WO2024010661A1 - Moteur de réseautage sécurisé destiné à un système de gestion d'assistances techniques - Google Patents

Moteur de réseautage sécurisé destiné à un système de gestion d'assistances techniques Download PDF

Info

Publication number
WO2024010661A1
WO2024010661A1 PCT/US2023/024629 US2023024629W WO2024010661A1 WO 2024010661 A1 WO2024010661 A1 WO 2024010661A1 US 2023024629 W US2023024629 W US 2023024629W WO 2024010661 A1 WO2024010661 A1 WO 2024010661A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure networking
virtual
computing environment
technical support
debugger
Prior art date
Application number
PCT/US2023/024629
Other languages
English (en)
Inventor
Takashi Yomo
Original Assignee
Microsoft Technology Licensing, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/984,943 external-priority patent/US20240012672A1/en
Application filed by Microsoft Technology Licensing, Llc filed Critical Microsoft Technology Licensing, Llc
Publication of WO2024010661A1 publication Critical patent/WO2024010661A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/131Protocols for games, networked simulations or virtual reality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/1396Protocols specially adapted for monitoring users' activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/366Software debugging using diagnostics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3664Environments for testing or debugging software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45591Monitoring or debugging support

Definitions

  • Distributed computing systems host and support different types of applications and services in on-premise networks or wide-area networks (WAN).
  • the distributed computing system provider e.g., a cloud computing service provider
  • a diagnostic and debugging tool of the technical support management system can support finding and resolving errors in a customer computing environment.
  • a debugger can be used to debug user mode applications, device drivers, and an operating system in kernel model.
  • technical support management systems are not configured with a comprehensive computing logic and infrastructure to efficiently provide adequate secure network communications between a cloud provider computing environment and a customer computing environment.
  • Such systems may operate with an infrastructure that is limited by latency in communications between the customer and cloud provider computing environments.
  • both the customer and the cloud provider may have concerns about exposing their confidential information if a secure networking connection between them is not configured to secure this type of confidential information.
  • a more comprehensive technical support management system - with an alternative basis for performing secure networking operations - can improve computing operations and interfaces in technical support management systems.
  • the virtual diagnostic system - in a dynamically identified secure networking engine site - provides a secure networking connection and diagnostic and debugging services between a cloud provider computing environment and a customer computing environment.
  • the virtual diagnostic system includes a virtual lab virtual machine network and virtual diagnostic system machines (i.e., a private lab control machine; a debugger host machine; and a debugger proxy machine).
  • the virtual lab virtual machine network (e.g., virtual lab VM subnet) operates in an instance of the secure network engine at the secure networking engine site.
  • technical support management systems are not configured with a comprehensive computing logic and infrastructure to efficiently provide adequate secure network communications for technical support services of a cloud provider.
  • offline debugging using memory snapshots introduces latency issues associated with copying data from a customer computing environment to a cloud provider computing environment.
  • Live debugging via customer-provided network connections or cloud-provided network connections raise security concerns - on the cloud provider side and the customer side, respectively, - about potential exposing their confidential information.
  • Other types of considerations e.g., data boundary, administrative overhead, and external bad actors
  • a technical solution - to the limitations of conventional technical support management systems - includes virtual lab VM network associated with a secure networking engine that provides virtual diagnostic system in a technical support management system.
  • a request to instantiate a secure networking engine - for providing technical support services of a cloud provider computing environment for a diagnostic target of a customer computing environment - is accessed.
  • the request comprises location parameters of the diagnostic target.
  • a secure networking engine site for instantiating the secure networking engine is determined.
  • a secure networking engine - associated with a cloud provider computing environment - is instantiated at the secure networking engine site.
  • the secure networking engine can be dynamically instantiated at the secure networking engine site.
  • the secure networking engine comprises a virtual diagnostic system (e.g., virtual lab VM subnet) comprising a host security device, a private lab control machine, a debugger host machine, and a debugger proxy machine.
  • the secure networking engine further comprises a private virtual private network (VPN) that provides a VPN gateway between the cloud provider computing environment, the virtual diagnostic system, and the customer computing environment.
  • VPN virtual private network
  • a secure networking engine manager of the cloud provider computing environment operates to access the request to instantiate the secure networking engine at the secure networking engine site, the secure networking engine site provides technical support services for a diagnostic target at a customer computing environment.
  • the secure networking engine - comprising a private lab control machine, a debugger host machine, and a debugger proxy machine - is instantiated.
  • a secure networking engine manager causes establishment of a secure networking connection via the private VPN, the secure networking connection via the private VPN connection provides a VPN gateway between the cloud provider computing environment, the virtual diagnostic system, and the customer computing environment.
  • FIGS. 1 A and IB are block diagrams of an exemplary technical support management system for providing a virtual diagnostic system in a secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 1C - 1G are block diagrams of an exemplary technical support management system for providing a virtual diagnostic system in a secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 2A is a block diagram of an exemplary technical support management system for providing a virtual diagnostic system in secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 2B is a block diagram of an exemplary technical support management system for providing a virtual diagnostic system in a secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 3 provides a first exemplary method of providing a virtual diagnostic system in a secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 4 provides a second exemplary method of providing a virtual diagnostic system in a secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 5 provides a third exemplary method of providing a virtual diagnostic system in a secure networking engine, in accordance with aspects of the technology described herein;
  • FIG. 6 provides a block diagram of an exemplary distributed computing environment suitable for use in implementing aspects of the technology described herein;
  • FIG. 7 is a block diagram of an exemplary computing environment suitable for use in implementing aspects of the technology described herein.
  • a cloud computing service provider (e.g., MICROSOFT - “cloud provider”) supports customers of a cloud computing platform (e.g., MICROSOFT AZURE).
  • a customer is provided a cloud computing environment (i.e., on-premise cloud computing environment or Platform-as-a-Service “PAAS”).
  • the cloud computing provider may provide technical support services (e.g., diagnostic and debugging services via a technical support management system) to help manage a cloud computing environment.
  • Technical support services can be provided using different types of technical support tools (e.g., AZURE BASTION).
  • the cloud provider can implement the technical support management system - with remote access to customer computing environment - to provide diagnostic and debugging services.
  • a technical support tool can be operated - by a technician of the cloud computing provider - via a network connection to a customer computing environment.
  • the technician can connect to a virtual machine using a browser and a portal of the cloud computing platform.
  • a cloud computing technical support service and technical support operations may raise security concerns for the cloud computing provider and the customer. Both entities may have confidential information (e.g., proprietary and secure information) that they do not want to expose.
  • the cloud computing provider may not want the cloud computing technical support service software (e.g., source code, binaries, private symbols) to be installed in the customer computing environment and disclose their proprietary software (e.g., software for target device analysis operations) and the customer may not want the cloud computing technician to have access to their secure information on their servers.
  • the cloud computing technical support service software e.g., source code, binaries, private symbols
  • technical support management systems are not configured with a comprehensive computing logic and infrastructure to efficiently provide adequate secure network communications - between a cloud provider computing environment and a customer computing environment - for technical support services of a cloud provider.
  • several different approaches e.g., offline debugging using memory snapshots and live debugging via a customer- provided network connection or a cloud provider network connection
  • a conventional technical support management system may provide support based on a memory snapshot associated with the customer computing environment that need technical analysis.
  • a snapshot dump (or snap dump) can refer to memory dump requested by the technician - or provided by an application or operating system - that is used to assist in diagnosing and debugging errors in computer programs.
  • a memory snapshot in a customer computing environment - in a cloud computing platform - can be quite large and leads to significant latency when communicating the memory snapshot from the customer computing environment for analysis.
  • the memory snapshot can include encrypted data associated with technical data analysis and needs to be decoded using proprietary tools (e.g., decoding symbols) to identify any technical issues. Additionally, data associated with a customer computing environment may impute data residency considerations. Data residency refers to the data laws or regulatory requirement imposed on data based on the data laws that govern a country or region in which it resides. As such, in some cases, data cannot be transferred at all from the customer computing environment. Data boundary restrictions illustrate another limitation of a technical support management system that operates based on transferring memory snapshots.
  • a conventional technical support management system can be implemented based on a customer providing remote access to their customer computing environment.
  • the network connection is associated with the customer and not the cloud computing provider, as such, the network connection is not necessarily a secure network connection and could compromise the security of the technical support service software of the cloud provider.
  • a technician may access the customer computing environment - without using the technical support service software; however, the technician has to manually analyze error logs (e.g., trace analysis) without the automation and functionality available via a technical support service software.
  • a conventional technical support management system having a cloud-provider network connection may still raise concerns for a customer - whose computing environment will be accessed - if the cloud-provider network connection is susceptible to exposing confidential information of the customer.
  • a more comprehensive technical support management system - with an alternative basis for performing secure networking operations - can improve computing operations and interfaces in technical support management systems.
  • Embodiments of the present invention are directed to systems, methods, and computer storage media for, among other things, providing a virtual diagnostic system in a secure networking engine of a technical support management system.
  • the virtual diagnostic system - in a dynamically identified secure networking engine site - provides a secure networking connection and diagnostic and debugging services between a cloud provider computing environment and a customer computing environment.
  • the virtual diagnostic system includes a virtual lab virtual machine network and virtual diagnostic system machines (i.e., a private lab control machine; a debugger host machine; and a debugger proxy machine).
  • the virtual lab virtual machine network (e.g., virtual lab VM subnet) operates in an instance of the secure network engine at the secure networking engine site.
  • a cloud computing provider may provide a cloud computing environment, where the cloud computing environment has customers that utilize different types of application management functionality.
  • Application management functionality can include a technical management system that supports customers that run into technical problems.
  • the technical management system specifically includes a secure networking engine.
  • the securing networking engine provides a secure networking connection between the cloud provider computing environment and a customer computing environment.
  • the secure networking engine can support - via a secure networking connection - realtime diagnostic and debugging services for customer computing environments with improved security and latency based on security computing components of the secure networking engine.
  • the secure networking engine and the secure networking connection allow technicians of the cloud provider computing environment to access diagnostic target machines of the customer computing environment.
  • the secure networking connection allows access to the customer computing environment while restricting access to confidential information (e.g., secure information and proprietary information) of the customer. In this way, a technician of the cloud computing provider can perform technical support services without access confidential information.
  • the customer computing environment provides a customer guest PC that can access a VPN gateway.
  • the customer guest PC is configured on a corporate domain network of the customer.
  • the customer computing environment can include one or more diagnostic targets (e.g., computing devices associated with the technical support services).
  • a diagnostic target has location parameters. Location parameters can include network interface identification, location addressing, and other related parameters that support identifying a location of the diagnostic target in a network associated with the customer computing environment and the cloud computing environment.
  • the location parameters of the diagnostic target are used to identify a secure networking engine site for providing technical support services.
  • the secure networking engine site can refer to a computing environment having a secure networking engine that is dynamically instantiated to provide secure technical support services closer to the diagnostic target.
  • the location parameters are associated with a zone-1 private Internet Protocol (IP) address space associated a portion of the secure networking engine and the customer computing environment.
  • IP Internet Protocol
  • the secure networking engine can include security computing components that are closer to the diagnostic target to improve security and bandwidth for technical support services communications.
  • the secure networking engine includes a virtual diagnostic system having a host security device, a private lab control machine, a debugger host machine, and a debugger proxy machine.
  • the host security device, the private lab control machine, the debugger machine, and the debugger proxy machine each support different types of secure networking engine operations for providing secure technical support services.
  • the secure networking engine operations are associated with three different Internet Protocol (IP) address zones associated with the customer computing environment, the secure networking engine site, and the cloud provider computing environment.
  • IP Internet Protocol
  • the location parameters are associated with a zone-1 private Internet Protocol (IP) address space - and, the virtual diagnostic system is associated with a zone-2 private IP address space, and technician terminals of the cloud provider computing environment are associated with a zone-3 cloud provider private support network address space.
  • IP Internet Protocol
  • the embodiments of the present invention include several inventive features (e.g., operations, systems, engines, and components) associated with a technical support management system having the secure networking engine. Inventive features will be described with reference to operations for providing a virtual lab virtual machine network associated with a secure networking engine that provides a virtual diagnostic system in a technical support management system.
  • FIG. 1A illustrates a technical support management system 100.
  • Technical support management system 100 includes secure networking engine 110, virtual diagnostic system 110A, private VPN service HOB, host network 120, secure networking engine network 130 with private lab control machine 140, debugger host machine 150, and debugger proxy machine 160; cloud provider computing environment 170 with secure networking engine manager HOC, customer computing environment 180 with secure networking engine diagnostic target manager 110D, and network 190.
  • the technical management system 100 provides a secure networking engine 110 that provides a secure networking connection for technical support services.
  • the technical support service can be a diagnostic and debugging tool or service that is implemented via the secure networking engine 110.
  • the secure networking connection is provided between the cloud provider computing environment 170 and the customer computing environment 180.
  • the secure networking engine 110 - operating at a secure networking engine site - provides a secure networking connection that isolates the cloud provider computing environment 170 from the customer computing environment 180 where communications are via the secure networking engine 110.
  • the cloud provider computing environment 170 is a cloud computing service operated by a cloud provider for application management.
  • the cloud provider computing environment 170 can support different types of services, programming languages, tools and frameworks for application management.
  • the cloud provider computing environment 170 operates with a customer computer environment to provide application management.
  • the customer computing environment 180 can include on-premise computing components that are supported by the cloud provider computing environment 180.
  • the cloud provider computing environment 170 includes secure networking engine manager HOC and the customer computing environment 180 includes secure networking engine diagnostic target manager HOD.
  • the secure networking engine manager HOC and the secure networking engine diagnostic target manager 110D each support respective technical support management system operations to support the functionality described herein.
  • secure networking engine manager HOC and the secure networking engine diagnostic target manager 110D operate as client-side managers to support instantiating and performing technical support management system operations at the secure networking engine 110.
  • the secure networking engine 110 can be dynamically instantiated, as such, does not require a fixed machine or system that is permanently dedicated to hosting the secure networking engine 110. In this way, a customer may request instantiating the secure networking engine 110 on an as- needed basis for providing technical support services.
  • the secure networking engine 110 can be instantiated close to the customer computing environment 180 to improvement connectivity and latency between the customer computing environment 180 and the cloud provider computing environment 170. As such, the secure networking engine 110 supports near real-time operations for the technical support service software and a better technician support experience.
  • the secure networking engine 110 includes the virtual diagnostic system 110A having the host network 120 (e.g., a bastion host).
  • the host network includes a host machine (not shown) that operates as a special-purpose computer specifically designed and configured to withstand attacks.
  • the host machine can specifically host a single application or process with other services removed or limited to reduce threat to the computer.
  • the host network 120 may operate as a subnet that is isolated from secure networking engine network 130 (i.e., virtual lab virtual machine (VM) network) having the private lab control machine 140, debugger host machine 150, and debugger proxy machine 160).
  • secure networking engine network 130 i.e., virtual lab virtual machine (VM) network
  • the secure networking engine network 130 supports operations associated with providing technical support services.
  • the private lab control machine 140 can provide a controlled environment for the technical support services operations
  • the debugger host machine can provide an environment for running debugging operations for finding and resolving errors
  • the debugger proxy machine 160 operates as a proxy for the debugger host machine 150 for communications with the customer computing environment 180.
  • the debugger proxy machine 160 can communicate with the debugging target machine 184 through the secure networking connection via the private VPN.
  • the debugger host machine 150 operates as a main central controller device for performing diagnostic and debugging operation commands and manipulates each of the diagnostic messages from the technician terminal to send and receive detailed operations and commands to the debugging target machine through the customer guest PC, and send back the diagnostic result to the technician terminal.
  • the data-flow and connection topology is integrated into the virtual diagnostic system 110A and flexibly deployed on-demand.
  • FIG. IB illustrates secure networking engine 110, secure networking engine manager HOC, secure networking engine diagnostic target manager HOD, virtual diagnostic system 110A, private VPN service 110B, host network 120, secure networking engine network 130 with private lab control machine 140, debugger host machine 150, and debugger proxy machine 160; cloud provider computing environment 170, and customer computing environment 180.
  • the cloud provider computing environment 170 includes a plurality of technician terminals (e.g., technician terminal 172), cloud provider VPN 174, and resource performance monitoring system 178.
  • the customer computing environment 180 includes diagnostic target 180A, customer guest PC 182, and debugging target machine 184.
  • technicians of the cloud computing environment 170 can access diagnostic target machines of the customer computing environment 180 through the secure networking engine 110. Access to the customer computing environment 180 is provided while restricting access to confidential information (e.g., secure information and proprietary information).
  • the customer computing environment 180 is accessible for technical support service operations - based on the configuration of secure networking engine 110 - and thus restricting any access to confidential information by the cloud provider.
  • the cloud provider computing environment 170 granted access to perform technical support service operations - based on the configuration of the secure networking engine - and thus restricting any access to confidential information by the customer.
  • the technician terminal 172 operates in the cloud provider computing environment 170. The technician terminal 172 communicates with the debugger host machine 150 of the virtual diagnostic system.
  • the debugger host machine 150 can host a debugging application (e.g., WINDBG), where the debugging application supports finding and resolving errors in a system.
  • the debugging application can support debugging user mode applications, device drivers, and an operating system in kernel mode.
  • the debugger host machine 150 via the debugger proxy machine 160 communicates with the customer computing environment 180 via a VPN gateway. Communications via the VPN gateway can be encrypted (e.g., a VPN key).
  • an X.509 key can be required for the secure networking connection via the private VPN gateway.
  • the VPN key can be configured to a limited period of time (e.g., typically 2 day but less than 7 days). A new key can be assigned to each session between the virtual diagnostic system and the customer guest PC.
  • the secure networking engine further includes the private VPN service HOB that provides a VPN gateway for communication between the secure networking engine network 130 and the customer computing environment.
  • the customer computing environment 180 accesses a private VPN gateway associated with private VPN service HOB via a computing device (e.g., customer guest PC 182).
  • the customer guest PC can be configured as a corporate domain network computing device, a public network computing device, or a private network computing device.
  • the customer guest PC provides access to one or more debugging target machines (e.g., debugging target machine 184).
  • the secure networking engine manager HOC is responsible for providing autonomic cloud resource selection operations. Selecting a closest cloud site for deploying resources for instantiating a virtual diagnostic system can be based on a set of base metrics parameters and for selecting failover sites.
  • live technical services operations e.g., diagnostic/debugging operations
  • the cloud provider computing environment 170 includes the cloud provider VPN 174 that provides a VPN gateway between the technician terminal 172 and the debugging host machine 150.
  • the cloud provider computing environment 170 also includes a cloud provider portal Application Programming Interface (API) that connects a host security device of the host network 120 with a resource performance monitoring system 178.
  • the resource performance monitoring system 178 provides resource monitoring operations associated with hardware (e.g., CPU, memory, disk, and network) and software (file handles and modules) resources in the technical support management system.
  • the resource performance monitoring system 178 can provide information to the secure networking engine manager 110C to support autonomic best connectingsite selection, base metrics and environmental factors and selection of the best failover site.
  • the cloud provider portal API can support accessing information about the VMs in the virtual lab VM subnet via the host network and communicate the information to the resource performance monitoring system 178.
  • FIG. 1C illustrates technical support management system 100 with a plurality of technician terminals (e.g., technician terminal 172), cloud provider VPN 172, a plurality of instances of a virtual diagnostic system (e.g., virtual diagnostic instance 110A) and a plurality of diagnostic targets (e.g., diagnostic target 184).
  • the technical support management system 100 support for multiple instances of virtual diagnostic engines providing technical support services for different diagnostic targets.
  • the technical support management system can support autonomic best connecting site (i.e., secure networking engine site) selection; best metrics and environmental factors (e.g., candidate secure networking engine score for network bandwidth and cost); and best failover sites (i.e., secure networking engine failover sites).
  • FIG. ID illustrates a schematic associated with determining a secure networking engine site for providing a secure networking engine having a virtual diagnostic system.
  • FIG. ID includes technician terminal 110D 1 in a cloud provider computing environment associated with a cloud provider VPN that communicates with a plurality of candidate secure networking engine sites (e.g., candidate secure networking engine site 110D 2, 110D 3, and 110D 4) and a debugging target machine 110D 5 in a diagnostic target of a customer computing environment.
  • a debugging target machine may require technical support services from a technical support management system of the cloud provider computing network.
  • the debugging target machine 110D 5 can be part of diagnostic target of the customer computing environment.
  • a diagnostic target of the debugging target machine 110D 5 can include a plurality of computing and networking components that support providing technical support services from the technical support management system. Based on the debugging target machine 110D 5 requiring technical support services, a request to instantiate a secure networking engine site can be generated at the cloud provider computing environment or customer computing environment. The request can include location parameters associated with the debugging target machine 110D 5. Based on the location parameters of the debugging target machine 110D 5 or location parameters of the diagnostic target of a customer computing environment, a plurality of candidate secure networking engine sites can be identified.
  • the candidate secure networking engine sites can be remote computing environments associated with the cloud provider that support dynamically instantiating a secure networking engine.
  • the candidate secure networking engine sites can be associated with a candidate secure networking engine site score that is used to rank the plurality of candidate secure networking engine sites relatively to each other.
  • the candidate secure networking engine site scores can be based on a network bandwidth score or cost score, as discussed in more detail below. Based on the candidate networking engine site score generated based on the network bandwidth score and/or the cost, a candidate secure networking engine site is selected as the secure networking site for dynamically instantiating the secure networking engine and providing technical support services.
  • FIG. IE illustrates base metrics parameters for autonomic selection for a secure networking engine site.
  • FIG. IE includes technician machine 172, debugger host machine 150, debugger proxy machine 160, private VPN service HOB, customer guest PC 182, and debugger target machine 184; and a plurality of response times (e.g., tl, t2, t3 and t4).
  • Remote operators - who are participating in the live technical services operations for the remote target machine located at virtual diagnostic system with private symbols such as OS feature team and engineer - can use a shared diagnostic and debugger session through debugger host machine in the secure networking engine.
  • a first technical support instruction (e.g., Dbg command) is communicated from the technician terminal 172 to the debugger host machine 150;
  • a second technical support instruction (e.g., sub command) is communicated 7V-times from the debugger host machine 150 to diagnostic target machine 184 via the debugger proxy machine 160 and the customer gest PC 182;
  • a response to the second technical support instruction is communicated N-times from the debugging target machine 184;
  • a response to the first technical support instruction (e.g., Dbg command result) is communicated.
  • N can be 1 or any number greater than 1.
  • the total response time is represented for remote operators as:
  • T [ tl + N * ( t2 + t3 + t4 + 14 + 13 + 12) + tl ]
  • N (1 ⁇ N ⁇ 100K) This number represents WinDbg internal sub-commands iteration counts, and different values for each diagnostic control (i.e. WinDbg) command set.
  • FIG. IF indicates selecting the secure networking engine site is key, and a different location for the security network engine is much faster than the cloud provider computing environment.
  • FIG. 1G illustrates ideal response time improvement ratio compared to the time of ‘tl’ as 1ms. It is contemplated that the comparison is for the latency time from the technician terminal on to the debugger host machine in an instance of virtual diagnostic system. Moreover, a response time associated with a technician user experience at a technician terminal may defined for a technical support service session.
  • the network bandwidth score can be based on an actual response time for one or more candidate secure networking engine sites. The network bandwidth score can be used to as a factor in selecting a secure networking engine site.
  • An increase in the response can be identified with can be based on a distance between the cloud provider computing environment and the secure networking engine site. It is contemplated one or more additional factors can be associated with selecting the secure networking engine. For example, compute cost (i.e., cost) such as on-demand computing cost associated with compute capacity, disk size, network usage etc., for the candidate secure networking engines can be determined and score (i.e., cost score) against each other. The cost score can alone or in combination with additional factors can support selecting a secure networking engine site. Other variations and combinations of scores - for a candidate secure networking engine score - are contemplated with embodiments described herein.
  • the secure networking engine manger HOC is responsible for providing autonomic cloud resource selection operations.
  • the secure networking engine manager HOC may operate with the resource performance monitoring system 178 to provide autonomic site selection with environmental metrics parameter combined with base metrics parameter, for secure networking and second site as a failover backup site.
  • the estimated workload response time is calculated with the following formula:
  • this factor will be in 1-2% or less for t c () ]
  • T w A measured transaction response speed between Virtual Diagnostic System (Typical target is Debugger Proxy Machine) and its referenced nonTechnician Terminal (i.e. Private Symbol Server ’s data access workload latency, etc.) by Debugger Host Machine(Diagnostic Execution Machine) on Azure Cloud ( Debugger Proxy Machine ).
  • this factor will be in 10-20% or less for t c () ]
  • the secure networking engine manager can support this recalibration resource operation that can be performed at different times (e.g., at the beginning of a diagnostic session starting, the session idle time, and a occurrence of a miscellaneous event such as cloud site disaster phase, or diagnostic session restarting or resume timing).
  • FIG. 2A is a block diagram of an exemplary technical solution environment, based on example environments described with reference to FIG. 6 and 7 for use in implementing embodiments of the technical solution are shown.
  • the technical solution environment includes a technical solution system suitable for providing the example technical support management system 100 in which methods of the present disclosure may be employed.
  • FIG 2A shows a high level architecture of the technical support management system 100 in accordance with implementations of the present disclosure.
  • managers, generators, selectors, or components not shown collectively referred to herein as “components”
  • the technical solution environment of data technical support management system 100 corresponds to FIG. 1 A and IB.
  • FIG. 2 A illustrates secure networking engine 110, virtual diagnostic system 110A, private VPN service HOB, host network 120, virtual lab virtual machine network with private lab control machine 140, debugger host machine 150, and debugger proxy machine 160; cloud provider computing environment 170 with secure networking engine manager HOC, customer computing environment 180 with secure networking engine diagnostic target manager HOD, and network 190.
  • the secure network engine manager 110 is responsible for accessing a request to instantiate the secure networking engine 110 or at least portions of the secure networking engine 110.
  • the secure networking engine 110 supports providing technical services of the cloud provider computing environment 170 for the diagnostic target machine 184 in the customer computing environment 180.
  • the request includes location parameters of one or more of the following: the customer computing environment 180, diagnostic target 180A, secure networking engine diagnostic target manager 110D, customer guest PC 182, and debugging target machine 184.
  • a secure networking engine site for instantiating the secure networking engine is determined.
  • the location parameters are associated with a zone-1 private Internet Protocol (IP) address space.
  • IP Internet Protocol
  • the virtual diagnostic system is associated with a zone-2 private IP address space
  • the technician terminals of the cloud provider computing environment are associated with a zone-3 cloud provider private support network address space.
  • Determining the secure networking engine site is based on candidate secure networking engine scores.
  • the candidate secure networking engine scores can include a network bandwidth score or a cost score.
  • the candidate secure networking engine score - as a network bandwidth score, a cost score, or a combined score, support ranking a plurality of candidate secure networking engine sites relative to each other such that the secure networking engine site is selected for instantiating the secure networking engine.
  • the secure networking engine is instantiated at the secure networking engine site including the virtual diagnostic system and a private virtual private network (VPN) service.
  • the virtual diagnostic system is temporarily instantiated for a period of time associated with performing the technical support services.
  • a secure networking connection is caused to be established.
  • the secure networking engine manger, the secure networking engine, or the secure networking engine diagnostic target manager - individually or in combination - may cause establishment of the secure networking connection.
  • the secure networking connection can be established between a VPN gateway between the cloud provider computing environment, the virtual diagnostic system, and the customer computing environment.
  • the virtual diagnostic system is associated with a host machine in the host machine network 120.
  • the host machine is connected via a cloud provider Application Programming Interface (API) to a resource performance management system of the cloud provider computing environment 170.
  • API Application Programming Interface
  • the debugger host machine 150 is responsible managing communications for providing technical support services.
  • Technical support services can be associated with a plurality of communications between the technician terminals and the debugger target machine to facilitate debugging and diagnostic operations.
  • the technical support services can include a first technical support instruction, a second technical support instruction, and a response to the second technical support instruction.
  • the debugger host machine is responsible for receiving a first technical support instruction associated with a technician terminal of the cloud computing environment.
  • the first technical support instruction is received at the debugger machine via a cloud provider VPN that is a secure networking connection between the cloud provider computing environment and a secure networking engine site comprising the virtual diagnostic system.
  • the first technical support instruction is processed via a virtual lab virtual machine subnet associated with a virtual diagnostic system.
  • a second technical support instruction based on the first technical support instruction is communicated to the debugger proxy machine 160 from the debugger host machine 150.
  • the second technical support instruction can be the same as the first technical support instruction.
  • the second technical support instruction can be a different technical support instruction that is constructed based on the first technical support instruction.
  • the debugger proxy machine 160 communicates the second technical support instruction to the customer computing environment 180 via the secure networking connection.
  • the secure networking connection isolates the cloud provider computing environment from the customer computing environment based on communications via virtual diagnostic system and the private VPN.
  • the debugger proxy machine 160 is responsible for receiving a response to the second technical support instruction.
  • the debugger proxy machine 160 communicates the response to the second technical support instruction to the debugger host machine 150.
  • the debugger host machine communicates the response to the second technical support instruction to the technician terminal.
  • FIG. 2B illustrates a technical support management system 100.
  • the secure networking engine manager HOC accesses a request to instantiate a secure networking engine at a secure networking engine site.
  • the secure networking engine manager instantiates the secure networking engine comprising a private lab control machine, a debugger host machine, and a debugger proxy machine.
  • the secure networking engine diagnostic target manager HOD accesses a request to support instantiating a secure network engine site. Based on accessing the request, the secure networking engine diagnostic target manager HOD establishes a connection between a customer guest PC and a private VPN service. At block 18, based on the connection and the customer guest PC, the secure networking engine diagnostic target manager HOD provides access to a debugging target machine.
  • the secure networking engine 110 establishes a secure networking connection with a diagnostic target.
  • the host network 120 provides access to a secure networking engine network.
  • the host network 120 provides access to private VPN service.
  • the private VPN service 11 OB provides a private VPN service connection via the secure networking engine site.
  • the virtual diagnostic system 110A provides private lab control machine.
  • the virtual diagnostic system 110A provides a debugger host machine.
  • the virtual diagnostic system 110A provides debugger proxy machine.
  • FIGS. 3, 4, and 5 flow diagrams are provided illustrating methods for providing a virtual lab virtual machine network associated with a secure networking engine that provides a virtual diagnostic system in a technical support management system.
  • the methods may be performed using the technical support management system described herein.
  • one or more computer- storage media having computer-executable or computer-useable instructions embodied thereon that, when executed, by one or more processors can cause the one or more processors to perform the methods (e.g., computer-implemented method) in the technical support management system (e.g., a computerized system or computing system).
  • FIG. 3 a flow diagram is provided that illustrates a method 300 for a providing a virtual lab virtual machine network associated with a secure networking engine that provides a virtual diagnostic system in a technical support management system.
  • instantiate the secure networking engine comprising a private lab control machine, a debugger host machine, and a debugger proxy machine.
  • FIG. 4 a flow diagram is provided that illustrates a method 400 for a providing a virtual lab virtual machine network associated with a secure networking engine that provides a virtual diagnostic system in a technical support management system.
  • access location parameters of a diagnostic target At block 402, access location parameters of a diagnostic target.
  • FIG. 5 a flow diagram is provided that illustrates a method 500 for a providing a virtual lab virtual machine network associated with a secure networking engine that provides a virtual diagnostic system in a technical support management system.
  • instantiate a private virtual network (VPN) wherein the private VPN provides a VPN gateway between a cloud provider computing environment, the virtual diagnostic system, and a customer computing environment.
  • VPN private virtual network
  • Embodiments of the present invention have been described with reference to several inventive features (e.g., operations, systems, engines, and components) associated with a technical support management system.
  • inventive features described include: operations, interfaces, data structures, and arrangements of computing resources associated with providing the functionality described herein relative with reference to a secure networking engine.
  • Functionality of the embodiments of the present invention have further been described, by way of an implementation and anecdotal examples - to demonstrate that the operations for providing the virtual lab virtual machine network as a solution to a specific problem in secure networking technology to improve computing operations in technical support management systems. Overall, these improvements result in less CPU computation, smaller memory requirements, and increased flexibility in technical support management systems when compared to previous conventional technical support management system operations performed for similar functionality.
  • FIG. 6 illustrates an example distributed computing environment 600 in which implementations of the present disclosure may be employed.
  • FIG. 6 shows a high level architecture of an example cloud computing platform 610 that can host a technical solution environment, or a portion thereof (e.g., a data trustee environment).
  • a technical solution environment e.g., a data trustee environment.
  • FIG. 6 shows a high level architecture of an example cloud computing platform 610 that can host a technical solution environment, or a portion thereof (e.g., a data trustee environment).
  • a technical solution environment e.g., a data trustee environment
  • FIG. 6 shows a high level architecture of an example cloud computing platform 610 that can host a technical solution environment, or a portion thereof (e.g., a data trustee environment).
  • this and other arrangements described herein are set forth only as examples.
  • many of the elements described herein may be implemented as discrete or distributed components or in conjunction with other components, and in any suitable combination and location.
  • Other arrangements and elements e.g
  • Data centers can support distributed computing environment 600 that includes cloud computing platform 610, rack 620, and node 630 (e.g., computing devices, processing units, or blades) in rack 620.
  • the technical solution environment can be implemented with cloud computing platform 610 that runs cloud services across different data centers and geographic regions.
  • Cloud computing platform 610 can implement fabric controller 640 component for provisioning and managing resource allocation, deployment, upgrade, and management of cloud services.
  • cloud computing platform 610 acts to store data or run service applications in a distributed manner.
  • Cloud computing infrastructure 610 in a data center can be configured to host and support operation of endpoints of a particular service application.
  • Cloud computing infrastructure 610 may be a public cloud, a private cloud, or a dedicated cloud.
  • Node 630 can be provisioned with host 650 (e.g., operating system or runtime environment) running a defined software stack on node 630.
  • Node 630 can also be configured to perform specialized functionality (e.g., compute nodes or storage nodes) within cloud computing platform 610.
  • Node 630 is allocated to run one or more portions of a service application of a tenant.
  • a tenant can refer to a customer utilizing resources of cloud computing platform 610.
  • Service application components of cloud computing platform 610 that support a particular tenant can be referred to as a multi-tenant infrastructure or tenancy.
  • the terms service application, application, or service are used interchangeably herein and broadly refer to any software, or portions of software, that run on top of, or access storage and compute device locations within, a datacenter.
  • nodes 630 may be partitioned into virtual machines (e.g., virtual machine 652 and virtual machine 654). Physical machines can also concurrently run separate service applications.
  • the virtual machines or physical machines can be configured as individualized computing environments that are supported by resources 660 (e.g., hardware resources and software resources) in cloud computing platform 610. It is contemplated that resources can be configured for specific service applications.
  • each service application may be divided into functional portions such that each functional portion is able to run on a separate virtual machine.
  • cloud computing platform 610 multiple servers may be used to run service applications and perform data storage operations in a cluster. In particular, the servers may perform data operations independently but exposed as a single device referred to as a cluster. Each server in the cluster can be implemented as a node.
  • Client device 680 may be linked to a service application in cloud computing platform 610.
  • Client device 680 may be any type of computing device, which may correspond to computing device 600 described with reference to FIG. 6, for example, client device 680 can be configured to issue commands to cloud computing platform 610.
  • client device 680 may communicate with service applications through a virtual Internet Protocol (IP) and load balancer or other means that direct communication requests to designated endpoints in cloud computing platform 610.
  • IP Internet Protocol
  • the components of cloud computing platform 610 may communicate with each other over a network (not shown), which may include, without limitation, one or more local area networks (LANs) and/or wide area networks (WANs).
  • LANs local area networks
  • WANs wide area networks
  • computing device 600 is but one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Neither should computing device 700 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated.
  • the invention may be described in the general context of computer code or machine-useable instructions, including computer-executable instructions such as program modules, being executed by a computer or other machine, such as a personal data assistant or other handheld device.
  • program modules including routines, programs, objects, components, data structures, etc. refer to code that perform particular tasks or implement particular abstract data types.
  • the invention may be practiced in a variety of system configurations, including hand-held devices, consumer electronics, general-purpose computers, more specialty computing devices, etc.
  • the invention may also be practiced in distributed computing environments where tasks are performed by remote-processing devices that are linked through a communications network.
  • computing device 700 includes bus 710 that directly or indirectly couples the following devices: memory 712, one or more processors 714, one or more presentation components 716, input/output ports 718, input/output components 720, and illustrative power supply 722.
  • Bus 710 represents what may be one or more buses (such as an address bus, data bus, or combination thereof).
  • the various blocks of FIG. 7 are shown with lines for the sake of conceptual clarity, and other arrangements of the described components and/or component functionality are also contemplated. For example, one may consider a presentation component such as a display device to be an I/O component. Also, processors have memory. We recognize that such is the nature of the art, and reiterate that the diagram of FIG.
  • FIG. 7 is merely illustrative of an example computing device that can be used in connection with one or more embodiments of the present invention. Distinction is not made between such categories as “workstation,” “server,” “laptop,” “hand-held device,” etc., as all are contemplated within the scope of FIG. 7 and reference to “computing device.”
  • Computing device 700 typically includes a variety of computer-readable media.
  • Computer- readable media can be any available media that can be accessed by computing device 700 and includes both volatile and nonvolatile media, removable and non-removable media.
  • Computer-readable media may comprise computer storage media and communication media.
  • Computer storage media include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD- ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computing device 700.
  • Computer storage media excludes signals per se.
  • Communication media typically embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
  • modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer-readable media.
  • Memory 712 includes computer storage media in the form of volatile and/or nonvolatile memory.
  • the memory may be removable, non-removable, or a combination thereof.
  • Exemplary hardware devices include solid-state memory, hard drives, optical-disc drives, etc.
  • Computing device 700 includes one or more processors that read data from various entities such as memory 712 or VO components 720.
  • Presentation component(s) 716 present data indications to a user or other device.
  • Exemplary presentation components include a display device, speaker, printing component, vibrating component, etc.
  • I/O ports 718 allow computing device 700 to be logically coupled to other devices including VO components 720, some of which may be built in.
  • Illustrative components include a microphone, joystick, game pad, satellite dish, scanner, printer, wireless device, etc.
  • Embodiments described in the paragraphs below may be combined with one or more of the specifically described alternatives.
  • an embodiment that is claimed may contain a reference, in the alternative, to more than one other embodiment.
  • the embodiment that is claimed may specify a further limitation of the subject matter claimed.
  • the word “including” has the same broad meaning as the word “comprising,” and the word “accessing” comprises “receiving,” “referencing,” or “retrieving.” Further the word “communicating” has the same broad meaning as the word “receiving,” or “transmitting” facilitated by software or hardware-based buses, receivers, or transmitters using communication media described herein.
  • words such as “a” and “an,” unless otherwise indicated to the contrary include the plural as well as the singular. Thus, for example, the constraint of “a feature” is satisfied where one or more features are present.
  • the term “or” includes the conjunctive, the disjunctive, and both (a or b thus includes either a or b, as well as a and b).
  • embodiments of the present invention are described with reference to a distributed computing environment; however the distributed computing environment depicted herein is merely exemplary. Components can be configured for performing novel aspects of embodiments, where the term “configured for” can refer to “programmed to” perform particular tasks or implement particular abstract data types using code. Further, while embodiments of the present invention may generally refer to the technical solution environment and the schematics described herein, it is understood that the techniques described may be extended to other implementation contexts.

Abstract

La présente invention concerne des procédés, des systèmes et des supports de stockage informatique permettant de fournir un système de diagnostic virtuel dans un moteur de réseautage sécurisé d'un système de gestion d'assistances techniques. Le système de diagnostic virtuel fournit une connexion de réseautage sécurisée et des services de diagnostic et de débogage entre un environnement informatique de fournisseur infonuagique et un environnement informatique de clients. Le système de diagnostic virtuel comporte un réseau de machines virtuelles (VM) de labo virtuel, un service de réseau privé (VPN) et des machines de système de diagnostic virtuel. Le réseau de VM de labo virtuel fonctionne dans une instance du moteur de réseau sécurisé, sur le site de moteur de réseautage sécurisé. En fonctionnement, on accède à une demande d'instanciation d'un moteur de réseautage sécurisé. La demande comprend des paramètres de localisation de la cible de diagnostic. D'après les paramètres de localisation de la cible de diagnostic, on détermine un site de moteur de réseautage sécurisé permettant d'instancier le moteur de réseautage sécurisé. Le moteur de réseautage sécurisé – associé à un environnement informatique de fournisseur infonuagique – est instancié au niveau du site de moteur de réseautage sécurisé.
PCT/US2023/024629 2022-07-06 2023-06-06 Moteur de réseautage sécurisé destiné à un système de gestion d'assistances techniques WO2024010661A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202263358797P 2022-07-06 2022-07-06
US63/358,797 2022-07-06
US17/984,943 US20240012672A1 (en) 2022-07-06 2022-11-10 Secure networking engine for a technical support management system
US17/984,943 2022-11-10

Publications (1)

Publication Number Publication Date
WO2024010661A1 true WO2024010661A1 (fr) 2024-01-11

Family

ID=87136524

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2023/024629 WO2024010661A1 (fr) 2022-07-06 2023-06-06 Moteur de réseautage sécurisé destiné à un système de gestion d'assistances techniques

Country Status (1)

Country Link
WO (1) WO2024010661A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019164907A1 (fr) * 2018-02-20 2019-08-29 Huawei Technologies Co. Ltd. Combinaison de réseaux privés virtuels d'entreprise (vpns) avec des nuages privés virtuels (vpc) en nuage
US20210297417A1 (en) * 2020-03-23 2021-09-23 Microsoft Technology Licensing, Llc Secure remote troubleshooting of private cloud
WO2022093237A1 (fr) * 2020-10-29 2022-05-05 Telefonaktiebolaget Lm Ericsson (Publ) Rendu de jeu à distance à sessions multiples

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019164907A1 (fr) * 2018-02-20 2019-08-29 Huawei Technologies Co. Ltd. Combinaison de réseaux privés virtuels d'entreprise (vpns) avec des nuages privés virtuels (vpc) en nuage
US20210297417A1 (en) * 2020-03-23 2021-09-23 Microsoft Technology Licensing, Llc Secure remote troubleshooting of private cloud
WO2022093237A1 (fr) * 2020-10-29 2022-05-05 Telefonaktiebolaget Lm Ericsson (Publ) Rendu de jeu à distance à sessions multiples

Similar Documents

Publication Publication Date Title
US11500670B2 (en) Computing service with configurable virtualization control levels and accelerated launches
US11522806B1 (en) Migration of files contained on virtual storage to a cloud storage infrastructure
JP6683848B2 (ja) インテリジェント構成検出技術
US11265288B2 (en) Using network configuration analysis to improve server grouping in migration
US8336047B2 (en) Provisioning virtual resources using name resolution
US9712604B2 (en) Customized configuration of cloud-based applications prior to deployment
JP2019525302A (ja) アプリケーション移行システム
US20200106669A1 (en) Computing node clusters supporting network segmentation
US10740133B2 (en) Automated data migration of services of a virtual machine to containers
US20110246627A1 (en) Data Center Affinity Of Virtual Machines In A Cloud Computing Environment
US11102278B2 (en) Method for managing a software-defined data center implementing redundant cloud management stacks with duplicate API calls processed in parallel
US20200334027A1 (en) Service upgrade integration for virtualized computing environments
US11055108B2 (en) Network booting in a peer-to-peer environment using dynamic magnet links
US11099829B2 (en) Method and apparatus for dynamically deploying or updating a serverless function in a cloud architecture
US11785054B2 (en) Deriving system architecture from security group relationships
US20090210872A1 (en) Method to enhance the scalability of network caching capability in virtualized environment
AU2019295631B2 (en) Attached accelerator based inference service
US11184244B2 (en) Method and system that determines application topology using network metrics
US20240012672A1 (en) Secure networking engine for a technical support management system
WO2024010661A1 (fr) Moteur de réseautage sécurisé destiné à un système de gestion d'assistances techniques
US11829792B1 (en) In-place live migration of compute instances for efficient host domain patching
US20240020214A1 (en) System and method for generating service topology graph for microservices using distributed tracing
US20230409455A1 (en) Dual list structure for generating, aggregating, and querying virtualization service execution metrics
US20230409361A1 (en) Generating, aggregating, and querying virtualization service execution metrics using in-memory processing
US20230409458A1 (en) Generating, aggregating, and querying virtualization service execution metrics for cloud diagnostics at scale

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23738295

Country of ref document: EP

Kind code of ref document: A1