2020
Method and system for monitoring communication in a network
Katherine Barabash, Dean Har'el Lorenz, Eran Raichstein, Liran Schour
US Patent 10,749,765
Abstract
A method, system and computer program product, the method comprising: in response to receiving a packet from a stream of packets transmitted to a computing platform, determining, based on a meta-data of the packet, whether to capture the packet or avoid capturing thereof, said determining comprising: subject to the meta-data indicating that a sequence number of the packet is within a first range or within a second range, wherein a distance between an end of the first range and a beginning of the second range is at least of a predetermined size, wherein a distance, through a wraparound, between an end of the second range and a beginning of the first range is at least of the predetermined size, thereby a wraparound situation is identifiable within the stream of packets; and in response to determining to capture the packet: capturing the packet; and transmitting the packet to analysis.
Data Consistency When Switching from Primary to Backup Data Storage.
Dean Har'el Lorenz, Roie Melamed, Alexey Roytman, Aidan Shribman
US Patent App. 16/194,467
Fast, low memory, consistent hash using an initial distribution
Dean Har'el Lorenz, Gal Mendelson, Valleriya Perelman
US Patent 10,540,207
Abstract
Embodiments of the present systems and methods may provide a consistent hash function that provides reduced memory use and complexity, reduced computational complexity, and relatively low numbers of keys that must be reshuffled compared to current techniques. For example, in an embodiment, a computer-implemented method for controlling computing resources may comprise storing a set of labels of potential resources comprising a plurality of labels of working resources allocated to actual resources and a plurality of labels of reserved resources available to be allocated, generating an initial assignment to one of the set of labels of potential resources, when the assignment to one of a set of labels of potential resources is to one of the labels of reserved resources, reassigning the request to another label of a resource selected from a subset of the labels of potential resources, and repeating the reassigning until the request is assigned to a label of a working resource.
Distributed affinity tracking for network connections
Dean H Lorenz, Valleriya Perelman
US Patent 10,673,764
Abstract
An embodiment of the invention may include a method, computer program product, and system for data transfer management. The embodiment may include receiving a data packet from a client computing device. The received data packet is part of a data flow. The embodiment may include determining that the received data packet is not part of a data flow tracking list. The embodiment may include computing a current mapping value for the received data packet. The embodiment may include determining that a global system state of expecting change exists. The embodiment may include computing an expected mapping value for the received data packet. The embodiment may include determining that the expected mapping value is not equal to the current mapping value. The embodiment may include adding the data flow to the data flow tracking list. The embodiment may include forwarding the received data packet according to the current mapping value.
2018
Distributed affinity tracking for network connections
Dean Har'el Lorenz, Valleriya Perelman
US Patent 10,091,098
Abstract
An embodiment of the invention may include a method, computer program product, and system for data transfer management. The embodiment may include receiving a data packet, by a first server, from a load balancer. The received data packet is part of a data flow. The embodiment may include determining, by the first server, whether the received data packet is part of an existing data flow connection served by the first server. Based on determining that the received data packet is not part of an existing data flow served by the first server, the embodiment may include determining, by the first server, whether the received data packet is part of a new data flow connection. Based on determining that the received data packet is not part of a new data flow connection, the embodiment may include notifying, by the first server, the load balancer.
2017
Apparatus and method for providing a public key for authenticating an integrated circuit
Lorenz, Dean and Dolgunov, Boris and Avanzi, Roberto and Mclean, Ivan Hugh
US Patent 9,813,392
Abstract
Disclosed is a method for providing a public key for authenticating an integrated circuit. In the method, the integrated circuit obtains a hardware key and an integrated circuit identifier. The integrated circuit generates a derived key based on the hardware key using a key derivation function (KDF) shared with a manufacturing machine. The integrated circuit generates a private key and a corresponding public key using the derived key as an input to a deterministic function. The integrated circuit then provides the public key and the integrated circuit identifier to a partner service for authentication of the integrated circuit using an anonymized credential database to be provided to the partner service by a manufacturer.
2014
System, method and computer program product for managing data using a write-back cache unit
Factor, Michael E and Fienblit, Shachar and Laden, Guy and Har'el Lorenz, Dean and Pinter, Shlomit Sarah and Ta-Shma, Paula Kim
US Patent 8,793,441
Abstract
A method for managing data, the method includes: providing a write-back cache unit coupled to at least one storage unit; receiving a request to write a new data version to a certain cache data allocation unit; determining, in response to a data storage policy, whether
Optimized placement of virtual machines in a network environment
Ofer Biran, Erez Hadad, Elliot K. Kolodner, Dean H. Lorenz, Yosef Moatti
US Patent 8,719,623
Abstract
Systems and methods for reducing risk of service interruptions for one or more virtual machines (VMs) in a computing environment are provided. The method comprises computing a placement scheme for placing at least one VM on one or more hosts according to a set of placement constraints defined for the VM, wherein the set of placement constraints comprises at least one availability constraint defined for the VM, wherein the availability constraint designates a N resiliency level, wherein N corresponds to number of host failures that may occur before the services provided by the VM are interrupted.
2013
Hypervisor service to provide image version control support
Dean Lorenz, Inbar Shapira, Gilad Sharaby, Ezra Silvera
US Patent 8,615,501
Abstract
A revision control service is included in a hypervisor. The revision control service manages revision control operations relating virtual machine images transparently to the virtual machine. The revision control service interacts with a conventional revision control program, stores relevant revision control metadata external to the virtual machine image with file-level granularity, and synchronizes virtual machine operations with the revision control operations. From the perspective of the virtual machine, the revision control service provides a clean image from which to boot, without modification of the revision control program.
2012
Method and system for efficient image customization for mass deployment
Silvera, Ezra and Lorenz, Dean and Shapira, Inbar and Sharaby, Gilad
US Patent 8,327,096
Abstract
A system and method for creating N customized disk images from N identical disk images. A computing system creates N identical disk images from a master image. The computing system customize a first identical disk image according to a customization written in customization scripts. While customizing the first identical disk image, the computing system monitors block-level operations applied on the first identical disk image. The computing system applies the monitored block-level operations simultaneously to other N-1 identical disk according to similar customizations written in customization scripts. After applying the block-level operations, the N identical disk images become N customized disk images. Identical Virtual Machines (VMs) operating in the N identical disk images become N customized VMs by operating based on the N customized disk images.
2011
Rollback support in distributed data management systems
Dean Har'el Lorenz, Roman Vitenberg, Alan J. Wecker
US Patent 7,890,468
Abstract
A rollback support method for transactions a node among nodes in a distributed system, including modifying a disposable cache copy of data as part of transaction, propagating a version state and/or a data state of the modified cache to any of the nodes, verifying non-violation of a transaction semantic and/or a replication policy relating to the transaction, committing the transaction to any nodes if successful, revising a version state of other reliable replicas and disposable cache copies in the system based on the version state of the modified disposable cache copy, the disposable cache copies being members of a membership-based view, and updating a data state of other reliable replicas in the system based on the data state of the modified copy, and aborting the transaction if it fails, including restoring the disposable cache copy based on any reliable replicas and/or disposable cache copies in the system.
2010
Migration a distance de machine virtuelle a sauts multiples en cours dutilisation sur de longues distances
Dean Harel Lorenz, Alexander Glikson, Assaf Israel
political science, humanities
Abstract
Des procedes et des systemes de calcul impliquent didentifier un emplacement cible pour une migration en cours dutilisation de services de machine virtuelle, de delivrer les services de machine virtuelle a un systeme dexploitation a partir dun emplacement de source, de migrer les services de machine virtuelle une premiere fois via un reseau de donnees de lemplacement de source vers un emplacement intermediaire, de delivrer les services de machine virtuelle au systeme dexploitation a partir de lemplacement intermediaire, et de migrer les services de machine virtuelle une deuxieme fois de lemplacement intermediaire vers lemplacement cible via le reseau de donnees. Les interruptions des services de machine virtuelle pour le systeme dexploitation pendant la migration de la machine virtuelle sont minimales.
2009
Live multi-hop VM remote-migration over long distance
Alexander Glikson, Assaf Israel, Dean Har'el Lorenz
US Patent 8,370,473
Abstract
Methods and systems of computing, involve identifying a target location for live migration of virtual machine services, delivering the virtual machine services to an operating system from a source location, migrating the virtual machine services a first time via a data network from the source location to an intermediate location, delivering the virtual machine services to the operating system from the intermediate location, and migrating the virtual machine services a second time from the intermediate location to the target location via the data network. Breaks in the virtual machine services to the operating system while migrating the virtual machine are minimal.
System, method and computer program product for managing data versions
Dean Har'el Lorenz, Shlomit Sarah Pinter
US Patent 7,587,564
Abstract
A method, device and computer program product for managing data versions. The method includes: (i) receiving a first request to generate a first version of a source volume; (ii) selectively updating a first control data structure that is indicative of changes of blocks of data associated with different versions of the source volume, in response to the first request, to reflect at least one latest modified block of data that was modified between a first point in time associated with the first version and between second point in time associated with a second version of the first source volume; wherein information representative of different versions of the source volume are stored in a target storage unit; and wherein blocks of data that remain unchanged between multiple versions of the source volume are shared between these multiple versions; wherein the first point in time follows the second point in time and wherein the at least one block data belongs to the volume; and (iii) selectively copying blocks of data from the source volume to the target volume in response to the content of the first control data structure.
2008
2007
2006
A Method and System for Performing a Change-Over to a Component of a Computing System
Dennis Michael Browning, Walter Canis, Rhonda Childress, Patrick B Heywood, William John Hladik, Eli Kirzner, Dean Har'el Lorenz, Yosef Moatti, Ezra Silvera, Gal Sivan, others
US Patent App. 11/422,111
2005
