Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model

Assignee

• Illumio, Inc. · US

Inventors

• Paul J. Kirner · Sunnyvale, US
• Matthew K. Glenn · Mountain View, US
• Mukesh Gupta · Fremont, US
• Roy Nakashima · Santa Cruz, US
• Thukalan V. Verghese · Redwood City, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/104
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.