公开(公告)号：US11128629B2

公开(公告)日：2021-09-21

申请号：US16135193

申请日：2018-09-19

Applicant: Google LLC

Inventor： Manoj Sharma ,  Choudhury Sarada Prasanna Nanda ,  Ilya Beyer ,  Maurilio Cometto

IPC: G06F21/00 ,  H04L29/06 ,  G06F11/34 ,  G06F21/62

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

公开(公告)号：US20210258208A1

公开(公告)日：2021-08-19

申请号：US17230920

申请日：2021-04-14

Applicant: Google LLC

Inventor： Manoj Sharma ,  Choudhury Sarada Prasanna Nanda ,  Gururaj Pangal ,  Maurilio Cornetta ,  Ilya Beyer

IPC: H04L12/24 ,  G06F9/50 ,  G06F21/62 ,  G06F9/455 ,  H04L29/06 ,  G06F8/61

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, 1 0 during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

公开(公告)号：US20250094204A1

公开(公告)日：2025-03-20

申请号：US18964430

申请日：2024-11-30

Applicant: Google LLC

Inventor： Ilya Beyer ,  Manoj Sharma ,  Gururaj Pangal ,  Maurilio Cometto

IPC: G06F9/455 ,  G06F8/60 ,  G06F9/50

Abstract: A system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource provider.

公开(公告)号：US12052254B2

公开(公告)日：2024-07-30

申请号：US17446751

申请日：2021-09-02

Applicant: Google LLC

Inventor： Manoj Sharma ,  Choudhury Sarada Prasanna Nanda ,  Ilya Beyer ,  Maurilio Cometto

IPC: G06F21/00 ,  G06F11/34 ,  G06F21/62 ,  H04L9/40

CPC classification number: H04L63/102 ,  G06F11/3438 ,  G06F21/6281 ,  H04L63/108 ,  G06F2221/2141

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

公开(公告)号：US11182209B2

公开(公告)日：2021-11-23

申请号：US16137921

申请日：2018-09-21

Applicant: Google LLC

Inventor： Ilya Beyer ,  Ievgen Ignatiev ,  Maksym Skrynnik

IPC: G06F9/48 ,  H04L29/08 ,  G06F9/50

Abstract: In one embodiment, a method includes receiving a request to perform a job from a second computing device, where the job includes one or more steps to be completed in a period, and where the request includes a job description for the job, storing the job description into a data store, retrieving a step description corresponding to one of the steps of the job to be performed from the data store, where each of the steps is performed by a corresponding worker system, sending the commands to the communication endpoint for the corresponding worker system, receiving a status update comprising results for the commands from the corresponding worker system, and storing the status update to the data store.

公开(公告)号：US20240372870A1

公开(公告)日：2024-11-07

申请号：US18777146

申请日：2024-07-18

Applicant: Google LLC

Inventor： Manoj Sharma ,  Choudhury Sarada Prasanna Nanda ,  Ilya Beyer ,  Maurilio Cometto

IPC: H04L9/40 ,  G06F11/34 ,  G06F21/62

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

公开(公告)号：US20240086227A1

公开(公告)日：2024-03-14

申请号：US18517896

申请日：2023-11-22

Applicant: Google LLC

Inventor： Ilya Beyer ,  Manoj Sharma ,  Gururaj Pangal ,  Maurilio Cometto

IPC: G06F9/455 ,  G06F8/60 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F8/60 ,  G06F9/5072 ,  G06F9/5077 ,  G06F2009/45583 ,  G06F2209/5011

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource provider.

公开(公告)号：US20230090171A1

公开(公告)日：2023-03-23

申请号：US18058597

申请日：2022-11-23

Applicant: Google LLC

Inventor： Ilya Beyer ,  Manoj Sharma ,  Gururaj Pangal ,  Maurilio Cometto

IPC: G06F9/455 ,  G06F9/50 ,  G06F8/60

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource provider.

公开(公告)号：US11531561B2

公开(公告)日：2022-12-20

申请号：US17086289

申请日：2020-10-30

Applicant: Google LLC

Inventor： Ilya Beyer ,  Manoj Sharma ,  Gururaj Pangal ,  Maurilio Cometto

IPC: G06F9/455 ,  G06F9/50 ,  G06F8/60

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource provider.

公开(公告)号：US20210049035A1

公开(公告)日：2021-02-18

申请号：US17086289

申请日：2020-10-30

Applicant: Google LLC

Inventor： Ilya Beyer ,  Manoj Sharma ,  Gururaj Pangal ,  Maurilio Cornetta

IPC: G06F9/455 ,  G06F9/50 ,  G06F8/60

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource provider.