| 发明名称 | Data network microsegmentation | ||
| 摘要 | Methods and systems for microsegmentation of data networks are provided herein. Exemplary methods include: receiving a high-level declarative policy; getting metadata associated with a plurality of containers from an orchestration layer; determining a low-level firewall rule set using the high-level declarative policy and the metadata; and configuring by a plurality of enforcement points a respective virtual switch of a plurality of virtual switches to process packets in accordance with the low-level firewall ruleset, the virtual switches being collectively communicatively coupled to the plurality of containers, such that network communications between a first group of containers and a second group of containers of the plurality of containers are not permitted, and communications between containers of the first group of containers are permitted. | ||
| 申请公布号 | US9560081(B1) | 申请公布日期 | 2017.01.31 |
| 申请号 | US201615192967 | 申请日期 | 2016.06.24 |
| 申请人 | vArmour Networks, Inc. | 发明人 | Woolward Marc |
| 分类号 | H04L29/06;G06F9/455 | 主分类号 | H04L29/06 |
| 代理机构 | Carr & Ferrell LLP | 代理人 | Carr & Ferrell LLP |
| 主权项 | 1. A computer-implemented method for microsegmentation of data networks comprising: receiving a high-level declarative policy; getting metadata associated with a plurality of containers from an orchestration layer; determining a low-level firewall rule set using the high-level declarative policy and the metadata; and configuring by a plurality of enforcement points a respective virtual switch of a plurality of virtual switches to process packets in accordance with the low-level firewall ruleset, the virtual switches being collectively communicatively coupled to the plurality of containers, such that network communications between a first group of containers and a second group of containers of the plurality of containers are not permitted, and communications between containers of the first group of containers are permitted. | ||
| 地址 | Mountain View CA US | ||