-
公开(公告)号:US20230328114A1
公开(公告)日:2023-10-12
申请号:US18329417
申请日:2023-06-05
Applicant: Oracle International Corporation
Inventor: Igor Dozorets , Thoulfekar Alrahem , Jun Tong , Leonid Kuperman , Nachiketh Potlapally , Bala Ganesh Chandran , Brian Pratt , Nathaniel Martin Glass , Girish Nagaraja , Jonathan Jorge Nadal
CPC classification number: H04L63/205 , H04L63/20 , H04L63/102 , H04L63/107 , H04L63/10 , H04L67/10
Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.
-
12.发明公开公开(公告)号:US20230273834A1
公开(公告)日:2023-08-31
申请号:US18142000
申请日:2023-05-01
Applicant: Oracle International Corporation
Inventor: Nathaniel Martin Glass
IPC: G06F9/50 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5041 , H04L41/50 , G06F9/38 , G06F9/4401 , H04L41/0806 , G06F9/48 , G06F11/07 , G06F11/32 , G06F16/901 , G06F9/445 , G06F9/451 , G06F3/0484 , H04L67/00 , G06F11/14 , G06F11/36 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566
CPC classification number: G06F9/5061 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5048 , H04L41/5096 , G06F9/3836 , G06F9/4411 , G06F9/5027 , G06F9/5072 , G06F9/5022 , G06F9/5077 , H04L41/0806 , G06F9/4856 , G06F9/5038 , G06F9/505 , G06F11/0757 , G06F11/327 , G06F16/9024 , G06F9/5011 , G06F9/44505 , G06F9/485 , G06F9/451 , G06F3/0484 , H04L67/34 , G06F11/1469 , G06F11/3664 , G06F11/3684 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L41/5041 , H04L67/566 , G06F8/61
Abstract: Techniques for preventing concurrent execution of an infrastructure orchestration service are described. Worker nodes can receive instructions, or tasks, for deploying infrastructure resources and can provide heartbeat notifications to scheduler nodes, also considered a lease. A signing proxy can track the heartbeat notifications sent from the worker nodes to the scheduler node. The signing proxy can receive requests corresponding to a performance of the tasks assigned to the worker nodes. The signing proxy can determine whether the lease between each worker node and the scheduler is valid. If the lease is valid, the signing proxy may make a call to services on behalf of the worker node, and if the lease is not valid, the signing proxy may not make a call to services on behalf of the worker node. Instead, the signing proxy may cut off all outgoing network traffic, blocking access of the worker node to services.
-
公开(公告)号:US20230070404A1
公开(公告)日:2023-03-09
申请号:US17939813
申请日:2022-09-07
Applicant: Oracle International Corporation
Inventor: Phillip Vassenkov , Nathaniel Martin Glass , Eric Tyler Barsalou , Caleb Dockter
IPC: G06F9/50 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5041 , H04L41/50 , G06F9/38 , G06F9/4401 , H04L41/0806 , G06F9/48 , G06F11/07 , G06F11/32 , G06F16/901 , G06F9/445 , G06F9/451 , G06F3/0484 , H04L67/00 , G06F11/14 , G06F11/36 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566
Abstract: Techniques for implementing an infrastructure orchestration service are described. In some examples, a declarative provisioner of the infrastructure orchestration service receives instructions for deployment of a resource. The declarative provisioner identifies that the deployment of the resource is a long-running task stores state information corresponding to the deployment of the resource. In certain embodiments, upon identifying that the deployment of the resource is a long-running task, the declarative provisioner pauses its execution of the long-running task. Responsive to a trigger received from the infrastructure orchestration service, the declarative provisioner resumes execution of the deployment of the resource using the state information and transmits deployment information corresponding to the deployment of the resource to the infrastructure orchestration service.
-
公开(公告)号:US20230004443A1
公开(公告)日:2023-01-05
申请号:US17939852
申请日:2022-09-07
Applicant: Oracle International Corporation
Inventor: Greg Mark Jablonski , Nathaniel Martin Glass , Eric Tyler Barsalou
IPC: G06F9/50 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5041 , H04L41/50 , G06F9/38 , G06F9/4401 , H04L41/0806 , G06F9/48 , G06F11/07 , G06F11/32 , G06F16/901 , G06F9/445 , G06F9/451 , G06F3/0484 , H04L67/00 , G06F11/14 , G06F11/36 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566
Abstract: Techniques for implementing rollback of infrastructure changes in an infrastructure orchestration service are described. In certain examples, an infrastructure orchestration service is disclosed that manages both provisioning and deploying of infrastructure assets within a cloud environment. The service receives a plan comprising a set of instructions associated with a set of infrastructure assets of an execution target and identifies a first state of the set of infrastructure assets. The service executes the set of instructions in the plan to achieve a second state for the set of infrastructure assets. Based in part on the executing, the service receives a trigger for rolling back the plan to restore the set of infrastructure assets in the plan to the first state and executes a rollback plan for the plan. The service then transmits a result associated with the execution of the rollback plan.
-
公开(公告)号:US20220300338A1
公开(公告)日:2022-09-22
申请号:US17834378
申请日:2022-06-07
Applicant: Oracle International Corporation
Inventor: Eric Tyler Barsalou , Nathaniel Martin Glass
IPC: G06F9/50 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5041 , H04L41/50 , G06F9/38 , G06F9/4401 , H04L41/0806 , G06F9/48 , G06F11/07 , G06F11/32 , G06F16/901 , G06F9/445 , G06F9/451 , G06F3/0484 , H04L67/00 , G06F11/14 , G06F11/36 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566
Abstract: Techniques for implementing an infrastructure orchestration service are described. A safety plan comprising a list of resources and operations based at least in part on a deployment configuration file can be received. Upon receiving approval of the safety plan, an operation corresponding to at least one of the list of resources can be prepared to be performed. The operation can be compared to the safety plan. If the operation is part of the safety plan, the operation can be performed. If the operation is not part of the safety plan, the deployment can be halted, and a notification that the deployment is not in compliance with the safety plan can be transmitted.
-
Patent Agency Ranking
16.发明授权公开(公告)号:US11321138B2
公开(公告)日:2022-05-03
申请号:US17016802
申请日:2020-09-10
Applicant: Oracle International Corporation
Inventor: Nathaniel Martin Glass
IPC: G06F15/173 , G06F9/50 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5041 , H04L41/50 , G06F9/38 , G06F9/4401 , H04L41/0806 , G06F9/48 , G06F11/07 , G06F11/32 , G06F16/901 , G06F9/445 , G06F9/451 , G06F3/0484 , H04L67/00 , G06F11/14 , G06F11/36 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566 , G06F8/61
Abstract: Techniques for preventing concurrent execution of an infrastructure orchestration service are described. Worker nodes can receive instructions, or tasks, for deploying infrastructure resources and can provide heartbeat notifications to scheduler nodes, also considered a lease. A signing proxy can track the heartbeat notifications sent from the worker nodes to the scheduler node. The signing proxy can receive requests corresponding to a performance of the tasks assigned to the worker nodes. The signing proxy can determine whether the lease between each worker node and the scheduler is valid. If the lease is valid, the signing proxy may make a call to services on behalf of the worker node, and if the lease is not valid, the signing proxy may not make a call to services on behalf of the worker node. Instead, the signing proxy may cut off all outgoing network traffic, blocking access of the worker node to services.
-
公开(公告)号:US12254356B2
公开(公告)日:2025-03-18
申请号:US18373743
申请日:2023-09-27
Applicant: Oracle International Corporation
Inventor: Eric Tyler Barsalou , Nathaniel Martin Glass
IPC: G06F9/50 , G06F3/0484 , G06F8/60 , G06F8/71 , G06F9/38 , G06F9/4401 , G06F9/445 , G06F9/451 , G06F9/48 , G06F11/07 , G06F11/14 , G06F11/32 , G06F11/36 , G06F11/3668 , G06F16/901 , H04L41/0806 , H04L41/0816 , H04L41/50 , H04L41/5041 , H04L41/5054 , H04L67/00 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566 , G06F8/61
Abstract: Techniques for implementing an infrastructure orchestration service are described. A configuration file for a deployment to a first execution target and a second execution target can be received. A first safety plan can be generated for the first execution target that comprises a first list of resources and operations associated with deployment at the first execution target. Approval of the first safety plan can be received. A second safety plan can be generated for the second execution target that comprises a second list of resources and operations associated with deployment at the second execution target. A determination can be made whether the second safety plan is a subset of the first safety plan. If the determination is that the second safety plan is a subset of the first safety plan, the second safety plan can automatically be approved and transmitted to the second execution target for deployment.
-
公开(公告)号:US11949735B2
公开(公告)日:2024-04-02
申请号:US17549595
申请日:2021-12-13
Applicant: Oracle International Corporation
Inventor: Mohamed Saber Abdelfattah Hassan , Jonathan Jorge Nadal , Nathaniel Martin Glass , Yu Wu , Daniel M. Vogel , Geoff Hopcraft
IPC: G06F15/16 , G06F9/46 , G06F9/50 , G06F9/54 , G06F16/951 , H04L29/06 , H04L47/10 , H04L47/70 , H04L67/10
Abstract: Techniques for managing network-accessible infrastructure metadata are provided. A method includes receiving a resource request comprising resource metadata corresponding to a network-accessible infrastructure resource, determining whether to commit the resource request based at least in part on a constraint associated with the network-accessible infrastructure resource, and, in accordance with a determination to commit the resource request: generating, by the computer system, a resource identifier describing resource metadata in accordance with the resource request, storing, by the computer system, the resource metadata in a data store in communication with the computer system, receiving, by the computer system, a data request to provide the resource metadata described by the resource identifier, and providing, by the computer system, the resource metadata described by the resource identifier in accordance with the data request.
-
公开(公告)号:US20230325204A1
公开(公告)日:2023-10-12
申请号:US18334681
申请日:2023-06-14
Applicant: Oracle International Corporation
Inventor: Caleb Dockter , Nathaniel Martin Glass , Eric Tyler Barsalou
IPC: G06F9/4401 , G06F9/48 , G06F9/50 , G06F8/61
CPC classification number: G06F9/4416 , G06F9/4881 , G06F2209/503 , G06F8/61 , G06F9/5005
Abstract: Techniques are disclosed for managing dependencies in an orchestration service. A computer-implemented method can include operations performed by a declarative infrastructure provisioner (DIP). In some embodiments, the DIP parses configuration data associated with a computing system and generates a directed acyclic graph (DAG) for booting a first resource. The DAG may specify a dependency of the first resource on a capability of a second resource. The DIP may traverse the DAG and determine, based at least in part on the traversal, that the dependency has been reached. The DIP may publish, to a scheduling process, an indication that the first resource is awaiting availability of the capability of the second resource. In some embodiments, the DIP receives a subsequent indication that the capability is available, regenerates the DAG, and recommences traversal of the DAG. Additional operations for booting the first resource may be performed in accordance with the recommenced traversal.
-
公开(公告)号:US11726830B2
公开(公告)日:2023-08-15
申请号:US17834378
申请日:2022-06-07
Applicant: Oracle International Corporation
Inventor: Eric Tyler Barsalou , Nathaniel Martin Glass
IPC: G06F9/50 , G06F8/71 , H04L41/5054 , H04L41/0816 , G06F8/60 , H04L41/5041 , H04L41/50 , G06F9/38 , G06F9/4401 , H04L41/0806 , G06F9/48 , G06F11/07 , G06F11/32 , G06F16/901 , G06F9/445 , G06F9/451 , G06F3/0484 , H04L67/00 , G06F11/14 , G06F11/36 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/566 , G06F8/61
CPC classification number: G06F9/5061 , G06F3/0484 , G06F8/60 , G06F8/71 , G06F9/3836 , G06F9/4411 , G06F9/44505 , G06F9/451 , G06F9/485 , G06F9/4856 , G06F9/505 , G06F9/5011 , G06F9/5022 , G06F9/5027 , G06F9/5038 , G06F9/5072 , G06F9/5077 , G06F11/0757 , G06F11/1469 , G06F11/327 , G06F11/3664 , G06F11/3684 , G06F16/9024 , H04L41/0806 , H04L41/0816 , H04L41/5041 , H04L41/5048 , H04L41/5054 , H04L41/5096 , H04L67/10 , H04L67/1008 , H04L67/1031 , H04L67/34 , H04L67/566 , G06F8/61
Abstract: Techniques for implementing an infrastructure orchestration service are described. A safety plan comprising a list of resources and operations based at least in part on a deployment configuration file can be received. Upon receiving approval of the safety plan, an operation corresponding to at least one of the list of resources can be prepared to be performed. The operation can be compared to the safety plan. If the operation is part of the safety plan, the operation can be performed. If the operation is not part of the safety plan, the deployment can be halted, and a notification that the deployment is not in compliance with the safety plan can be transmitted.
-
-
-
-
-
-
-
-
-
Search Results
52
records
(took 0.023 seconds)
