridan, LLP

Primary Examiner:

Maung T Lwin

Int. Cl.
CPC ...
H04L 29/06 (2006.01); G06F 21/57 (2013.01); H04L 9/32 (2006.01); H04L 29/08 (2006.01); G06F 9/455 (2018.01);
U.S. Cl.
CPC ...
H04L 63/20 (2013.01); G06F 21/575 (2013.01); H04L 9/3268 (2013.01); H04L 63/0209 (2013.01); H04L 63/0263 (2013.01); H04L 63/0823 (2013.01); H04L 63/10 (2013.01); H04L 63/123 (2013.01); H04L 67/10 (2013.01); G06F 9/455 (2013.01);
Abstract

A tag-based policy architecture enforces information technology (IT) policy in a virtualized computing environment using cryptographically-verifiable metadata to authenticate compute resources coupled to a computer network and to authorize access to protected resources of the network. The compute resources are illustratively virtual machine instances (VMIs) provided by a virtual data center (VDC) of the environment, whereas the protected resources are illustratively virtualized storage, network and/or other compute resources of the VDC. Each VMI includes an intermediary manager, e.g., metavisor. The tag-based policy architecture includes an infrastructure having a centralized policy decision end point (e.g., a control plane of the VDC) and distributed policy enforcement endpoints (e.g., metavisors of the VMIs) to provide end-to-end passing of the cryptographically-verifiable metadata to (i) authorize instantiation of the VMIs at the control plane, and (ii) enforce access to the virtualized resources at the metavisors.

Find Patent Forward Citations

Loading…