专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09882919B2 Distributed network security using a logical multi-dimensional label-based policy model 有权
公开(公告)号：US09882919B2
公开(公告)日：2018-01-30
申请号：US14474916
申请日：2014-09-02
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Juraj G. Fandli , Matthew K. Glenn , Mukesh Gupta , Andrew S. Rubin , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： G06F17/00 , H04L29/06 , H04L12/24 , H04L29/12
CPC分类号： H04L63/1416 , H04L41/0893 , H04L61/1511 , H04L61/2514
摘要： A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.

2. 发明授权

US09397892B2 Managing servers based on pairing keys to implement an administrative domain-wide policy 有权
标题翻译：基于配对密钥管理服务器以实施管理域范围的策略
公开(公告)号：US09397892B2
公开(公告)日：2016-07-19
申请号：US14527372
申请日：2014-10-29
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Matthew K. Glenn , Mukesh Gupta , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： G06F15/173 , G06F15/16 , H04L12/24 , H04L29/06
CPC分类号： H04L41/0893 , H04L9/0643 , H04L41/0869 , H04L63/02 , H04L63/0227 , H04L63/0263 , H04L63/06 , H04L63/08 , H04L63/083 , H04L63/10 , H04L63/102 , H04L63/20 , H04L67/303
摘要： A server is paired. A pairing request that includes a pairing key is received from an unpaired server. A determination is made regarding whether to approve or reject the pairing request. Making the determination comprises attempting to validate the pairing key in the pairing request. Responsive to determining to approve the pairing request: the unpaired server is notified that the unpaired server is now a managed server; a description of the managed server is generated, wherein the managed server description includes a set of one or more labels that describe the managed server; management instructions are generated for the managed server based on the managed server description and based on an administrative domain-wide management policy that includes a rule that refers to managed servers using a label; and the management instructions are sent to the managed server.
摘要翻译：服务器配对从未配对服务器接收到包含配对密钥的配对请求。确定是否批准或拒绝配对请求。做出确定包括尝试验证配对请求中的配对密钥。响应于确定批准配对请求：未配对的服务器被通知未配对的服务器现在是受管服务器; 生成对被管理服务器的描述，其中所述被管理服务器描述包括描述被管理服务器的一个或多个标签的集合; 基于管理的服务器描述并基于管理域范围的管理策略，为受管服务器生成管理指令，管理策略包括引用使用标签的受管服务器的规则; 并将管理指令发送到受管服务器。

3. 发明申请

US20210051161A1 Distributed Network Security Using a Logical Multi-Dimensional Label-Based Policy Model 有权
公开(公告)号：US20210051161A1
公开(公告)日：2021-02-18
申请号：US15930412
申请日：2020-05-12
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Juraj G. Fandli , Matthew K. Glenn , Mukesh Gupta , Andrew S. Rubin , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： H04L29/06 , H04L12/24
摘要： A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.

4. 发明申请

US20180109546A1 Distributed Network Security Using a Logical Multi-Dimensional Label-Based Policy Model 审中-公开
公开(公告)号：US20180109546A1
公开(公告)日：2018-04-19
申请号：US15841542
申请日：2017-12-14
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Juraj G. Fandli , Matthew K. Glenn , Mukesh Gupta , Andrew S. Rubin , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： H04L29/06 , H04L12/24 , H04L29/12
CPC分类号： H04L63/1416 , H04L41/0893 , H04L61/1511 , H04L61/2514
摘要： A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.

5. 发明申请

US20150128211A1 AUTOMATED GENERATION OF ACCESS CONTROL RULES FOR USE IN A DISTRIBUTED NETWORK MANAGEMENT SYSTEM THAT USES A LABEL-BASED POLICY MODEL 有权
标题翻译：在使用基于标签的政策模型的分布式网络管理系统中使用访问控制规则的自动生成
公开(公告)号：US20150128211A1
公开(公告)日：2015-05-07
申请号：US14528879
申请日：2014-10-30
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Matthew K. Glenn , Mukesh Gupta , Roy N. Nakashima , Thukalan V. Verghese
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , H04L63/10 , H04L63/104
摘要： An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.
摘要翻译：确定授权管理域内的多个被管理服务器之间的通信的访问控制规则。获得描述多个被管理服务器之间的过去通信的通信信息。通过基于所获得的通信信息对多个被管理服务器进行分组来识别来自多个被管理服务器的被管理服务器的子集。确定组级标签集与受管服务器的子集相关联。为受管服务器子集中的受管服务器确定角色标签。受管服务器与一个角色标签相关联。基于组级标签集和角色标签，生成访问控制规则，授权受管理服务器子集的第一受管服务器和第二受管服务器之间的通信。访问控制规则作为管理域范围的管理策略的一部分存储。

6. 发明授权

US11503042B2 Distributed network security using a logical multi-dimensional label-based policy model 有权
公开(公告)号：US11503042B2
公开(公告)日：2022-11-15
申请号：US15930412
申请日：2020-05-12
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Juraj G. Fandli , Matthew K. Glenn , Mukesh Gupta , Andrew S. Rubin , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： H04L9/40 , H04L41/0893 , H04L61/2514 , H04L61/4511
摘要： A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.

7. 发明授权

US10212191B2 Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model 有权
公开(公告)号：US10212191B2
公开(公告)日：2019-02-19
申请号：US15891214
申请日：2018-02-07
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Matthew K. Glenn , Mukesh Gupta , Roy N. Nakashima , Thukalan V. Verghese
IPC分类号： H04L29/06
摘要： An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.

8. 发明申请

US20140373091A1 Distributed Network Security Using a Logical Multi-Dimensional Label-Based Policy Model 有权
标题翻译：分布式网络安全使用基于逻辑多维标签的策略模型
公开(公告)号：US20140373091A1
公开(公告)日：2014-12-18
申请号：US14474916
申请日：2014-09-02
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Juraj G. Fandli , Matthew K. Glenn , Mukesh Gupta , Andrew S. Rubin , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： H04L29/06 , H04L12/26
CPC分类号： H04L63/1416 , H04L41/0893 , H04L61/1511 , H04L61/2514
摘要： A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.
摘要翻译：管理域内的受管服务器（MS）被隔离。管理域包括使用管理指令配置管理模块的多个MS，以便配置的管理模块实现一个包含一个或多个规则集合的管理域范围的管理策略。隔离的MS与其他MS隔离。修改MS的描述以指示MS被隔离，从而指定隔离的MS的描述。更新缓存的actor集，以指示被隔离的MS的更改状态，从而指定更新的actor集。确定哪个更新的演员组与另一个MS相关，从而指定当前相关的更新的演员组。确定当前相关的更新的演员集是否与先前发送给另一个MS的演员集不同。响应于确定当前相关的更新的演员集与先前发送的演员集相同，不采取进一步的动作。

9. 发明授权

US10701090B2 Distributed network security using a logical multi-dimensional label-based policy model 有权
公开(公告)号：US10701090B2
公开(公告)日：2020-06-30
申请号：US15841542
申请日：2017-12-14
申请人： Illumio, Inc.
发明人： Paul J. Kirner , Daniel R. Cook , Juraj G. Fandli , Matthew K. Glenn , Mukesh Gupta , Andrew S. Rubin , Jerry B. Scott , Thukalan V. Verghese
IPC分类号： H04L29/06 , H04L12/24 , H04L29/12
摘要： A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.

10. 发明申请

US20190089773A1 SEGMENTATION SERVER CLUSTER FOR MANAGING A SEGMENTATION POLICY 审中-公开
公开(公告)号：US20190089773A1
公开(公告)日：2019-03-21
申请号：US16113706
申请日：2018-08-27
申请人： Illumio, Inc.
发明人： Antonio Pedro Alexandre Rainha Dias , Joel E. Vanderkwaak , Bryan Patrick Pelham , Mukesh Gupta , Juraj George Fandli , Charles Zou Liu , Thukalan V. Verghese , Paul James Kirner
IPC分类号： H04L29/08
摘要： A segmentation system includes a cluster of segmentation servers that interoperate to obtain and manage a segmentation policy for controlling communications between workloads in an administrative domain. The cluster of segmentation servers includes a leader segmentation server and at least one member segmentation server. The leader segmentation server controls policy generation and distributes the segmentation policy to the member segmentation servers. The segmentation servers are each optionally paired with a respective set of workloads. The segmentation servers each distribute descriptions of their respective paired workloads to the other segmentation servers. Each segmentation server processes the segmentation policy to generate management instructions for controlling communications to and from their respective paired workloads and distributes the management instructions to the operating system instances executing the workloads to enforce the segmentation policy. The cluster of segmentation servers beneficially enables a segmentation system with high scalability, reliability, and efficiency.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式