-
公开(公告)号:US11989282B2
公开(公告)日:2024-05-21
申请号:US17471533
申请日:2021-09-10
发明人: Da Li Liu , Qi Feng Huo , Yuan Yuan Wang , Lei Li , Yan Song Liu
CPC分类号: G06F21/53 , G06F9/45558 , G06F21/57 , G06F21/602 , H04L9/30 , G06F2009/45562
摘要: A system may include a memory and a processor in communication with the memory. The processor may be configured to perform operations that include generating a key pair and encrypting a data credential with a public key to make a data credential secret. The operations may further include storing the data credential secret in a cluster on a host and deploying a workload on the cluster. The operations may also include establishing an empty bundle in the host and generating a pod trusted execution environment.
-
公开(公告)号:US12118380B2
公开(公告)日:2024-10-15
申请号:US17467523
申请日:2021-09-07
发明人: Qi Feng Huo , Da Li Liu , Yuan Yuan Wang , Lei Li , Yan Song Liu
IPC分类号: G06F9/455 , G06F9/445 , H04L67/1097 , H04L67/561
CPC分类号: G06F9/45558 , G06F9/44505 , H04L67/1097 , H04L67/561 , G06F2009/45583 , G06F2009/45595
摘要: Embodiments are directed to a container storage system in remote pods. A worker node virtual machine determines that a volume is available for attachment to the worker node virtual machine. An intermediary software of the worker node virtual machine causes a pod container storage interface to attach the volume to a pod virtual machine. in response to attaching the volume to the pod virtual machine, the intermediary software of the worker node virtual machine causes the pod container storage interface to mount the volume to the pod virtual machine such that the volume is available for use by the pod virtual machine.
-
公开(公告)号:US20230082851A1
公开(公告)日:2023-03-16
申请号:US17471533
申请日:2021-09-10
发明人: Da Li Liu , Qi Feng Huo , YUAN YUAN WANG , Lei Li , Yan Song Liu
摘要: A system may include a memory and a processor in communication with the memory. The processor may be configured to perform operations that include generating a key pair and encrypting a data credential with a public key to make a data credential secret. The operations may further include storing the data credential secret in a cluster on a host and deploying a workload on the cluster. The operations may also include establishing an empty bundle in the host and generating a pod trusted execution environment.
-
公开(公告)号:US20230070224A1
公开(公告)日:2023-03-09
申请号:US17467518
申请日:2021-09-07
发明人: Qi Feng Huo , XIAOJING LIU , Dan Qing Huang , Lei Li , Da Li Liu , YUAN YUAN WANG , Yan Song Liu
IPC分类号: G06F9/455
摘要: Embodiments are directed to using remote pods. An intermediary software is instantiated in a worker node virtual machine and is used to cause a pod virtual machine to be created, the pod virtual machine being remote from the worker node virtual machine. An overlay network is established between the intermediary software in the worker node virtual machine and a pod space in the pod virtual machine. The overlay network is used to cause containers to be created in the pod virtual machine, where the worker node virtual machine is configured to use the overlay network to manage communications with the pod virtual machine.
-
公开(公告)号:US20230032363A1
公开(公告)日:2023-02-02
申请号:US17443468
申请日:2021-07-27
发明人: Qi Feng Huo , Yan Song Liu , Da Li Liu , Lei Li , YUAN YUAN WANG
摘要: In a method for encryption of sensitive data, an encrypted user private key is received in a Trusted Execution Environment (TEE) in a worker node in a container management system, the encrypted user private key being an encrypted version of a user private key for decrypting a message from a user in the container management system. The user private key is obtained in the TEE, and the encrypted user private key being decrypted into the user private key with a provider private key that is received from an encryption manager for managing the container management system. With these embodiments, the user private key may be transmitted to the worker node safely, such that the worker node may use the user private key to decrypt messages from the user. Therefore, the security level of the container management system may be increased.
-
公开(公告)号:US11366683B2
公开(公告)日:2022-06-21
申请号:US16734279
申请日:2020-01-03
发明人: Yuan Yuan Wang , Qi Feng Huo , Da Li Liu , Cdl Lei Li , Yan Song Liu , Tian Xiaoyi , Shu Chao Wan
IPC分类号: G06F9/46 , G06F9/455 , G06N3/04 , G06F16/955
摘要: A process deployment controller creates an updated image for an intermediary engine in order to execute one or more applications on a host infrastructure. The process deployment controller generates a partial image by executing source code from a template repository. The partial image provides a structure used to create an intermediary engine used with a container, which includes an application, as well as binaries and libraries required to execute the application in an infrastructure via the intermediary engine. The process deployment controller transmits an identifier of the infrastructure to a component registry; receives a component description of the infrastructure from the component registry; and uses the component description to create an updated image of the partial image. The process deployment controller, upon receiving a request for the application to run on the infrastructure, utilizes the updated image and intermediary engine to execute the application on the infrastructure.
-
公开(公告)号:US11995197B2
公开(公告)日:2024-05-28
申请号:US17443468
申请日:2021-07-27
发明人: Qi Feng Huo , Yan Song Liu , Da Li Liu , Lei Li , Yuan Yuan Wang
CPC分类号: G06F21/602 , G06F21/6245 , H04L9/0822 , H04L9/0897 , G06F2221/2149
摘要: In a method for encryption of sensitive data, an encrypted user private key is received in a Trusted Execution Environment (TEE) in a worker node in a container management system, the encrypted user private key being an encrypted version of a user private key for decrypting a message from a user in the container management system. The user private key is obtained in the TEE, and the encrypted user private key being decrypted into the user private key with a provider private key that is received from an encryption manager for managing the container management system. With these embodiments, the user private key may be transmitted to the worker node safely, such that the worker node may use the user private key to decrypt messages from the user. Therefore, the security level of the container management system may be increased.
-
公开(公告)号:US11928503B2
公开(公告)日:2024-03-12
申请号:US17354304
申请日:2021-06-22
发明人: Qi Feng Huo , Yuan Yuan Wang , Da Li Liu , Lei Li , Yan Song Liu
CPC分类号: G06F9/4881
摘要: Embodiments are directed to deploying a workload on the best/highest performance node. Nodes configured to accommodate a request for a workload are selected. Information is collected on each of the selected nodes and the workload. Predicted response times expected for the workload running on each of the selected nodes are determined. The workload is deployed on a node of the selected nodes, the node having a corresponding predicted response time for the workload, the workload being deployed on the node based at least in part on the corresponding predicted response time.
-
公开(公告)号:US20240072997A1
公开(公告)日:2024-02-29
申请号:US17822864
申请日:2022-08-29
发明人: Qi Feng Huo , Yuan Yuan Wang , Da Li Liu , Yan Song Liu , Lei Li
CPC分类号: H04L9/0825 , G06F9/45558 , H04L9/0891 , G06F2009/45587
摘要: User data security is provided. Encrypted user data are identified in a virtual machine. A private key of a public/private cryptographic key pair corresponding to a user is retrieved. The encrypted user data is decrypted within the virtual machine utilizing the private key corresponding to the user to form decrypted user data. The encrypted user data are replaced in the virtual machine with the decrypted user data. The decrypted user data is processed in the virtual machine to perform a service in a cloud environment.
-
公开(公告)号:US20240143373A1
公开(公告)日:2024-05-02
申请号:US18051911
申请日:2022-11-02
发明人: Yuan Yuan Wang , Qi Feng Huo , Da Li Liu , Lei Li , Yan Song Liu
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F2009/4557 , G06F2009/45575 , G06F2009/45595
摘要: Virtual machine management is provided. A virtual machine is started automatically based on a custom resource definition of the virtual machine in response to the receiving the custom resource definition of the virtual machine. A container is generated to run an application workload in the virtual machine based on a container configuration file in response to the virtual machine starting. The application workload is deployed on the container automatically based on a container image corresponding to the container. The application workload is run on the container automatically in accordance with a definition of the application workload.
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.017 秒)
