Application management for a multi-tenant identity cloud service
US-2018083835-A1 · Mar 22, 2018 · US
Template driven approach to deploy a multi-segmented application in an sddc
US2020065166A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020065166-A1 |
| Application number | US-201816112408-A |
| Country | US |
| Kind code | A1 |
| Filing date | Aug 24, 2018 |
| Priority date | Aug 24, 2018 |
| Publication date | Feb 27, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.
First claim
Opening claim text (preview).
1 . A method for defining a multi-segmented application in a software defined datacenter (SDDC), the method comprising: creating a hierarchical API command that specifies a plurality of application segments and defines a plurality of rules to control data message flows associated with the application segments; storing the hierarchical API as a template for the multi-segment application; and providing an interface to allow the template to be retrieved and customized in order to define a multi-segment application manifest to process to deploy a set of machines in the SDDC to implement the set of application segments and to provide the set of rules to a set of network elements in the SDDC to control the data message flows associated with the application segments. 2 . The method of claim 1 , wherein the network elements include managed forwarding elements for forwarding data messages between the application segments and between the application segments and applications other than the multi-segment application. 3 . The method of claim 1 , wherein the network elements include middlebox service elements for performing middlebox service operations on data messages sent to or from the application segments. 4 . The method of claim 3 , wherein the middlebox service elements include middlebox service machines executing on host computers. 5 . The method of claim 3 , wherein the middlebox service elements include middlebox service filters executing on host computers. 6 . The method of claim 3 , wherein service operations include one of a firewall operation, a load balancing operation, a network address translation operation, an encryption operation, an intrusion detection operation, and an intrusion prevention operation. 7 . The method of claim 1 , wherein the middlebox service elements include firewalls machines or devices. 8 . The method of claim 1 , wherein the multi-segmented application has more at least three application segments defined in the hierarchical API command. 9 . The method of claim 1 , wherein the multi-segmented application has more than five application segments defined in the hierarchical API command. 10 . The method of claim 1 , wherein the set of deployed machines comprise virtual machines or containers. 11 . A non-transitory machine readable medium storing a program for defining a multi-segmented application in a software defined datacenter (SDDC), the program for execution by at least one processing unit, the program comprising sets of instructions for: storing as a template a hierarchical API command that specifies a plurality of application segments and defines a plurality of rules to control data message flows associated with the application segments; providing an interface to allow the template to be retrieved and customized in order to define a multi-segment application manifest to process to deploy a set of machines in the SDDC to implement the set of application segments and to provide the set of rules to a set of network elements in the SDDC to control the data message flows associated with the application segments. 12 . The non-transitory machine readable medium of claim 11 , wherein the network elements include managed forwarding elements for forwarding data messages between the application segments and between the application segments and applications other than the multi-segment application. 13 . The non-transitory machine readable medium of claim 11 , wherein the network elements include middlebox service elements for performing middlebox service operations on data messages sent to or from the application segments. 14 . The non-transitory machine readable medium of claim 13 , wherein the middlebox service elements include middlebox service machines executing on host computers. 15 . The non-transitory machine readable medium of claim 13 , wherein the middlebox service elements include middlebox service filters executing on host computers. 16 . The non-transitory machine readable medium of claim 13 , wherein service operations include one of a firewall operation, a load balancing operation, a network address translation operation, an encryption operation, an intrusion detection operation, and an intrusion prevention operation. 17 . The non-transitory machine readable medium of claim 11 , wherein the middlebox service elements include firewalls machines or devices. 18 . The non-transitory machine readable medium of claim 11 , wherein the multi-segmented application has more at least three application segments defined in the hierarchical API command. 19 . The non-transitory machine readable medium of claim 11 , wherein the multi-segmented application has more than five application segments defined in the hierarchical API command. 20 . The non-transitory machine readable medium of claim 11 , wherein the set of deployed machines comprise virtual machines or containers.
Assignees
Inventors
Classifications
Messaging middleware · CPC title
Partitioning or combining of resources · CPC title
- G06F9/546Primary
Message passing systems or structures, e.g. queues · CPC title
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Software deployment · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020065166A1 cover?
- Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deploymen…
- Who is the assignee on this patent?
- Vmware Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F9/546. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Feb 27 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).