Non-Patent Literature 
WIPO Prior Art 
EP Prior Art 
US Prior Art 
CN Prior Art 
JP Prior Art 
KR Prior Art | Ground | Reference | Owner of the Reference | Title | Semantic Mapping | Basis | Anticipation | Challenged Claims | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | |||||||
| 1 | COMMUNICATIONS OF THE ACM. 54 (3): 95-104 MAR 2011 (Greenberg, 2011) | No Affiliation | VL2: A Scalable And Flexible Data Center Network | ▪ hardware configuration ≈ dynamic resource allocation ▪ cause performance ≈ data centers | X | X | X | X | X | X | X | |||||||||||||||
| 2 | SIGCOMM 2009. : 51-62 2009 (Greenberg, 2009) | Microsoft Research | VL2: A Scalable And Flexible Data Center Network | ▪ hardware configuration ≈ dynamic resource allocation ▪ cause performance ≈ data centers | X | X | X | X | X | X | X | |||||||||||||||
| 3 | PROCEEDINGS OF THE 6TH USENIX CONFERENCE ON FILE AND STORAGE TECHNOLOGIES (FAST 08). : 269-282 2008 (Zhu, 2008) | No Affiliation | Avoiding The Disk Bottleneck In The Data Domain Deduplication File System | ▪ hardware configuration ≈ file system ▪ cause performance ≈ high cache ▪ network device, geolocation device ≈ n storage | X | X | X | X | X | X | X | |||||||||||||||
| 4 | USENIX ASSOCIATION PROCEEDINGS OF THE 2ND SYMPOSIUM ON NETWORKED SYSTEMS DESIGN & IMPLEMENTATION (NSDI 05). : 245-258 2005 (Sherman, 2005) | No Affiliation | ACMS: The Akamai Configuration Management System | ▪ readable storage, platform module ≈ management system ▪ indicates denial ≈ Management System | X | X | ||||||||||||||||||||
| 5 | 25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE. : 254-265 2009 (Okhravi, 2009) | University of Illinois | TrustGraph: Trusted Graphics Subsystem For High Assurance Systems | ▪ platform module ≈ I/O controller ▪ computing device comprising one ≈ I/O devices | X | X | ||||||||||||||||||||
| 6 | USENIX Association Proceedings Of The 2nd Symposium On Networked Systems Design & Implementation (NSDI 05). : 273-286 2005 (Clark, 2005) | University of Cambridge | Live Migration Of Virtual Machines | ▪ operating system ≈ operating system ▪ cause performance ≈ data centers | X | X | X | X | X | X | ||||||||||||||||
| 7 | ACM TRANSACTIONS ON COMPUTER SYSTEMS. 23 (1): 77-110 FEB 2005 (Swift, 2005) | University of Washington | Improving The Reliability Of Commodity Operating Systems | ▪ operating system ≈ operating system ▪ readable storage ≈ address space ▪ hardware configuration ≈ file system | X | X | X | X | X | |||||||||||||||||
| 8 | WO2011119298A1 (Seigo Kotani, 2011) | (Original Assignee) Fujitsu Limited | System and methods for remote maintenance of multiple clients in an electronic network using virtualization and attestation | ▪ readable storage ≈ registered information ▪ platform module ≈ platform module ▪ source host, computing device comprising one ≈ first data set ▪ positioning hardware, hardware configuration ≈ more software | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses collecting a software application s behavior and usage information at a first content distribution network… ▪ discloses an application provider he does not disclose the system wherein at least one of the plurality of software… ▪ teaches it as at least the title to property for sale is clear and unencumbered that is the same as the claimed… ▪ teaches wherein the hardware logic executes the one or more operations in response to a transmission from a virtual… | X | X | X | X | X | X | X | X | X | X | ||||||||||
| 9 | US20110099548A1 (Qingni Shen, 2011) | (Original Assignee) Huawei Technologies Co Ltd (Current Assignee) Huawei Technologies Co Ltd | Method, apparatus and system for making a decision about virtual machine migration | ▪ executable instructions ≈ main application ▪ operating system ≈ operating system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches a method for transferring guest physical memory from a source host to a destination host during live migration… ▪ teaches the virtualization environment as claimed in claim… ▪ teaches wherein the migration request further comprises a VM content file indicating shareable resources and non… ▪ discloses mapping memory area from one virtual machine to another… | X | |||||||||||||||||||
| 10 | US20110239210A1 (Seigo Kotani, 2011) | (Original Assignee) Fujitsu Ltd (Current Assignee) Fujitsu Ltd | System and methods for remote maintenance in an electronic network with multiple clients | ▪ operating system ≈ operating system ▪ platform module ≈ platform module ▪ source host, computing device comprising one ≈ first data set ▪ positioning hardware, hardware configuration ≈ more software | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses collecting a software application s behavior and usage information at a first content distribution network… ▪ discloses an application provider he does not disclose the system wherein at least one of the plurality of software… ▪ teaches it as at least the title to property for sale is clear and unencumbered that is the same as the claimed… ▪ teaches wherein the hardware logic executes the one or more operations in response to a transmission from a virtual… | X | X | X | X | X | X | X | X | X | X | X | |||||||||
| 11 | US20110237234A1 (Seigo Kotani, 2011) | (Original Assignee) Fujitsu Ltd (Current Assignee) Fujitsu Ltd | System and methods for remote maintenance in an electronic network with multiple clients | ▪ readable storage ≈ registered information ▪ platform module ≈ platform module ▪ source host, computing device comprising one ≈ first data set ▪ positioning hardware, hardware configuration ≈ more software | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses collecting a software application s behavior and usage information at a first content distribution network… ▪ discloses an application provider he does not disclose the system wherein at least one of the plurality of software… ▪ teaches it as at least the title to property for sale is clear and unencumbered that is the same as the claimed… ▪ teaches wherein the hardware logic executes the one or more operations in response to a transmission from a virtual… | X | X | X | X | X | X | X | X | X | X | ||||||||||
| 12 | WO2012001445A1 (Bob Melander, 2012) | (Original Assignee) Telefonaktiebolaget L M Ericsson (Publ) | Virtual machine merging method and system | ▪ platform module ≈ mobile computing device ▪ computing system ≈ computing system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ discloses a communication system for selective packet mirroring with the following features regarding claim… ▪ teaches the invention substantially as claimed including a computer implemented method for managing remote deployment… | X | X | X | X | X | X | X | |||||||||||||
| 13 | US20110213765A1 (Liang Cui, 2011) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Comprehensive, Relevant, and Dynamic Data Searching in a Virtualization Environment | ▪ cause performance ≈ network topology ▪ operating system ≈ operating system ▪ target host ≈ search engine | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||
| 14 | CN101924693A (乔纳森·克拉克, 2010) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | 用于在虚拟机间迁移进程的方法和系统 | ▪ computer instructions ≈ 一个或多个 ▪ computing device, computing system ≈ 一种计算 ▪ computing device comprising one ≈ 个用户 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ discloses a communication system for selective packet mirroring with the following features regarding claim… ▪ teaches identifying a type of hypervisor executing on the computer device par… ▪ teaches the virtualization environment as claimed in claim… ▪ teaches further comprising performing a domain load balancing for a plurality of domains… | X | X | X | X | X | X | X | X | X | |||||||||||
| 15 | US20110167421A1 (Vijayaraghavan SOUNDARARAJAN, 2011) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Dynamic Scaling of Management Infrastructure in Virtual Environments | ▪ readable storage medium ≈ readable storage medium ▪ platform module, network device ≈ processing speed ▪ therein processor ≈ more processors | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches the claimed limitations identifying one or more facets of the plurality associated with the identified one or… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ teaches the use of this technology in a cloud environment b suspending said at least one auxiliary virtual machine… ▪ teaches wherein the processor is configured to receive management information associated with the cloud environment… | X | X | ||||||||||||||||||
| 16 | US20110126197A1 (Kal A. Larsen, 2011) | (Original Assignee) Micro Focus Software Inc (Current Assignee) Micro Focus Software Inc | System and method for controlling cloud and virtualized data centers in an intelligent workload management system | ▪ readable storage, platform module ≈ management system ▪ cause performance ≈ data centers | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ teaches system and method for controlling cloud and virtualized data centers and an intelligent workload management… ▪ teaches a method of determining a computing node to run an instance in a cloud computing environment having a… ▪ discloses a cloud operating system environment implementing the search architecture as an extension to the cloud… ▪ discloses search to obtain an inventory property thereof pars… | X | X | X | X | X | |||||||||||||||
| 17 | CN101998629A (吴玉会, 2011) | (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp | 搜索虚拟资源的位置的方法、装置和系统 | ▪ computing device, computing system ≈ 单元计算 ▪ positioning service ≈ 一个服务 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ discloses a wireless computer network that can be connected to the… ▪ teaches the cloning module is further to execute a script while the VM clone is logged into the administrator account… ▪ teaches a system that displays a spatial relationship map related to interactions between customers and merchants see… ▪ discloses the handset detecting an emergency or an attempt to place an emergency call such as when a user activating a… | X | X | X | X | X | X | X | X | X | X | ||||||||||
| 18 | US20110023048A1 (Kattiganehalli Y. Srinivasan, 2011) | (Original Assignee) Micro Focus Software Inc (Current Assignee) Suse LLC | Intelligent data placement and management in virtual computing environments | ▪ executable instructions ≈ executable instructions, needed data ▪ computing system ≈ computing system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses load balancing where balancing loads on a plurality of geographically distributed storage nodes… ▪ teaches that information used to identify the device is management information… ▪ discloses the redistribution of commands based upon specific thresholds that is if one storage system is underutilized… ▪ teaches a method for use in a computer system comprising an email message system MICROSOFT EXCHANGE… | X | X | X | X | X | X | X | |||||||||||||
| 19 | US20090288084A1 (Nicholas Luis Astete, 2009) | (Original Assignee) Skytap Inc (Current Assignee) Skytap Inc | Multitenant hosted virtual machine infrastructure | ▪ control performance ≈ receives information ▪ computing system ≈ computing system ▪ geolocation device ≈ receives data | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches providing unstructured documents to a user paragraphs… ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ discloses a network management method for implementing network virtualization based on modular quality of service… | X | X | X | X | X | X | X | X | X | |||||||||||
| 20 | US20090327471A1 (Nicholas Luis Astete, 2009) | (Original Assignee) Skytap Inc (Current Assignee) Skytap Inc | Multitenant hosted virtual machine infrastructure | ▪ hardware configuration ≈ other computer systems ▪ computing system ≈ computing system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches providing unstructured documents to a user paragraphs… ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ discloses a network management method for implementing network virtualization based on modular quality of service… | X | X | X | X | X | X | X | X | X | |||||||||||
| 21 | US20100138830A1 (Nicholas Luis Astete, 2010) | (Original Assignee) Skytap Inc (Current Assignee) Skytap Inc | Multitenant hosted virtual machine infrastructure | ▪ positioning service ≈ network services ▪ computing system ≈ computing system ▪ hardware configuration ≈ new instance ▪ cause performance ≈ data centers | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches providing unstructured documents to a user paragraphs… ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ discloses a network management method for implementing network virtualization based on modular quality of service… | X | X | X | X | X | X | X | X | X | X | ||||||||||
| 22 | US20090276771A1 (Peter Nickolov, 2009) | (Original Assignee) 3Tera LLC (Current Assignee) CAI Software LLC | Globally Distributed Utility Computing Cloud | ▪ hardware configuration ≈ software applications ▪ operating system ≈ operating system ▪ network device ≈ network device | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ discloses or suggests the claimed limitations the method of claim… ▪ teaches all the subject matter as discussed above with respect to claim… ▪ discloses the set of entitlements comprises at least one of a maximum of cloudbased images in the set of cloudbased… ▪ discloses that there is a one to one correspondence between the cloud storage servers and the application modules… | X | X | X | X | X | X | ||||||||||||||
| 23 | CN101669106A (D·兰吉高达, 2010) | (Original Assignee) 微软公司 | 虚拟机迁移 | ▪ computing device, computing system ≈ 计算机中 ▪ hardware configuration ≈ 配置成确, 多个配置 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches the claimed limitations identifying one or more facets of the plurality associated with the identified one or… ▪ teaches providing unstructured documents to a user paragraphs… ▪ discloses that the system is implemented on such network for example SAN… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… | X | X | X | X | X | X | X | X | X | X | X | |||||||||
| 24 | US20080184233A1 (Scott J. Norton, 2008) | (Original Assignee) Hewlett Packard Development Co LP (Current Assignee) Hewlett Packard Enterprise Development LP | Abstracting a multithreaded processor core to a single threaded processor core | ▪ hardware configuration ≈ software application ▪ operating system ≈ operating system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses a communication system for selective packet mirroring with the following features regarding claim… ▪ teaches a system and method for migrating virtual machines VMs in an attempt to balance resource usage among the… ▪ discloses A system comprising a server system including a physical server and a virtual server capable of being deployed… ▪ teaches an input device connected for receiving task information and an output device for transmitting task… | X | X | X | X | X | |||||||||||||||
| 25 | CN101317417A (N·史密斯, 2008) | (Original Assignee) Intel Corp (Current Assignee) Intel Corp | 多核心系统的网络接入控制 | ▪ virtual machine ≈ 一种机器 ▪ source host ≈ 当主机 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses a computerimplemented method for fast secured searching as recited to claim… ▪ teaches the benefit of flexible configuration by using scripts with installation of software on different hardware… ▪ discloses that the packet network is an IP network paragraph… ▪ teaches convert the specified network infrastructure requirements to instructions… | X | X | X | X | X | X | X | X | X | |||||||||||
| 26 | WO2005106659A1 (Jerry Plouffe, 2005) | (Original Assignee) Virtual Iron Software, Inc. | System and method for managing virtual servers | ▪ indicates denial ≈ management policy ▪ operating system ≈ operating system ▪ positioning service ≈ more parameter ▪ readable storage, hardware configuration ≈ I/O device | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses a communication system for selective packet mirroring with the following features regarding claim… ▪ discloses the user GUI for configuring inter alia virtual machines and operating systems… ▪ discloses wherein at least the first and seconds each comprise an operating system wherein the operating system of the… | X | X | X | X | X | X | X | X | ||||||||||||
| 27 | US20050120160A1 (Jerry Plouffe, 2005) | (Original Assignee) Virtual Iron Software Inc; Katana Technology Inc (Current Assignee) Oracle International Corp ; Virtual Iron Software Inc | System and method for managing virtual servers | ▪ indicates denial ≈ management policy ▪ operating system ≈ operating system ▪ positioning service ≈ more parameter ▪ readable storage, hardware configuration ≈ I/O device | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses a communication system for selective packet mirroring with the following features regarding claim… ▪ discloses the user GUI for configuring inter alia virtual machines and operating systems… ▪ discloses wherein at least the first and seconds each comprise an operating system wherein the operating system of the… | X | X | X | X | X | X | X | X | ||||||||||||
| 28 | CN102347959A (汤传斌, 2012) | (Original Assignee) Transoft Network Sci-Tech (shanghai) Co Ltd (Current Assignee) Transoft Network Sci-Tech (shanghai) Co Ltd | 基于身份和会话的资源访问系统和方法 | ▪ computer instructions ≈ 一个或多个 ▪ therein processor ≈ 管理资源 ▪ executable instructions ≈ 图形结构 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches a constant bit rate queue and negotiating a maximum stream rate with each of a plurality of rate guaranteed… ▪ discloses a queue with the established transmission rate not to exceed the pre determined contract rate… ▪ discloses wherein the first data comprises a bit rate that is different from a bit rate of the second data ie the client… ▪ teaches a scheduler which keeps track of media programs available on various media servers see abstract col… | X | X | X | X | X | X | ||||||||||||||
| 29 | US20120030676A1 (Ned M. Smith, 2012) | (Original Assignee) Smith Ned M; Wiseman Willard M Monty; Siddioi Faraz A; Tasneem Brutch; Scarlata Vincent R; Alok Kumar; Roge Kalpana M; Murari Kumar | Methods And Apparatus For Creating An Isolated Partition For A Virtual Trusted Platform Module | ▪ operating system ≈ operating system ▪ platform module ≈ platform module | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches a dynamic creation of virtual trusted platform modules corresponding to the virtual domains or security… ▪ discloses a uniform security applications architecture for deployment in a security tokensmart card fig… ▪ discloses the applet performing the authentication function column… ▪ teaches wherein the private key acquisition process further comprises hashing the private key to generate a new… | X | X | ||||||||||||||||||
| 30 | US20120054746A1 (Satyam B. Vaghani, 2012) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | System software interfaces for space-optimized block devices | ▪ readable storage medium ≈ readable storage medium ▪ source host ≈ more set | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses wherein the plurality of types of storage devices at least includes… ▪ discloses an article for performing a method disclosed in claim… ▪ teaches of if said determining determines that each of the remaining operations cannot be performed using the one or… ▪ teaches of a mirrored set mirroring data from one logical volume to another fig… | X | X | X | X | X | X | ||||||||||||||
| 31 | WO2011150929A1 (Tage Kristensen, 2011) | (Original Assignee) Vestas Wind Systems A/S | A computer system and method for controlling and/or monitoring a wind power plant | ▪ readable storage medium ≈ readable storage medium ▪ computing system ≈ physical resource ▪ platform module, operating system ≈ power plant, real time | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches a wind turbine which uses video data as a method of monitoring the operating state of the turbine paragraph… ▪ teaches a server with a supervisory command and data acquisition SCADA device and a network interface… ▪ discloses a method for updating software on computers in a network which is substantially similar to the method claimed… ▪ describes a system for managing an array of wind turbines of the kind deployed for electric power generation on a… | X | X | X | X | X | X | X | |||||||||||||
| 32 | EP2397943A2 (Hua Zhou, 2011) | (Original Assignee) Intel Corp (Current Assignee) Intel Corp | Uniform storage device by partial virtualization machine | ▪ source host, target host ≈ USB controller ▪ executable instructions ≈ secure enclave | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses wherein the secure communication is facilitated by the trusted software through an area in system memory… ▪ teaches providing each of said operating systems with access to second input andor output devices of said computer to… ▪ teaches the invention as claimed including a method as in claim… ▪ discloses that device driver is unloaded from the physical device which indicates the device driver was included in the… | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | |||||
| 33 | WO2011143568A2 (Mohammad Firoj Mithani, 2011) | (Original Assignee) Unisys Corporation | A decision support system for moving computing workloads to public clouds | ▪ computing device ≈ computing device ▪ operating system ≈ operating system | X | X | X | X | ||||||||||||||||||
| 34 | US20110208677A1 (Mian Zhou, 2011) | (Original Assignee) Bank of America Corp (Current Assignee) Bank of America Corp | Intrusion detection system alerts mechanism | ▪ executable instructions ≈ executable instructions ▪ computing device ≈ computing device ▪ computing system, operating system ≈ false positives | X | X | X | X | X | X | X | X | X | |||||||||||||
| 35 | EP2381363A2 (Mark Lucovsky, 2011) | (Original Assignee) VMware Inc (Current Assignee) Pivotal Software Inc | Cloud platform architecture | ▪ readable storage medium ≈ readable storage medium ▪ computing system ≈ other components | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches a transaction counter corresponding to an actual account… ▪ teaches the claimed invention wherein the functions are substantially the same as the apparatus of claim… ▪ discloses A browser for requesting and viewing external web applications pages on the local user interface of the MFD… ▪ discloses wherein the predefined criteria includes a determination that the second device does not have a security… | X | X | X | X | X | X | X | |||||||||||||
| 36 | EP2390784A1 (Wolfgang Dittrich, 2011) | (Original Assignee) SAP SE (Current Assignee) SAP SE | Life-cycle management of multi-tenant SAAS applications | ▪ computing device ≈ computing device ▪ hardware configuration ≈ system software | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches the cloning module is further to execute a script while the VM clone is logged into the administrator account… ▪ teaches in response to a user being authenticated provides the user with online access to the VM clone col… ▪ discloses a network configuration module transmitting network configuration data upon the virtual machine monitor… ▪ discloses a switch element receiving necessary profile information which is used to configure the switch from an… | X | X | X | X | X | X | X | |||||||||||||
| 37 | US20110245724A1 (Martin L. Flatland, 2011) | (Original Assignee) Flatland Martin L; Bamdad Hassanpourgol (Current Assignee) SITESELECT MEDICAL TECHNOLOGIES Inc | Tissue excision device with a reduced diameter cannula | ▪ particular perimeter ≈ interior diameter ▪ computer instructions ≈ ramped surface | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ discloses a biopsy instrument wherein a tissue sample is captured and held within a transparent cassette column… ▪ discloses a biopsy device with a discharge opening in the distal end to place a marker at the site location… ▪ discloses removably coupling another tissue storage magazine to the hollow shaft during the biopsy… ▪ discloses collecting a plurality of perimeter tissue specimens… | X | X | X | X | X | X | X | X | X | |||||||||||
| 38 | CN102163266A (S·N·麦格雷恩, 2011) | (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC | 在主机服务器之间安全地移动虚拟机 | ▪ computing system ≈ 驱动器的方法 ▪ source host ≈ 客操作系统 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches a nontransitory computer readable medium storing computer readable instructions that when executed cause an… ▪ discloses placing a portion of data into a shared memory and wherein the method further comprises each of second… ▪ teaches wherein the act of directing further includes directing the virtual machine to which the computing action is… ▪ teaches wherein the computing action specified by the input is forbidden by the policy of the virtual machine… | X | X | X | X | X | X | X | X | X | X | X | |||||||||
| 39 | US20110246669A1 (Yasusi Kanada, 2011) | (Original Assignee) Hitachi Ltd (Current Assignee) Hitachi Ltd | Method and system of virtual machine migration | ▪ platform module ≈ first translation ▪ network device ≈ third network | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses a mobile IP registration reply with extensions section… ▪ teaches a method for controlling connectivity within a first wireless network… ▪ discloses a method for security and monitoring within a worldwide interoperability for microwave access… ▪ discloses registering a communications device in a communications network by negotiating between the communications… | X | X | ||||||||||||||||||
| 40 | WO2011091056A1 (Eric Pulier, 2011) | (Original Assignee) Servicemesh, Inc. | System and method for a cloud computing abstraction layer | ▪ readable storage medium ≈ readable storage medium ▪ computing system ≈ physical resource ▪ control performance ≈ process cost | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ teaches convert the specified network infrastructure requirements to instructions… ▪ teaches the use of a methodsystem of communication using geographic resources… ▪ teaches the method wherein detecting the establishment of the one or more first virtual environments and the one or… ▪ discloses load balancing of incoming packets directed to a virtual machine… | X | X | X | X | X | X | X | X | X | |||||||||||
| 41 | CN102025535A (卓志强, 2011) | (Original Assignee) Fujian Star Net Communication Co Ltd (Current Assignee) Ruijie Networks Co Ltd | 虚拟机管理方法、装置及网络设备 | ▪ positioning service ≈ 服务器端 ▪ platform module ≈ 配置模块 | X | X | X | |||||||||||||||||||
| 42 | CN101969391A (赵耀, 2011) | (Original Assignee) Beijing University of Posts and Telecommunications (Current Assignee) Beijing University of Posts and Telecommunications | 一种支持融合网络业务的云平台及其工作方法 | ▪ computer instructions ≈ 一个或多个 ▪ positioning service ≈ 服务器并 ▪ operating system ≈ 工作方法 ▪ computing device, computing system ≈ 的网站 | X | X | X | X | X | X | X | X | X | X | ||||||||||||
| 43 | WO2011044319A1 (Grant Alexander Macdonald Mcalister, 2011) | (Original Assignee) Amazon Technologies, Inc. | Self-service configuration for data environment | ▪ executable instructions ≈ executable instructions ▪ source host ≈ separate control | X | X | X | X | X | X | ||||||||||||||||
| 44 | US20120005750A1 (Sourabh Satish, 2012) | (Original Assignee) Symantec Corp (Current Assignee) CA Inc | Systems and Methods for Alternating Malware Classifiers in an Attempt to Frustrate Brute-Force Malware Testing | ▪ executable instructions ≈ executable instructions ▪ computing device ≈ computing device | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches data packet transmitted between a computer and a network are transmitted over a standard communication… ▪ discloses wherein the step of assessing a current security state of the mobile communications device further comprises… ▪ teaches the invention as claimed including a method for inspecting transmitted data comprising analyzing data packets… ▪ discloses that the suspicious instructions each may or may not be instrumented as described above the instrumentation… | X | X | X | |||||||||||||||||
| 45 | US20120005307A1 (Abhik Das, 2012) | (Original Assignee) Hewlett Packard Development Co LP (Current Assignee) Hewlett Packard Enterprise Development LP | Storage virtualization | ▪ executable instructions ≈ executable instructions ▪ positioning hardware, positioning service ≈ new location ▪ hardware configuration ≈ file system | X | X | X | X | X | X | ||||||||||||||||
| 46 | WO2010151860A1 (Lawrence S. Rogel, 2010) | (Original Assignee) Vmware, Inc. | Providing security in virtualized mobile devices | ▪ geolocation device ≈ geographical position ▪ source host ≈ location information | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches that encrypting certain data using the session key paragraph… ▪ discloses generating a security token that records the one or more access privileges assigned to the client device and… ▪ teaches that comparing the second signalgenerated location with the location information challenge col… ▪ teaches receiving request for an access control entitlement and transmitting the access control entitlement to the… | X | X | X | X | X | X | X | |||||||||||||
| 47 | JP2012003476A (Shinichi Saito, 2012) | (Original Assignee) Fuji Xerox Co Ltd; 富士ゼロックス株式会社 | 情報処理システム、管理装置、処理要求装置及びプログラム | ▪ positioning hardware ≈ 少なくとも ▪ computing device, network device ≈ システム ▪ executable instructions ≈ 信手段 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ teaches including validating contract terms of a service level agreement par… ▪ teaches the invention substantially as claimed including a computer implemented method for managing remote deployment… | X | X | X | X | X | |||||||||||||||
| 48 | JP2012004781A (Tomohiro Muramoto, 2012) | (Original Assignee) Fujitsu Ltd; 富士通株式会社 | 構成情報取得方法、仮想プローブおよび構成情報取得制御装置 | ▪ hardware configuration ≈ 有する構成 ▪ computing device, network device ≈ システム, リング | X | X | X | X | X | X | X | X | ||||||||||||||
| 49 | US20100318481A1 (Carl Richard Feynman, 2010) | (Original Assignee) Ab Initio Technology LLC (Current Assignee) Ab Initio Technology LLC ; Ab Initio Software LLC | Generating Test Data | ▪ computing system ≈ development environment ▪ therein processor ≈ more processors | X | X | X | X | X | X | X | |||||||||||||||
| 50 | CN102195940A (何安洪, 2011) | (Original Assignee) BEIJING SOFTLUMOS TECHNOLOGY Co Ltd (Current Assignee) BEIJING SOFTLUMOS TECHNOLOGY Co Ltd | 一种基于虚拟机技术安全输入和提交数据的方法和系统 | ▪ therein processor ≈ 通用操作系统 ▪ email message ≈ 经过用户 | X | |||||||||||||||||||||
| 51 | US20110184993A1 (Puneet CHAWLA, 2011) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Independent Access to Virtual Machine Desktop Content | ▪ readable storage medium ≈ readable storage medium ▪ positioning hardware ≈ audit data | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches the claimed limitations identifying one or more facets of the plurality associated with the identified one or… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ discloses wherein the downloading utility downloads and caches files according to predefined rules see col… ▪ teaches pausing all running programs during dumping process… | X | |||||||||||||||||||
| 52 | US20110185292A1 (Puneet CHAWLA, 2011) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Accessing Virtual Disk Content of a Virtual Machine Using a Control Virtual Machine | ▪ readable storage, platform module ≈ management system ▪ computing device ≈ computing device ▪ computing system ≈ computing system | X | X | X | X | X | X | X | X | X | |||||||||||||
| 53 | CN102365630A (格雷戈里·G·罗利, 2012) | (Original Assignee) Headwater Partners I LLC (Current Assignee) Voight Hyde of limited liability company | 使用用户偏好、自适应策略、网络中立和用户隐私的设备协助服务配置文件管理 | ▪ computing device, computing system ≈ 一种计算 ▪ computing device comprising one ≈ 个用户 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ discloses a plurality of bulling servers generating based on collected information on a particular device… ▪ teaches a system for performing an online activation of a wireless… ▪ discloses a system comprising a set of computing resources that implements a network a web server configured to receive… ▪ teaches a verifiable device assisted service policy implementation with the features of identifying a usage pattern… | X | X | X | X | X | X | X | X | X | |||||||||||
| 54 | US20100122317A1 (Satyendra Yadav, 2010) | (Original Assignee) Intel Corp (Current Assignee) Intel Corp | Integrated Network Intrusion Detection | ▪ positioning service ≈ network services ▪ platform module ≈ system component | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ discloses an intrusion detection system and method having dynamically loaded signatures comprising… ▪ discloses A system that is configured to detect attacks with respect to a data center the system comprising… ▪ teaches such a method wherein said outputting further comprises performing a cross site scripting XSS test on said… ▪ teaches a system comprising sending a event message to a network management station paragraph… | X | X | X | |||||||||||||||||
| 55 | CN101727351A (张炯, 2010) | (Original Assignee) Beihang University (Current Assignee) Beihang University | 面向多核平台的虚拟机监控器非对称调度器及其调度方法 | ▪ platform module ≈ 配置模块 ▪ cause performance, control performance ≈ 性能的 | X | X | X | X | X | X | X | |||||||||||||||
| 56 | US20110055921A1 (Krishna Narayanaswamy, 2011) | (Original Assignee) Juniper Networks Inc (Current Assignee) Juniper Networks Inc | Protecting against distributed network flood attacks | ▪ readable storage medium ≈ readable storage medium ▪ therein processor ≈ more processors, control unit ▪ network device ≈ third network | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ teaches a computer system having a processor and a memory the computer system operable to execute a method for… ▪ teaches de ning threshold based upon a percentage of bandwidth capacity of the network paragraph… ▪ discloses the second means includes means for adjusting times at which the network messages are sent by the third means… ▪ teaches the step of activating alternative scheduling of IP packets at routers… | X | |||||||||||||||||||
| 57 | US20110099551A1 (Thomas Fahrig, 2011) | (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC | Opportunistically Scheduling and Adjusting Time Slices | ▪ executable instructions ≈ executable instructions ▪ operating system ≈ operating system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches in response to the realtime process being executed the synchronization unit determines whether the real time… ▪ discloses combinedfinal results received in response to the queries submitted to the plurality of search engines col… ▪ teaches the starting of at least a first software component instance associating the first instance with a set of… ▪ teaches that virtual machines within cloud computing environments were known in the art… | X | |||||||||||||||||||
| 58 | EP2299360A1 (Joerg Ott, 2011) | (Original Assignee) Group Business Software AG (Current Assignee) Group Business Software AG | process for installing a software application and platform operating system | ▪ hardware configuration ≈ software application ▪ positioning hardware ≈ configuration data ▪ operating system ≈ operating system ▪ computing device comprising one ≈ following steps | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses allowing various team members to access information on the project server database by using the web service… ▪ discloses the method involves accessing a model of a workload including application and an operating system to install… ▪ discloses a virtual environment can be configured to coordinate life cycles of virtual machines and application programs… ▪ teaches A test system comprising said other device and the test device according to claim… | X | X | X | X | X | X | X | |||||||||||||
| 59 | US20110066786A1 (Osten Kit Colbert, 2011) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Method of Suspending and Resuming Virtual Machines | ▪ hardware configuration ≈ different configurations ▪ readable storage medium ≈ readable storage medium ▪ operating system ≈ operating system ▪ computing device comprising one ≈ I/O devices | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches wherein the event is associated with a device external to the hypervisor para… ▪ teaches suspend modes for both primary and secondary operating systems col… ▪ teaches a computing device comprising A a central processing unit that is coupled to a hardware interface that… ▪ discloses whereby a user can control resumption of orchestrating after said stopping by sending said second indication… | X | X | X | X | X | X | ||||||||||||||
| 60 | US20110047621A1 (Danny BRANDO, 2011) | (Original Assignee) Federal Reserve Bank of New York (Current Assignee) Federal Reserve Bank of New York | System and method for detection of non-compliant software installation | ▪ executable instructions ≈ software module ▪ source host, computing device comprising one ≈ first data set | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches a method system and storage medium for integrating knowledge management services with current or future… ▪ teaches automatically extracting and installing component files when an install button is selected or when other input… ▪ teaches returning component files from a remote repository in response to a subsequent request selecting the install… ▪ discloses determining that an application associated with a trigger ie hyperlink is not stored locally user selects an… | X | X | X | X | X | X | ||||||||||||||
| 61 | US20100333090A1 (Gregory M. Wright, 2010) | (Original Assignee) Sun Microsystems Inc (Current Assignee) Sun Microsystems Inc | Method and apparatus for protecting translated code in a virtual machine | ▪ operating system, computing device ≈ operating system, program access ▪ readable storage ≈ address space | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches using a version as a key was known in the pertinent art at the time applicant s invention was made to identify… ▪ discloses the translation structure as a block portion sequence ie col… ▪ teaches converting a protion of target code into a single cache unit comprisng a subject program col… ▪ discloses wherein optimizing at least some of the plurality of strands comprises converting branches within the at least… | X | X | X | X | ||||||||||||||||
| 62 | US20100332889A1 (Oren SHNEORSON, 2010) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Management of information technology risk using virtual infrastructures | ▪ cause performance ≈ relative importance ▪ operating system ≈ operating system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses tracking the errors in the form of the differences between the predicted and actual values as well as tracking… ▪ teaches printing information on a single piece of stock see… ▪ teaches detecting delays determining their impacts and adjusting schedules and information accordingly… ▪ discloses the reporting of manufacturing data by storing the data in a manufacturing repository and sending reports out… | X | X | X | X | X | X | ||||||||||||||
| 63 | US20100269121A1 (Marco Montesissa, 2010) | (Original Assignee) Accenture Global Services GmbH (Current Assignee) Accenture Global Services Ltd | Exchangeable application components | ▪ executable instructions ≈ executable instructions ▪ email message ≈ incoming messages | X | |||||||||||||||||||||
| 64 | WO2009147631A1 (Etay Bogner, 2009) | (Original Assignee) Neocleus Israel Ltd | Secure multi-purpose computing client | ▪ readable storage, platform module ≈ management system ▪ positioning hardware, hardware configuration ≈ computer software, software product | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses abstracting the computer s hardware from the operating system and from applications running on the computer… ▪ teaches wherein said high assurance service comprises a trusted compilation and test service whereby a project to be… ▪ discloses wherein the method further comprises receiving a result of the cloud network address security query from the… ▪ discloses a system for providing secure browsing via a transparent network proxy the system comprising a a memory that… | X | X | X | X | X | |||||||||||||||
| 65 | JP2010271863A (Seiichiro Tanaka, 2010) | (Original Assignee) Toshiba Corp; Toshiba Solutions Corp; 東芝ソリューション株式会社; 株式会社東芝 | 情報処理装置 | ▪ positioning hardware ≈ 少なくとも ▪ cause performance, control performance ≈ の性能 | X | X | X | X | X | X | X | X | ||||||||||||||
| 66 | WO2009151875A1 (Igor Sedukhin, 2009) | (Original Assignee) Microsoft Corporation | Synchronizing virtual machine and application life cycles | ▪ executable instructions ≈ executable instructions ▪ operating system ≈ operating system ▪ therein processor ≈ more processors | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches the claimed limitations wherein providing a tenant with user access to the generated data collection… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… ▪ teaches a method for using tags to manage virtual machines the method comprising storing a plurality of virtual… ▪ discloses wherein at least one of the plurality of tags associated with at least one of the plurality of virtual… | X | |||||||||||||||||||
| 67 | EP2107486A2 (Balaji Vembu, 2009) | (Original Assignee) Intel Corp (Current Assignee) Intel Corp | Method and apparatus for providing a secure display window inside the primary display | ▪ computer instructions ≈ machine readable storage medium ▪ operating system ≈ operating system ▪ cause performance ≈ to result | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ discloses a method for maintaining the security of data displayed on a display for a system comprising a secured… ▪ discloses all the subject matter of the method as discussed above with respect to claim… ▪ teaches a system wherein a dated configuration is updatedreplaced if it out of date… ▪ discloses a copy protection system wherein encrypted video data is provided to a secure video content processor… | X | X | X | X | X | X | X | |||||||||||||
| 68 | US20100251363A1 (Rade Todorovic, 2010) | (Original Assignee) Sophos Ltd (Current Assignee) Sophos Ltd | Modified file tracking on virtual machines | ▪ hardware configuration ≈ software application ▪ indicates denial ≈ holds information ▪ operating system ≈ operating system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses a computerimplemented method for fast secured searching as recited to claim… ▪ teaches wherein the virtual machine image corresponds to a virtual machine paragraph… ▪ teaches the benefit of flexible configuration by using scripts with installation of software on different hardware… ▪ discloses wherein a group includes a plurality of virtual machines… | X | X | X | X | X | X | ||||||||||||||
| 69 | CN101819564A (田启明, 2010) | (Original Assignee) International Business Machines Corp (Current Assignee) IBM China Co Ltd | 协助在虚拟机之间进行通信的方法和装置 | ▪ hardware configuration ≈ 配置为从 ▪ source host ≈ 主机上 | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches that the determination is based on determining that the transaction is an instruction fetch… ▪ teaches that the data structures are extended page tables to support address translations for the one or more virtual… ▪ teaches of a guest operating system that maps virtual pages to guest physical pages… ▪ discloses a computer system comprising one or more processors… | X | X | X | X | X | X | X | X | X | |||||||||||
| 70 | JP2010182260A (Hironori Yamashita, 2010) | (Original Assignee) Mitsubishi Electric Corp; 三菱電機株式会社 | シンクライアントシステム、管理サーバ、シンクライアント端末およびシンクライアントサーバ | ▪ executable instructions ≈ 信手段 ▪ network device ≈ データ | X | |||||||||||||||||||||
| 71 | US20090249470A1 (Moshe Litvin, 2009) | (Original Assignee) Altor Networks Inc (Current Assignee) Juniper Networks Inc | Combined firewalls | ▪ readable storage medium ≈ readable storage medium ▪ computing system ≈ when b | X | X | X | X | X | X | X | |||||||||||||||
| 72 | CN101430649A (白跃彬, 2009) | (Original Assignee) Beihang University (Current Assignee) Beihang University ; Beijing University of Aeronautics and Astronautics | 基于虚拟机的虚拟计算环境系统 | ▪ geolocation device ≈ 浏览器访问 ▪ computing system ≈ 存储设备 ▪ positioning service ≈ 服务器端 ▪ source host ≈ 主机上 ▪ computing device comprising one ≈ 个用户 | X | X | X | X | X | X | X | X | X | X | X | X | ||||||||||
| 73 | US20100281166A1 (Rajkumar Buyya, 2010) | (Original Assignee) Manjrasoft Pty Ltd (Current Assignee) Manjrasoft Pty Ltd | Software Platform and System for Grid Computing | ▪ therein processor ≈ data communication ▪ computing device ≈ computing device | X | X | X | |||||||||||||||||||
| 74 | WO2010021631A1 (Thomas J. Bonola, 2010) | (Original Assignee) Hewlett-Packard Development Company, L.P. | Remote graphics console and virtual media access to virtual machine guests | ▪ computing system ≈ computing system ▪ source host ≈ usable medium ▪ target host ≈ output ports | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | ||||||
| 75 | EP2184949A1 (Hongzhuo Zhang, 2010) | (Original Assignee) Huawei Technologies Co Ltd (Current Assignee) Huawei Technologies Co Ltd | A method and an apparatus for non-access stratum message processing during handover in evolved network | ▪ therein processor ≈ transceiver module ▪ target host ≈ handover command | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches a monitor component to identify handover failure but does not specifically disclose wherein the monitor… ▪ discloses that handover of communications is to be effectuated during a communication session in which the data block is… ▪ discloses a method comprising receiving at a radio network controller and from a second base station a notification that… ▪ teaches the memory comprises further instructions for determining that the access terminal is requesting a handoff to… | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | |||||
| 76 | US20090300423A1 (James Michael Ferris, 2009) | (Original Assignee) Red Hat Inc (Current Assignee) Red Hat Inc | Systems and methods for software test management in cloud-based network | ▪ hardware configuration ≈ software applications, software product ▪ readable storage, platform module ≈ management system ▪ operating system ≈ operating system ▪ executable instructions ≈ software module | X | X | X | X | X | |||||||||||||||||
| 77 | WO2009123640A1 (Paul Broyles, 2009) | (Original Assignee) Hewlett-Packard Development Company, L.P. | Virtual machine manager system and methods | ▪ readable storage medium ≈ readable storage medium ▪ platform module ≈ platform module | X | |||||||||||||||||||||
| 78 | US20080244028A1 (Bich Cau Le, 2008) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Synchronization and Customization of a Clone Computer | ▪ positioning hardware, hardware configuration ≈ software program ▪ source host ≈ usable medium | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches obtaining the license key for clone computerdisk col… ▪ teaches a system for restoring data in a computing storage environment comprising at least one processor device… ▪ discloses wherein said storage is arranged to receive an instruction for assigning the secondary volume for creating a… ▪ teaches A computer implemented method for activating an unauthorized software program in a virtualization environment… | X | X | X | X | X | X | X | X | X | X | ||||||||||
| 79 | US20080263670A1 (Ovidiu Stavrica, 2008) | (Original Assignee) Wiresoft Net Inc (Current Assignee) Wiresoft Net Inc | Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks | ▪ email message ≈ electronic mail messages ▪ therein processor ≈ data communication | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ teaches that the firewall compress or uncompress data transferred… ▪ discloses that the system is connected to a network see paragraph… ▪ teaches a network analysis system but does not explicitly teach network tools used in the process… ▪ teaches a method comprising intercepting by a proxy associated with a network device logically interposed between a… | X | |||||||||||||||||||
| 80 | US20080189700A1 (Rene W. Schmidt, 2008) | (Original Assignee) VMware Inc (Current Assignee) VMware Inc | Admission Control for Virtual Machine Cluster | ▪ readable storage, platform module ≈ management system ▪ network device, geolocation device ≈ n storage | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ discloses nontransitory computer readable storage medium of claim… ▪ teaches further comprising instructions for maintaining a list of VMs that are prevented from starting under load… ▪ teaches the directories and files are arranged in a hierarchical structure… ▪ teaches an additional failure subsequently occurs in one of the pathways… | X | X | ||||||||||||||||||
| 81 | WO2008073618A2 (Mark M. Lee, 2008) | (Original Assignee) Devicevm, Inc. | Instant on platform | ▪ operating system ≈ operating system ▪ platform module ≈ providing power ▪ positioning service ≈ Web site | X | X | X | X | ||||||||||||||||||
| 82 | US20090089682A1 (John Joseph Baier, 2009) | (Original Assignee) Rockwell Automation Technologies Inc (Current Assignee) Rockwell Automation Technologies Inc | Collaborative environment for sharing visualizations of industrial automation data | ▪ control performance ≈ displays information ▪ email message ≈ common view | X | X | X | |||||||||||||||||||
| 83 | JP2009075718A (Takanari Baba, 2009) | (Original Assignee) Hitachi Ltd; 株式会社日立製作所 | 仮想i/oパスの管理方法、情報処理システム及びプログラム | ▪ positioning hardware ≈ 少なくとも ▪ network device ≈ データ | X | X | ||||||||||||||||||||
| 84 | US20090007264A1 (Arindam Chatterjee, 2009) | (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC | Security system with compliance checking and remediation | ▪ executable instructions ≈ executable instructions ▪ computing device ≈ second provider | X | X | X | |||||||||||||||||||
| 85 | US20080270564A1 (Dharshan Rangegowda, 2008) | (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC | Virtual machine migration | ▪ executable instructions ≈ executable instructions ▪ readable storage medium ≈ readable storage media ▪ hardware configuration ≈ virtualization system ▪ therein processor ≈ data communication | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches the claimed limitations identifying one or more facets of the plurality associated with the identified one or… ▪ teaches providing unstructured documents to a user paragraphs… ▪ discloses that the system is implemented on such network for example SAN… ▪ discloses the claimed computer program product and apparatus for reconciling billing measures to cost factors the… | X | X | X | X | ||||||||||||||||
| 86 | US20080016570A1 (Alen Capalik, 2008) | (Original Assignee) Alen Capalik | System and method for analyzing unauthorized intrusion into a computer network | ▪ computing device ≈ computing device ▪ network device ≈ network device | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ discloses a trusted entity that detects malware infection on computers computer… ▪ teaches a system comprising sending a event message to a network management station paragraph… ▪ teaches said intelligence gathering system is operable to identify at least one future domain name used by said… ▪ teaches message identifying a specific application for enabling the recipient to at least one of display locate… | X | X | X | X | ||||||||||||||||
| 87 | US20080244569A1 (David Carroll Challener, 2008) | (Original Assignee) Lenovo Singapore Pte Ltd (Current Assignee) Lenovo PC International Ltd | System and Method for Reporting the Trusted State of a Virtual Machine | ▪ therein processor ≈ more processors ▪ positioning hardware, hardware configuration ≈ more software | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches said TPM interface further hashes at least two identified data structures together and resets and loads said… ▪ teaches wherein said integrated system includes one or more domains or one or more… ▪ teaches wherein said high assurance service comprises a trusted compilation and test service whereby a project to be… ▪ discloses an essential to the computing platform security is the users capacity to be able to request the platform to… | X | X | X | X | X | |||||||||||||||
| 88 | US7996836B1 (Bruce McCorkendale, 2011) | (Original Assignee) Symantec Corp (Current Assignee) NortonLifeLock Inc | Using a hypervisor to provide computer security | ▪ computer instructions ≈ storing computer program ▪ readable storage medium ≈ readable storage medium | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches suspending execution of the computer program until a confirmation is received from the analysis system… ▪ teaches modern and more efficient compared to early CPUs ways to providing efficient context switching used by modern… ▪ teaches said TPM interface further hashes at least two identified data structures together and resets and loads said… ▪ teaches wherein said high assurance service comprises a trusted compilation and test service whereby a project to be… | X | X | X | X | X | X | ||||||||||||||
| 89 | US20070089111A1 (Scott Robinson, 2007) | (Original Assignee) Intel Corp (Current Assignee) Intel Corp | Virtual environment manager | ▪ hardware configuration ≈ software applications, file system ▪ computing device ≈ computing device ▪ operating system ≈ operating system | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ describes a VM configuration for creating a VM environment describing each VM environment its behavior andor constrained… ▪ discloses a method that includes a virtual machine that is configured to execute on a physical computer system by way of… ▪ discloses specifying physical computers on which the VM may be executed see column… ▪ teaches selecting an orchestrator tool for the created virtualization environment configuring the virtual environment… | X | X | X | X | X | X | X | X | ||||||||||||
| 90 | US7788235B1 (Matthew Yeo, 2010) | (Original Assignee) Symantec Corp (Current Assignee) CAI Software LLC | Extrusion detection using taint analysis | ▪ readable storage medium ≈ readable storage medium ▪ positioning hardware, positioning service ≈ new location | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) ▪ 35 U.S.C. 102(e) | ▪ teaches a readablebycomputer recording medium recorded with a program according to claim… ▪ teaches the monitoring of a plurality of user characteristics including the usage of various program guide screens and… ▪ discloses a system for capability based multimedia streaming over a network… ▪ discloses that the message is transmitted from the user s local server to a proxy server using a secure mixed path… | X | X | ||||||||||||||||||
| 91 | WO2007023467A2 (Johann Heinrich TÖNSING, 2007) | (Original Assignee) Netronome Systems Inc | Flow control based on flow policies in a communication network | ▪ computing device, computing system ≈ network bandwidth ▪ operating system, platform module ≈ operating system, real time ▪ cause performance ≈ packet payload ▪ therein processor ≈ memory usage | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses a virtual local area network VLAN associated with a packet column… ▪ teaches that inspecting a packet feature of the plurality of packets… ▪ teaches extracting a portion of the received data calculating a content identifier based on the extracted portion of… ▪ discloses a communication application which may include lists of users with which a user of the application communicates… | X | X | X | X | X | X | X | X | X | X | X | |||||||||
| 92 | US20070043860A1 (Vipul Pabari, 2007) | (Original Assignee) TOUTVIRTUAL Inc (Current Assignee) TOUTVIRTUAL Inc | Virtual systems management | ▪ hardware configuration ≈ application software ▪ operating system, platform module ≈ operating system, real time | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ discloses trusted host platform and domain security teaches inserting and deleting of certificates see paragraph… ▪ discloses measuring various loads CPU network disk memory on a system and using a weighted formula for computing the… ▪ teaches a method of discovering virtual assets and physical devices that host the virtual assets comprising… ▪ teaches control agent proxy can be integrated into the control center itself which means the control agent proxy is… | X | X | X | X | X | |||||||||||||||
| 93 | US20080025288A1 (Alan Benner, 2008) | (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp | Dual network types solution for computer interconnects | ▪ positioning service ≈ optical connections ▪ computing system ≈ computing system ▪ computing device comprising one ≈ optical switch | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) | ▪ discloses determining the next hop to reach a destination by consulting the destination node table and… ▪ discloses where the route includes a multiprotocol labeling system MPLS label associated with the neighboring network… ▪ discloses a home radio local area network RLAN apparatus see FIG… ▪ discloses a network where frames are transmitted to a local node from another node… | X | X | X | X | X | X | X | X | ||||||||||||
| 94 | US20070250833A1 (Nelson Araujo, 2007) | (Original Assignee) Microsoft Corp (Current Assignee) ServiceNow Inc | Managing virtual machines with system-wide policies | ▪ executable instructions ≈ executable instructions ▪ therein processor ≈ more processors ▪ positioning service ≈ more parameter | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ teaches providing unstructured documents to a user paragraphs… ▪ teaches the claimed limitations identifying one or more facets of the plurality associated with the identified one or… ▪ teaches wherein the displayed set of general controls and displayed set of individual controls all include a control… ▪ teaches wherein the first virtual machine instance is accessed as a virtual desktop using a remote desktop application… | X | X | ||||||||||||||||||
| 95 | US20070239942A1 (Ravi Rajwar, 2007) | (Original Assignee) Intel Corp (Current Assignee) Intel Corp | Transactional memory virtualization | ▪ executable instructions, computer instructions ≈ second instruction, first instruction ▪ cause performance ≈ more processor | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(b) | ▪ discloses that the memory access instruction is annotated by a prefix to indicate a nontransactional memory access page… ▪ discloses a method for managing a computer memory which is accessible to a plurality of thread the method comprising… ▪ discloses wherein loadmarking the cacheline involves reading the load counter value from the cacheline pars… ▪ teaches again attempting to commit all the changes to memory at once using the atomic commit feature seepage… | X | X | X | X | X | X | ||||||||||||||
| 96 | GB2423168A (Timothy Ables, 2006) | (Original Assignee) Dell Products LP (Current Assignee) Dell Products LP | Managing software updates in multiple virtual machines | ▪ hardware configuration ≈ hardware configuration ▪ operating system ≈ operating system | X | X | X | X | X | |||||||||||||||||
| 97 | US20070180509A1 (Alon Swartz, 2007) | (Original Assignee) Swartz Alon R; Liraz Siri | Practical platform for high risk applications | ▪ source host ≈ wireless local area network ▪ positioning hardware ≈ configuration data ▪ computing device, computing system ≈ output interfaces ▪ email message ≈ instant messaging, email service ▪ hardware configuration ≈ client software ▪ computer instructions ≈ lock device | ▪ 35 U.S.C. 103(a) ▪ 35 U.S.C. 102(e) ▪ 35 U.S.C. 102(b) | ▪ discloses a shell environment shell environment command line utility operable on a computer processor within… ▪ teaches using the encryption of data to protect the integrity of the data being transferred paragraph… ▪ discloses that if con gurations are not stored into persistent storage then con guration les are retrieved from local… ▪ teaches an information processor comprising a controller for controlling at least one application to which a… | X | X | X | X | X | X | X | X | X | X | X | X | X | X | X | |||||
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | COMMUNICATIONS OF THE ACM. 54 (3): 95-104 MAR 2011 Publication Year: 2011 VL2: A Scalable And Flexible Data Center Network No Affiliation Greenberg, Hamilton, Jain, Kandula, Kim, Lahiri, Maltz, Patel, Sengupta |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (dynamic resource allocation) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers must allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (dynamic resource allocation) . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers must allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) must allow dynamic resource allocation across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (dynamic resource allocation) of the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) must allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) must allow dynamic resource allocation across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , the information indicating the hardware configuration (dynamic resource allocation) of the target host from a trusted platform module . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) must allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) must allow dynamic resource allocation across large server pools . In particular , the data center network should provide a simple flat abstraction : it should be able to take any set of servers anywhere in the data center and give them the illusion that they are plugged into a physically separate , noninterfering Ethernet switch with as many ports as the service needs . To meet this goal , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 uses (1) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end system-based address resolution to scale to large server pools without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in highspeed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 s-sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | SIGCOMM 2009. : 51-62 2009 Publication Year: 2009 VL2: A Scalable And Flexible Data Center Network Microsoft Research Greenberg, Hamilton, Jain, Kandula, Kim, Lahiri, Maltz, Patel, Sengupta, Acm |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (dynamic resource allocation) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers should allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (dynamic resource allocation) . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers should allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) should allow dynamic resource allocation across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (dynamic resource allocation) of the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) should allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) should allow dynamic resource allocation across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , the information indicating the hardware configuration (dynamic resource allocation) of the target host from a trusted platform module . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) should allow dynamic resource allocation (hardware configuration) across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
VL2 : A Scalable And Flexible Data Center Network . To be agile and cost effective , data centers (cause performance) should allow dynamic resource allocation across large server pools . In particular , the data center network should enable any server to be assigned to any service . To meet these goals , we present VL2 , a practical network architecture that scales to support huge data centers with uniform high capacity between servers , performance isolation between services , and Ethernet layer-2 semantics . VL2 . uses (I) flat addressing to allow service instances to be placed anywhere in the network , (2) Valiant Load Balancing to spread traffic uniformly across network paths , and (3) end-system based address resolution to scale to large server pools , without introducing complexity to the network control plane . VL2's design is driven by detailed measurements of traffic and fault data from a large operational cloud service provider . VL2's implementation leverages proven network technologies , already available at low cost in high-speed hardware implementations , to build a scalable and reliable network architecture . As a result , VL2 networks can be deployed today , and we have built a working prototype . We evaluate the merits of the VL2 design using measurement , analysis , and experiments . Our VL2 prototype shuffles 2 . 7 TB of data among 75 servers in 395 seconds - sustaining a rate that is 94% of the maximum possible . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | PROCEEDINGS OF THE 6TH USENIX CONFERENCE ON FILE AND STORAGE TECHNOLOGIES (FAST 08). : 269-282 2008 Publication Year: 2008 Avoiding The Disk Bottleneck In The Data Domain Deduplication File System No Affiliation Zhu, Li, Patterson, Usenix |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (file system) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system (hardware configuration) to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (file system) . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system (hardware configuration) to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (high cache) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache (cause performance) hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (high cache) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (file system) of the target host . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system (hardware configuration) to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache (cause performance) hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (high cache) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache (cause performance) hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (high cache) of : obtain , by the hidden process , the information indicating the hardware configuration (file system) of the target host from a trusted platform module . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system (hardware configuration) to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache (cause performance) hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (high cache) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (n storage) , a geolocation device (n storage) , or a positioning service . |
Avoiding The Disk Bottleneck In The Data Domain Deduplication File System . Disk-based deduplication storage (network device, geolocation device) has emerged as the new-generation storage system for enterprise data protection to replace tape libraries . Deduplication removes redundant data segments to compress data into a highly compact form and makes it economical to store backups on disk instead of tape . A crucial requirement for enterprise data protection is high throughput , typically over 100 MB/sec , which enables backups to complete quickly . A significant challenge is to identify and eliminate duplicate data segments at this rate on a low-cost system that cannot afford enough RAM to store an index of the stored segments and may be forced to access an on-disk index for every input segment . This paper describes three techniques employed in the production Data Domain deduplication file system to relieve the disk bottleneck . These techniques include : (1) the Summary Vector , a compact in-memory data structure for identifying new segments ; (2) Stream-Informed Segment Layout , a data layout method to improve on-disk locality for sequentially accessed segments ; and (3) Locality Preserved Caching , which maintains the locality of the fingerprints of duplicate segments to achieve high cache (cause performance) hit ratios . Together , they can remove 99% of the disk accesses for deduplication of real world workloads . These techniques enable a modern two-socket dual-core system to run at 90% CPU utilization with only one shelf of 15 disks and achieve 100 MB/sec for single-stream throughput and 2 10 MB/sec for multi-stream throughput . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | USENIX ASSOCIATION PROCEEDINGS OF THE 2ND SYMPOSIUM ON NETWORKED SYSTEMS DESIGN & IMPLEMENTATION (NSDI 05). : 245-258 2005 Publication Year: 2005 ACMS: The Akamai Configuration Management System No Affiliation Sherman, Lisiecki, Berkheimer, Wein, Usenix |
|---|---|
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (management system) . |
ACMS : The Akamai Configuration Management System . An important trend in information technology is the use of increasingly large distributed systems to deploy increasingly complex and mission-critical applications . In order for these systems to achieve the ultimate goal of having similar ease-of-use properties as centralized systems they must allow fast , reliable , and lightweight management and synchronization of their configuration state . This goal poses numerous technical challenges in a truly Internet-scale system , including varying degrees of network connectivity , inevitable machine failures , and the need to distribute information globally in a fast and reliable fashion . In this paper we discuss the design and implementation of a configuration management system (readable storage, platform module) for the Akamai Network . It allows reliable yet highly asynchronous delivery of configuration information , is significantly fault-tolerant , and can scale if necessary to hundreds of thousands of servers . The system is fully functional today providing configuration management to over 15 , 000 servers deployed in 1200+ different networks in 60+ countries . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial (Management System) of the request in response to the determination that geographic location of the target host is outside of the particular perimeter . |
ACMS : The Akamai Configuration Management System (indicates denial) . An important trend in information technology is the use of increasingly large distributed systems to deploy increasingly complex and mission-critical applications . In order for these systems to achieve the ultimate goal of having similar ease-of-use properties as centralized systems they must allow fast , reliable , and lightweight management and synchronization of their configuration state . This goal poses numerous technical challenges in a truly Internet-scale system , including varying degrees of network connectivity , inevitable machine failures , and the need to distribute information globally in a fast and reliable fashion . In this paper we discuss the design and implementation of a configuration management system for the Akamai Network . It allows reliable yet highly asynchronous delivery of configuration information , is significantly fault-tolerant , and can scale if necessary to hundreds of thousands of servers . The system is fully functional today providing configuration management to over 15 , 000 servers deployed in 1200+ different networks in 60+ countries . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | 25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE. : 254-265 2009 Publication Year: 2009 TrustGraph: Trusted Graphics Subsystem For High Assurance Systems University of Illinois Okhravi, Nicol, Ieee |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (I/O devices) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
TrustGraph : Trusted Graphics Subsystem For High Assurance Systems . High assurance MILS and MLS systems require strict limitation of the interactions between different security compartments based on a security policy . Virtualization can be used to provide a high degree of separation in such systems . Even with perfect isolation , however , the I/O devices (computing device comprising one) are shared between different security compartments . Among the I/O controllers , the graphics subsystem is the largest and the most complex . This paper describes the design and implementation of TrustGraph , a trusted graphics subsystem for high assurance systems . First , we explain the threats and attacks possible against an unsecured graphics subsystem . We then describe the design of TrustGraph , the security principles it is built upon , and its implementation . Finally , we verify our implementation through different levels of verification which include functionality testing for simple operations , attack testing for security mechanisms , and formal verification for the critical components of the implementation . An analysis of the graphics API covert channel attack is presented , its channel capacity is measured , and the capacity is reduced using the idea of fuzzy time . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (I/O controller) . |
TrustGraph : Trusted Graphics Subsystem For High Assurance Systems . High assurance MILS and MLS systems require strict limitation of the interactions between different security compartments based on a security policy . Virtualization can be used to provide a high degree of separation in such systems . Even with perfect isolation , however , the I/O devices are shared between different security compartments . Among the I/O controller (platform module) s , the graphics subsystem is the largest and the most complex . This paper describes the design and implementation of TrustGraph , a trusted graphics subsystem for high assurance systems . First , we explain the threats and attacks possible against an unsecured graphics subsystem . We then describe the design of TrustGraph , the security principles it is built upon , and its implementation . Finally , we verify our implementation through different levels of verification which include functionality testing for simple operations , attack testing for security mechanisms , and formal verification for the critical components of the implementation . An analysis of the graphics API covert channel attack is presented , its channel capacity is measured , and the capacity is reduced using the idea of fuzzy time . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | USENIX Association Proceedings Of The 2nd Symposium On Networked Systems Design & Implementation (NSDI 05). : 273-286 2005 Publication Year: 2005 Live Migration Of Virtual Machines University of Cambridge Clark, Fraser, Hand, Hansen, Jul, Limpach, Pratt, Warfield, Usenix |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
Live Migration Of Virtual Machines . Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers (cause performance) and clusters : It allows a clean separation between hardware and software , and facilitates fault management , load balancing , and low-level system maintenance . By carrying out the majority of migration while OSes continue to run , we achieve impressive performance with minimal service downtimes ; we demonstrate the migration of entire OS instances on a commodity cluster , recording service downtimes as low as 60ms . We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads . In this paper we consider the design options for migrating OSes running services with liveness constraints , focusing on data center and cluster environments . We introduce and analyze the concept of writable working set , and present the design , implementation and evaluation of high-performance OS migration built on top of the Xen VMM . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
Live Migration Of Virtual Machines . Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers (cause performance) and clusters : It allows a clean separation between hardware and software , and facilitates fault management , load balancing , and low-level system maintenance . By carrying out the majority of migration while OSes continue to run , we achieve impressive performance with minimal service downtimes ; we demonstrate the migration of entire OS instances on a commodity cluster , recording service downtimes as low as 60ms . We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads . In this paper we consider the design options for migrating OSes running services with liveness constraints , focusing on data center and cluster environments . We introduce and analyze the concept of writable working set , and present the design , implementation and evaluation of high-performance OS migration built on top of the Xen VMM . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
Live Migration Of Virtual Machines . Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers (cause performance) and clusters : It allows a clean separation between hardware and software , and facilitates fault management , load balancing , and low-level system maintenance . By carrying out the majority of migration while OSes continue to run , we achieve impressive performance with minimal service downtimes ; we demonstrate the migration of entire OS instances on a commodity cluster , recording service downtimes as low as 60ms . We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads . In this paper we consider the design options for migrating OSes running services with liveness constraints , focusing on data center and cluster environments . We introduce and analyze the concept of writable working set , and present the design , implementation and evaluation of high-performance OS migration built on top of the Xen VMM . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
Live Migration Of Virtual Machines . Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers (cause performance) and clusters : It allows a clean separation between hardware and software , and facilitates fault management , load balancing , and low-level system maintenance . By carrying out the majority of migration while OSes continue to run , we achieve impressive performance with minimal service downtimes ; we demonstrate the migration of entire OS instances on a commodity cluster , recording service downtimes as low as 60ms . We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads . In this paper we consider the design options for migrating OSes running services with liveness constraints , focusing on data center and cluster environments . We introduce and analyze the concept of writable working set , and present the design , implementation and evaluation of high-performance OS migration built on top of the Xen VMM . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
Live Migration Of Virtual Machines . Migrating operating system (operating system) instances across distinct physical hosts is a useful tool for administrators of data centers and clusters : It allows a clean separation between hardware and software , and facilitates fault management , load balancing , and low-level system maintenance . By carrying out the majority of migration while OSes continue to run , we achieve impressive performance with minimal service downtimes ; we demonstrate the migration of entire OS instances on a commodity cluster , recording service downtimes as low as 60ms . We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads . In this paper we consider the design options for migrating OSes running services with liveness constraints , focusing on data center and cluster environments . We introduce and analyze the concept of writable working set , and present the design , implementation and evaluation of high-performance OS migration built on top of the Xen VMM . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
Live Migration Of Virtual Machines . Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers (cause performance) and clusters : It allows a clean separation between hardware and software , and facilitates fault management , load balancing , and low-level system maintenance . By carrying out the majority of migration while OSes continue to run , we achieve impressive performance with minimal service downtimes ; we demonstrate the migration of entire OS instances on a commodity cluster , recording service downtimes as low as 60ms . We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads . In this paper we consider the design options for migrating OSes running services with liveness constraints , focusing on data center and cluster environments . We introduce and analyze the concept of writable working set , and present the design , implementation and evaluation of high-performance OS migration built on top of the Xen VMM . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | ACM TRANSACTIONS ON COMPUTER SYSTEMS. 23 (1): 77-110 FEB 2005 Publication Year: 2005 Improving The Reliability Of Commodity Operating Systems University of Washington Swift, Bershad, Levy |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (file system) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
Improving The Reliability Of Commodity Operating Systems . Despite decades of research in extensible operating system technology , extensions such as device drivers remain a significant cause of system failures . In Windows XP , for example , drivers account for 85% of recently reported failures . This article describes Nooks , a reliability subsystem that seeks to greatly enhance operating system (OS) reliability by isolating the OS from driver failures . The Nooks approach is practical : rather than guaranteeing complete fault tolerance through a new (and incompatible) OS or driver architecture , our goal is to prevent the vast majority of driver-caused crashes with little or no change to the existing driver and system code . Nooks isolates drivers within lightweight protection domains inside the kernel address space , where hardware and software prevent them from corrupting the kernel . Nooks also tracks a driver's use of kernel resources to facilitate automatic cleanup during recovery . To prove the viability of our approach , we implemented Nooks in the Linux operating system and used it to fault-isolate several device drivers . Our results show that Nooks offers a substantial increase in the reliability of operating systems , catching and quickly recovering from many faults that would otherwise crash the system . Under a wide range and number of fault conditions , we show that Nooks recovers automatically from 99% of the faults that otherwise cause Linux to crash . While Nooks was designed for drivers , our techniques generalize to other kernel extensions . We demonstrate this by isolating a kernel-mode file system (hardware configuration) and an in-kernel Internet service . Overall , because Nooks supports existing C-language extensions , runs on a commodity operating system and hardware , and enables automated recovery , it represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (file system) . |
Improving The Reliability Of Commodity Operating Systems . Despite decades of research in extensible operating system technology , extensions such as device drivers remain a significant cause of system failures . In Windows XP , for example , drivers account for 85% of recently reported failures . This article describes Nooks , a reliability subsystem that seeks to greatly enhance operating system (OS) reliability by isolating the OS from driver failures . The Nooks approach is practical : rather than guaranteeing complete fault tolerance through a new (and incompatible) OS or driver architecture , our goal is to prevent the vast majority of driver-caused crashes with little or no change to the existing driver and system code . Nooks isolates drivers within lightweight protection domains inside the kernel address space , where hardware and software prevent them from corrupting the kernel . Nooks also tracks a driver's use of kernel resources to facilitate automatic cleanup during recovery . To prove the viability of our approach , we implemented Nooks in the Linux operating system and used it to fault-isolate several device drivers . Our results show that Nooks offers a substantial increase in the reliability of operating systems , catching and quickly recovering from many faults that would otherwise crash the system . Under a wide range and number of fault conditions , we show that Nooks recovers automatically from 99% of the faults that otherwise cause Linux to crash . While Nooks was designed for drivers , our techniques generalize to other kernel extensions . We demonstrate this by isolating a kernel-mode file system (hardware configuration) and an in-kernel Internet service . Overall , because Nooks supports existing C-language extensions , runs on a commodity operating system and hardware , and enables automated recovery , it represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (file system) of the target host . |
Improving The Reliability Of Commodity Operating Systems . Despite decades of research in extensible operating system technology , extensions such as device drivers remain a significant cause of system failures . In Windows XP , for example , drivers account for 85% of recently reported failures . This article describes Nooks , a reliability subsystem that seeks to greatly enhance operating system (OS) reliability by isolating the OS from driver failures . The Nooks approach is practical : rather than guaranteeing complete fault tolerance through a new (and incompatible) OS or driver architecture , our goal is to prevent the vast majority of driver-caused crashes with little or no change to the existing driver and system code . Nooks isolates drivers within lightweight protection domains inside the kernel address space , where hardware and software prevent them from corrupting the kernel . Nooks also tracks a driver's use of kernel resources to facilitate automatic cleanup during recovery . To prove the viability of our approach , we implemented Nooks in the Linux operating system and used it to fault-isolate several device drivers . Our results show that Nooks offers a substantial increase in the reliability of operating systems , catching and quickly recovering from many faults that would otherwise crash the system . Under a wide range and number of fault conditions , we show that Nooks recovers automatically from 99% of the faults that otherwise cause Linux to crash . While Nooks was designed for drivers , our techniques generalize to other kernel extensions . We demonstrate this by isolating a kernel-mode file system (hardware configuration) and an in-kernel Internet service . Overall , because Nooks supports existing C-language extensions , runs on a commodity operating system and hardware , and enables automated recovery , it represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (file system) of the target host from a trusted platform module . |
Improving The Reliability Of Commodity Operating Systems . Despite decades of research in extensible operating system technology , extensions such as device drivers remain a significant cause of system failures . In Windows XP , for example , drivers account for 85% of recently reported failures . This article describes Nooks , a reliability subsystem that seeks to greatly enhance operating system (OS) reliability by isolating the OS from driver failures . The Nooks approach is practical : rather than guaranteeing complete fault tolerance through a new (and incompatible) OS or driver architecture , our goal is to prevent the vast majority of driver-caused crashes with little or no change to the existing driver and system code . Nooks isolates drivers within lightweight protection domains inside the kernel address space , where hardware and software prevent them from corrupting the kernel . Nooks also tracks a driver's use of kernel resources to facilitate automatic cleanup during recovery . To prove the viability of our approach , we implemented Nooks in the Linux operating system and used it to fault-isolate several device drivers . Our results show that Nooks offers a substantial increase in the reliability of operating systems , catching and quickly recovering from many faults that would otherwise crash the system . Under a wide range and number of fault conditions , we show that Nooks recovers automatically from 99% of the faults that otherwise cause Linux to crash . While Nooks was designed for drivers , our techniques generalize to other kernel extensions . We demonstrate this by isolating a kernel-mode file system (hardware configuration) and an in-kernel Internet service . Overall , because Nooks supports existing C-language extensions , runs on a commodity operating system and hardware , and enables automated recovery , it represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
Improving The Reliability Of Commodity Operating Systems . Despite decades of research in extensible operating system (operating system) technology , extensions such as device drivers remain a significant cause of system failures . In Windows XP , for example , drivers account for 85% of recently reported failures . This article describes Nooks , a reliability subsystem that seeks to greatly enhance operating system (OS) reliability by isolating the OS from driver failures . The Nooks approach is practical : rather than guaranteeing complete fault tolerance through a new (and incompatible) OS or driver architecture , our goal is to prevent the vast majority of driver-caused crashes with little or no change to the existing driver and system code . Nooks isolates drivers within lightweight protection domains inside the kernel address space , where hardware and software prevent them from corrupting the kernel . Nooks also tracks a driver's use of kernel resources to facilitate automatic cleanup during recovery . To prove the viability of our approach , we implemented Nooks in the Linux operating system and used it to fault-isolate several device drivers . Our results show that Nooks offers a substantial increase in the reliability of operating systems , catching and quickly recovering from many faults that would otherwise crash the system . Under a wide range and number of fault conditions , we show that Nooks recovers automatically from 99% of the faults that otherwise cause Linux to crash . While Nooks was designed for drivers , our techniques generalize to other kernel extensions . We demonstrate this by isolating a kernel-mode file system and an in-kernel Internet service . Overall , because Nooks supports existing C-language extensions , runs on a commodity operating system and hardware , and enables automated recovery , it represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2011119298A1 Filed: 2011-03-01 Issued: 2011-09-29 System and methods for remote maintenance of multiple clients in an electronic network using virtualization and attestation (Original Assignee) Fujitsu Limited Seigo Kotani, Masato Suzuki |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (first data set) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011119298A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (more software) , denying , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
WO2011119298A1 CLAIM 8 . A client according to Claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . WO2011119298A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (more software) . |
WO2011119298A1 CLAIM 8 . A client according to Claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (more software) or access to a positioning service . |
WO2011119298A1 CLAIM 8 . A client according to Claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (first data set) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011119298A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (more software) of the target host . |
WO2011119298A1 CLAIM 8 . A client according to Claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
WO2011119298A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (more software) of the target host from a trusted platform module (platform module) . |
WO2011119298A1 CLAIM 4 . A client according to Claim 1 , wherein the virtual machine manager controls data transfer between the first virtual machine and the second virtual machine using a trusted platform module (platform module) . WO2011119298A1 CLAIM 8 . A client according to Claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011119298A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011119298A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110099548A1 Filed: 2010-12-30 Issued: 2011-04-28 Method, apparatus and system for making a decision about virtual machine migration (Original Assignee) Huawei Technologies Co Ltd (Current Assignee) Huawei Technologies Co Ltd Qingni Shen, Lanfang Ren, Shaobin Wang, Yuanyou Jin, Lei Wei, Zhao Li, Anbang Ruan, Lei Shi |
|---|---|
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20110099548A1 CLAIM 14 . The method according to claim 13 , wherein the evaluation requirements comprise mandatory evaluation attributes , and the mandatory evaluation attributes comprise owner of the virtual machine , use of the virtual machine , and information of historical host platforms of the virtual machine ; or the evaluation requirements comprise mandatory evaluation attributes and additional evaluation attributes , wherein the mandatory evaluation attributes comprise owner of the virtual machine , use of the virtual machine , and information of historical host platforms of the virtual machine ; and the additional evaluation attributes comprise one or more of the following attributes : requirements for a virtual device of the virtual machine and for the use of physical hardware resources of the virtual machine , detailed information of operating system (operating system) s used and main application programs that run on the virtual machine , time logs of the virtual machine , and internal security strategy of the virtual machine . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110239210A1 Filed: 2010-09-10 Issued: 2011-09-29 System and methods for remote maintenance in an electronic network with multiple clients (Original Assignee) Fujitsu Ltd (Current Assignee) Fujitsu Ltd Seigo Kotani, Masato Suzuki |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (first data set) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set (source host, computing device comprising one) associated with the client system , the first virtual machine including an operating system and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (more software) , denying , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set (source host, computing device comprising one) associated with the client system , the first virtual machine including an operating system and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . US20110239210A1 CLAIM 9 . A system according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client system . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (more software) . |
US20110239210A1 CLAIM 9 . A system according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client system . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (more software) or access to a positioning service . |
US20110239210A1 CLAIM 9 . A system according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client system . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (first data set) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set (source host, computing device comprising one) associated with the client system , the first virtual machine including an operating system and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (more software) of the target host . |
US20110239210A1 CLAIM 9 . A system according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client system . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set (source host, computing device comprising one) associated with the client system , the first virtual machine including an operating system and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (more software) of the target host from a trusted platform module (platform module) . |
US20110239210A1 CLAIM 4 . A system according to claim 1 , wherein the virtual machine manager controls data transfer between the first virtual machine and the second virtual machine using a trusted platform module (platform module) . US20110239210A1 CLAIM 9 . A system according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client system . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set associated with the client system , the first virtual machine including an operating system (operating system) and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set (source host, computing device comprising one) associated with the client system , the first virtual machine including an operating system and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110239210A1 CLAIM 1 . A client system supported by remote maintenance in an electronic network configured to serve a plurality of clients , the client system comprising : an electronic network including a plurality of processing resources and a communication bus ; a plurality of storage resources accessible by the plurality of processing resources ; the plurality of storage resources including a computer readable memory ; a first virtual machine handling a first data set (source host, computing device comprising one) associated with the client system , the first virtual machine including an operating system and a reporting agent ; a second virtual machine handling a second data set associated with an external data center ; and a virtual machine manager configured to manage data transfer between the first virtual machine and the second virtual machine ; wherein the second virtual machine is configured to assess a state of the first virtual machine and identify a software update for installation on the first virtual machine ; wherein the virtual machine manager manages an attestation process for the first virtual machine prior to delivering or installing the software update on the client system using the first virtual machine . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110237234A1 Filed: 2010-09-10 Issued: 2011-09-29 System and methods for remote maintenance in an electronic network with multiple clients (Original Assignee) Fujitsu Ltd (Current Assignee) Fujitsu Ltd Seigo Kotani, Masato Suzuki |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (first data set) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110237234A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (more software) , denying , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
US20110237234A1 CLAIM 8 . A client according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . US20110237234A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (more software) . |
US20110237234A1 CLAIM 8 . A client according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (more software) or access to a positioning service . |
US20110237234A1 CLAIM 8 . A client according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (first data set) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110237234A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (more software) of the target host . |
US20110237234A1 CLAIM 8 . A client according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
US20110237234A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (more software) of the target host from a trusted platform module (platform module) . |
US20110237234A1 CLAIM 4 . A client according to claim 1 , wherein the virtual machine manager controls data transfer between the first virtual machine and the second virtual machine using a trusted platform module (platform module) . US20110237234A1 CLAIM 8 . A client according to claim 1 , further comprising a log stored by the first virtual machine , the log identifying one or more software (positioning hardware, hardware configuration) updates delivered to the client . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110237234A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110237234A1 CLAIM 23 . A method for performing remote maintenance in an electronic network configured to serve a plurality of clients , the method comprising : operating a data center having a database of software associated with various nodes in a client system ; communicating with a first virtual machine hosted by the client system , the first virtual machine handling a first data set (source host, computing device comprising one) associated with the data center ; receiving a request from the first virtual machine identifying a software update for delivery to one of the various nodes in the client system ; sending the identified software update to the first virtual machine using a closed network ; and authorizing the first virtual machine to install the identified software update on the client system using a second virtual machine associated with the one of the various nodes ; wherein the first virtual machine and the second virtual machine communicate through a virtual machine manager . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2012001445A1 Filed: 2010-07-02 Issued: 2012-01-05 Virtual machine merging method and system (Original Assignee) Telefonaktiebolaget L M Ericsson (Publ) Bob Melander, Jan-Erik MÅNGS |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (mobile computing device) . |
WO2012001445A1 CLAIM 4 . The method of Claim 2 , wherein the first physical machine (90) is a mobile phone , a laptop , a tablet or a mobile computing device (platform module) while the second physical machine (92) is a server or a fixed computing device . WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
WO2012001445A1 CLAIM 19 . A computing system (computing system) comprising : a first physical machine (90) that includes , a processor (60) configured to run a virtualization engine (94) that creates a virtual machine (98) to run on the computing machine (90) ; and an interface (64) connected to the processor (60) and configured to receive instructions for merging processes (P1) of the first virtual machine (98) with processes (P2) of a second virtual machine (100) , wherein the virtualization engine (94) is configured to , merge the first virtual machine (98) with the second virtual machine (100) onto the first physical machine (90) , merge an operating system (102) of the first virtual machine (98) with an operating system (104) of the second virtual machine (100) onto the first physical machine (90) , and maintain active in the merged virtual machine (98) each process (P1 , P2) that was active prior to merging into the first and second virtual machines (98 , 100) ; and a second physical machine (92) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110213765A1 Filed: 2010-05-20 Issued: 2011-09-01 Comprehensive, Relevant, and Dynamic Data Searching in a Virtualization Environment (Original Assignee) VMware Inc (Current Assignee) VMware Inc Liang Cui, Hailing XU, Ying He |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host to a target host (search engine) ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host (search engine) is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host (search engine) is the proper hardware configuration . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 6 . The method of claim 1 , further comprising : determining , via the hidden process , whether a configuration of the target host (search engine) is a proper configuration ; and in response to a determination that the configuration of the target host is other than the proper configuration , preventing , via the hidden process , execution of the virtual machine . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (network topology) of : in response to a request to migrate a virtual machine from a source host to a target host (search engine) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . US20110213765A1 CLAIM 16 . The method of claim 9 , further comprising grouping VMs in at least one of the internal cloud and the external cloud based on at least one of a geographical region and a network topology (cause performance) . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (network topology) of : verify whether the target host (search engine) has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . US20110213765A1 CLAIM 16 . The method of claim 9 , further comprising grouping VMs in at least one of the internal cloud and the external cloud based on at least one of a geographical region and a network topology (cause performance) . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (network topology) of : in response to a determination that the verified configuration of the target host (search engine) is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . US20110213765A1 CLAIM 16 . The method of claim 9 , further comprising grouping VMs in at least one of the internal cloud and the external cloud based on at least one of a geographical region and a network topology (cause performance) . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host (search engine) is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (network topology) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host (search engine) from a trusted platform module . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . US20110213765A1 CLAIM 16 . The method of claim 9 , further comprising grouping VMs in at least one of the internal cloud and the external cloud based on at least one of a geographical region and a network topology (cause performance) . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host (search engine) and a private key . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . US20110213765A1 CLAIM 6 . The method of claim 1 , further comprising deploying the search architecture as a VM image in a cloud operating system (operating system) environment . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (network topology) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20110213765A1 CLAIM 16 . The method of claim 9 , further comprising grouping VMs in at least one of the internal cloud and the external cloud based on at least one of a geographical region and a network topology (cause performance) . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host to a target host (search engine) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 16 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to determine a configuration of the target host (search engine) . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host (search engine) is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial of the request in response to the determination that geographic location of the target host (search engine) is outside of the particular perimeter . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 CLAIM 19 . The computer-readable storage medium of claim 18 , wherein the alert includes an indication of the geographic location of the target host (search engine) . |
US20110213765A1 CLAIM 3 . The method of claim 1 , further comprising at least one of : utilizing a third-party search engine (target host) to generate the search result ; and leveraging the third-party search engine to perform the indexing . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101924693A Filed: 2010-03-17 Issued: 2010-12-22 用于在虚拟机间迁移进程的方法和系统 (Original Assignee) VMware Inc (Current Assignee) VMware Inc 乔纳森·克拉克 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (一种计算) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (一种计算) . |
CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 8 . A computing system (一种计算) , comprising : a computing device (一种计算) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101924693A CLAIM 1 在一种具有在一个或多个 (computer instructions) 主机计算机上被实例化的虚拟机的计算机系统中,一种用于将在第一虚拟机上运行的一个或多个用户级进程卸载到第二虚拟机的方法,所述方法包括:识别要被卸载的在所述第一虚拟机上运行的一个或多个用户级进程;复制所述第一虚拟机以创建所述第二虚拟机;以及终止被识别用于卸载的在所述第一虚拟机上运行的所述用户级进程,并且终止在所述第二虚拟机上运行的除了被识别用于卸载的所述用户级进程外的所有用户级进程。 CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 9 . The computing system (一种计算) of claim 8 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN101924693A CLAIM 1 在一种具有在一个或多个 (computer instructions) 主机计算机上被实例化的虚拟机的计算机系统中,一种用于将在第一虚拟机上运行的一个或多个用户级进程卸载到第二虚拟机的方法,所述方法包括:识别要被卸载的在所述第一虚拟机上运行的一个或多个用户级进程;复制所述第一虚拟机以创建所述第二虚拟机;以及终止被识别用于卸载的在所述第一虚拟机上运行的所述用户级进程,并且终止在所述第二虚拟机上运行的除了被识别用于卸载的所述用户级进程外的所有用户级进程。 CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 10 . The computing system (一种计算) of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN101924693A CLAIM 1 在一种具有在一个或多个 (computer instructions) 主机计算机上被实例化的虚拟机的计算机系统中,一种用于将在第一虚拟机上运行的一个或多个用户级进程卸载到第二虚拟机的方法,所述方法包括:识别要被卸载的在所述第一虚拟机上运行的一个或多个用户级进程;复制所述第一虚拟机以创建所述第二虚拟机;以及终止被识别用于卸载的在所述第一虚拟机上运行的所述用户级进程,并且终止在所述第二虚拟机上运行的除了被识别用于卸载的所述用户级进程外的所有用户级进程。 CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 11 . The computing system (一种计算) of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101924693A CLAIM 1 在一种具有在一个或多个 (computer instructions) 主机计算机上被实例化的虚拟机的计算机系统中,一种用于将在第一虚拟机上运行的一个或多个用户级进程卸载到第二虚拟机的方法,所述方法包括:识别要被卸载的在所述第一虚拟机上运行的一个或多个用户级进程;复制所述第一虚拟机以创建所述第二虚拟机;以及终止被识别用于卸载的在所述第一虚拟机上运行的所述用户级进程,并且终止在所述第二虚拟机上运行的除了被识别用于卸载的所述用户级进程外的所有用户级进程。 CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 12 . The computing system (一种计算) of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN101924693A CLAIM 1 在一种具有在一个或多个 (computer instructions) 主机计算机上被实例化的虚拟机的计算机系统中,一种用于将在第一虚拟机上运行的一个或多个用户级进程卸载到第二虚拟机的方法,所述方法包括:识别要被卸载的在所述第一虚拟机上运行的一个或多个用户级进程;复制所述第一虚拟机以创建所述第二虚拟机;以及终止被识别用于卸载的在所述第一虚拟机上运行的所述用户级进程,并且终止在所述第二虚拟机上运行的除了被识别用于卸载的所述用户级进程外的所有用户级进程。 CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 13 . The computing system (一种计算) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 CLAIM 14 . The computing system (一种计算) of claim 8 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
CN101924693A CLAIM 1 在一种具有在一个或多个 (computer instructions) 主机计算机上被实例化的虚拟机的计算机系统中,一种用于将在第一虚拟机上运行的一个或多个用户级进程卸载到第二虚拟机的方法,所述方法包括:识别要被卸载的在所述第一虚拟机上运行的一个或多个用户级进程;复制所述第一虚拟机以创建所述第二虚拟机;以及终止被识别用于卸载的在所述第一虚拟机上运行的所述用户级进程,并且终止在所述第二虚拟机上运行的除了被识别用于卸载的所述用户级进程外的所有用户级进程。 CN101924693A CLAIM 15 . 一种计算 (computing device, computing system) 机系统,包括:第一主机计算机,所述第一主机计算机具有在其上运行的多个虚拟机;第二主机计算机,所述第二主机计算机具有在其上运行的多个虚拟机;以及路由器,所述路由器被配置成基于在数据分组中所指定的目的地IP地址和目的地端 口来将所述数据分组引导至所述第一主机计算机上的第一虚拟机以及所述第二主机计算 机上的第二虚拟机,其中,所述第一虚拟机和所述第二虚拟机共享同一 IP地址。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110167421A1 Filed: 2010-01-04 Issued: 2011-07-07 Dynamic Scaling of Management Infrastructure in Virtual Environments (Original Assignee) VMware Inc (Current Assignee) VMware Inc Vijayaraghavan SOUNDARARAJAN, Shicong MENG |
|---|---|
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (processing speed) . |
US20110167421A1 CLAIM 7 . The method as recited in claim 1 , further including : determining a number of additional VCs to be spawned based on management workload , processing speed (platform module, network device) of each additional VC , and a cost of spawning a new VC . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (processing speed) , a geolocation device , or a positioning service . |
US20110167421A1 CLAIM 7 . The method as recited in claim 1 , further including : determining a number of additional VCs to be spawned based on management workload , processing speed (platform module, network device) of each additional VC , and a cost of spawning a new VC . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110126197A1 Filed: 2009-12-22 Issued: 2011-05-26 System and method for controlling cloud and virtualized data centers in an intelligent workload management system (Original Assignee) Micro Focus Software Inc (Current Assignee) Micro Focus Software Inc Kal A. Larsen, Stephen R. Carter, Michael Jorgensen, Nathaniel Brent Kranendonk |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110126197A1 CLAIM 1 . A system for controlling cloud and virtualized data centers (cause performance) in an intelligent workload management system , comprising : at least one software installation having an embedded management agent ; an authentication server that embeds an identity service in the at least one software installation , wherein the embedded identity service includes an authentication token defining authorizations or permissions for a unique identity assigned to the software installation ; an image management system that stores a virtual machine image created from the software installation in a shared repository ; a cloud image repository that stores a cloud image created from the virtual machine image in the shared repository , wherein the cloud image created from the virtual machine image includes the embedded management agent and the embedded identity service ; and an image deployment system that deploys the cloud image with the embedded management agent and the embedded identity service into a cloud computing environment . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20110126197A1 CLAIM 1 . A system for controlling cloud and virtualized data centers (cause performance) in an intelligent workload management system , comprising : at least one software installation having an embedded management agent ; an authentication server that embeds an identity service in the at least one software installation , wherein the embedded identity service includes an authentication token defining authorizations or permissions for a unique identity assigned to the software installation ; an image management system that stores a virtual machine image created from the software installation in a shared repository ; a cloud image repository that stores a cloud image created from the virtual machine image in the shared repository , wherein the cloud image created from the virtual machine image includes the embedded management agent and the embedded identity service ; and an image deployment system that deploys the cloud image with the embedded management agent and the embedded identity service into a cloud computing environment . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20110126197A1 CLAIM 1 . A system for controlling cloud and virtualized data centers (cause performance) in an intelligent workload management system , comprising : at least one software installation having an embedded management agent ; an authentication server that embeds an identity service in the at least one software installation , wherein the embedded identity service includes an authentication token defining authorizations or permissions for a unique identity assigned to the software installation ; an image management system that stores a virtual machine image created from the software installation in a shared repository ; a cloud image repository that stores a cloud image created from the virtual machine image in the shared repository , wherein the cloud image created from the virtual machine image includes the embedded management agent and the embedded identity service ; and an image deployment system that deploys the cloud image with the embedded management agent and the embedded identity service into a cloud computing environment . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (management system) . |
US20110126197A1 CLAIM 1 . A system for controlling cloud and virtualized data centers (cause performance) in an intelligent workload management system (readable storage, platform module) , comprising : at least one software installation having an embedded management agent ; an authentication server that embeds an identity service in the at least one software installation , wherein the embedded identity service includes an authentication token defining authorizations or permissions for a unique identity assigned to the software installation ; an image management system that stores a virtual machine image created from the software installation in a shared repository ; a cloud image repository that stores a cloud image created from the virtual machine image in the shared repository , wherein the cloud image created from the virtual machine image includes the embedded management agent and the embedded identity service ; and an image deployment system that deploys the cloud image with the embedded management agent and the embedded identity service into a cloud computing environment . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20110126197A1 CLAIM 1 . A system for controlling cloud and virtualized data centers (cause performance) in an intelligent workload management system , comprising : at least one software installation having an embedded management agent ; an authentication server that embeds an identity service in the at least one software installation , wherein the embedded identity service includes an authentication token defining authorizations or permissions for a unique identity assigned to the software installation ; an image management system that stores a virtual machine image created from the software installation in a shared repository ; a cloud image repository that stores a cloud image created from the virtual machine image in the shared repository , wherein the cloud image created from the virtual machine image includes the embedded management agent and the embedded identity service ; and an image deployment system that deploys the cloud image with the embedded management agent and the embedded identity service into a cloud computing environment . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101998629A Filed: 2009-08-28 Issued: 2011-03-30 搜索虚拟资源的位置的方法、装置和系统 (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp 吴玉会, 何乐, 金涬, 赵阳, 邹志乐, 王庆波 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (单元计算) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (单元计算) . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (一个服务) . |
CN101998629A CLAIM 1 . 一种用于搜索虚拟资源的位置的方法,所述虚拟资源部署在至少一个服务 (positioning service) 器上,其 中每个服务器都附有一个传感器并与其通信,所述传感器相互通信以组成通信网络,每个 传感器存储有与该传感器连接的服务器中的虚拟资源的标识符以及该传感器的位置信息, 所述方法包括:所述至少一个传感器接收搜索虚拟资源的搜索请求,所述搜索请求包含该虚拟资源的 标识符;在所述传感器组成的通信网络中传输所述搜索请求;存储有该虚拟资源的标识符的传感器返回自身的位置信息。 |
| US9678774B2 CLAIM 8 . A computing system (单元计算) , comprising : a computing device (单元计算) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 9 . The computing system (单元计算) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 10 . The computing system (单元计算) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 11 . The computing system (单元计算) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 12 . The computing system (单元计算) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 13 . The computing system (单元计算) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 CLAIM 14 . The computing system (单元计算) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (一个服务) . |
CN101998629A CLAIM 1 . 一种用于搜索虚拟资源的位置的方法,所述虚拟资源部署在至少一个服务 (positioning service) 器上,其 中每个服务器都附有一个传感器并与其通信,所述传感器相互通信以组成通信网络,每个 传感器存储有与该传感器连接的服务器中的虚拟资源的标识符以及该传感器的位置信息, 所述方法包括:所述至少一个传感器接收搜索虚拟资源的搜索请求,所述搜索请求包含该虚拟资源的 标识符;在所述传感器组成的通信网络中传输所述搜索请求;存储有该虚拟资源的标识符的传感器返回自身的位置信息。 CN101998629A CLAIM 8 . 一种数据计算系统,包括:多个服务器,至少一个服务器上部署有虚拟资源;多个传感器,每个传感器安装到一个服务器上;其中每个传感器包括:通信单元,用于与其它传感器的通信单元通信以使所述多个传感器组成通信网络,所 述通信单元还用于接收用于搜索所述虚拟资源的搜索请求,所述搜索请求包含该虚拟资源 的标识符;位置信息计算单元,用于计算并存储该传感器的位置信息;虚拟资源信息获取单元,用于与该传感器所安装的服务器通信,以获取该服务器上部 署的虚拟资源的标识符;虚拟资源信息存储单元,用于存储虚拟资源信息获取单元获取的虚拟资源的标识符;虚拟资源信息搜索单元,用于搜索所述虚拟资源信息存储单元以查找该虚拟资源的标 识符,如果搜索到该虚拟资源的标识符,返回所述位置信息计算单元计算 (computing device, computing system) 的位置信息。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110023048A1 Filed: 2009-07-23 Issued: 2011-01-27 Intelligent data placement and management in virtual computing environments (Original Assignee) Micro Focus Software Inc (Current Assignee) Suse LLC Kattiganehalli Y. Srinivasan |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20110023048A1 CLAIM 1 . In a computing system (computing system) environment , a method of placing data for consumption by workloads of computing devices having hardware platforms , comprising : identifying access patterns of the data by the workload , the data being stored on a storage computing device ; and based on the identified access patterns , migrating a portion of the data from the storage computing device at a storage location farther away the workload to a second storage computing device at a second storage location closer the workload at a time when needed by the workload during use . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090288084A1 Filed: 2009-05-02 Issued: 2009-11-19 Multitenant hosted virtual machine infrastructure (Original Assignee) Skytap Inc (Current Assignee) Skytap Inc Nicholas Luis Astete, Aaron Benjamin Brethorst, Joseph Michael Goldberg, Matthew Hanlon, Anthony A. Hutchinson, JR., Gopalakrishnan Janakiraman, Alexander Kotelnikov, Petr Novodvorskiy, David William Richardsen, Roxanne Camille Skelly, Nikolai Slioussar, Jonathan Weeks |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device (receives data) , or a positioning service . |
US20090288084A1 CLAIM 77 . A method in a computing system (computing system) including at least one processor for managing virtual storage across a plurality of persistent storage devices directly or indirectly accessible to processors on which a plurality of virtual machines are executed , comprising : storing data on the persistent storage devices of the plurality in response to persistent storage requests each from a virtual machine or a virtual machine management module ; autonomously determining to copy distinguished data from a first persistent storage device on the plurality to a second persistent storage device among the plurality ; and copying the distinguished data from the first persistent storage device to the second persistent storage device in accordance with the autonomous determination . US20090288084A1 CLAIM 89 . A computer-readable medium whose contents are capable of causing a computing system including at least one processor to perform a method for making commercial products available for use in a hosted virtual computing environment by users , the method comprising : operating a web portal that , for each of the plurality of commercial products : receives data (geolocation device) constituting a commercial product from a provider of the commercial product , receives information describing the commercial product , and for each of a plurality of charging options , receives from the provider of commercial product a price to be charged to users of the hosted virtual computing environment who select the charging option . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance (receives information) of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090288084A1 CLAIM 89 . A computer-readable medium whose contents are capable of causing a computing system including at least one processor to perform a method for making commercial products available for use in a hosted virtual computing environment by users , the method comprising : operating a web portal that , for each of the plurality of commercial products : receives data constituting a commercial product from a provider of the commercial product , receives information (control performance) describing the commercial product , and for each of a plurality of charging options , receives from the provider of commercial product a price to be charged to users of the hosted virtual computing environment who select the charging option . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance (receives information) of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090288084A1 CLAIM 89 . A computer-readable medium whose contents are capable of causing a computing system including at least one processor to perform a method for making commercial products available for use in a hosted virtual computing environment by users , the method comprising : operating a web portal that , for each of the plurality of commercial products : receives data constituting a commercial product from a provider of the commercial product , receives information (control performance) describing the commercial product , and for each of a plurality of charging options , receives from the provider of commercial product a price to be charged to users of the hosted virtual computing environment who select the charging option . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090327471A1 Filed: 2009-05-02 Issued: 2009-12-31 Multitenant hosted virtual machine infrastructure (Original Assignee) Skytap Inc (Current Assignee) Skytap Inc Nicholas Luis Astete, Aaron Benjamin Brethorst, Joseph Michael Goldberg, Matthew Hanlon, Anthony A. Hutchinson, JR., Gopalakrishnan Janakiraman, Alexander Kotelnikov, Petr Novodvorskiy, David William Richardson, Roxanne Camille Sakelly, Nikolai Slioussar, Jonathan Weeks |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (other computer systems) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090327471A1 CLAIM 38 . A plurality of hardware computer systems each including at least one processor , comprising : a network connection via which a user associated with a principal may interact with the hardware computer systems via a public network , the principal not owning any of the other computer systems (hardware configuration) of the plurality ; a configuration creation module executing on at least one of the processors , the configuration creation module : receiving input via the network connection from a user associated with the principal specifying a configuration of one or more virtual machines , and in response to receiving the input , creating configuration state for the principal incorporating the specified configuration ; and a configuration management module executing on at least one of the processors , the configuration management module : receiving input via the network connection from a user associated with the principal requesting execution of the virtual machines of the configuration specified by the created configuration state , and in response to receiving input : executing each of the virtual machines of the configuration specified by the created configuration state on one of the hardware computer systems ; and providing output via the communication link to a user associated with the principal generated by at least one of the executing virtual machines . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (other computer systems) . |
US20090327471A1 CLAIM 38 . A plurality of hardware computer systems each including at least one processor , comprising : a network connection via which a user associated with a principal may interact with the hardware computer systems via a public network , the principal not owning any of the other computer systems (hardware configuration) of the plurality ; a configuration creation module executing on at least one of the processors , the configuration creation module : receiving input via the network connection from a user associated with the principal specifying a configuration of one or more virtual machines , and in response to receiving the input , creating configuration state for the principal incorporating the specified configuration ; and a configuration management module executing on at least one of the processors , the configuration management module : receiving input via the network connection from a user associated with the principal requesting execution of the virtual machines of the configuration specified by the created configuration state , and in response to receiving input : executing each of the virtual machines of the configuration specified by the created configuration state on one of the hardware computer systems ; and providing output via the communication link to a user associated with the principal generated by at least one of the executing virtual machines . |
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (other computer systems) of the target host . |
US20090327471A1 CLAIM 38 . A plurality of hardware computer systems each including at least one processor , comprising : a network connection via which a user associated with a principal may interact with the hardware computer systems via a public network , the principal not owning any of the other computer systems (hardware configuration) of the plurality ; a configuration creation module executing on at least one of the processors , the configuration creation module : receiving input via the network connection from a user associated with the principal specifying a configuration of one or more virtual machines , and in response to receiving the input , creating configuration state for the principal incorporating the specified configuration ; and a configuration management module executing on at least one of the processors , the configuration management module : receiving input via the network connection from a user associated with the principal requesting execution of the virtual machines of the configuration specified by the created configuration state , and in response to receiving input : executing each of the virtual machines of the configuration specified by the created configuration state on one of the hardware computer systems ; and providing output via the communication link to a user associated with the principal generated by at least one of the executing virtual machines . US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (other computer systems) of the target host from a trusted platform module . |
US20090327471A1 CLAIM 38 . A plurality of hardware computer systems each including at least one processor , comprising : a network connection via which a user associated with a principal may interact with the hardware computer systems via a public network , the principal not owning any of the other computer systems (hardware configuration) of the plurality ; a configuration creation module executing on at least one of the processors , the configuration creation module : receiving input via the network connection from a user associated with the principal specifying a configuration of one or more virtual machines , and in response to receiving the input , creating configuration state for the principal incorporating the specified configuration ; and a configuration management module executing on at least one of the processors , the configuration management module : receiving input via the network connection from a user associated with the principal requesting execution of the virtual machines of the configuration specified by the created configuration state , and in response to receiving input : executing each of the virtual machines of the configuration specified by the created configuration state on one of the hardware computer systems ; and providing output via the communication link to a user associated with the principal generated by at least one of the executing virtual machines . US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20090327471A1 CLAIM 55 . A method in a computing system (computing system) having a processor for sharing access to the console of a virtual machine , comprising : generating a unique URL corresponding to the virtual machine ; providing the generated URL to a user specifically authorized to access the virtual machine ; receiving an HTTP request specifying the provided URL ; and in response to the HTTP request , without attempting to determine the identity of a user who issued the HTTP request , providing access to the console of the virtual machine . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100138830A1 Filed: 2009-05-02 Issued: 2010-06-03 Multitenant hosted virtual machine infrastructure (Original Assignee) Skytap Inc (Current Assignee) Skytap Inc Nicholas Luis Astete, Aaron Benjamin Brethorst, Joseph Michael Goldberg, Matthew Hanlon, Anthony A. Hutchinson, JR., Gopalakrishnan Janakiraman, Alexander Kotelnikov, Petr Novodvorski, David William Richardson, Roxanne Camille Skelly, Nikolai Slioussar, Jonathan Weeks |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (new instance) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100138830A1 CLAIM 19 . The method of claim 16 , further comprising : receiving an instantiation command from a user associated with the tenant ; and in response to the received instantiation command , using the stored complete state to create a new instance (hardware configuration) of the identified subset of the virtual data center for the tenant that is isolated from the virtual data center for the tenant a subset of whose state was persistently stored . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (new instance) . |
US20100138830A1 CLAIM 19 . The method of claim 16 , further comprising : receiving an instantiation command from a user associated with the tenant ; and in response to the received instantiation command , using the stored complete state to create a new instance (hardware configuration) of the identified subset of the virtual data center for the tenant that is isolated from the virtual data center for the tenant a subset of whose state was persistently stored . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (network services) . |
US20100138830A1 CLAIM 10 . The method of claim 1 , further comprising : receiving input from a user associated with a tenant specifying a virtual network services (positioning service) attribute for a virtual network incorporated into the virtual data center for the tenant ; and establishing the specified virtual network services attribute in the operation of the virtual data center , without effect on the operation of the other virtual data centers provided by the virtual machine infrastructure . |
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers (cause performance) operating in the virtual machine infrastructure . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (new instance) of the target host . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers (cause performance) operating in the virtual machine infrastructure . US20100138830A1 CLAIM 19 . The method of claim 16 , further comprising : receiving an instantiation command from a user associated with the tenant ; and in response to the received instantiation command , using the stored complete state to create a new instance (hardware configuration) of the identified subset of the virtual data center for the tenant that is isolated from the virtual data center for the tenant a subset of whose state was persistently stored . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers (cause performance) operating in the virtual machine infrastructure . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers operating in the virtual machine infrastructure . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , the information indicating the hardware configuration (new instance) of the target host from a trusted platform module . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers (cause performance) operating in the virtual machine infrastructure . US20100138830A1 CLAIM 19 . The method of claim 16 , further comprising : receiving an instantiation command from a user associated with the tenant ; and in response to the received instantiation command , using the stored complete state to create a new instance (hardware configuration) of the identified subset of the virtual data center for the tenant that is isolated from the virtual data center for the tenant a subset of whose state was persistently stored . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers operating in the virtual machine infrastructure . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (data centers) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (network services) . |
US20100138830A1 CLAIM 1 . A method in a computing system (computing system) including at least one processor for operating a virtual computing infrastructure for a plurality of tenants , comprising : for each of at least a subset of the plurality of tenants , receiving input specifying virtual computing resources from the virtual computing infrastructure to be used by users associated with the tenant ; and allocating the specified virtual computing resources to a virtual data center for the tenant that operates in isolation from other virtual data centers (cause performance) operating in the virtual machine infrastructure . US20100138830A1 CLAIM 10 . The method of claim 1 , further comprising : receiving input from a user associated with a tenant specifying a virtual network services (positioning service) attribute for a virtual network incorporated into the virtual data center for the tenant ; and establishing the specified virtual network services attribute in the operation of the virtual data center , without effect on the operation of the other virtual data centers provided by the virtual machine infrastructure . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090276771A1 Filed: 2009-03-09 Issued: 2009-11-05 Globally Distributed Utility Computing Cloud (Original Assignee) 3Tera LLC (Current Assignee) CAI Software LLC Peter Nickolov, Bert Armijo, Vladimir Miloushev |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software applications) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090276771A1 CLAIM 111 . A system for delivering pre-packaged software in virtual appliances to computing systems for use in operating software applications (hardware configuration) , the system comprising : at least one processor ; at least one interface operable to provide a communication link to at least one network device ; and memory ; the system being operable to : identify a first virtual appliance class by a first identifier ; request the first virtual appliance class from a first catalog service using the first identifier ; transfer the first virtual appliance class from the catalog server to a first computing system ; and start an instance of the first virtual appliance class on the first computing system . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software applications) . |
US20090276771A1 CLAIM 111 . A system for delivering pre-packaged software in virtual appliances to computing systems for use in operating software applications (hardware configuration) , the system comprising : at least one processor ; at least one interface operable to provide a communication link to at least one network device ; and memory ; the system being operable to : identify a first virtual appliance class by a first identifier ; request the first virtual appliance class from a first catalog service using the first identifier ; transfer the first virtual appliance class from the catalog server to a first computing system ; and start an instance of the first virtual appliance class on the first computing system . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software applications) of the target host . |
US20090276771A1 CLAIM 111 . A system for delivering pre-packaged software in virtual appliances to computing systems for use in operating software applications (hardware configuration) , the system comprising : at least one processor ; at least one interface operable to provide a communication link to at least one network device ; and memory ; the system being operable to : identify a first virtual appliance class by a first identifier ; request the first virtual appliance class from a first catalog service using the first identifier ; transfer the first virtual appliance class from the catalog server to a first computing system ; and start an instance of the first virtual appliance class on the first computing system . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software applications) of the target host from a trusted platform module . |
US20090276771A1 CLAIM 111 . A system for delivering pre-packaged software in virtual appliances to computing systems for use in operating software applications (hardware configuration) , the system comprising : at least one processor ; at least one interface operable to provide a communication link to at least one network device ; and memory ; the system being operable to : identify a first virtual appliance class by a first identifier ; request the first virtual appliance class from a first catalog service using the first identifier ; transfer the first virtual appliance class from the catalog server to a first computing system ; and start an instance of the first virtual appliance class on the first computing system . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20090276771A1 CLAIM 112 . The system of claim 111 wherein the first virtual appliance class includes a first class descriptor and a first storage volume , wherein the first class descriptor includes a definition of at least one configurable parameter for instances of the first virtual appliance class , and wherein the first storage volume includes a disk image of an operating system (operating system) and software sufficient to create a virtual machine instance booted from the first storage volume , the system being further operable to : create , using at least a portion of the disk image , the virtual machine instance ; and boot the virtual machine instance from the first storage volume ; wherein the virtual machine instance is operable to perform functions assigned to the first virtual appliance class . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (network device) , a geolocation device , or a positioning service . |
US20090276771A1 CLAIM 97 . A system for migrating a virtual appliance from a first server grid to a second server grid via a computer network , the system comprising : at least one processor ; at least one interface operable to provide a communication link to at least one network device (network device) ; and memory ; the system being operable to : run a first instance of the virtual appliance at the first server grid , wherein the first server grid has associated therewith a first portion of virtualized computing resources representing computing resources associated with a first plurality of physical servers , wherein the first instance of the virtual appliance has associated therewith a first instance of a virtual machine and a first instance of a virtual volume ; store , at the first instance of the virtual volume , a first disk image for use by the first instance of the virtual appliance ; establish a connection over the computer network from the first server grid to the second server grid ; transfer , to the second server grid , first virtual appliance information relating to the first instance of the virtual appliance , wherein the first virtual appliance information includes virtual appliance descriptor information and virtual appliance configuration information ; and start , using the first virtual appliance information , the second instance of the virtual appliance at the second server grid ; wherein the second instance of the virtual appliance includes a second instance of the virtual machine . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101669106A Filed: 2008-03-20 Issued: 2010-03-10 虚拟机迁移 (Original Assignee) 微软公司 D·兰吉高达, R·弗莱尔斯 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (计算机中) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (计算机中) . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (配置成确, 多个配置) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101669106A CLAIM 12 . 如权利要求10所述的计算机系统,其特征在于,所述虚拟管理器还被配置成确 (hardware configuration) 定所述LUN可由所述第二主计算机通过所述存储阵列的存储接 口来访问以方便所述虚拟机从所述第一主计算机到所述第二主计算机的迁移。 CN101669106A CLAIM 16 . 如权利要求15所述的一种或多种计算机可读存储介质,其特征在 于,还包括在被执行时指示所述虚拟管理器在创建所述虚拟机时接收定义所述 存储阵列的可靠性配置等级的一个或多个配置 (hardware configuration) 输入的计算机可执行指令。 |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (配置成确, 多个配置) . |
CN101669106A CLAIM 12 . 如权利要求10所述的计算机系统,其特征在于,所述虚拟管理器还被配置成确 (hardware configuration) 定所述LUN可由所述第二主计算机通过所述存储阵列的存储接 口来访问以方便所述虚拟机从所述第一主计算机到所述第二主计算机的迁移。 CN101669106A CLAIM 16 . 如权利要求15所述的一种或多种计算机可读存储介质,其特征在 于,还包括在被执行时指示所述虚拟管理器在创建所述虚拟机时接收定义所述 存储阵列的可靠性配置等级的一个或多个配置 (hardware configuration) 输入的计算机可执行指令。 |
| US9678774B2 CLAIM 8 . A computing system (计算机中) , comprising : a computing device (计算机中) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 CLAIM 9 . The computing system (计算机中) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (配置成确, 多个配置) of the target host . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 CN101669106A CLAIM 12 . 如权利要求10所述的计算机系统,其特征在于,所述虚拟管理器还被配置成确 (hardware configuration) 定所述LUN可由所述第二主计算机通过所述存储阵列的存储接 口来访问以方便所述虚拟机从所述第一主计算机到所述第二主计算机的迁移。 CN101669106A CLAIM 16 . 如权利要求15所述的一种或多种计算机可读存储介质,其特征在 于,还包括在被执行时指示所述虚拟管理器在创建所述虚拟机时接收定义所述 存储阵列的可靠性配置等级的一个或多个配置 (hardware configuration) 输入的计算机可执行指令。 |
| US9678774B2 CLAIM 10 . The computing system (计算机中) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 CLAIM 11 . The computing system (计算机中) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 CLAIM 12 . The computing system (计算机中) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (配置成确, 多个配置) of the target host from a trusted platform module . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 CN101669106A CLAIM 12 . 如权利要求10所述的计算机系统,其特征在于,所述虚拟管理器还被配置成确 (hardware configuration) 定所述LUN可由所述第二主计算机通过所述存储阵列的存储接 口来访问以方便所述虚拟机从所述第一主计算机到所述第二主计算机的迁移。 CN101669106A CLAIM 16 . 如权利要求15所述的一种或多种计算机可读存储介质,其特征在 于,还包括在被执行时指示所述虚拟管理器在创建所述虚拟机时接收定义所述 存储阵列的可靠性配置等级的一个或多个配置 (hardware configuration) 输入的计算机可执行指令。 |
| US9678774B2 CLAIM 13 . The computing system (计算机中) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 CLAIM 14 . The computing system (计算机中) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
CN101669106A CLAIM 2 . 如权利要求1所述的方法,其特征在于,还包括: 从所述第一主计算机中 (computing device, computing system) 删除所述虚拟机;以及 取消所述一个或多个虚拟驱动器与所述第一主计算机的关联。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080184233A1 Filed: 2007-01-30 Issued: 2008-07-31 Abstracting a multithreaded processor core to a single threaded processor core (Original Assignee) Hewlett Packard Development Co LP (Current Assignee) Hewlett Packard Enterprise Development LP Scott J. Norton, Hyun Kim |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software application) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080184233A1 CLAIM 11 . The method of claim 1 , further comprising : preventing a software application (hardware configuration) thread that is executing in the kernel to be scheduled on the second hardware thread . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software application) . |
US20080184233A1 CLAIM 11 . The method of claim 1 , further comprising : preventing a software application (hardware configuration) thread that is executing in the kernel to be scheduled on the second hardware thread . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software application) of the target host . |
US20080184233A1 CLAIM 11 . The method of claim 1 , further comprising : preventing a software application (hardware configuration) thread that is executing in the kernel to be scheduled on the second hardware thread . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software application) of the target host from a trusted platform module . |
US20080184233A1 CLAIM 11 . The method of claim 1 , further comprising : preventing a software application (hardware configuration) thread that is executing in the kernel to be scheduled on the second hardware thread . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20080184233A1 CLAIM 1 . A method to abstract a multithreaded processor core to single threaded processor core , the method comprising : viewing , by an operating system (operating system) , a first hardware thread and a second hardware thread in a processor core ; and viewing , by a user application , the first hardware thread and the second hardware thread as a single CPU object . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101317417A Filed: 2006-11-14 Issued: 2008-12-03 多核心系统的网络接入控制 (Original Assignee) Intel Corp (Current Assignee) Intel Corp N·史密斯, J·沃尔克, K·索德 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine (一种机器) from a source host (当主机) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101317417A CLAIM 1 . 在具有多个逻辑机的基于处理器的系统中,一种方法包括: 选择所述系统中充当主机 (source host) 的逻辑机;以及 所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及 提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 3 . The method of claim 1 , wherein the hidden process is configured to run on the virtual machine (一种机器) . |
CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine (一种机器) from the source host (当主机) to the target host . |
CN101317417A CLAIM 1 . 在具有多个逻辑机的基于处理器的系统中,一种方法包括: 选择所述系统中充当主机 (source host) 的逻辑机;以及 所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及 提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 6 . The method of claim 1 , further comprising : determining , via the hidden process , whether a configuration of the target host is a proper configuration ; and in response to a determination that the configuration of the target host is other than the proper configuration , preventing , via the hidden process , execution of the virtual machine (一种机器) . |
CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine (一种机器) from a source host (当主机) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101317417A CLAIM 1 . 在具有多个逻辑机的基于处理器的系统中,一种方法包括: 选择所述系统中充当主机 (source host) 的逻辑机;以及 所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及 提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine (一种机器) on the target host . |
CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine (一种机器) from the source host (当主机) to the target host . |
CN101317417A CLAIM 1 . 在具有多个逻辑机的基于处理器的系统中,一种方法包括: 选择所述系统中充当主机 (source host) 的逻辑机;以及 所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及 提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine (一种机器) from a source host (当主机) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101317417A CLAIM 1 . 在具有多个逻辑机的基于处理器的系统中,一种方法包括: 选择所述系统中充当主机 (source host) 的逻辑机;以及 所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及 提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine (一种机器) from the source host (当主机) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101317417A CLAIM 1 . 在具有多个逻辑机的基于处理器的系统中,一种方法包括: 选择所述系统中充当主机 (source host) 的逻辑机;以及 所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及 提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 CN101317417A CLAIM 14 . 一种机器 (virtual machine) 可读介质,其中存储了在由机器访问时使所述机器 执行一种方法的数据,所述方法包括:在包括多个逻辑机的基于处理器的系统中,选择所述系统中充当 主才几的逻辑才几;以及所述主机与网络的策略决策点(PDP)进行通信,以便提供互连所述基于处理器的系统和所述网络的数据信道;以及提供将所述系统的各逻辑机互连到所述网络的逻辑数据信道。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2005106659A1 Filed: 2005-04-26 Issued: 2005-11-10 System and method for managing virtual servers (Original Assignee) Virtual Iron Software, Inc. Jerry Plouffe, Scott H. Davis, Alexander D. Vasilevsky, Benjamin J. Thomas, Iii, Steven S. Noyes, Tom Hazel |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (I/O device) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2005106659A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (I/O device) . |
WO2005106659A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (more parameter) . |
WO2005106659A1 CLAIM 23 . The virtual computing system according to claim 20 , wherein the at least one rule is triggered based on one or more parameter (positioning service) s . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (I/O device) of the target host . |
WO2005106659A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (I/O device) of the target host from a trusted platform module . |
WO2005106659A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
WO2005106659A1 CLAIM 13 . A system comprising : a virtual server system capable of executing at least one of a plurality of operating system (operating system) s ; and a manager capable of mapping the at least one of the plurality of operating systems to the virtual server . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (more parameter) . |
WO2005106659A1 CLAIM 23 . The virtual computing system according to claim 20 , wherein the at least one rule is triggered based on one or more parameter (positioning service) s . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial (management policy) of the request in response to the determination that geographic location of the target host is outside of the particular perimeter . |
WO2005106659A1 CLAIM 19 . The virtual computing system according to claim 14 , wherein the manager is adapted to implement at least one management policy (indicates denial) relating to virtual and physical resources . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20050120160A1 Filed: 2004-10-25 Issued: 2005-06-02 System and method for managing virtual servers (Original Assignee) Virtual Iron Software Inc; Katana Technology Inc (Current Assignee) Oracle International Corp ; Virtual Iron Software Inc Jerry Plouffe, Scott Davis, Alexander Vasilevsky, Benjamin Thomas, Steven Noyes, Tom Hazel |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (I/O device) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20050120160A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (I/O device) . |
US20050120160A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (more parameter) . |
US20050120160A1 CLAIM 23 . The virtual computing system according to claim 20 , wherein the at least one rule is triggered based on one or more parameter (positioning service) s . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (I/O device) of the target host . |
US20050120160A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (I/O device) of the target host from a trusted platform module . |
US20050120160A1 CLAIM 3 . The system as recited in claim 1 , wherein the one or more virtual resources include at least one of a virtual multiprocessor computer and an I/O device (readable storage, hardware configuration, readable storage medium) . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20050120160A1 CLAIM 13 . A system comprising : a virtual server system capable of executing at least one of a plurality of operating system (operating system) s ; and a manager capable of mapping the at least one of the plurality of operating systems to the virtual server . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (more parameter) . |
US20050120160A1 CLAIM 23 . The virtual computing system according to claim 20 , wherein the at least one rule is triggered based on one or more parameter (positioning service) s . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial (management policy) of the request in response to the determination that geographic location of the target host is outside of the particular perimeter . |
US20050120160A1 CLAIM 19 . The virtual computing system according to claim 14 , wherein the manager is adapted to implement at least one management policy (indicates denial) relating to virtual and physical resources . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN102347959A Filed: 2011-11-18 Issued: 2012-02-08 基于身份和会话的资源访问系统和方法 (Original Assignee) Transoft Network Sci-Tech (shanghai) Co Ltd (Current Assignee) Transoft Network Sci-Tech (shanghai) Co Ltd 汤传斌, 熊丽 |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102347959A CLAIM 1 . 一种基于身份和会话的资源访问系统,其特征在于,包括:客户端,客户端发出服务请求并定义执行该服务请求所需要的资源信息;会话管理中心,接收所述客户端发出的服务请求,根据该服务请求创建流会话并根据流会话创建控制会话,协商流会话所需的资源和控制会话所需的服务提供者,并将请求路由到资源中心;资源中心,包括实体服务器、网络和存储器,所述实体服务器上运行一个或多个 (computer instructions) 虚机, 资源中心接收所述服务请求、并管理请求的运行,所述虚机运行所述服务请求并将运行的结果反馈给客户端;身份管理器,与会话管理中心及资源中心通信连接,身份管理器管理资源、服务提供者、会话、应用的对象的身份信息,身份管理器还管理所述身份信息的生命周期。 |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN102347959A CLAIM 1 . 一种基于身份和会话的资源访问系统,其特征在于,包括:客户端,客户端发出服务请求并定义执行该服务请求所需要的资源信息;会话管理中心,接收所述客户端发出的服务请求,根据该服务请求创建流会话并根据流会话创建控制会话,协商流会话所需的资源和控制会话所需的服务提供者,并将请求路由到资源中心;资源中心,包括实体服务器、网络和存储器,所述实体服务器上运行一个或多个 (computer instructions) 虚机, 资源中心接收所述服务请求、并管理请求的运行,所述虚机运行所述服务请求并将运行的结果反馈给客户端;身份管理器,与会话管理中心及资源中心通信连接,身份管理器管理资源、服务提供者、会话、应用的对象的身份信息,身份管理器还管理所述身份信息的生命周期。 |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN102347959A CLAIM 1 . 一种基于身份和会话的资源访问系统,其特征在于,包括:客户端,客户端发出服务请求并定义执行该服务请求所需要的资源信息;会话管理中心,接收所述客户端发出的服务请求,根据该服务请求创建流会话并根据流会话创建控制会话,协商流会话所需的资源和控制会话所需的服务提供者,并将请求路由到资源中心;资源中心,包括实体服务器、网络和存储器,所述实体服务器上运行一个或多个 (computer instructions) 虚机, 资源中心接收所述服务请求、并管理请求的运行,所述虚机运行所述服务请求并将运行的结果反馈给客户端;身份管理器,与会话管理中心及资源中心通信连接,身份管理器管理资源、服务提供者、会话、应用的对象的身份信息,身份管理器还管理所述身份信息的生命周期。 |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102347959A CLAIM 1 . 一种基于身份和会话的资源访问系统,其特征在于,包括:客户端,客户端发出服务请求并定义执行该服务请求所需要的资源信息;会话管理中心,接收所述客户端发出的服务请求,根据该服务请求创建流会话并根据流会话创建控制会话,协商流会话所需的资源和控制会话所需的服务提供者,并将请求路由到资源中心;资源中心,包括实体服务器、网络和存储器,所述实体服务器上运行一个或多个 (computer instructions) 虚机, 资源中心接收所述服务请求、并管理请求的运行,所述虚机运行所述服务请求并将运行的结果反馈给客户端;身份管理器,与会话管理中心及资源中心通信连接,身份管理器管理资源、服务提供者、会话、应用的对象的身份信息,身份管理器还管理所述身份信息的生命周期。 |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN102347959A CLAIM 1 . 一种基于身份和会话的资源访问系统,其特征在于,包括:客户端,客户端发出服务请求并定义执行该服务请求所需要的资源信息;会话管理中心,接收所述客户端发出的服务请求,根据该服务请求创建流会话并根据流会话创建控制会话,协商流会话所需的资源和控制会话所需的服务提供者,并将请求路由到资源中心;资源中心,包括实体服务器、网络和存储器,所述实体服务器上运行一个或多个 (computer instructions) 虚机, 资源中心接收所述服务请求、并管理请求的运行,所述虚机运行所述服务请求并将运行的结果反馈给客户端;身份管理器,与会话管理中心及资源中心通信连接,身份管理器管理资源、服务提供者、会话、应用的对象的身份信息,身份管理器还管理所述身份信息的生命周期。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
CN102347959A CLAIM 1 . 一种基于身份和会话的资源访问系统,其特征在于,包括:客户端,客户端发出服务请求并定义执行该服务请求所需要的资源信息;会话管理中心,接收所述客户端发出的服务请求,根据该服务请求创建流会话并根据流会话创建控制会话,协商流会话所需的资源和控制会话所需的服务提供者,并将请求路由到资源中心;资源中心,包括实体服务器、网络和存储器,所述实体服务器上运行一个或多个 (computer instructions) 虚机, 资源中心接收所述服务请求、并管理请求的运行,所述虚机运行所述服务请求并将运行的结果反馈给客户端;身份管理器,与会话管理中心及资源中心通信连接,身份管理器管理资源、服务提供者、会话、应用的对象的身份信息,身份管理器还管理所述身份信息的生命周期。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20120030676A1 Filed: 2011-10-07 Issued: 2012-02-02 Methods And Apparatus For Creating An Isolated Partition For A Virtual Trusted Platform Module (Original Assignee) Smith Ned M; Wiseman Willard M Monty; Siddioi Faraz A; Tasneem Brutch; Scarlata Vincent R; Alok Kumar; Roge Kalpana M; Murari Kumar Ned M. Smith, Willard M.(Monty) Wiseman, Faraz A. Siddioi, Tasneem Brutch, Vincent R. Scarlata, Alok Kumar, Kalpana M. Roge, Murari Kumar |
|---|---|
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (platform module) . |
US20120030676A1 CLAIM 1 . A method comprising : launching a service operating system (OS) in a service virtual machine (VM) in a processing system ; launching a user OS in a guest VM in the processing system ; instantiating a first virtual trusted platform module (platform module) (vTPM) for use by the service OS of the service VM ; and instantiating a second vTPM for use by the user OS of the guest VM , wherein the first and second vTPMs are instantiated by creation of software TPMs (sTPMs) in a partition of the processing system . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20120030676A1 CLAIM 1 . A method comprising : launching a service operating system (operating system) (OS) in a service virtual machine (VM) in a processing system ; launching a user OS in a guest VM in the processing system ; instantiating a first virtual trusted platform module (vTPM) for use by the service OS of the service VM ; and instantiating a second vTPM for use by the user OS of the guest VM , wherein the first and second vTPMs are instantiated by creation of software TPMs (sTPMs) in a partition of the processing system . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20120054746A1 Filed: 2011-07-12 Issued: 2012-03-01 System software interfaces for space-optimized block devices (Original Assignee) VMware Inc (Current Assignee) VMware Inc Satyam B. Vaghani, Tejasvi Aswathanarayana |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (more set) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120054746A1 CLAIM 1 . A method of issuing a command to deallocate free storage blocks previously allocated to a logical block device , comprising : determining that the logical block device supports the command ; identifying one or more set (source host) s of contiguous storage blocks to be deallocated ; and issuing the command to the logical block device based on alignment and granularity values according to which the logical block device performs space reclamation operations , the command identifying at least one set of contiguous storage blocks as storage blocks to be deallocated . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (more set) to the target host . |
US20120054746A1 CLAIM 1 . A method of issuing a command to deallocate free storage blocks previously allocated to a logical block device , comprising : determining that the logical block device supports the command ; identifying one or more set (source host) s of contiguous storage blocks to be deallocated ; and issuing the command to the logical block device based on alignment and granularity values according to which the logical block device performs space reclamation operations , the command identifying at least one set of contiguous storage blocks as storage blocks to be deallocated . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (more set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120054746A1 CLAIM 1 . A method of issuing a command to deallocate free storage blocks previously allocated to a logical block device , comprising : determining that the logical block device supports the command ; identifying one or more set (source host) s of contiguous storage blocks to be deallocated ; and issuing the command to the logical block device based on alignment and granularity values according to which the logical block device performs space reclamation operations , the command identifying at least one set of contiguous storage blocks as storage blocks to be deallocated . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (more set) to the target host . |
US20120054746A1 CLAIM 1 . A method of issuing a command to deallocate free storage blocks previously allocated to a logical block device , comprising : determining that the logical block device supports the command ; identifying one or more set (source host) s of contiguous storage blocks to be deallocated ; and issuing the command to the logical block device based on alignment and granularity values according to which the logical block device performs space reclamation operations , the command identifying at least one set of contiguous storage blocks as storage blocks to be deallocated . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (more set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120054746A1 CLAIM 1 . A method of issuing a command to deallocate free storage blocks previously allocated to a logical block device , comprising : determining that the logical block device supports the command ; identifying one or more set (source host) s of contiguous storage blocks to be deallocated ; and issuing the command to the logical block device based on alignment and granularity values according to which the logical block device performs space reclamation operations , the command identifying at least one set of contiguous storage blocks as storage blocks to be deallocated . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (more set) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120054746A1 CLAIM 1 . A method of issuing a command to deallocate free storage blocks previously allocated to a logical block device , comprising : determining that the logical block device supports the command ; identifying one or more set (source host) s of contiguous storage blocks to be deallocated ; and issuing the command to the logical block device based on alignment and granularity values according to which the logical block device performs space reclamation operations , the command identifying at least one set of contiguous storage blocks as storage blocks to be deallocated . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2011150929A1 Filed: 2011-05-27 Issued: 2011-12-08 A computer system and method for controlling and/or monitoring a wind power plant (Original Assignee) Vestas Wind Systems A/S Tage Kristensen, Siew Hoon Lim |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (physical resource) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . |
| US9678774B2 CLAIM 9 . The computing system (physical resource) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . |
| US9678774B2 CLAIM 10 . The computing system (physical resource) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . |
| US9678774B2 CLAIM 11 . The computing system (physical resource) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . |
| US9678774B2 CLAIM 12 . The computing system (physical resource) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (power plant, real time) . |
WO2011150929A1 CLAIM 3 . A wind power computer system (50) according to claim 1 or 2 , wherein each of the first and second computer systems (10 , 20) is a real-time computer system , a non-real time (platform module, operating system) computer system , or a real-time computer system . WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . WO2011150929A1 CLAIM 9 . A wind power computer system (50) according to any of the claims 1 to 8 wherein the wind power computer system (50) is a computer system within a wind power plant (platform module, operating system) control system arranged to control and/or monitor the operation of a plurality of wind turbine generators in a wind power plant . |
| US9678774B2 CLAIM 13 . The computing system (physical resource) of claim 9 , wherein the information comprises a hash of an operating system (power plant, real time) of the target host and a private key . |
WO2011150929A1 CLAIM 3 . A wind power computer system (50) according to claim 1 or 2 , wherein each of the first and second computer systems (10 , 20) is a real-time computer system , a non-real time (platform module, operating system) computer system , or a real-time computer system . WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . WO2011150929A1 CLAIM 9 . A wind power computer system (50) according to any of the claims 1 to 8 wherein the wind power computer system (50) is a computer system within a wind power plant (platform module, operating system) control system arranged to control and/or monitor the operation of a plurality of wind turbine generators in a wind power plant . |
| US9678774B2 CLAIM 14 . The computing system (physical resource) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
WO2011150929A1 CLAIM 5 . A wind power computer system (50) according to claim 1 wherein the hypervisor (40) comprises a plurality of virtual computer systems (64a-64n) that emulate physical resource (computing system) s compatible with an associated one of a plurality of OSs (70a-70n) , and a hypervisor (40) configured to provide virtual resources (65-68) comprising the plurality of virtual computer systems (64a-64n) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | EP2397943A2 Filed: 2011-05-26 Issued: 2011-12-21 Uniform storage device by partial virtualization machine (Original Assignee) Intel Corp (Current Assignee) Intel Corp Hua Zhou, Vincent Zimmer, Michael A. Rothman, Yi Qian, Junwei Stanley Chen, Fujin Huang |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (USB controller) to a target host (USB controller) ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host (USB controller) is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (USB controller) to the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host (USB controller) is the proper hardware configuration . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 6 . The method of claim 1 , further comprising : determining , via the hidden process , whether a configuration of the target host (USB controller) is a proper configuration ; and in response to a determination that the configuration of the target host is other than the proper configuration , preventing , via the hidden process , execution of the virtual machine . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (USB controller) to a target host (USB controller) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host (USB controller) has a proper configuration based on information that indicates a hardware configuration of the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host (USB controller) is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host (USB controller) is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (USB controller) to the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host (USB controller) from a trusted platform module . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system of the target host (USB controller) and a private key . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (USB controller) to a target host (USB controller) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 16 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to determine a configuration of the target host (USB controller) . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host (USB controller) is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (USB controller) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial of the request in response to the determination that geographic location of the target host (USB controller) is outside of the particular perimeter . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 CLAIM 19 . The computer-readable storage medium of claim 18 , wherein the alert includes an indication of the geographic location of the target host (USB controller) . |
EP2397943A2 CLAIM 4 The computing system of claim 1 , wherein the virtual l/O device comprises a virtual USB device , the virtual l/O controller comprises a virtual USB controller (source host, target host) , and the physical l/O device comprises a USB device . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2011143568A2 Filed: 2011-05-13 Issued: 2011-11-17 A decision support system for moving computing workloads to public clouds (Original Assignee) Unisys Corporation Mohammad Firoj Mithani, Michael A. Salsburg |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011143568A2 CLAIM 13 . A computer-implemented method for identifying at least one of a plurality of computing workloads for hosting by a cloud computing environment , comprising : analyzing , by a computing device (computing device) , at least one first attribute of each computing workload to determine whether the computing workload is suitable for being hosted in a cloud computing environment ; in response to a determination that at least one of the computing workloads is suitable for being hosted in a cloud computing environment , analyzing , by a computing device , at least one second attribute of each of the at least one computing workloads to determine a cloud computing score for each of the at least one computing workloads , the cloud computing score being indicative of the suitability of the respective computing workload to be hosted in a cloud computing environment ; analyzing , by a computing device , one or more public clouds to determine a cloud provider score for each of the one or more public clouds , the cloud provider score being indicative of the suitability of the respective public cloud for hosting a computing workload ; and assigning one of the at least one computing workloads to one of the public clouds based one the cloud computing score for the one computing workload and the cloud provider score for the one public cloud . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
WO2011143568A2 CLAIM 13 . A computer-implemented method for identifying at least one of a plurality of computing workloads for hosting by a cloud computing environment , comprising : analyzing , by a computing device (computing device) , at least one first attribute of each computing workload to determine whether the computing workload is suitable for being hosted in a cloud computing environment ; in response to a determination that at least one of the computing workloads is suitable for being hosted in a cloud computing environment , analyzing , by a computing device , at least one second attribute of each of the at least one computing workloads to determine a cloud computing score for each of the at least one computing workloads , the cloud computing score being indicative of the suitability of the respective computing workload to be hosted in a cloud computing environment ; analyzing , by a computing device , one or more public clouds to determine a cloud provider score for each of the one or more public clouds , the cloud provider score being indicative of the suitability of the respective public cloud for hosting a computing workload ; and assigning one of the at least one computing workloads to one of the public clouds based one the cloud computing score for the one computing workload and the cloud provider score for the one public cloud . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011143568A2 CLAIM 13 . A computer-implemented method for identifying at least one of a plurality of computing workloads for hosting by a cloud computing environment , comprising : analyzing , by a computing device (computing device) , at least one first attribute of each computing workload to determine whether the computing workload is suitable for being hosted in a cloud computing environment ; in response to a determination that at least one of the computing workloads is suitable for being hosted in a cloud computing environment , analyzing , by a computing device , at least one second attribute of each of the at least one computing workloads to determine a cloud computing score for each of the at least one computing workloads , the cloud computing score being indicative of the suitability of the respective computing workload to be hosted in a cloud computing environment ; analyzing , by a computing device , one or more public clouds to determine a cloud provider score for each of the one or more public clouds , the cloud provider score being indicative of the suitability of the respective public cloud for hosting a computing workload ; and assigning one of the at least one computing workloads to one of the public clouds based one the cloud computing score for the one computing workload and the cloud provider score for the one public cloud . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
WO2011143568A2 CLAIM 5 . The computer-implemented method of Claim 4 , wherein the technology attribute comprises at least one of a size of the computing workload , an amount of data storage required by the computing workload , and an operating system (operating system) requirement of the workload . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110208677A1 Filed: 2011-05-04 Issued: 2011-08-25 Intrusion detection system alerts mechanism (Original Assignee) Bank of America Corp (Current Assignee) Bank of America Corp Mian Zhou, Sean Kenric Catlett |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110208677A1 CLAIM 1 . A system comprising : at least one database configured to maintain first association rules and new association rules ; at least one computing device (computing device) , operatively connected to the at least one database , configured to : receive a training data set with a single target variable and a group of categorical independent variables ; for a target variable T , a variable set V={V 1 , V 2 , . . . V n } and a cluster set for variable V k ={C 1 , C 2 , . . . Cj k } , where j k is the total number of clusters for variable V k , cluster each variable V i ; receive selected variables for processing ; set a combination depth of 1 ; for each cluster C k of the selected variable V i , check each record in the training data set where record[V i ]=C k and record[target]=T ; generate a first association rule C k →T and purity is equated to m/n , wherein n is the count of records with record [V i ]=C k , and m is the count of records with record [V i ]=C k and record[target]=T ; increase the combination depth to 2 ; for each two combination set {V i , V j } of the selected variable set V , check each record in the training data set where record[V i ]=C ik , record[V j ]=C jt , and record[target]=T , where C ik is a cluster from variable V j and C t is a cluster from variable V j ; generate a second association rule [C ik , C jt ]→T and purity is equated to m/n , wherein n is the count of records with record [V i ]=C k and record [V j ]=C t , and m is the count of records with record [V i ]=C k , record [V j ]=C t , and record[target]=T ; increase the combination depth to 3 ; for each three combination set {V i , V j , V k } of the selected variable set V , check each record in the training data set where record[V i ]=C it , record[V j ]=C jt , record[Vk]=C kt and record[target]=T , where C it is a cluster from variable V i , C jt is a cluster from variable V j , and C kt is a cluster from variable V k ; and generate a third association rule [C ik , C jt , C kt ] T and purity is equated to m/n , wherein n is the count of records with record[V i ]=C t , record[V j ]=C t and record[V k ]=C t , and m is the count of records with record[V i ]=C k , record[V j ]=C t , record[V k ]=C t and record[target]=T . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
US20110208677A1 CLAIM 1 . A system comprising : at least one database configured to maintain first association rules and new association rules ; at least one computing device (computing device) , operatively connected to the at least one database , configured to : receive a training data set with a single target variable and a group of categorical independent variables ; for a target variable T , a variable set V={V 1 , V 2 , . . . V n } and a cluster set for variable V k ={C 1 , C 2 , . . . Cj k } , where j k is the total number of clusters for variable V k , cluster each variable V i ; receive selected variables for processing ; set a combination depth of 1 ; for each cluster C k of the selected variable V i , check each record in the training data set where record[V i ]=C k and record[target]=T ; generate a first association rule C k →T and purity is equated to m/n , wherein n is the count of records with record [V i ]=C k , and m is the count of records with record [V i ]=C k and record[target]=T ; increase the combination depth to 2 ; for each two combination set {V i , V j } of the selected variable set V , check each record in the training data set where record[V i ]=C ik , record[V j ]=C jt , and record[target]=T , where C ik is a cluster from variable V j and C t is a cluster from variable V j ; generate a second association rule [C ik , C jt ]→T and purity is equated to m/n , wherein n is the count of records with record [V i ]=C k and record [V j ]=C t , and m is the count of records with record [V i ]=C k , record [V j ]=C t , and record[target]=T ; increase the combination depth to 3 ; for each three combination set {V i , V j , V k } of the selected variable set V , check each record in the training data set where record[V i ]=C it , record[V j ]=C jt , record[Vk]=C kt and record[target]=T , where C it is a cluster from variable V i , C jt is a cluster from variable V j , and C kt is a cluster from variable V k ; and generate a third association rule [C ik , C jt , C kt ] T and purity is equated to m/n , wherein n is the count of records with record[V i ]=C t , record[V j ]=C t and record[V k ]=C t , and m is the count of records with record[V i ]=C k , record[V j ]=C t , record[V k ]=C t and record[target]=T . |
| US9678774B2 CLAIM 8 . A computing system (false positives) , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110208677A1 CLAIM 1 . A system comprising : at least one database configured to maintain first association rules and new association rules ; at least one computing device (computing device) , operatively connected to the at least one database , configured to : receive a training data set with a single target variable and a group of categorical independent variables ; for a target variable T , a variable set V={V 1 , V 2 , . . . V n } and a cluster set for variable V k ={C 1 , C 2 , . . . Cj k } , where j k is the total number of clusters for variable V k , cluster each variable V i ; receive selected variables for processing ; set a combination depth of 1 ; for each cluster C k of the selected variable V i , check each record in the training data set where record[V i ]=C k and record[target]=T ; generate a first association rule C k →T and purity is equated to m/n , wherein n is the count of records with record [V i ]=C k , and m is the count of records with record [V i ]=C k and record[target]=T ; increase the combination depth to 2 ; for each two combination set {V i , V j } of the selected variable set V , check each record in the training data set where record[V i ]=C ik , record[V j ]=C jt , and record[target]=T , where C ik is a cluster from variable V j and C t is a cluster from variable V j ; generate a second association rule [C ik , C jt ]→T and purity is equated to m/n , wherein n is the count of records with record [V i ]=C k and record [V j ]=C t , and m is the count of records with record [V i ]=C k , record [V j ]=C t , and record[target]=T ; increase the combination depth to 3 ; for each three combination set {V i , V j , V k } of the selected variable set V , check each record in the training data set where record[V i ]=C it , record[V j ]=C jt , record[Vk]=C kt and record[target]=T , where C it is a cluster from variable V i , C jt is a cluster from variable V j , and C kt is a cluster from variable V k ; and generate a third association rule [C ik , C jt , C kt ] T and purity is equated to m/n , wherein n is the count of records with record[V i ]=C t , record[V j ]=C t and record[V k ]=C t , and m is the count of records with record[V i ]=C k , record[V j ]=C t , record[V k ]=C t and record[target]=T . US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 CLAIM 9 . The computing system (false positives) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 CLAIM 10 . The computing system (false positives) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 CLAIM 11 . The computing system (false positives) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 CLAIM 12 . The computing system (false positives) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 CLAIM 13 . The computing system (false positives) of claim 9 , wherein the information comprises a hash of an operating system (false positives) of the target host and a private key . |
US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 CLAIM 14 . The computing system (false positives) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20110208677A1 CLAIM 12 . The method of claim 11 , wherein the providing patterns includes providing a percentage of false positives (computing system, operating system) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | EP2381363A2 Filed: 2011-04-21 Issued: 2011-10-26 Cloud platform architecture (Original Assignee) VMware Inc (Current Assignee) Pivotal Software Inc Mark Lucovsky, Derek Collison, Vadim Spivak, Gerald C. Chen, Ramnivas Laddad |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (other components) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 CLAIM 9 . The computing system (other components) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 CLAIM 10 . The computing system (other components) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 CLAIM 11 . The computing system (other components) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 CLAIM 12 . The computing system (other components) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 CLAIM 13 . The computing system (other components) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 CLAIM 14 . The computing system (other components) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
EP2381363A2 CLAIM 10 The cloud computing platform of claim 9 , wherein the cloud computing environment (112) further comprises an addressing and discovery component (132) configured to broadcast messages transmitted by components of the cloud computing environment (112) to other components (computing system) of the cloud computing environment (112) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | EP2390784A1 Filed: 2011-04-19 Issued: 2011-11-30 Life-cycle management of multi-tenant SAAS applications (Original Assignee) SAP SE (Current Assignee) SAP SE Wolfgang Dittrich |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device (computing device) , comprising : separating customer specific data from system software on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device (computing device) , comprising : separating customer specific data from system software on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (system software) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device , comprising : separating customer specific data from system software (hardware configuration) on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (system software) . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device , comprising : separating customer specific data from system software (hardware configuration) on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device (computing device) , comprising : separating customer specific data from system software on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (system software) of the target host . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device , comprising : separating customer specific data from system software (hardware configuration) on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (system software) of the target host from a trusted platform module . |
EP2390784A1 CLAIM 13 A computer-implemented method for upgrading a personal computing device , comprising : separating customer specific data from system software (hardware configuration) on the personal computing device ; creating a pre-packaged image with a new version of the system software ; testing the pre-packaged image with test data ; shutting down the personal computing device ; installing the new version of the system software using the pre-packaged image ; restarting the personal computing device , the restart including triggering a data migration job for the customer data , wherein the data migration job is a background job that does not block the personal computing device and at least partial service is provided before the migration job is fully completed , the at least partial service includes providing full functionality for already migrated part of whole data set and providing read access to data not yet migrated . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110245724A1 Filed: 2011-03-29 Issued: 2011-10-06 Tissue excision device with a reduced diameter cannula (Original Assignee) Flatland Martin L; Bamdad Hassanpourgol (Current Assignee) SITESELECT MEDICAL TECHNOLOGIES Inc Martin L. Flatland, Bamdad Hassanpourgol |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter (interior diameter) , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter (particular perimeter) , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (ramped surface) that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter (interior diameter) , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter (particular perimeter) , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface (computer instructions) between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (ramped surface) that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface (computer instructions) between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (ramped surface) that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface (computer instructions) between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (ramped surface) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface (computer instructions) between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (ramped surface) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface (computer instructions) between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (ramped surface) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface (computer instructions) between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter (interior diameter) , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter (particular perimeter) , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial of the request in response to the determination that geographic location of the target host is outside of the particular perimeter (interior diameter) . |
US20110245724A1 CLAIM 1 . A biopsy device , comprising : a housing ; a coring cannula having a distal end , an internal bore , and a longitudinal axis and being centered on the axis and coupled to the housing , the coring cannula having an inner surface forming a cannula bore , the cannula inner bore having an inner diameter , the coring cannula rotatable about the axis ; a cutting ring having an inner surface forming a cutting ring bore and being located at a distal end of the coring cannula , the cutting ring having an interior bore with an interior diameter (particular perimeter) , the cutting ring having a distal end forming a coring cannula cutting edge ; and , a tapered wall coupled between the coring cannula and the cutting ring , the tapered wall providing a ramped surface between the inner surface of the cutting ring and the inner surface of the cutting cannula . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN102163266A Filed: 2011-02-16 Issued: 2011-08-24 在主机服务器之间安全地移动虚拟机 (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC S·N·麦格雷恩, O·T·乌雷彻, S·沃巴 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (客操作系统) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102163266A CLAIM 5 . 如权利要求1所述的方法,其特征在于,所述虚拟硬盘驱动器包括客操作系统 (source host) 和应用程序。 |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (客操作系统) to the target host . |
CN102163266A CLAIM 5 . 如权利要求1所述的方法,其特征在于,所述虚拟硬盘驱动器包括客操作系统 (source host) 和应用程序。 |
| US9678774B2 CLAIM 8 . A computing system (驱动器的方法) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (客操作系统) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 CN102163266A CLAIM 5 . 如权利要求1所述的方法,其特征在于,所述虚拟硬盘驱动器包括客操作系统 (source host) 和应用程序。 |
| US9678774B2 CLAIM 9 . The computing system (驱动器的方法) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 |
| US9678774B2 CLAIM 10 . The computing system (驱动器的方法) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 |
| US9678774B2 CLAIM 11 . The computing system (驱动器的方法) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (客操作系统) to the target host . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 CN102163266A CLAIM 5 . 如权利要求1所述的方法,其特征在于,所述虚拟硬盘驱动器包括客操作系统 (source host) 和应用程序。 |
| US9678774B2 CLAIM 12 . The computing system (驱动器的方法) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 |
| US9678774B2 CLAIM 13 . The computing system (驱动器的方法) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 |
| US9678774B2 CLAIM 14 . The computing system (驱动器的方法) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
CN102163266A CLAIM 1 . 一种用于迁移虚拟硬盘驱动器的方法 (computing system) ,包括:存储用于确保使用对于第一计算设备唯一的硬件安全性机制将虚拟硬盘驱动器绑定于该第一计算设备的信息;将所述虚拟硬盘驱动器转移到目标系统,其中所述虚拟硬盘驱动器通过所述目标系统的经认证的用户来恢复,并且其中所述虚拟硬盘驱动器被绑定于对于所述目标系统唯一的硬件安全性机制。 |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (客操作系统) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102163266A CLAIM 5 . 如权利要求1所述的方法,其特征在于,所述虚拟硬盘驱动器包括客操作系统 (source host) 和应用程序。 |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (客操作系统) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102163266A CLAIM 5 . 如权利要求1所述的方法,其特征在于,所述虚拟硬盘驱动器包括客操作系统 (source host) 和应用程序。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110246669A1 Filed: 2011-02-09 Issued: 2011-10-06 Method and system of virtual machine migration (Original Assignee) Hitachi Ltd (Current Assignee) Hitachi Ltd Yasusi Kanada, Yasushi KASUGAI, Shinji Suzuki, Toshiaki Tarui |
|---|---|
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (first translation) . |
US20110246669A1 CLAIM 2 . The method of virtual machine migration according to claim 1 , wherein the first network is an IP network ; wherein each of the first node and the third node is provided with a network address translation function ; wherein , before migration of the virtual machine , a destination address of a packet destined for the virtual machine in transmission from the client is subjected to a first translation (platform module) in which an address of the virtual machine is translated into a second address by using the network address translation function of the third node ; and wherein , at the first node , the destination address of the packet destined for the virtual machine in transmission from the client is subjected to a translation from the second address into a first address , while a setting change in the third node is made so as not to perform the first translation , thereby accomplishing a changeover in routing for the communication between the virtual machine and the client . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (third network) , a geolocation device , or a positioning service . |
US20110246669A1 CLAIM 11 . A system of virtual machine migration in a network configuration in which a first network includes first , second , and third nodes for routing packets in accordance with routing information , and in which third , fourth , and second networks are connected to the first , second , and third nodes , respectively , the system of virtual machine migration comprising : a first server connected to the third network (network device) ; a second server connected to the fourth network ; and a client terminal connected to the second network ; wherein , under a condition where communication between a virtual machine running on the first server and the client terminal is made through the first node and the third node , the virtual machine is migrated to the second server without changing an address thereof on the first network ; wherein a setting change in the third node is performed in synchronization with migration of the virtual machine to change a route for the communication between the virtual machine and the client terminal so that the communication therebetween is made through the second node and the third node in accordance with routing information of the first network ; and wherein the client terminal is allowed to continue communicating with the virtual machine that has been migrated to the second server . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2011091056A1 Filed: 2011-01-19 Issued: 2011-07-28 System and method for a cloud computing abstraction layer (Original Assignee) Servicemesh, Inc. Eric Pulier, Frank Martinez |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (physical resource) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 9 . The computing system (physical resource) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 10 . The computing system (physical resource) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 11 . The computing system (physical resource) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 12 . The computing system (physical resource) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 13 . The computing system (physical resource) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 14 . The computing system (physical resource) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
WO2011091056A1 CLAIM 18 . The computer program product of claim I , wherein the cloud-computing resource is a hybrid cloud-computing resource comprising at least two of a physical resource (computing system) , a virtual ized resource , a private resource , a public resource , an internal resource , or an external resource . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance (process cost) of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011091056A1 CLAIM 37 . The system of claim 29 , wherein the management module is further configured to collect and process cost (control performance) and consumption data from a cloud-computing resource provider and present that data to a billing system through an application program interface . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance (process cost) of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011091056A1 CLAIM 37 . The system of claim 29 , wherein the management module is further configured to collect and process cost (control performance) and consumption data from a cloud-computing resource provider and present that data to a billing system through an application program interface . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN102025535A Filed: 2010-11-17 Issued: 2011-04-20 虚拟机管理方法、装置及网络设备 (Original Assignee) Fujian Star Net Communication Co Ltd (Current Assignee) Ruijie Networks Co Ltd 卓志强 |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (服务器端) . |
CN102025535A CLAIM 5 . 根据权利要求4所述的虚拟机管理方法,其特征在于,所述网络设备预先获取所述 虚拟机安全策略对应表和所述虚拟机状态表包括:所述网络设备接收其他网络设备发送的第一管理报文,并根据所述第一管理报文识 别出所述网络设备的设备端口和服务器端 (positioning service) 口,所述第一管理报文包括其他网络设备的介 质访问控制地址和发送所述第一管理报文的端口信息;所述网络设备通过所述设备端口接收所述其他网络设备发送的第二管理报文,所述 第二管理报文包括运行在所述其他网络设备上的虚拟机的信息和为处于运行状态的虚拟 机配置的安全策略;所述网络设备根据所述第二管理报文,生成包括虚拟机和安全策略对应关系的所述 虚拟机安全策略对应表,以及包括处于运行状态的虚拟机的信息的所述虚拟机状态表。 |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (配置模块) . |
CN102025535A CLAIM 8 . 根据权利要求7所述的虚拟机管理装置,其特征在于,还包括:第一配置模块 (platform module) ,用于在所述识别模块识别发送所述数据报文的对象为虚拟机时,根 据所述介质访问控制地址和预先获取的虚拟机安全策略对应表,对接收到的所述数据报 文的端口进行安全策略配置。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (服务器端) . |
CN102025535A CLAIM 5 . 根据权利要求4所述的虚拟机管理方法,其特征在于,所述网络设备预先获取所述 虚拟机安全策略对应表和所述虚拟机状态表包括:所述网络设备接收其他网络设备发送的第一管理报文,并根据所述第一管理报文识 别出所述网络设备的设备端口和服务器端 (positioning service) 口,所述第一管理报文包括其他网络设备的介 质访问控制地址和发送所述第一管理报文的端口信息;所述网络设备通过所述设备端口接收所述其他网络设备发送的第二管理报文,所述 第二管理报文包括运行在所述其他网络设备上的虚拟机的信息和为处于运行状态的虚拟 机配置的安全策略;所述网络设备根据所述第二管理报文,生成包括虚拟机和安全策略对应关系的所述 虚拟机安全策略对应表,以及包括处于运行状态的虚拟机的信息的所述虚拟机状态表。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101969391A Filed: 2010-10-27 Issued: 2011-02-09 一种支持融合网络业务的云平台及其工作方法 (Original Assignee) Beijing University of Posts and Telecommunications (Current Assignee) Beijing University of Posts and Telecommunications 赵耀, 邹华, 杨放春, 李晓亮, 孙其博, 刘志晗, 闫丹凤, 林荣恒 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (的网站) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (的网站) . |
CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (服务器并) . |
CN101969391A CLAIM 8 . 根据权利要求7所述的方法,其特征在于:所述步骤(1)进一步包括下列操作内容:(11)先在部分服务器上启动和运行云平台资源池的服务程序,使得该部分服务器组成 云平台资源池服务器集群,再让该云平台资源池服务器集群开放资源池资源的接入接口, 等待底层硬件资源的接入;(12)在跨地域、跨机房和跨机架的三种层次上选取大量的物理服务器并 (positioning service) 启动和运行底 层资源服务程序,使得这些物理服务器组成底层资源服务器集群;如果底层资源服务器上 运行计算资源代理程序,则作为计算资源服务器向资源池服务器注册接入;如果底层资源 服务器上运行数据存储代理程序,则作为数据存储资源服务器注册接入;(13)云平台资源池服务器集群对接入的底层资源服务器集群执行实时监控,并将接入 的服务器能力进行虚拟化,以利于实现资源的动态调整,并作为云平台资源池中的虚拟资 源提供给上层服务使用;因物理资源冗余存储并划分成小块的资源能力,能增加云平台的 可用性和显著提高物理资源的利用率;(14)在部分服务器上启动和运行业务执行与管理的服务程序,使得该部分服务器组成 业务执行与管理服务器集群;该业务执行与管理服务器集群接入云平台资源池服务器集群 后,获取该云平台自身使用的虚拟资源,再对包括系统数据的资源进行初始化;(15)在部分服务器上启动和运行云平台管理的服务程序,使得该部分服务器作为云 平台管理服务器集群,并分别连接业务执行与管理服务器集群和云平台资源池服务器集群 后,进行相应的初始化;(16)云平台运营商管理员对整个云平台系统进行初始配置操作后,向云平台用户开放 访问接口,云平台启动结束。 |
| US9678774B2 CLAIM 8 . A computing system (的网站) , comprising : a computing device (的网站) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101969391A CLAIM 3 . 根据权利要求1所述的云平台,其特征在于:所述业务执行模块中的业务执行空间 的内部组成结构是:一个或多个 (computer instructions) 业务执行空间管理代理单元、一个负载均衡进程和多个业 务执行引擎实例进程,其中负载均衡进程与业务执行引擎实例进程分别运行于各自的业务 执行空间虚拟机;其中,业务执行空间管理代理单元,作为业务执行空间管理模块的接口,该单元既要响应业 务执行空间管理模块的命令请求,执行包括创建新的虚拟机与执行引擎实例,进行业务的 加载激活的生命周期管理操作,还要对空间内的负载均衡器和执行引擎实例进行动态监 控,通过心跳机制判断各个进程的存活状态,一旦发现进程异常,及时重启进程,并向业务 执行空间管理单元产生告警日志;负载均衡进程,是该云平台与运营商网络的连接门户,业务请求从运营商网络发送至 负载均衡进程的开放端口时,根据该业务请求所触发的业务,将该业务请求转发给当前负 载较轻的执行引擎实例;所述执行引擎实例是业务实例运行的实际容器。 CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 9 . The computing system (的网站) of claim 8 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN101969391A CLAIM 3 . 根据权利要求1所述的云平台,其特征在于:所述业务执行模块中的业务执行空间 的内部组成结构是:一个或多个 (computer instructions) 业务执行空间管理代理单元、一个负载均衡进程和多个业 务执行引擎实例进程,其中负载均衡进程与业务执行引擎实例进程分别运行于各自的业务 执行空间虚拟机;其中,业务执行空间管理代理单元,作为业务执行空间管理模块的接口,该单元既要响应业 务执行空间管理模块的命令请求,执行包括创建新的虚拟机与执行引擎实例,进行业务的 加载激活的生命周期管理操作,还要对空间内的负载均衡器和执行引擎实例进行动态监 控,通过心跳机制判断各个进程的存活状态,一旦发现进程异常,及时重启进程,并向业务 执行空间管理单元产生告警日志;负载均衡进程,是该云平台与运营商网络的连接门户,业务请求从运营商网络发送至 负载均衡进程的开放端口时,根据该业务请求所触发的业务,将该业务请求转发给当前负 载较轻的执行引擎实例;所述执行引擎实例是业务实例运行的实际容器。 CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 10 . The computing system (的网站) of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN101969391A CLAIM 3 . 根据权利要求1所述的云平台,其特征在于:所述业务执行模块中的业务执行空间 的内部组成结构是:一个或多个 (computer instructions) 业务执行空间管理代理单元、一个负载均衡进程和多个业 务执行引擎实例进程,其中负载均衡进程与业务执行引擎实例进程分别运行于各自的业务 执行空间虚拟机;其中,业务执行空间管理代理单元,作为业务执行空间管理模块的接口,该单元既要响应业 务执行空间管理模块的命令请求,执行包括创建新的虚拟机与执行引擎实例,进行业务的 加载激活的生命周期管理操作,还要对空间内的负载均衡器和执行引擎实例进行动态监 控,通过心跳机制判断各个进程的存活状态,一旦发现进程异常,及时重启进程,并向业务 执行空间管理单元产生告警日志;负载均衡进程,是该云平台与运营商网络的连接门户,业务请求从运营商网络发送至 负载均衡进程的开放端口时,根据该业务请求所触发的业务,将该业务请求转发给当前负 载较轻的执行引擎实例;所述执行引擎实例是业务实例运行的实际容器。 CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 11 . The computing system (的网站) of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101969391A CLAIM 3 . 根据权利要求1所述的云平台,其特征在于:所述业务执行模块中的业务执行空间 的内部组成结构是:一个或多个 (computer instructions) 业务执行空间管理代理单元、一个负载均衡进程和多个业 务执行引擎实例进程,其中负载均衡进程与业务执行引擎实例进程分别运行于各自的业务 执行空间虚拟机;其中,业务执行空间管理代理单元,作为业务执行空间管理模块的接口,该单元既要响应业 务执行空间管理模块的命令请求,执行包括创建新的虚拟机与执行引擎实例,进行业务的 加载激活的生命周期管理操作,还要对空间内的负载均衡器和执行引擎实例进行动态监 控,通过心跳机制判断各个进程的存活状态,一旦发现进程异常,及时重启进程,并向业务 执行空间管理单元产生告警日志;负载均衡进程,是该云平台与运营商网络的连接门户,业务请求从运营商网络发送至 负载均衡进程的开放端口时,根据该业务请求所触发的业务,将该业务请求转发给当前负 载较轻的执行引擎实例;所述执行引擎实例是业务实例运行的实际容器。 CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 12 . The computing system (的网站) of claim 9 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN101969391A CLAIM 3 . 根据权利要求1所述的云平台,其特征在于:所述业务执行模块中的业务执行空间 的内部组成结构是:一个或多个 (computer instructions) 业务执行空间管理代理单元、一个负载均衡进程和多个业 务执行引擎实例进程,其中负载均衡进程与业务执行引擎实例进程分别运行于各自的业务 执行空间虚拟机;其中,业务执行空间管理代理单元,作为业务执行空间管理模块的接口,该单元既要响应业 务执行空间管理模块的命令请求,执行包括创建新的虚拟机与执行引擎实例,进行业务的 加载激活的生命周期管理操作,还要对空间内的负载均衡器和执行引擎实例进行动态监 控,通过心跳机制判断各个进程的存活状态,一旦发现进程异常,及时重启进程,并向业务 执行空间管理单元产生告警日志;负载均衡进程,是该云平台与运营商网络的连接门户,业务请求从运营商网络发送至 负载均衡进程的开放端口时,根据该业务请求所触发的业务,将该业务请求转发给当前负 载较轻的执行引擎实例;所述执行引擎实例是业务实例运行的实际容器。 CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 |
| US9678774B2 CLAIM 13 . The computing system (的网站) of claim 9 , wherein the information comprises a hash of an operating system (工作方法) of the target host and a private key . |
CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 CN101969391A CLAIM 7 . 一种支持融合网络业务的云平台的工作方法 (operating system) ,其特征在于:包括下列操作步骤:(1)云平台的部署和启动:采用多服务器集群分布式结构部署云平台后,再按照由该云平台架构组件的底层到上层的顺序启动云平台;(2)云平台执行平台用户注册、资源申请及新业务的加载部署:云平台启动后,接收到 平台用户的注册和购买所需要的资源后,才根据平台用户订购的资源数量为平台用户创建 其独有的虚拟业务执行空间,并为其创建包括业务执行引擎和负载均衡器的业务实例;(3)云平台根据平台用户指令,执行业务相关操作并动态调整资源:在平台用户使用 云平台运营业务过程中,云平台根据业务实际需要,动态调整其使用的资源;(4)云平台支持融合网络业务的运行:注册和购买资源的平台用户上传业务并激活业 务后,该业务就在云平台中处于激活运行状态,能够接受来自云平台外的各个运营商网络 的业务请求;且在该业务运行过程中,云平台能够同时支持该业务所涉及的互联网、电信网 和广电网的三种不同网络资源和相关协议。 |
| US9678774B2 CLAIM 14 . The computing system (的网站) of claim 8 , wherein the memory has further stored therein computer instructions (一个或多个) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (服务器并) . |
CN101969391A CLAIM 3 . 根据权利要求1所述的云平台,其特征在于:所述业务执行模块中的业务执行空间 的内部组成结构是:一个或多个 (computer instructions) 业务执行空间管理代理单元、一个负载均衡进程和多个业 务执行引擎实例进程,其中负载均衡进程与业务执行引擎实例进程分别运行于各自的业务 执行空间虚拟机;其中,业务执行空间管理代理单元,作为业务执行空间管理模块的接口,该单元既要响应业 务执行空间管理模块的命令请求,执行包括创建新的虚拟机与执行引擎实例,进行业务的 加载激活的生命周期管理操作,还要对空间内的负载均衡器和执行引擎实例进行动态监 控,通过心跳机制判断各个进程的存活状态,一旦发现进程异常,及时重启进程,并向业务 执行空间管理单元产生告警日志;负载均衡进程,是该云平台与运营商网络的连接门户,业务请求从运营商网络发送至 负载均衡进程的开放端口时,根据该业务请求所触发的业务,将该业务请求转发给当前负 载较轻的执行引擎实例;所述执行引擎实例是业务实例运行的实际容器。 CN101969391A CLAIM 4 . 根据权利要求3所述的云平台,其特征在于:位于业务执行空间中的所述业务执行 引擎的结构组成为:从底向上依次为资源层、业务实例管理层、业务执行层和业务管理层, 以及对各层执行监控的统计监控告警模块;其中,资源层设有协议栈适配资源和数据存储访问接口资源,前者封装了包括HTTP、SIP、 Par 1 ay/Par 1 ayX、Web Serνi ce、SMS、MMS、GIS、LBS 和 Mai 1 的电信网、互联网及广电网的多 种协议栈适配器,用于解释各种协议事件并封装成内部消息事件,便于资源扩展与统一管 理;后者提供数据库的增、删、改和查询的操作,以便调用云平台资源池中数据存储管理单 元所提供的云存储能力;业务实例管理层的业务实例管理器,负责业务实例的管理维护及业务资源的订阅维 护,能够支持会话型业务;设有业务实例管理单元和资源订阅单元,前者用于对业务实例进 行维护管理;后者用于维护业务与资源之间的订阅关系,各个资源实例与业务实例之间不 都是一一对应的,包括SIP协议栈和web service协议栈的资源与业务之间是一对多的关 系;业务在部署时,资源订阅单元根据业务配置文件中罗列的该业务所需的全部资源,进行 业务与资源的映射,并在该业务到相应资源处进行注册事件到达资源时,资源订阅单元通 过查找订阅关系,将相关资源送达正确的业务实例;业务执行层的业务执行核心单元拥有一个任务执行队列,每个业务实例与一个内部事 件作为一个任务被放入该任务执行队列中,等待执行线程的处理;业务执行引擎采用并发 机制,确保各个引擎实例能够并发运行,业务执行引擎通过产生并向业务执行空间管理模 块发送心跳信号,实现云平台对各引擎实例状态的实时监控,保证高容错性;业务管理层的业务容器设有业务管理单元、业务触发规则管理单元和引擎管理单元; 每个业务被加载执行时,业务管理单元负责解析该业务的配置文件,执行业务的初始化操 作;业务触发规则管理单元用于存储和维护业务触发规则与业务的对应关系,该业务触发 规则用于判断每个业务是否被触发;每个业务被加载后,其业务触发规则会被电信体系中包括下一代网络NGN中的软交换实体及IP多媒体子系统IMS中的服务呼叫会话控制功能 S-CSCF实体所获取;引擎管理单元用于提供包括Python和BPEL的各类脚本和包括JSP和 ASP的网站 (computing device, computing system) 语言执行引擎及其相应的管理接口,这些网站语言执行引擎用于支持相应的业 务,其中JSP引擎用于平台支持互联网JSP网页类业务;统计监控告警模块,负责监视执行引擎的运行状态:统计各业务当前存活的业务实例 数,并定期地将统计数据发送给业务执行空间管理代理单元;定期生成心跳事件,再封装成 执行任务并加入执行引擎队首,使执行引擎定期发送心跳数据给业务执行空间管理代理单 元而实现心跳机制;向执行引擎的各组成构件提供告警工具,发生异常时,将生成的告警信 息传送至上级管理节点。 CN101969391A CLAIM 8 . 根据权利要求7所述的方法,其特征在于:所述步骤(1)进一步包括下列操作内容:(11)先在部分服务器上启动和运行云平台资源池的服务程序,使得该部分服务器组成 云平台资源池服务器集群,再让该云平台资源池服务器集群开放资源池资源的接入接口, 等待底层硬件资源的接入;(12)在跨地域、跨机房和跨机架的三种层次上选取大量的物理服务器并 (positioning service) 启动和运行底 层资源服务程序,使得这些物理服务器组成底层资源服务器集群;如果底层资源服务器上 运行计算资源代理程序,则作为计算资源服务器向资源池服务器注册接入;如果底层资源 服务器上运行数据存储代理程序,则作为数据存储资源服务器注册接入;(13)云平台资源池服务器集群对接入的底层资源服务器集群执行实时监控,并将接入 的服务器能力进行虚拟化,以利于实现资源的动态调整,并作为云平台资源池中的虚拟资 源提供给上层服务使用;因物理资源冗余存储并划分成小块的资源能力,能增加云平台的 可用性和显著提高物理资源的利用率;(14)在部分服务器上启动和运行业务执行与管理的服务程序,使得该部分服务器组成 业务执行与管理服务器集群;该业务执行与管理服务器集群接入云平台资源池服务器集群 后,获取该云平台自身使用的虚拟资源,再对包括系统数据的资源进行初始化;(15)在部分服务器上启动和运行云平台管理的服务程序,使得该部分服务器作为云 平台管理服务器集群,并分别连接业务执行与管理服务器集群和云平台资源池服务器集群 后,进行相应的初始化;(16)云平台运营商管理员对整个云平台系统进行初始配置操作后,向云平台用户开放 访问接口,云平台启动结束。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2011044319A1 Filed: 2010-10-07 Issued: 2011-04-14 Self-service configuration for data environment (Original Assignee) Amazon Technologies, Inc. Grant Alexander Macdonald Mcalister, Swaminathan Sivasubramanian, Rajesh Sudhakar Sheth |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (separate control) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011044319A1 CLAIM 1 . A computer-implemented method of enabling a user to manage operational parameters of data instances in a database environment using a separate control (source host) environment , comprising : under control of one or more computer systems configured with executable instructions , providing a plurality of application programming interfaces (APIs) each enabling a user to submit a Web service request to the control environment , each API corresponding to a desired action to be performed with respect to one or more data instances for the user in a database environment ; providing a default parameter group for one or more one data instances to be provisioned in the database environment , the default parameter group including values for a plurality of database parameters , the default parameter group having a first version number ; and in response to receiving a Web service request to the control environment through one of the plurality of APIs , causing a modified parameter group to be applied for the one or more data instances , the modified parameter group having a second version number , wherein the user is able to modify parameter values for any of the one or more data instances before creation of at least one of the data instances or while any of the one or more data instances is running in the database environment . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (separate control) to the target host . |
WO2011044319A1 CLAIM 1 . A computer-implemented method of enabling a user to manage operational parameters of data instances in a database environment using a separate control (source host) environment , comprising : under control of one or more computer systems configured with executable instructions , providing a plurality of application programming interfaces (APIs) each enabling a user to submit a Web service request to the control environment , each API corresponding to a desired action to be performed with respect to one or more data instances for the user in a database environment ; providing a default parameter group for one or more one data instances to be provisioned in the database environment , the default parameter group including values for a plurality of database parameters , the default parameter group having a first version number ; and in response to receiving a Web service request to the control environment through one of the plurality of APIs , causing a modified parameter group to be applied for the one or more data instances , the modified parameter group having a second version number , wherein the user is able to modify parameter values for any of the one or more data instances before creation of at least one of the data instances or while any of the one or more data instances is running in the database environment . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (separate control) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011044319A1 CLAIM 1 . A computer-implemented method of enabling a user to manage operational parameters of data instances in a database environment using a separate control (source host) environment , comprising : under control of one or more computer systems configured with executable instructions , providing a plurality of application programming interfaces (APIs) each enabling a user to submit a Web service request to the control environment , each API corresponding to a desired action to be performed with respect to one or more data instances for the user in a database environment ; providing a default parameter group for one or more one data instances to be provisioned in the database environment , the default parameter group including values for a plurality of database parameters , the default parameter group having a first version number ; and in response to receiving a Web service request to the control environment through one of the plurality of APIs , causing a modified parameter group to be applied for the one or more data instances , the modified parameter group having a second version number , wherein the user is able to modify parameter values for any of the one or more data instances before creation of at least one of the data instances or while any of the one or more data instances is running in the database environment . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (separate control) to the target host . |
WO2011044319A1 CLAIM 1 . A computer-implemented method of enabling a user to manage operational parameters of data instances in a database environment using a separate control (source host) environment , comprising : under control of one or more computer systems configured with executable instructions , providing a plurality of application programming interfaces (APIs) each enabling a user to submit a Web service request to the control environment , each API corresponding to a desired action to be performed with respect to one or more data instances for the user in a database environment ; providing a default parameter group for one or more one data instances to be provisioned in the database environment , the default parameter group including values for a plurality of database parameters , the default parameter group having a first version number ; and in response to receiving a Web service request to the control environment through one of the plurality of APIs , causing a modified parameter group to be applied for the one or more data instances , the modified parameter group having a second version number , wherein the user is able to modify parameter values for any of the one or more data instances before creation of at least one of the data instances or while any of the one or more data instances is running in the database environment . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (separate control) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011044319A1 CLAIM 1 . A computer-implemented method of enabling a user to manage operational parameters of data instances in a database environment using a separate control (source host) environment , comprising : under control of one or more computer systems configured with executable instructions , providing a plurality of application programming interfaces (APIs) each enabling a user to submit a Web service request to the control environment , each API corresponding to a desired action to be performed with respect to one or more data instances for the user in a database environment ; providing a default parameter group for one or more one data instances to be provisioned in the database environment , the default parameter group including values for a plurality of database parameters , the default parameter group having a first version number ; and in response to receiving a Web service request to the control environment through one of the plurality of APIs , causing a modified parameter group to be applied for the one or more data instances , the modified parameter group having a second version number , wherein the user is able to modify parameter values for any of the one or more data instances before creation of at least one of the data instances or while any of the one or more data instances is running in the database environment . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (separate control) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2011044319A1 CLAIM 1 . A computer-implemented method of enabling a user to manage operational parameters of data instances in a database environment using a separate control (source host) environment , comprising : under control of one or more computer systems configured with executable instructions , providing a plurality of application programming interfaces (APIs) each enabling a user to submit a Web service request to the control environment , each API corresponding to a desired action to be performed with respect to one or more data instances for the user in a database environment ; providing a default parameter group for one or more one data instances to be provisioned in the database environment , the default parameter group including values for a plurality of database parameters , the default parameter group having a first version number ; and in response to receiving a Web service request to the control environment through one of the plurality of APIs , causing a modified parameter group to be applied for the one or more data instances , the modified parameter group having a second version number , wherein the user is able to modify parameter values for any of the one or more data instances before creation of at least one of the data instances or while any of the one or more data instances is running in the database environment . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20120005750A1 Filed: 2010-07-02 Issued: 2012-01-05 Systems and Methods for Alternating Malware Classifiers in an Attempt to Frustrate Brute-Force Malware Testing (Original Assignee) Symantec Corp (Current Assignee) CA Inc Sourabh Satish |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120005750A1 CLAIM 1 . A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing , at least a portion of the method being performed by a computing device (computing device) comprising at least one processor , the method comprising : providing a group of heuristic-based classifiers for detecting malware , wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group ; including the group of classifiers within a security-software product ; alternating the security-software product' ; s use of the classifiers within the group in an attempt to frustrate brute-force malware testing by : randomly selecting and activating an initial classifier from within the group ; upon completion of a select interval , replacing the initial classifier with an additional classifier randomly selected from within the group . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
US20120005750A1 CLAIM 1 . A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing , at least a portion of the method being performed by a computing device (computing device) comprising at least one processor , the method comprising : providing a group of heuristic-based classifiers for detecting malware , wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group ; including the group of classifiers within a security-software product ; alternating the security-software product' ; s use of the classifiers within the group in an attempt to frustrate brute-force malware testing by : randomly selecting and activating an initial classifier from within the group ; upon completion of a select interval , replacing the initial classifier with an additional classifier randomly selected from within the group . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120005750A1 CLAIM 1 . A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing , at least a portion of the method being performed by a computing device (computing device) comprising at least one processor , the method comprising : providing a group of heuristic-based classifiers for detecting malware , wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group ; including the group of classifiers within a security-software product ; alternating the security-software product' ; s use of the classifiers within the group in an attempt to frustrate brute-force malware testing by : randomly selecting and activating an initial classifier from within the group ; upon completion of a select interval , replacing the initial classifier with an additional classifier randomly selected from within the group . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20120005307A1 Filed: 2010-06-30 Issued: 2012-01-05 Storage virtualization (Original Assignee) Hewlett Packard Development Co LP (Current Assignee) Hewlett Packard Enterprise Development LP Abhik Das, Satish Kumar Mopur, Ramamurthy Badrinath |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (file system) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20120005307A1 CLAIM 1 . A method of providing access to a plurality of different file system (hardware configuration) s implemented across a plurality of storage spaces , the method comprising : receiving a request for at least one storage space ; and processing the request based at least in part on one of a location metadata and a file metadata , the location metadata including attributes associated with the plurality of storage spaces and the file metadata including attributes associated with one or more files stored at the plurality of storage spaces . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (file system) . |
US20120005307A1 CLAIM 1 . A method of providing access to a plurality of different file system (hardware configuration) s implemented across a plurality of storage spaces , the method comprising : receiving a request for at least one storage space ; and processing the request based at least in part on one of a location metadata and a file metadata , the location metadata including attributes associated with the plurality of storage spaces and the file metadata including attributes associated with one or more files stored at the plurality of storage spaces . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (new location) or access to a positioning service (new location) . |
US20120005307A1 CLAIM 3 . The method as claimed in claim 1 , the method further comprising : determining attributes associated with a file selected from amongst the files , in response to receiving a request for rearranging the files stored at the plurality of storage spaces ; and moving the selected file to a new location (positioning hardware, positioning service) within the plurality of storage spaces , the new location determined based at least in part on the attributes of selected file . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (file system) of the target host . |
US20120005307A1 CLAIM 1 . A method of providing access to a plurality of different file system (hardware configuration) s implemented across a plurality of storage spaces , the method comprising : receiving a request for at least one storage space ; and processing the request based at least in part on one of a location metadata and a file metadata , the location metadata including attributes associated with the plurality of storage spaces and the file metadata including attributes associated with one or more files stored at the plurality of storage spaces . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (file system) of the target host from a trusted platform module . |
US20120005307A1 CLAIM 1 . A method of providing access to a plurality of different file system (hardware configuration) s implemented across a plurality of storage spaces , the method comprising : receiving a request for at least one storage space ; and processing the request based at least in part on one of a location metadata and a file metadata , the location metadata including attributes associated with the plurality of storage spaces and the file metadata including attributes associated with one or more files stored at the plurality of storage spaces . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (new location) . |
US20120005307A1 CLAIM 3 . The method as claimed in claim 1 , the method further comprising : determining attributes associated with a file selected from amongst the files , in response to receiving a request for rearranging the files stored at the plurality of storage spaces ; and moving the selected file to a new location (positioning hardware, positioning service) within the plurality of storage spaces , the new location determined based at least in part on the attributes of selected file . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2010151860A1 Filed: 2010-06-28 Issued: 2010-12-29 Providing security in virtualized mobile devices (Original Assignee) Vmware, Inc. Lawrence S. Rogel |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (location information) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010151860A1 CLAIM 1 . A method of providing security in a virtualized mobile device comprised of virtualization software that supports one or more virtual machines , the method comprising : receiving a security policy at the virtualized mobile device , which security policy includes one or more location or location-time scenarios for the virtualized mobile device , which scenarios identify applications to be curtailed , and how they are to be curtailed and applications that are to be enabled , and how they are to be enabled ; collecting one or more of mobile device location information (source host) or information related to time spent at the location ; identifying a scenario pertaining to the one or more of the location and time information ; and curtailing or enabling applications in accordance with the identified scenario . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (location information) to the target host . |
WO2010151860A1 CLAIM 1 . A method of providing security in a virtualized mobile device comprised of virtualization software that supports one or more virtual machines , the method comprising : receiving a security policy at the virtualized mobile device , which security policy includes one or more location or location-time scenarios for the virtualized mobile device , which scenarios identify applications to be curtailed , and how they are to be curtailed and applications that are to be enabled , and how they are to be enabled ; collecting one or more of mobile device location information (source host) or information related to time spent at the location ; identifying a scenario pertaining to the one or more of the location and time information ; and curtailing or enabling applications in accordance with the identified scenario . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (location information) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010151860A1 CLAIM 1 . A method of providing security in a virtualized mobile device comprised of virtualization software that supports one or more virtual machines , the method comprising : receiving a security policy at the virtualized mobile device , which security policy includes one or more location or location-time scenarios for the virtualized mobile device , which scenarios identify applications to be curtailed , and how they are to be curtailed and applications that are to be enabled , and how they are to be enabled ; collecting one or more of mobile device location information (source host) or information related to time spent at the location ; identifying a scenario pertaining to the one or more of the location and time information ; and curtailing or enabling applications in accordance with the identified scenario . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (location information) to the target host . |
WO2010151860A1 CLAIM 1 . A method of providing security in a virtualized mobile device comprised of virtualization software that supports one or more virtual machines , the method comprising : receiving a security policy at the virtualized mobile device , which security policy includes one or more location or location-time scenarios for the virtualized mobile device , which scenarios identify applications to be curtailed , and how they are to be curtailed and applications that are to be enabled , and how they are to be enabled ; collecting one or more of mobile device location information (source host) or information related to time spent at the location ; identifying a scenario pertaining to the one or more of the location and time information ; and curtailing or enabling applications in accordance with the identified scenario . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device (geographical position) , or a positioning service . |
WO2010151860A1 CLAIM 5 . The method of claim 1 wherein the virtualized mobile device determines its geographical position (geolocation device) . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (location information) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010151860A1 CLAIM 1 . A method of providing security in a virtualized mobile device comprised of virtualization software that supports one or more virtual machines , the method comprising : receiving a security policy at the virtualized mobile device , which security policy includes one or more location or location-time scenarios for the virtualized mobile device , which scenarios identify applications to be curtailed , and how they are to be curtailed and applications that are to be enabled , and how they are to be enabled ; collecting one or more of mobile device location information (source host) or information related to time spent at the location ; identifying a scenario pertaining to the one or more of the location and time information ; and curtailing or enabling applications in accordance with the identified scenario . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (location information) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010151860A1 CLAIM 1 . A method of providing security in a virtualized mobile device comprised of virtualization software that supports one or more virtual machines , the method comprising : receiving a security policy at the virtualized mobile device , which security policy includes one or more location or location-time scenarios for the virtualized mobile device , which scenarios identify applications to be curtailed , and how they are to be curtailed and applications that are to be enabled , and how they are to be enabled ; collecting one or more of mobile device location information (source host) or information related to time spent at the location ; identifying a scenario pertaining to the one or more of the location and time information ; and curtailing or enabling applications in accordance with the identified scenario . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | JP2012003476A Filed: 2010-06-16 Issued: 2012-01-05 情報処理システム、管理装置、処理要求装置及びプログラム (Original Assignee) Fuji Xerox Co Ltd; 富士ゼロックス株式会社 Shinichi Saito, 信一 齊藤 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (システム) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2012003476A CLAIM 1 データを処理するコンピュータ資源の割当要求と、前記データを処理するデータ処理を識別する識別情報を受け付ける受付手段と、 前記受付手段により受け付けた割当要求に応じて、1又は複数のコンピュータの1つに含まれるコンピュータ資源の少なくとも一部を割り当てる割当手段と、 前記割当手段により割り当てられたコンピュータ資源における前記データの格納先を示す格納先情報を、前記割当手段により割り当てられたコンピュータ資源に基づき特定する特定手段と、 前記特定手段により特定された格納先情報に示される格納先に、前記割当手段により割り当てられるコンピュータ資源により処理される処理対象データを転送する転送手段と、 前記転送手段により前記処理対象データが前記格納先に転送された後に、前記受付手段により受け付けた識別情報により識別されるデータ処理を構成する1又は複数のプログラムを、前記割当手段により割り当てられたコンピュータ資源を用いて実行されるよう、前記割当手段により割り当てられたコンピュータ資源に配置する配置手段と、を含む ことを特徴とする情報処理システム (computing device, network device, computing device comprising one) 。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (システム) . |
JP2012003476A CLAIM 1 データを処理するコンピュータ資源の割当要求と、前記データを処理するデータ処理を識別する識別情報を受け付ける受付手段と、 前記受付手段により受け付けた割当要求に応じて、1又は複数のコンピュータの1つに含まれるコンピュータ資源の少なくとも一部を割り当てる割当手段と、 前記割当手段により割り当てられたコンピュータ資源における前記データの格納先を示す格納先情報を、前記割当手段により割り当てられたコンピュータ資源に基づき特定する特定手段と、 前記特定手段により特定された格納先情報に示される格納先に、前記割当手段により割り当てられるコンピュータ資源により処理される処理対象データを転送する転送手段と、 前記転送手段により前記処理対象データが前記格納先に転送された後に、前記受付手段により受け付けた識別情報により識別されるデータ処理を構成する1又は複数のプログラムを、前記割当手段により割り当てられたコンピュータ資源を用いて実行されるよう、前記割当手段により割り当てられたコンピュータ資源に配置する配置手段と、を含む ことを特徴とする情報処理システム (computing device, network device, computing device comprising one) 。 |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (少なくとも) or access to a positioning service . |
JP2012003476A CLAIM 1 データを処理するコンピュータ資源の割当要求と、前記データを処理するデータ処理を識別する識別情報を受け付ける受付手段と、 前記受付手段により受け付けた割当要求に応じて、1又は複数のコンピュータの1つに含まれるコンピュータ資源の少なくとも (positioning hardware) 一部を割り当てる割当手段と、 前記割当手段により割り当てられたコンピュータ資源における前記データの格納先を示す格納先情報を、前記割当手段により割り当てられたコンピュータ資源に基づき特定する特定手段と、 前記特定手段により特定された格納先情報に示される格納先に、前記割当手段により割り当てられるコンピュータ資源により処理される処理対象データを転送する転送手段と、 前記転送手段により前記処理対象データが前記格納先に転送された後に、前記受付手段により受け付けた識別情報により識別されるデータ処理を構成する1又は複数のプログラムを、前記割当手段により割り当てられたコンピュータ資源を用いて実行されるよう、前記割当手段により割り当てられたコンピュータ資源に配置する配置手段と、を含む ことを特徴とする情報処理システム。 |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (システム) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2012003476A CLAIM 1 データを処理するコンピュータ資源の割当要求と、前記データを処理するデータ処理を識別する識別情報を受け付ける受付手段と、 前記受付手段により受け付けた割当要求に応じて、1又は複数のコンピュータの1つに含まれるコンピュータ資源の少なくとも一部を割り当てる割当手段と、 前記割当手段により割り当てられたコンピュータ資源における前記データの格納先を示す格納先情報を、前記割当手段により割り当てられたコンピュータ資源に基づき特定する特定手段と、 前記特定手段により特定された格納先情報に示される格納先に、前記割当手段により割り当てられるコンピュータ資源により処理される処理対象データを転送する転送手段と、 前記転送手段により前記処理対象データが前記格納先に転送された後に、前記受付手段により受け付けた識別情報により識別されるデータ処理を構成する1又は複数のプログラムを、前記割当手段により割り当てられたコンピュータ資源を用いて実行されるよう、前記割当手段により割り当てられたコンピュータ資源に配置する配置手段と、を含む ことを特徴とする情報処理システム (computing device, network device, computing device comprising one) 。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (システム) , a geolocation device , or a positioning service . |
JP2012003476A CLAIM 1 データを処理するコンピュータ資源の割当要求と、前記データを処理するデータ処理を識別する識別情報を受け付ける受付手段と、 前記受付手段により受け付けた割当要求に応じて、1又は複数のコンピュータの1つに含まれるコンピュータ資源の少なくとも一部を割り当てる割当手段と、 前記割当手段により割り当てられたコンピュータ資源における前記データの格納先を示す格納先情報を、前記割当手段により割り当てられたコンピュータ資源に基づき特定する特定手段と、 前記特定手段により特定された格納先情報に示される格納先に、前記割当手段により割り当てられるコンピュータ資源により処理される処理対象データを転送する転送手段と、 前記転送手段により前記処理対象データが前記格納先に転送された後に、前記受付手段により受け付けた識別情報により識別されるデータ処理を構成する1又は複数のプログラムを、前記割当手段により割り当てられたコンピュータ資源を用いて実行されるよう、前記割当手段により割り当てられたコンピュータ資源に配置する配置手段と、を含む ことを特徴とする情報処理システム (computing device, network device, computing device comprising one) 。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | JP2012004781A Filed: 2010-06-16 Issued: 2012-01-05 構成情報取得方法、仮想プローブおよび構成情報取得制御装置 (Original Assignee) Fujitsu Ltd; 富士通株式会社 Tomohiro Muramoto, Atsushi Ogawa, Ritsu Suzuki, 淳 小川, 智宏 村本, 立 鈴木 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (システム, リング) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリング (computing device, network device, computing device comprising one) されたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 JP2012004781A CLAIM 5 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成のシステム (computing device, network device, computing device comprising one) から保守ネットワークを経由して、仮想マシン間を流れるパケットの発信元MACアドレスと受信元MACアドレスを受信する手段と、 複数の前記発信元MACアドレスと前記受信元MACアドレスの組合せの変化を解析して前記システムの全体におけるトラフィック・経路の確認を行い前記物理サーバと前記仮想マシンとの対応関係の変更を判別する手段と、 前記対応関係に変更があったことを判別した場合、全体構成を監視する監視装置へ構成情報の取得指示情報を送信する手段と、 を有することを特徴とする構成情報取得制御装置。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (システム, リング) . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリング (computing device, network device, computing device comprising one) されたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 JP2012004781A CLAIM 5 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成のシステム (computing device, network device, computing device comprising one) から保守ネットワークを経由して、仮想マシン間を流れるパケットの発信元MACアドレスと受信元MACアドレスを受信する手段と、 複数の前記発信元MACアドレスと前記受信元MACアドレスの組合せの変化を解析して前記システムの全体におけるトラフィック・経路の確認を行い前記物理サーバと前記仮想マシンとの対応関係の変更を判別する手段と、 前記対応関係に変更があったことを判別した場合、全体構成を監視する監視装置へ構成情報の取得指示情報を送信する手段と、 を有することを特徴とする構成情報取得制御装置。 |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (有する構成) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成 (hardware configuration) の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリングされたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (有する構成) . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成 (hardware configuration) の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリングされたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (システム, リング) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリング (computing device, network device, computing device comprising one) されたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 JP2012004781A CLAIM 5 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成のシステム (computing device, network device, computing device comprising one) から保守ネットワークを経由して、仮想マシン間を流れるパケットの発信元MACアドレスと受信元MACアドレスを受信する手段と、 複数の前記発信元MACアドレスと前記受信元MACアドレスの組合せの変化を解析して前記システムの全体におけるトラフィック・経路の確認を行い前記物理サーバと前記仮想マシンとの対応関係の変更を判別する手段と、 前記対応関係に変更があったことを判別した場合、全体構成を監視する監視装置へ構成情報の取得指示情報を送信する手段と、 を有することを特徴とする構成情報取得制御装置。 |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (有する構成) of the target host . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成 (hardware configuration) の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリングされたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (有する構成) of the target host from a trusted platform module . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成 (hardware configuration) の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリングされたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (システム, リング) , a geolocation device , or a positioning service . |
JP2012004781A CLAIM 1 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成の構成情報取得方法であって、 前記複数の仮想マシン間を流れるパケットからミラーリング (computing device, network device, computing device comprising one) されたパケットを収集するステップと、 前記収集したパケットからトラフィック・経路情報を分析するステップと、 前記分析した結果、前記物理サーバと前記仮想マシンとの対応関係に変更が有ったか否かを判断するステップと、 前記対応関係に変更があったことを認識した場合、全体構成を監視する監視装置へ構成情報の取得を指示するステップと、 前記監視装置は、変更後の構成情報を取得して記憶するステップと、 を含むことを特徴とする構成情報取得方法。 JP2012004781A CLAIM 5 物理サーバが仮想化され、1つの物理サーバで複数の仮想マシンを保有する構成のシステム (computing device, network device, computing device comprising one) から保守ネットワークを経由して、仮想マシン間を流れるパケットの発信元MACアドレスと受信元MACアドレスを受信する手段と、 複数の前記発信元MACアドレスと前記受信元MACアドレスの組合せの変化を解析して前記システムの全体におけるトラフィック・経路の確認を行い前記物理サーバと前記仮想マシンとの対応関係の変更を判別する手段と、 前記対応関係に変更があったことを判別した場合、全体構成を監視する監視装置へ構成情報の取得指示情報を送信する手段と、 を有することを特徴とする構成情報取得制御装置。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100318481A1 Filed: 2010-06-09 Issued: 2010-12-16 Generating Test Data (Original Assignee) Ab Initio Technology LLC (Current Assignee) Ab Initio Technology LLC ; Ab Initio Software LLC Carl Richard Feynman |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (development environment) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 CLAIM 9 . The computing system (development environment) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 CLAIM 10 . The computing system (development environment) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 CLAIM 11 . The computing system (development environment) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 CLAIM 12 . The computing system (development environment) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 CLAIM 13 . The computing system (development environment) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 CLAIM 14 . The computing system (development environment) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20100318481A1 CLAIM 10 . The method of claim 1 , further including providing a development environment (computing system) for developing at least one program for processing the records from the data source using the collection of test data stored in the data storage system . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN102195940A Filed: 2010-03-12 Issued: 2011-09-21 一种基于虚拟机技术安全输入和提交数据的方法和系统 (Original Assignee) BEIJING SOFTLUMOS TECHNOLOGY Co Ltd (Current Assignee) BEIJING SOFTLUMOS TECHNOLOGY Co Ltd 何安洪, 张勇 |
|---|---|
| US9678774B2 CLAIM 20 . The computer-readable storage medium of claim 18 , wherein the alert includes an email message (经过用户) . |
CN102195940A CLAIM 2 . 根据权利要求1所述的方法和系统,其特征在于,所述的用户输入管理程序可具备与服务端通信的能力,可不经过用户 (email message) 操作系统直接将未加密的用户数据或者经过加密的用户数据提交至服务端。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110184993A1 Filed: 2010-01-27 Issued: 2011-07-28 Independent Access to Virtual Machine Desktop Content (Original Assignee) VMware Inc (Current Assignee) VMware Inc Puneet CHAWLA, Jad CHAMCHAM |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (audit data) or access to a positioning service . |
US20110184993A1 CLAIM 7 . The server computing system of claim 1 , further comprising : an audit data (positioning hardware) base configured to track accesses to user data ; and wherein the API handler further comprises logic instructions that are configured , when executed , to cause the audit database to track the request for the requested user data before invoking the control virtual machine to access the user data . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110185292A1 Filed: 2010-01-27 Issued: 2011-07-28 Accessing Virtual Disk Content of a Virtual Machine Using a Control Virtual Machine (Original Assignee) VMware Inc (Current Assignee) VMware Inc Puneet CHAWLA, Jad CHAMCHAM |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110185292A1 CLAIM 12 . The method of claim 1 wherein the request is received from a handheld computing device (computing device) . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
US20110185292A1 CLAIM 12 . The method of claim 1 wherein the request is received from a handheld computing device (computing device) . |
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . US20110185292A1 CLAIM 12 . The method of claim 1 wherein the request is received from a handheld computing device (computing device) . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (management system) . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . US20110185292A1 CLAIM 14 . A computer-readable storage medium containing logic instructions configured to control a computer processor in a virtual desktop management server computing system to perform a method comprising : receiving a request for user content in the form of an API invocation ; determining a virtual disk that corresponds to the request ; verifying that the request is allowed access to the determined virtual disk ; using a virtual machine management system (readable storage, platform module) , causing , as part of processing the API invocation , a connection to be established with a special virtual machine having communication access to a physical datastore associated with the virtual disk ; causing the connected special virtual machine to gain access to the virtual disk ; causing the connected special virtual machine to obtain the requested user content from the virtual disk once access is gained ; receiving the obtained user content from the connected special virtual machine ; and returning the obtained user content in response to the API invocation . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20110185292A1 CLAIM 1 . A method in a virtual desktop management server computing system (computing system) , comprising : receiving a request from an application executing on a client device , through an application programming interface (“API”) call , for user content stored on a virtual disk , the virtual disk associated with a non-running virtual desktop ; verifying that the received request is an authorized request ; causing , on behalf of the received request , a non-executing control virtual machine to be executed , and a new connection session to be established between the virtual desktop management server computing system and the executing control virtual machine , the executing virtual machine having an ability to access a physical datastore containing the virtual disk ; causing the connected control virtual machine to mount the virtual disk ; causing the connected control virtual machine to obtain the requested user content from the mounted virtual disk ; receiving the obtained user content from the control virtual machine ; and returning the obtained user content in response to the request . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN102365630A Filed: 2010-01-15 Issued: 2012-02-29 使用用户偏好、自适应策略、网络中立和用户隐私的设备协助服务配置文件管理 (Original Assignee) Headwater Partners I LLC (Current Assignee) Voight Hyde of limited liability company 格雷戈里·G·罗利 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (一种计算) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (一种计算) . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 8 . A computing system (一种计算) , comprising : a computing device (一种计算) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102365630A CLAIM 21 . 如权利要求1所述的系统,其中所述通信设备的处理器还被配置成:确定服务配置文件调整以实现所述第一服务使用目标,其中所述服务配置文件调整包括修改所述服务策略设置中的一个或多个,并且其中所述第一服务的使用被管理成符合一个或多个用户 (computing device comprising one) 隐私设置。 CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 9 . The computing system (一种计算) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 10 . The computing system (一种计算) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 11 . The computing system (一种计算) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 12 . The computing system (一种计算) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 13 . The computing system (一种计算) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 CLAIM 14 . The computing system (一种计算) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
CN102365630A CLAIM 42 . 一种计算 (computing device, computing system) 机程序产品,所述计算机程序产品在计算机可读存储介质中实施,并且包括用于以下操作的计算机指令:实现第一服务配置文件,用于协助控制通信设备对第一网络上的第一服务的使用,其中所述第一服务配置文件包括多个服务策略设置;基于所述第一服务配置文件来监控所述第一服务的使用;以及修改第一服务策略设置以实现第一服务使用目标。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100122317A1 Filed: 2009-12-29 Issued: 2010-05-13 Integrated Network Intrusion Detection (Original Assignee) Intel Corp (Current Assignee) Intel Corp Satyendra Yadav |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (network services) . |
US20100122317A1 CLAIM 1 . A method comprising : receiving requests for access to network services (positioning service) from an invoked application ; integrating firewall and intrusion detection to check whether the requests violate a network policy , wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized , respectively ; monitoring network communications , for the invoked application , based on the designation of the requests ; and blocking network communications that fail to correspond to an authorized network service request . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (system component) . |
US20100122317A1 CLAIM 7 . A machine-implemented method comprising : receiving requests for access to network services from an invoked application ; integrating firewall and intrusion detection to check whether the requests violate a network policy , wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized , respectively ; and monitoring network communications , for the invoked application , based on the designation of the requests ; wherein monitoring of the network communications for the invoked application comprises monitoring in an intrusion detection system component (platform module) invoked with the invoked application . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (network services) . |
US20100122317A1 CLAIM 1 . A method comprising : receiving requests for access to network services (positioning service) from an invoked application ; integrating firewall and intrusion detection to check whether the requests violate a network policy , wherein network policies include permissive and restrictive rules to designate each of the received requests as authorized or unauthorized , respectively ; monitoring network communications , for the invoked application , based on the designation of the requests ; and blocking network communications that fail to correspond to an authorized network service request . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101727351A Filed: 2009-12-14 Issued: 2010-06-09 面向多核平台的虚拟机监控器非对称调度器及其调度方法 (Original Assignee) Beihang University (Current Assignee) Beihang University 张炯, 龙翔, 文成建, 贺俊, 白跃斌, 高小鹏 |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (性能的) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (性能的) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (性能的) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (性能的) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (配置模块) . |
CN101727351A CLAIM 1 面向多核平台的虚拟机监控器非对称调度器,包括VMM中的通用调度器模块,其特征在于,还包括管理域中的服务核请求解析模块,VMM中的Domain特定服务核配置模块 (platform module) 、系统顶级调度器模块、服务调度器模块、共享内存机制模块及请求查询模块,HVMDomain中的混合虚拟化模块,其中系统顶级调度器模块中又包含平台处理器核拓扑识别和分析子模块以及服务核分配和回收子模块;服务核请求解析模块,用于HVM?Domain创建时服务核的配置,负责将HVM?Domain也就是客户机创建时的配置文件中指明的服务核的类型和数量解析,向VMM发出服务核的创建请求;Domain特定服务核配置模块则负责初步解析服务核请求解析模块发来的HVMDomain的服务核创建请求然后发送给系统顶级调度器模块,并在整个HVM?Domain的生命周期内管理其服务核相关的信息;系统顶级调度器模块主要用来管理计算机平台中能用的处理器核,并在全局范围内对通用调度器模块和服务调度器模块的能用处理器核资源位图进行调整,负责完成来自Domain特定服务核配置模块中的请求,根据平台处理器核拓扑识别和分析子模块中的拓扑信息,使用服务核分配和回收子模块创建服务核或者回收服务核;平台处理器核拓扑识别和分析子模块负责对系统中拥有的处理器核资源进行识别,处理器核在被识别之后加入顶级调度器使用和管理的能用处理器核资源位图中,初始化之后顶级调度器开始在这些处理器核上运行;服务核分配和回收子模块负责服务核的创建或者回收,从系统能用处理器核资源位图中区分出服务核,并添入服务调度器模块的能用处理器核资源位图中,或者从服务调度器模块的能用处理器核资源位图中删除服务核;服务调度器模块负责服务核的管理和调度;共享内存机制模块负责响应HVM?Domain的映射请求,并在共享内存建立之后,触发请求查询模块;混合虚拟化模块首先向VMM请求映射共享内存,共享内存机制模块响应HVM?Domain的映射请求,在VMM中建立共享内存区域;在共享内存建立之后,混合虚拟化模块发出HVMDomain对服务核的服务请求,这些请求被写在共享内存区域内;请求查询模块负责查询HVM?Domain所属的共享内存区域内的对服务核的服务请求,并把这些请求发送到服务调度器模块;其中,VMM代表虚拟监控器,HVM代表硬件虚拟管理器,Domain代表域。 CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (性能的) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance (性能的) of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance (性能的) of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101727351A CLAIM 3 . 应用权利要求1所述的面向多核平台的虚拟机监控器非对称调度器的调度方法,其 特征在于,包括如下步骤:步骤l,客户机创建启动和服务核的创建请求发出;HVM Domain客户机创建时,在管理域中会有一个对应的客户机的创建配置文件,该文 件中会指明客户机使用的vcpu的数量,以及与物理处理器核的绑定信息,同时该配置文件 中也会指明所需的服务核的类型和数量,具体的类型由不同的实施例中特殊指定和实现; 管理域中的服务核请求解析模块将该配置文件中的服务核的类型和数量解析,并将创建需求转变成对VMM的超调用Hypercall,并将该超调用传输给VMM中的Domain特定服务核配 置模块,而Domain特定服务核配置模块在接管超调用Hypercall后,采用一个结构体管理 新创建的HVM Domain的所有信息,包括服务核的配置信息,并初步解析超调用Hypercall, 然后触发VMM中的系统顶级调度器模块运行;其中vcpu代表虚拟处理器,Hypercall代表 超级调用;步骤2,处理器核拓扑识别和分析以及服务核的分配;系统顶级调度器模块中的处理器核拓扑识别和分析子模块会对系统中拥有的处理器 核资源进行识别,处理器核在被识别之后加入系统顶级调度器模块使用和管理的能用处理 器核资源位图中,初始化之后系统顶级调度器模块开始在这些处理器核上运行,直到这些 处理器核被划分给VMM中的通用调度器模块或者被分配成服务核接受VMM中的服务调度器 模块的调度;系统初始化时,系统顶级调度器模块被初始化,系统顶级调度器模块接到创建服务核 的请求后,首先根据平台处理器核拓扑和分析子模块得到平台处理器核的拓扑信息,采用 就近原则选择和HVM Domain的vcpu绑定的物理处理器核相邻的处理器核,如果vcpu没有 设定需要绑定物理处理器核,则按照系统的整体策略,是性能优先还是节能优先的预定策 略进行选择,性能优先时,优先选择空闲的处理器核作为服务核,而节能优先时则优先选择 超线程或者同一封装内的处理器核作为服务核;服务核选定之后,由系统顶级调度器模块中的服务核分配和回收子模块负责服务核的 最终创建过程,服务核分配和回收子模块从系统能用处理器核资源位图中区分出服务核, 并添入服务调度器模块的能用处理器核资源位图中,然后通过处理器间中断IPI唤醒服务 核,并使它从指定的函数开始执行;服务核被创建并开始执行时,并未真正开始提供服务, 直到HVMDomain申请创建共享内存区域之后,服务核才会被真正激活,主动到共享内存区 域轮询任务,或者被服务调度器模块调度时才被激活提供服务;服务核的回收是在服务核 所属的HVMDomain被销毁时触发的,与创建的过程类似,系统顶级调度器模块调用服务核 分配和回收子模块进行回收,并将回收的服务核进行重新分配,根据系统的配置策略,将空 闲的服务核,加入到通用调度器模块的能用处理器核资源位图中,或加入到系统空闲资源 中;步骤3,两级调度器对通用核和服务核调度;VMM启动初期,计算机平台内的所有处理器核都是由系统顶级处理器模块管理和调度 的,随着HVM Domain以及对应的vcpu的创建,通用调度器模块有了调度对象,被初始化并 在所管理的通用核上运行;服务核创建之后,服务调度器模块开始对服务核进行调度,它会轮询各个HVM Domain 与VMM的共享内存区域的服务请求,调用请求查询模块获得新的服务任务发送到服务调度 器模块,服务调度器模块根据任务所属的服务核,将任务插入到该服务核的任务队列,并触 发服务核的运行;如果服务核创建时被指定为直接轮询模式,则不需要服务调度器模块将 任务派发给服务核,服务核直接轮询共享内存区域获得服务请求;步骤4,客户机发出服务请求及对应服务核响应客户机的请求;HVM Domain被创建并启动后,装载HVM Domain中的混合虚拟化模块,混合虚拟化模块 向VMM发出映射共享内存的请求,VMM中的共享内存机制模块响应请求,在VMM的空间中映射共享内存区域,并将共享内存区域的起始地址以及大小信息写入Domain特定服务核配 置模块管理的信息结构体中,共享内存映射成功后对应的服务核上的服务代码开始运行;混合虚拟化模块通过写共享内存的方式发送服务请求,服务请求也能够由运行在用户 态的特定应用程序发出,通过将现有操作系统用户态、内核态模块数据和控制方法交由混 合虚拟化模块代理发送,服务请求发送后,VMM中的请求查询模块将会按照一定频率查询这 些请求,并把这些请求交由服务调度器模块派发到对应的服务核,服务核会根据服务调度 器模块中的调度策略执行自己的任务队列,也能够采用一种服务核直接轮询对应的共享内 存区域的方式, 一旦有请求,直接执行,这种情况适用于实时性要求比较高的服务,或者频 繁执行并决定着系统整体性能的 (cause performance, control performance) 关键服务;当服务核将服务请求执行完毕后,把处理结果 通过共享内存机制模块写回共享内存,混合虚拟化模块或者HVM Domain中的其他内核模块 就能读到返回的服务执行结果。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110055921A1 Filed: 2009-10-28 Issued: 2011-03-03 Protecting against distributed network flood attacks (Original Assignee) Juniper Networks Inc (Current Assignee) Juniper Networks Inc Krishna Narayanaswamy, Bryan Burns, Venkata Rama Raju Manthena |
|---|---|
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (third network) , a geolocation device , or a positioning service . |
US20110055921A1 CLAIM 8 . The method of claim 1 , wherein executing the programmed action comprises one or more of blocking network connections of the at least one of the network addresses , dropping packets of a network connection associated with the at least one of the network addresses , blocking connection attempts originating from the at least one of the network addresses , advertising the at least one of the network addresses to a third network (network device) device to cause the third network device to block network connections of the at least one of the network addresses , sending a close-session message to the at least one of the network addresses , rate limiting future network sessions from at least one of the network addresses , and sending a close-session message to the second network device associated with the at least one of the network addresses . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110099551A1 Filed: 2009-10-26 Issued: 2011-04-28 Opportunistically Scheduling and Adjusting Time Slices (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC Thomas Fahrig, David Cutler |
|---|---|
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20110099551A1 CLAIM 8 . The one or more computer-readable media of claim 1 , wherein ascertaining whether the first virtual processor is executing a critical section of code comprises receiving an indication from an operating system (operating system) that the logical processor is running a synchronizing region of code that determines resources to be accessed by the first virtual processor . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | EP2299360A1 Filed: 2009-09-18 Issued: 2011-03-23 process for installing a software application and platform operating system (Original Assignee) Group Business Software AG (Current Assignee) Group Business Software AG Joerg Ott, Carsten Sjoerup |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software application) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2299360A1 CLAIM 1 Process for installing a software application (hardware configuration) on a platform , wherein the platform comprises several servers including one or more application servers (2) and a control server (3) on which a platform configuration database is installed , comprising the following steps after a predefined software application is selected by an user : - reading out configuration data and solution data from the platform configuration database wherein the registration data describes the platform configuration and the solution data describes a solution of the selected software application which is registered on the platform , - determining the virtual server(s) which is needed to run the selected software application , - creating the determined virtual server(s) on the platform , - installing an instance of the selected software application in the created virtual server(s) , - connecting the instance to an interface of the platform to provide an access for listeners to the instance . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software application) . |
EP2299360A1 CLAIM 1 Process for installing a software application (hardware configuration) on a platform , wherein the platform comprises several servers including one or more application servers (2) and a control server (3) on which a platform configuration database is installed , comprising the following steps after a predefined software application is selected by an user : - reading out configuration data and solution data from the platform configuration database wherein the registration data describes the platform configuration and the solution data describes a solution of the selected software application which is registered on the platform , - determining the virtual server(s) which is needed to run the selected software application , - creating the determined virtual server(s) on the platform , - installing an instance of the selected software application in the created virtual server(s) , - connecting the instance to an interface of the platform to provide an access for listeners to the instance . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (configuration data) or access to a positioning service . |
EP2299360A1 CLAIM 1 Process for installing a software application on a platform , wherein the platform comprises several servers including one or more application servers (2) and a control server (3) on which a platform configuration data (positioning hardware) base is installed , comprising the following steps after a predefined software application is selected by an user : - reading out configuration data and solution data from the platform configuration database wherein the registration data describes the platform configuration and the solution data describes a solution of the selected software application which is registered on the platform , - determining the virtual server(s) which is needed to run the selected software application , - creating the determined virtual server(s) on the platform , - installing an instance of the selected software application in the created virtual server(s) , - connecting the instance to an interface of the platform to provide an access for listeners to the instance . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (following steps) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2299360A1 CLAIM 1 Process for installing a software application on a platform , wherein the platform comprises several servers including one or more application servers (2) and a control server (3) on which a platform configuration database is installed , comprising the following steps (computing device comprising one) after a predefined software application is selected by an user : - reading out configuration data and solution data from the platform configuration database wherein the registration data describes the platform configuration and the solution data describes a solution of the selected software application which is registered on the platform , - determining the virtual server(s) which is needed to run the selected software application , - creating the determined virtual server(s) on the platform , - installing an instance of the selected software application in the created virtual server(s) , - connecting the instance to an interface of the platform to provide an access for listeners to the instance . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software application) of the target host . |
EP2299360A1 CLAIM 1 Process for installing a software application (hardware configuration) on a platform , wherein the platform comprises several servers including one or more application servers (2) and a control server (3) on which a platform configuration database is installed , comprising the following steps after a predefined software application is selected by an user : - reading out configuration data and solution data from the platform configuration database wherein the registration data describes the platform configuration and the solution data describes a solution of the selected software application which is registered on the platform , - determining the virtual server(s) which is needed to run the selected software application , - creating the determined virtual server(s) on the platform , - installing an instance of the selected software application in the created virtual server(s) , - connecting the instance to an interface of the platform to provide an access for listeners to the instance . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software application) of the target host from a trusted platform module . |
EP2299360A1 CLAIM 1 Process for installing a software application (hardware configuration) on a platform , wherein the platform comprises several servers including one or more application servers (2) and a control server (3) on which a platform configuration database is installed , comprising the following steps after a predefined software application is selected by an user : - reading out configuration data and solution data from the platform configuration database wherein the registration data describes the platform configuration and the solution data describes a solution of the selected software application which is registered on the platform , - determining the virtual server(s) which is needed to run the selected software application , - creating the determined virtual server(s) on the platform , - installing an instance of the selected software application in the created virtual server(s) , - connecting the instance to an interface of the platform to provide an access for listeners to the instance . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
EP2299360A1 CLAIM 7 Process according to one of the claims 1 to 6 , wherein the computational load of the servers is automatically monitored by the platform operating system (operating system) and in dependence of the monitored computational load on each individual physical server the physical servers are automatically shut down or started up . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110066786A1 Filed: 2009-09-14 Issued: 2011-03-17 Method of Suspending and Resuming Virtual Machines (Original Assignee) VMware Inc (Current Assignee) VMware Inc Osten Kit Colbert |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (different configurations) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110066786A1 CLAIM 5 . The method according to claim 1 , wherein the first instance of the virtual machine and the second instance of the virtual machine have different configurations (hardware configuration) of the virtual machine . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (different configurations) . |
US20110066786A1 CLAIM 5 . The method according to claim 1 , wherein the first instance of the virtual machine and the second instance of the virtual machine have different configurations (hardware configuration) of the virtual machine . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (I/O devices) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110066786A1 CLAIM 2 . The method according to claim 1 , wherein the first instance of the virtual machine includes a plurality of emulated devices including an emulated CPU , emulated I/O devices (computing device comprising one) , emulated hard disk , and an emulated memory , and the stored state does not include a state of the emulated memory . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (different configurations) of the target host . |
US20110066786A1 CLAIM 5 . The method according to claim 1 , wherein the first instance of the virtual machine and the second instance of the virtual machine have different configurations (hardware configuration) of the virtual machine . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (different configurations) of the target host from a trusted platform module . |
US20110066786A1 CLAIM 5 . The method according to claim 1 , wherein the first instance of the virtual machine and the second instance of the virtual machine have different configurations (hardware configuration) of the virtual machine . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20110066786A1 CLAIM 11 . A method of reconfiguring a virtual machine having a guest operating system (operating system) and one or more guest instructions running therein , comprising the steps of : suspending a first virtual machine process in which the guest operating system and the guest instructions are running ; storing a state of devices emulated in the first virtual machine process after the step of suspending ; copying metadata maintained for pages of virtual memory space allocated for the first virtual machine process and using the copied metadata as metadata for pages of virtual memory space allocated for the second virtual machine process that is configured differently from the first virtual machine process ; loading the stored state into corresponding devices emulated in the second virtual machine process ; and executing the guest operating system and the guest instructions in the second virtual machine process . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20110047621A1 Filed: 2009-08-20 Issued: 2011-02-24 System and method for detection of non-compliant software installation (Original Assignee) Federal Reserve Bank of New York (Current Assignee) Federal Reserve Bank of New York Danny BRANDO, Joonho Lee, Jia Ye |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (first data set) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110047621A1 CLAIM 9 . The method of claim 1 , wherein each of the generations of the representations of the modules includes : (i) for each module stored on the first device , generating a respective first data set (source host, computing device comprising one) based on contents of the module ; and (ii) generating a second data set based on a combination of the first data sets generated during the respective representation generation . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
US20110047621A1 CLAIM 9 . The method of claim 1 , wherein each of the generations of the representations of the modules includes : (i) for each module stored on the first device , generating a respective first data set (source host, computing device comprising one) based on contents of the module ; and (ii) generating a second data set based on a combination of the first data sets generated during the respective representation generation . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one (first data set) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110047621A1 CLAIM 9 . The method of claim 1 , wherein each of the generations of the representations of the modules includes : (i) for each module stored on the first device , generating a respective first data set (source host, computing device comprising one) based on contents of the module ; and (ii) generating a second data set based on a combination of the first data sets generated during the respective representation generation . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host . |
US20110047621A1 CLAIM 9 . The method of claim 1 , wherein each of the generations of the representations of the modules includes : (i) for each module stored on the first device , generating a respective first data set (source host, computing device comprising one) based on contents of the module ; and (ii) generating a second data set based on a combination of the first data sets generated during the respective representation generation . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (first data set) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110047621A1 CLAIM 9 . The method of claim 1 , wherein each of the generations of the representations of the modules includes : (i) for each module stored on the first device , generating a respective first data set (source host, computing device comprising one) based on contents of the module ; and (ii) generating a second data set based on a combination of the first data sets generated during the respective representation generation . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (first data set) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20110047621A1 CLAIM 9 . The method of claim 1 , wherein each of the generations of the representations of the modules includes : (i) for each module stored on the first device , generating a respective first data set (source host, computing device comprising one) based on contents of the module ; and (ii) generating a second data set based on a combination of the first data sets generated during the respective representation generation . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100333090A1 Filed: 2009-06-30 Issued: 2010-12-30 Method and apparatus for protecting translated code in a virtual machine (Original Assignee) Sun Microsystems Inc (Current Assignee) Sun Microsystems Inc Gregory M. Wright, Christopher A. Vick, Peter B. Kessler |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (operating system, program access) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100333090A1 CLAIM 3 . The method of claim 2 , wherein detecting the attempt to modify the virtual memory page involves : determining whether the virtual memory page was marked read-only by the guest program ; and if so , handling the fault in a guest operating system (operating system, computing device) associated with the guest program . US20100333090A1 CLAIM 8 . The method of claim 1 , wherein when the guest program access (operating system, computing device) es the virtual memory page , the method further comprises translating a virtual address in the guest program to a second virtual address that corresponds to the physical address space of the guest machine , and then translating the second virtual address into a physical memory address for the computing device ; and wherein an entry in the guest shadow page table caches the mapping from the virtual address in the guest program to the physical memory address . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (operating system, program access) . |
US20100333090A1 CLAIM 3 . The method of claim 2 , wherein detecting the attempt to modify the virtual memory page involves : determining whether the virtual memory page was marked read-only by the guest program ; and if so , handling the fault in a guest operating system (operating system, computing device) associated with the guest program . US20100333090A1 CLAIM 8 . The method of claim 1 , wherein when the guest program access (operating system, computing device) es the virtual memory page , the method further comprises translating a virtual address in the guest program to a second virtual address that corresponds to the physical address space of the guest machine , and then translating the second virtual address into a physical memory address for the computing device ; and wherein an entry in the guest shadow page table caches the mapping from the virtual address in the guest program to the physical memory address . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (operating system, program access) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100333090A1 CLAIM 3 . The method of claim 2 , wherein detecting the attempt to modify the virtual memory page involves : determining whether the virtual memory page was marked read-only by the guest program ; and if so , handling the fault in a guest operating system (operating system, computing device) associated with the guest program . US20100333090A1 CLAIM 8 . The method of claim 1 , wherein when the guest program access (operating system, computing device) es the virtual memory page , the method further comprises translating a virtual address in the guest program to a second virtual address that corresponds to the physical address space of the guest machine , and then translating the second virtual address into a physical memory address for the computing device ; and wherein an entry in the guest shadow page table caches the mapping from the virtual address in the guest program to the physical memory address . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system, program access) of the target host and a private key . |
US20100333090A1 CLAIM 3 . The method of claim 2 , wherein detecting the attempt to modify the virtual memory page involves : determining whether the virtual memory page was marked read-only by the guest program ; and if so , handling the fault in a guest operating system (operating system, computing device) associated with the guest program . US20100333090A1 CLAIM 8 . The method of claim 1 , wherein when the guest program access (operating system, computing device) es the virtual memory page , the method further comprises translating a virtual address in the guest program to a second virtual address that corresponds to the physical address space of the guest machine , and then translating the second virtual address into a physical memory address for the computing device ; and wherein an entry in the guest shadow page table caches the mapping from the virtual address in the guest program to the physical memory address . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100332889A1 Filed: 2009-06-25 Issued: 2010-12-30 Management of information technology risk using virtual infrastructures (Original Assignee) VMware Inc (Current Assignee) VMware Inc Oren SHNEORSON, Jeffrey J. HANSON, Corey Pace CAUDLE |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (relative importance) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100332889A1 CLAIM 1 . A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts , each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method , the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator , the method comprising : receiving at the risk orchestrator a threat indication message from the threat indicator , the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable ; calculating a downtime probability resulting from the threat ; calculating a host downtime probability for each host , the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable ; for each risk-managed VM , calculating a risk value associated with the VM , the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM , the impact value being a value reflecting a relative importance (cause performance) of the VM to the organization ; identifying each risk-managed VM requiring risk mitigation , the identifying being in accordance with a policy , prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk ; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation , in the order of the prioritization . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (relative importance) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20100332889A1 CLAIM 1 . A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts , each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method , the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator , the method comprising : receiving at the risk orchestrator a threat indication message from the threat indicator , the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable ; calculating a downtime probability resulting from the threat ; calculating a host downtime probability for each host , the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable ; for each risk-managed VM , calculating a risk value associated with the VM , the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM , the impact value being a value reflecting a relative importance (cause performance) of the VM to the organization ; identifying each risk-managed VM requiring risk mitigation , the identifying being in accordance with a policy , prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk ; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation , in the order of the prioritization . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (relative importance) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20100332889A1 CLAIM 1 . A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts , each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method , the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator , the method comprising : receiving at the risk orchestrator a threat indication message from the threat indicator , the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable ; calculating a downtime probability resulting from the threat ; calculating a host downtime probability for each host , the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable ; for each risk-managed VM , calculating a risk value associated with the VM , the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM , the impact value being a value reflecting a relative importance (cause performance) of the VM to the organization ; identifying each risk-managed VM requiring risk mitigation , the identifying being in accordance with a policy , prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk ; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation , in the order of the prioritization . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (relative importance) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20100332889A1 CLAIM 1 . A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts , each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method , the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator , the method comprising : receiving at the risk orchestrator a threat indication message from the threat indicator , the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable ; calculating a downtime probability resulting from the threat ; calculating a host downtime probability for each host , the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable ; for each risk-managed VM , calculating a risk value associated with the VM , the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM , the impact value being a value reflecting a relative importance (cause performance) of the VM to the organization ; identifying each risk-managed VM requiring risk mitigation , the identifying being in accordance with a policy , prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk ; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation , in the order of the prioritization . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20100332889A1 CLAIM 5 . The method of claim 3 , wherein the system mitigation action includes one or more actions selected from a group consisting of moving all VMs to a host with a smallest host downtime probability , taking a snapshot of VMs , powering off all VMs , shutting down all hosts , shutting down guest operating system (operating system) (GOS) in the VMs , switch VMs to a different site by invoking disaster recovery operations . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (relative importance) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20100332889A1 CLAIM 1 . A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts , each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method , the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator , the method comprising : receiving at the risk orchestrator a threat indication message from the threat indicator , the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable ; calculating a downtime probability resulting from the threat ; calculating a host downtime probability for each host , the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable ; for each risk-managed VM , calculating a risk value associated with the VM , the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM , the impact value being a value reflecting a relative importance (cause performance) of the VM to the organization ; identifying each risk-managed VM requiring risk mitigation , the identifying being in accordance with a policy , prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk ; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation , in the order of the prioritization . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100269121A1 Filed: 2009-06-05 Issued: 2010-10-21 Exchangeable application components (Original Assignee) Accenture Global Services GmbH (Current Assignee) Accenture Global Services Ltd Marco Montesissa, Luca Salvaneschi, Jonny Lavorato |
|---|---|
| US9678774B2 CLAIM 20 . The computer-readable storage medium of claim 18 , wherein the alert includes an email message (incoming messages) . |
US20100269121A1 CLAIM 1 . A computer-implemented method to limit downtime of an application during integration testing of the application , the method comprising : providing a redirector configured to receive first messages transmitted to an address of a component from the application and to forward the first messages to a first instance of the component , the application including the component ; in response to receiving a clone command , generating a second instance of the component , the first instance and the second instance concurrently listening for incoming messages (email message) ; in response to receiving a first switch command , reconfiguring the redirector to forward all second messages received at the address to the second instance of the component instead of to the first instance , the second messages received subsequent to the first messages ; and in response to receiving a second switch command , reconfiguring the redirector to forward all third messages to the first instance instead of to the second instance , the third messages received subsequent to the first and second messages . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2009147631A1 Filed: 2009-06-03 Issued: 2009-12-10 Secure multi-purpose computing client (Original Assignee) Neocleus Israel Ltd Etay Bogner |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (computer software, software product) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2009147631A1 CLAIM 41 . A computer software (positioning hardware, hardware configuration) product for operating a computer that includes hardware resources and runs multiple operating environments using the hardware resources , the product comprising a computer-readable medium , in which program instructions are stored , which instructions , when read by a processor , cause the processor to define and manage an allocation policy of the hardware resources , which eliminates effects from operations performed in one of the operating environments on the operations performed in another of the operating environments , and to assign the hardware resources to the multiple operating environments in accordance with the allocation policy , so as to isolate the multiple operating environments from one another . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (computer software, software product) . |
WO2009147631A1 CLAIM 41 . A computer software (positioning hardware, hardware configuration) product for operating a computer that includes hardware resources and runs multiple operating environments using the hardware resources , the product comprising a computer-readable medium , in which program instructions are stored , which instructions , when read by a processor , cause the processor to define and manage an allocation policy of the hardware resources , which eliminates effects from operations performed in one of the operating environments on the operations performed in another of the operating environments , and to assign the hardware resources to the multiple operating environments in accordance with the allocation policy , so as to isolate the multiple operating environments from one another . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (computer software, software product) or access to a positioning service . |
WO2009147631A1 CLAIM 41 . A computer software (positioning hardware, hardware configuration) product for operating a computer that includes hardware resources and runs multiple operating environments using the hardware resources , the product comprising a computer-readable medium , in which program instructions are stored , which instructions , when read by a processor , cause the processor to define and manage an allocation policy of the hardware resources , which eliminates effects from operations performed in one of the operating environments on the operations performed in another of the operating environments , and to assign the hardware resources to the multiple operating environments in accordance with the allocation policy , so as to isolate the multiple operating environments from one another . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (computer software, software product) of the target host . |
WO2009147631A1 CLAIM 41 . A computer software (positioning hardware, hardware configuration) product for operating a computer that includes hardware resources and runs multiple operating environments using the hardware resources , the product comprising a computer-readable medium , in which program instructions are stored , which instructions , when read by a processor , cause the processor to define and manage an allocation policy of the hardware resources , which eliminates effects from operations performed in one of the operating environments on the operations performed in another of the operating environments , and to assign the hardware resources to the multiple operating environments in accordance with the allocation policy , so as to isolate the multiple operating environments from one another . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (computer software, software product) of the target host from a trusted platform module (management system) . |
WO2009147631A1 CLAIM 11 . The method according to claim 1 or 2 , and comprising communicating with a management system (readable storage, platform module) external to the computer , so as to enable the management system to apply authentication testing to the computer . WO2009147631A1 CLAIM 41 . A computer software (positioning hardware, hardware configuration) product for operating a computer that includes hardware resources and runs multiple operating environments using the hardware resources , the product comprising a computer-readable medium , in which program instructions are stored , which instructions , when read by a processor , cause the processor to define and manage an allocation policy of the hardware resources , which eliminates effects from operations performed in one of the operating environments on the operations performed in another of the operating environments , and to assign the hardware resources to the multiple operating environments in accordance with the allocation policy , so as to isolate the multiple operating environments from one another . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | JP2010271863A Filed: 2009-05-20 Issued: 2010-12-02 情報処理装置 (Original Assignee) Toshiba Corp; Toshiba Solutions Corp; 東芝ソリューション株式会社; 株式会社東芝 Seiichiro Tanaka, Teruhisa Uchida, 輝久 内田, 誠一郎 田中 |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (少なくとも) or access to a positioning service . |
JP2010271863A CLAIM 3 前記性能情報取得手段は、 前記負荷発生手段により負荷が発生した状態で、前記起動した仮想マシンおよび配置元の物理マシンのリソース利用率を取得し、かつ、前記アプリケーションプログラム起動時の応答時間とスループットとの少なくとも (positioning hardware) 一方を取得し、 前記判定手段は、 前記性能情報取得手段や前記性能情報再取得手段により取得したリソース利用率が許容値以内であるか否か、および前記アプリケーションプログラム起動時の応答時間もしくはスループットが所定値以内であるか否かを判定する ことを特徴とする請求項1に記載の情報処理装置。 |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (の性能) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (の性能) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (の性能) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (の性能) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (の性能) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance (の性能) of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance (の性能) of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
JP2010271863A CLAIM 1 物理マシンへ所定の台数の仮想マシンを暫定的に配置して当該仮想マシンを起動させる仮想マシン設定手段と、 前記起動した仮想マシンに対する、アプリケーションプログラムによる所定の負荷を発生させる負荷発生手段と、 当該負荷が発生した状態で、前記起動した仮想マシンや配置先の物理マシンの性能 (cause performance, control performance) 情報および前記起動したアプリケーションプログラムの性能情報を取得する性能情報取得手段と、 前記取得した性能情報が所定の条件を満たすか否かを判定する判定手段と、 前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を削減する、もしくは同じ台数の仮想マシンによる使用メモリを拡大する第1の仮想マシン条件変更手段と、 前記取得した性能情報が前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がない場合に、当該仮想マシンの配置台数を追加する、もしくは同じ台数の仮想マシンによる使用メモリを縮小する第2の仮想マシン条件変更手段と、 前記第1もしくは第2の仮想マシン条件変更手段による処理後の、前記仮想マシンや物理マシンの性能情報および前記アプリケーションプログラムの性能情報を前記判定手段による再判定のための情報として取得する性能情報再取得手段と、 前記性能情報再取得手段により取得した性能情報が前記条件を満たしていない事を前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たした事を前記判定手段により判定した事がある場合に、前記仮想マシンの配置台数や仮想マシンによる使用メモリの状態を前記判定手段による前回の判定時に戻した上で、当該配置台数および使用メモリを仮想マシンの最適条件として選択する第1の選択手段と、 前記性能情報再取得手段により取得した前記条件を満たしていると前記判定手段により判定し、かつ、過去に前記取得した性能情報が前記条件を満たしていない事を前記判定手段により判定した事がある場合に、前記仮想マシンの現在の配置台数および現在の使用メモリの状態を仮想マシンの最適条件として選択する第2の選択手段と を備えたことを特徴とする情報処理装置。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2009151875A1 Filed: 2009-05-15 Issued: 2009-12-17 Synchronizing virtual machine and application life cycles (Original Assignee) Microsoft Corporation Igor Sedukhin, Daniel Eshner, Robert M. Fries, Michael O . Neary, Alexander E . Nosov |
|---|---|
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
WO2009151875A1 CLAIM 17 . The method as recited in claim 16 , wherein : the identified one or more virtual machines (150) comprise one or more virtual machine templates set to an operating system (operating system) checkpoint ; and the act (330) of removing the virtual machine (150) from the corresponding physical host (130) comprises reverting the virtual machine (150) to a prior checkpoint , such that an updated version of the virtual machine is removed from the physical host (130) , and an earlier version of the virtual machine corresponding to the prior checkpoint remains on the physical host (130) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | EP2107486A2 Filed: 2009-03-31 Issued: 2009-10-07 Method and apparatus for providing a secure display window inside the primary display (Original Assignee) Intel Corp (Current Assignee) Intel Corp Balaji Vembu, Nitin Sarangdhar, Vedvyas Shanbhogue |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (machine readable storage medium) that , in response to execution by the one or more processor units , cause performance (to result) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2107486A2 CLAIM 4 The system as recited in claim 1 , wherein the graphics engine has a secret encryption key and the SOS has a unique application key , wherein the unique application key is to be encrypted with the secrete encryption key to result (cause performance) in an encrypted application key for use with the graphics engine . EP2107486A2 CLAIM 11 A machine readable storage medium (computer instructions) having instructions stored thereon for securing data , that when executed on a platform , cause the platform to perform the method as recited in any of claims 7 to 10 . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (machine readable storage medium) that , in response to execution by the one or more processor units , cause performance (to result) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
EP2107486A2 CLAIM 4 The system as recited in claim 1 , wherein the graphics engine has a secret encryption key and the SOS has a unique application key , wherein the unique application key is to be encrypted with the secrete encryption key to result (cause performance) in an encrypted application key for use with the graphics engine . EP2107486A2 CLAIM 11 A machine readable storage medium (computer instructions) having instructions stored thereon for securing data , that when executed on a platform , cause the platform to perform the method as recited in any of claims 7 to 10 . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (machine readable storage medium) that , in response to execution by the one or more processor units , cause performance (to result) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
EP2107486A2 CLAIM 4 The system as recited in claim 1 , wherein the graphics engine has a secret encryption key and the SOS has a unique application key , wherein the unique application key is to be encrypted with the secrete encryption key to result (cause performance) in an encrypted application key for use with the graphics engine . EP2107486A2 CLAIM 11 A machine readable storage medium (computer instructions) having instructions stored thereon for securing data , that when executed on a platform , cause the platform to perform the method as recited in any of claims 7 to 10 . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (machine readable storage medium) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2107486A2 CLAIM 11 A machine readable storage medium (computer instructions) having instructions stored thereon for securing data , that when executed on a platform , cause the platform to perform the method as recited in any of claims 7 to 10 . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (machine readable storage medium) that , in response to execution by the one or more processor units , cause performance (to result) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
EP2107486A2 CLAIM 4 The system as recited in claim 1 , wherein the graphics engine has a secret encryption key and the SOS has a unique application key , wherein the unique application key is to be encrypted with the secrete encryption key to result (cause performance) in an encrypted application key for use with the graphics engine . EP2107486A2 CLAIM 11 A machine readable storage medium (computer instructions) having instructions stored thereon for securing data , that when executed on a platform , cause the platform to perform the method as recited in any of claims 7 to 10 . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
EP2107486A2 CLAIM 1 A system for securing data , comprising : a platform having virtualization technology (VT) capabilities ; a capability operating system (operating system) (COS) to be run in a first virtual machine on the platform , an application running under the COS to request data from a source ; a service operating system (SOS) to be run in a second virtual machine on the platform , the SOS configured to retrieve the requested data from the source and to encrypt the data before storing the encrypted data in a first memory store , the first memory store being accessible to the COS ; a graphics engine having decryption capabilities and having access to the first memory store and a protected second memory store , the second memory store to store decrypted data , and the second memory store being inaccessible to the first and second virtual machines ; and a display monitor , wherein the graphics engine displays the retrieved data on the display monitor after decrypting the stored encrypted data . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (machine readable storage medium) that , in response to execution by the one or more processor units , cause performance (to result) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
EP2107486A2 CLAIM 4 The system as recited in claim 1 , wherein the graphics engine has a secret encryption key and the SOS has a unique application key , wherein the unique application key is to be encrypted with the secrete encryption key to result (cause performance) in an encrypted application key for use with the graphics engine . EP2107486A2 CLAIM 11 A machine readable storage medium (computer instructions) having instructions stored thereon for securing data , that when executed on a platform , cause the platform to perform the method as recited in any of claims 7 to 10 . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100251363A1 Filed: 2009-03-24 Issued: 2010-09-30 Modified file tracking on virtual machines (Original Assignee) Sophos Ltd (Current Assignee) Sophos Ltd Rade Todorovic |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software application) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100251363A1 CLAIM 3 . The computer program product of claim 1 , wherein the data are at least one of a file , code , an executable file , a software application (hardware configuration) , and interpretable content . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software application) . |
US20100251363A1 CLAIM 3 . The computer program product of claim 1 , wherein the data are at least one of a file , code , an executable file , a software application (hardware configuration) , and interpretable content . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software application) of the target host . |
US20100251363A1 CLAIM 3 . The computer program product of claim 1 , wherein the data are at least one of a file , code , an executable file , a software application (hardware configuration) , and interpretable content . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software application) of the target host from a trusted platform module . |
US20100251363A1 CLAIM 3 . The computer program product of claim 1 , wherein the data are at least one of a file , code , an executable file , a software application (hardware configuration) , and interpretable content . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20100251363A1 CLAIM 4 . A computer program product embodied in a computer readable medium that , when executing on one or more computers , performs the steps of : identifying an altered disk sector ; associating the altered disk sector with data that are operated in a virtual machine ; and causing a malicious code scan to be performed on an operating system (operating system) within the virtual machine based at least in part of finding that the data have been corrupted by malicious code . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial (holds information) of the request in response to the determination that geographic location of the target host is outside of the particular perimeter . |
US20100251363A1 CLAIM 14 . The computer program product of claim 13 , wherein the dirty cluster map is a file that holds information (indicates denial) about modified clusters on the virtual machine . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101819564A Filed: 2009-02-26 Issued: 2010-09-01 协助在虚拟机之间进行通信的方法和装置 (Original Assignee) International Business Machines Corp (Current Assignee) IBM China Co Ltd 田启明, 李立, 田瑞雄, 高志国 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (主机上) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101819564A CLAIM 1 一种协助在第一虚拟机和第二虚拟机之间进行通信的方法,其中所述第一虚拟机和第二虚拟机位于同一物理主机上 (source host) ,所述方法包括:从所述同一物理主机的内存中分配一段共享内存,并通知所述第一虚拟机和第二虚拟机;响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址;向所述第一虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (配置为从) , denying , via the hidden process , the migration of the virtual machine from the source host (主机上) to the target host . |
CN101819564A CLAIM 1 一种协助在第一虚拟机和第二虚拟机之间进行通信的方法,其中所述第一虚拟机和第二虚拟机位于同一物理主机上 (source host) ,所述方法包括:从所述同一物理主机的内存中分配一段共享内存,并通知所述第一虚拟机和第二虚拟机;响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址;向所述第一虚拟机和第二虚拟机返回请求的内存空间地址。 CN101819564A CLAIM 10 . 一种通信管理装置,用于协助第一虚拟机和第二虚拟机之间的通信,其中所述第一虚拟机和第二虚拟机位于同一物理主机上,所述装置包括:内存分配单元,配置为从 (hardware configuration) 所述同一物理主机的内存中分配一段共享内存,并通知所述 第一虚拟机和第二虚拟机;内存映射单元,配置为响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第 一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址,并向所述第一 虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (配置为从) . |
CN101819564A CLAIM 10 . 一种通信管理装置,用于协助第一虚拟机和第二虚拟机之间的通信,其中所述第一虚拟机和第二虚拟机位于同一物理主机上,所述装置包括:内存分配单元,配置为从 (hardware configuration) 所述同一物理主机的内存中分配一段共享内存,并通知所述 第一虚拟机和第二虚拟机;内存映射单元,配置为响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第 一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址,并向所述第一 虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (主机上) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101819564A CLAIM 1 一种协助在第一虚拟机和第二虚拟机之间进行通信的方法,其中所述第一虚拟机和第二虚拟机位于同一物理主机上 (source host) ,所述方法包括:从所述同一物理主机的内存中分配一段共享内存,并通知所述第一虚拟机和第二虚拟机;响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址;向所述第一虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (配置为从) of the target host . |
CN101819564A CLAIM 10 . 一种通信管理装置,用于协助第一虚拟机和第二虚拟机之间的通信,其中所述第一虚拟机和第二虚拟机位于同一物理主机上,所述装置包括:内存分配单元,配置为从 (hardware configuration) 所述同一物理主机的内存中分配一段共享内存,并通知所述 第一虚拟机和第二虚拟机;内存映射单元,配置为响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第 一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址,并向所述第一 虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (主机上) to the target host . |
CN101819564A CLAIM 1 一种协助在第一虚拟机和第二虚拟机之间进行通信的方法,其中所述第一虚拟机和第二虚拟机位于同一物理主机上 (source host) ,所述方法包括:从所述同一物理主机的内存中分配一段共享内存,并通知所述第一虚拟机和第二虚拟机;响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址;向所述第一虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (配置为从) of the target host from a trusted platform module . |
CN101819564A CLAIM 10 . 一种通信管理装置,用于协助第一虚拟机和第二虚拟机之间的通信,其中所述第一虚拟机和第二虚拟机位于同一物理主机上,所述装置包括:内存分配单元,配置为从 (hardware configuration) 所述同一物理主机的内存中分配一段共享内存,并通知所述 第一虚拟机和第二虚拟机;内存映射单元,配置为响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第 一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址,并向所述第一 虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (主机上) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101819564A CLAIM 1 一种协助在第一虚拟机和第二虚拟机之间进行通信的方法,其中所述第一虚拟机和第二虚拟机位于同一物理主机上 (source host) ,所述方法包括:从所述同一物理主机的内存中分配一段共享内存,并通知所述第一虚拟机和第二虚拟机;响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址;向所述第一虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (主机上) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101819564A CLAIM 1 一种协助在第一虚拟机和第二虚拟机之间进行通信的方法,其中所述第一虚拟机和第二虚拟机位于同一物理主机上 (source host) ,所述方法包括:从所述同一物理主机的内存中分配一段共享内存,并通知所述第一虚拟机和第二虚拟机;响应于第一虚拟机和第二虚拟机对内存空间的请求,将所述第一虚拟机和第二虚拟机请求的内存空间地址分别映射到所述共享内存地址;向所述第一虚拟机和第二虚拟机返回请求的内存空间地址。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | JP2010182260A Filed: 2009-02-09 Issued: 2010-08-19 シンクライアントシステム、管理サーバ、シンクライアント端末およびシンクライアントサーバ (Original Assignee) Mitsubishi Electric Corp; 三菱電機株式会社 Hironori Yamashita, 洋徳 山下 |
|---|---|
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (データ) , a geolocation device , or a positioning service . |
JP2010182260A CLAIM 4 前記シンクライアントサーバは、さらに、 ユーザが前記シンクライアント端末を利用して自サーバへ接続を開始した時間および接続を終了した時間を示す利用履歴を前記管理サーバへ送信する利用履歴送信手段、 を備え、 前記管理サーバは、さらに、 前記シンクライアントサーバから受信したユーザの利用履歴を保持するための利用履歴データ (network device) ベース手段、 を備え、 ユーザの認証情報に基づいて前記利用履歴データベース手段を検索することによって、当該ユーザの利用履歴を抽出する、 ことを特徴とする請求項1、2または3のいずれか1つに記載のシンクライアントシステム。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090249470A1 Filed: 2009-01-05 Issued: 2009-10-01 Combined firewalls (Original Assignee) Altor Networks Inc (Current Assignee) Juniper Networks Inc Moshe Litvin, Gilad Benjamini |
|---|---|
| US9678774B2 CLAIM 8 . A computing system (when b) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 CLAIM 9 . The computing system (when b) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 CLAIM 10 . The computing system (when b) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 CLAIM 11 . The computing system (when b) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 CLAIM 12 . The computing system (when b) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 CLAIM 13 . The computing system (when b) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 CLAIM 14 . The computing system (when b) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20090249470A1 CLAIM 10 . The method of claim 9 , wherein when b (computing system) oth the first set of policies and the second set of policies allow the packet to go from the first virtual machine to the second , the firewall stores a record that the packet was allowed to go from the first virtual machine to the second virtual machine , the record comprising an identifier of the first virtual machine as the sender of the packet and an identifier of the second virtual machine as the receiver of the packet . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | CN101430649A Filed: 2008-11-19 Issued: 2009-05-13 基于虚拟机的虚拟计算环境系统 (Original Assignee) Beihang University (Current Assignee) Beihang University ; Beijing University of Aeronautics and Astronautics 白跃彬, 巨燕文 |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (主机上) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上 (source host) ,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (主机上) to the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上 (source host) ,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (服务器端) . |
CN101430649A CLAIM 4、 如权利要求2和3所述的系统,其特征在于:OS浏览器在Xen虚拟机的域0中通过NFS (Network File System)客户端和位于用户熟悉工作场所私有局域网中的系统支持服务器上的NFS服务器端 (positioning service) 交互,为Xen虚拟机中的域U提供一个基于NFS的磁盘,域U的实际数据位 于系统支持服务器上的系统映像文件中。 |
| US9678774B2 CLAIM 8 . A computing system (存储设备) , comprising : a computing device comprising one (个用户) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (主机上) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上 (source host) ,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户 (computing device comprising one) 接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 9 . The computing system (存储设备) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 10 . The computing system (存储设备) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 11 . The computing system (存储设备) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (主机上) to the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上 (source host) ,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 12 . The computing system (存储设备) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 13 . The computing system (存储设备) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 14 . The computing system (存储设备) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device (浏览器访问) , or a positioning service (服务器端) . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备 (computing system) 上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问 (geolocation device) 用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 CN101430649A CLAIM 4、 如权利要求2和3所述的系统,其特征在于:OS浏览器在Xen虚拟机的域0中通过NFS (Network File System)客户端和位于用户熟悉工作场所私有局域网中的系统支持服务器上的NFS服务器端 (positioning service) 交互,为Xen虚拟机中的域U提供一个基于NFS的磁盘,域U的实际数据位 于系统支持服务器上的系统映像文件中。 |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (主机上) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上 (source host) ,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (主机上) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
CN101430649A CLAIM 1、一种基于虚拟机构建的虚拟计算环境系统,该系统将用户熟悉工作场所计算机上的计算环境部署到新的工作场所中的目标主机上 (source host) ,其特征在于,该系统包括目标主机、系统支持服务器和私有网络资源,系统支持服务器和私有网络资源构成用户熟悉工作场所私有局域网,目标主机和用户熟悉工作场所私有局域网通过外部网络连接,其中:目标主机上具有OS浏览器,OS浏览器是可以自动引导计算机启动的软件栈,这个软件栈存储在便携式存储设备上,OS浏览器的核心是虚拟机,OS浏览器为个人虚拟计算环境的运行提供了一个通用的虚拟平台,用存有OS浏览器软件栈的便携式存储设备引导启动目标主机后,运行在目标主机上的软件栈已经不是原来部署在这台计算机上的软件栈,而是OS浏览器中的软件栈;在OS浏览器中创建一个局域网络,该局域网络作为一个自治系统,该自治系统在目标主机与用户熟悉工作场所的用户主机拥有相同的网络设置,这个自治系统通过NAT(Network Address Translation)与外部网络连接,通过外部网络,OS浏览器与位于用户熟悉工作场所私有局域网中的系统支持服务器上的分布式文件系统交互,获取或更新系统支持服务器上的系统映像文件中的数据,并最终呈现给用户自己熟悉的运行中的计算环境;OS浏览器提供了一个用户接口,用户利用这个接口从系统支持服务器选择用户自己的系统映像,并在OS浏览器中启动一个新的客户操作系统作为用户将要操作的虚拟计算环境;系统支持服务器设置在用户熟悉工作场所的私有局域网中,提供一个可以被外部网络访问的接口,并且在系统支持服务器上设置分布式文件系统和IP隧道模块,通过分布式文件系统将用户的系统映像导出到外部网络上,使用户能够通过OS浏览器获取系统映像文件中的数据,通过IP隧道模块使OS浏览器访问用户熟悉工作场所私有局域网中的私有网络资源,其中系统映像是一个计算环境的存储映像,形式上是一组文件的数据集合,其内容是一个用户操作系统的文件系统,包括操作系统和应用软件的文件以及用户个人文件。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20100281166A1 Filed: 2008-11-07 Issued: 2010-11-04 Software Platform and System for Grid Computing (Original Assignee) Manjrasoft Pty Ltd (Current Assignee) Manjrasoft Pty Ltd Rajkumar Buyya, Srikumar Venugopal, Xingchen Chu, Krishna Nadiminti |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100281166A1 CLAIM 8 . The platform as claimed in claim 1 , wherein each node comprises a computing device (computing device) , and wherein a single computing device comprises multiple nodes when the computing device has multiple processors or multiple processor cores . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
US20100281166A1 CLAIM 8 . The platform as claimed in claim 1 , wherein each node comprises a computing device (computing device) , and wherein a single computing device comprises multiple nodes when the computing device has multiple processors or multiple processor cores . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20100281166A1 CLAIM 8 . The platform as claimed in claim 1 , wherein each node comprises a computing device (computing device) , and wherein a single computing device comprises multiple nodes when the computing device has multiple processors or multiple processor cores . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2010021631A1 Filed: 2008-08-22 Issued: 2010-02-25 Remote graphics console and virtual media access to virtual machine guests (Original Assignee) Hewlett-Packard Development Company, L.P. Thomas J. Bonola, John M. Hemphill, Mike Dickson |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (usable medium) to a target host (output ports) ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 20 . An article of manufacture comprising : a controller-usable medium (source host) having a computer readable program code embodied in a controller for operating a virtualized computing system comprising a physical server , and a virtualization platform integrated into the physical server , the computer readable program code further comprising : code causing the controller to run a plurality of operating systems simultaneously on at least one physical server ; code causing the controller to operate a virtual keyboard/video/mouse (KVM) element for virtual machine control ; code causing the controller to generate a remote management graphics console ; and code causing the controller to map virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host (output ports) is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host (usable medium) to the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 20 . An article of manufacture comprising : a controller-usable medium (source host) having a computer readable program code embodied in a controller for operating a virtualized computing system comprising a physical server , and a virtualization platform integrated into the physical server , the computer readable program code further comprising : code causing the controller to run a plurality of operating systems simultaneously on at least one physical server ; code causing the controller to operate a virtual keyboard/video/mouse (KVM) element for virtual machine control ; code causing the controller to generate a remote management graphics console ; and code causing the controller to map virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host (output ports) is the proper hardware configuration . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . |
| US9678774B2 CLAIM 6 . The method of claim 1 , further comprising : determining , via the hidden process , whether a configuration of the target host (output ports) is a proper configuration ; and in response to a determination that the configuration of the target host is other than the proper configuration , preventing , via the hidden process , execution of the virtual machine . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . |
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (usable medium) to a target host (output ports) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . WO2010021631A1 CLAIM 20 . An article of manufacture comprising : a controller-usable medium (source host) having a computer readable program code embodied in a controller for operating a virtualized computing system comprising a physical server , and a virtualization platform integrated into the physical server , the computer readable program code further comprising : code causing the controller to run a plurality of operating systems simultaneously on at least one physical server ; code causing the controller to operate a virtual keyboard/video/mouse (KVM) element for virtual machine control ; code causing the controller to generate a remote management graphics console ; and code causing the controller to map virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host (output ports) has a proper configuration based on information that indicates a hardware configuration of the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host (output ports) is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host (output ports) is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (usable medium) to the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . WO2010021631A1 CLAIM 20 . An article of manufacture comprising : a controller-usable medium (source host) having a computer readable program code embodied in a controller for operating a virtualized computing system comprising a physical server , and a virtualization platform integrated into the physical server , the computer readable program code further comprising : code causing the controller to run a plurality of operating systems simultaneously on at least one physical server ; code causing the controller to operate a virtual keyboard/video/mouse (KVM) element for virtual machine control ; code causing the controller to generate a remote management graphics console ; and code causing the controller to map virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host (output ports) from a trusted platform module . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host (output ports) and a private key . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
WO2010021631A1 CLAIM 12 . A computer-executed method for operating a virtualizing network computing system (computing system) comprising : running a plurality of virtual machines simultaneously on at least one physical server ; operating a virtual keyboard/video/mouse (KVM) element for virtual machine control ; generating a remote management graphics console ; and mapping virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (usable medium) to a target host (output ports) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 20 . An article of manufacture comprising : a controller-usable medium (source host) having a computer readable program code embodied in a controller for operating a virtualized computing system comprising a physical server , and a virtualization platform integrated into the physical server , the computer readable program code further comprising : code causing the controller to run a plurality of operating systems simultaneously on at least one physical server ; code causing the controller to operate a virtual keyboard/video/mouse (KVM) element for virtual machine control ; code causing the controller to generate a remote management graphics console ; and code causing the controller to map virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 16 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to determine a configuration of the target host (output ports) . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host (output ports) is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (usable medium) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . WO2010021631A1 CLAIM 20 . An article of manufacture comprising : a controller-usable medium (source host) having a computer readable program code embodied in a controller for operating a virtualized computing system comprising a physical server , and a virtualization platform integrated into the physical server , the computer readable program code further comprising : code causing the controller to run a plurality of operating systems simultaneously on at least one physical server ; code causing the controller to operate a virtual keyboard/video/mouse (KVM) element for virtual machine control ; code causing the controller to generate a remote management graphics console ; and code causing the controller to map virtual media into the virtual machine plurality . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial of the request in response to the determination that geographic location of the target host (output ports) is outside of the particular perimeter . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . |
| US9678774B2 CLAIM 19 . The computer-readable storage medium of claim 18 , wherein the alert includes an indication of the geographic location of the target host (output ports) . |
WO2010021631A1 CLAIM 3 . The system according to Claim 1 further comprising : a logic that scans input/output ports (target host) and media of the baseboard management controller directly into guests . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | EP2184949A1 Filed: 2008-08-13 Issued: 2010-05-12 A method and an apparatus for non-access stratum message processing during handover in evolved network (Original Assignee) Huawei Technologies Co Ltd (Current Assignee) Huawei Technologies Co Ltd Hongzhuo Zhang, Yong Qiu, Ying Huang, Qiang Wang |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host to a target host (handover command) ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host (handover command) is other than a proper hardware configuration , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host (handover command) is the proper hardware configuration . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 6 . The method of claim 1 , further comprising : determining , via the hidden process , whether a configuration of the target host (handover command) is a proper configuration ; and in response to a determination that the configuration of the target host is other than the proper configuration , preventing , via the hidden process , execution of the virtual machine . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host (handover command) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host (handover command) has a proper configuration based on information that indicates a hardware configuration of the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host (handover command) is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host (handover command) is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host (handover command) from a trusted platform module . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system of the target host (handover command) and a private key . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host to a target host (handover command) , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 16 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to determine a configuration of the target host (handover command) . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host (handover command) is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 18 . The computer-readable storage medium of claim 15 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to send , via the hidden process , an alert that indicates denial of the request in response to the determination that geographic location of the target host (handover command) is outside of the particular perimeter . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 CLAIM 19 . The computer-readable storage medium of claim 18 , wherein the alert includes an indication of the geographic location of the target host (handover command) . |
EP2184949A1 CLAIM 2 The method of claim 1 , wherein the NAS message comprises : the NAS message that fails to be sent is an NAS message received from the EPC before the S-eNB sends a handover command (target host) to the UE , or the NAS message that fails to be sent is an NAS message received from the EPC after the S-eNB sends a handover command to the UE . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090300423A1 Filed: 2008-05-28 Issued: 2009-12-03 Systems and methods for software test management in cloud-based network (Original Assignee) Red Hat Inc (Current Assignee) Red Hat Inc James Michael Ferris |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software applications, software product, system software) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090300423A1 CLAIM 3 . The method of claim 1 , wherein the set of test software comprises at least one of software applications (hardware configuration) , software utilities , software modules , and operating system software (hardware configuration) . US20090300423A1 CLAIM 19 . A software product (hardware configuration) , the software product being generated by a software evaluation method comprising : instantiating a set of virtual test beds in a network cloud ; installing a set of test software on the set of virtual test beds ; executing the set of test software on the set of virtual test beds ; providing an interface between the executing set of test software and a set of software test tools ; and generating the software product based on output of the set of software test tools . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software applications, software product, system software) . |
US20090300423A1 CLAIM 3 . The method of claim 1 , wherein the set of test software comprises at least one of software applications (hardware configuration) , software utilities , software modules , and operating system software (hardware configuration) . US20090300423A1 CLAIM 19 . A software product (hardware configuration) , the software product being generated by a software evaluation method comprising : instantiating a set of virtual test beds in a network cloud ; installing a set of test software on the set of virtual test beds ; executing the set of test software on the set of virtual test beds ; providing an interface between the executing set of test software and a set of software test tools ; and generating the software product based on output of the set of software test tools . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software applications, software product, system software) of the target host . |
US20090300423A1 CLAIM 3 . The method of claim 1 , wherein the set of test software comprises at least one of software applications (hardware configuration) , software utilities , software modules , and operating system software (hardware configuration) . US20090300423A1 CLAIM 19 . A software product (hardware configuration) , the software product being generated by a software evaluation method comprising : instantiating a set of virtual test beds in a network cloud ; installing a set of test software on the set of virtual test beds ; executing the set of test software on the set of virtual test beds ; providing an interface between the executing set of test software and a set of software test tools ; and generating the software product based on output of the set of software test tools . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software applications, software product, system software) of the target host from a trusted platform module (management system) . |
US20090300423A1 CLAIM 3 . The method of claim 1 , wherein the set of test software comprises at least one of software applications (hardware configuration) , software utilities , software modules , and operating system software (hardware configuration) . US20090300423A1 CLAIM 18 . The system of claim 10 , wherein the test management module is configured as part of a cloud management system (readable storage, platform module) . US20090300423A1 CLAIM 19 . A software product (hardware configuration) , the software product being generated by a software evaluation method comprising : instantiating a set of virtual test beds in a network cloud ; installing a set of test software on the set of virtual test beds ; executing the set of test software on the set of virtual test beds ; providing an interface between the executing set of test software and a set of software test tools ; and generating the software product based on output of the set of software test tools . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20090300423A1 CLAIM 3 . The method of claim 1 , wherein the set of test software comprises at least one of software applications , software utilities , software modules , and operating system (operating system) software . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2009123640A1 Filed: 2008-04-04 Issued: 2009-10-08 Virtual machine manager system and methods (Original Assignee) Hewlett-Packard Development Company, L.P. Paul Broyles, Dalvis Desselle |
|---|---|
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (platform module) . |
WO2009123640A1 CLAIM 16 . The method of claim 10 , further comprising storing a result of the measurement in a trusted platform module (platform module) (TPM) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080244028A1 Filed: 2008-03-28 Issued: 2008-10-02 Synchronization and Customization of a Clone Computer (Original Assignee) VMware Inc (Current Assignee) VMware Inc Bich Cau Le, Ji Feng, Sirish Raghuram, Yufeng Zheng |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device , a request to migrate a virtual machine from a source host (usable medium) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080244028A1 CLAIM 16 . A computer-usable medium (source host) having computer-readable program code embodied therein for causing a method for maintaining synchronization between a master computer disk and a customized slave disk , said method comprising : receiving a master computer disk ; utilizing a snapshot function to clone at least one slave disk from said master computer disk ; providing at least one customization portion to said at least one slave disk clone ; tracking changes to said master computing disk ; providing an anchor for synchronizing said slave disk to said master computing disk when said changes to said master computing disk are recognized without requiring an agent ; and synchronizing said slave disk to said master computing disk while maintaining said at least one customization portion of said slave disk such that said slave disk remains a clone with respect to said master computer disk while also retaining said at least one customization portion which is distinct from said master computing disk . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software program) , denying , via the hidden process , the migration of the virtual machine from the source host (usable medium) to the target host . |
US20080244028A1 CLAIM 8 . The computer implemented method as recited in claim 1 further comprising : performing said synchronizing of the clone disk with respect to said master computing disk when said slave disk is offline ; providing a go offline command to a slave software program (positioning hardware, hardware configuration) running on a slave computer loaded from said slave disk after a pre-determined time period has passed since synchronization was available and said slave disk has not been offline ; and providing a power down command to said slave computer coupled with said slave disk if said slave software program does not respond to said go-offline command in a pre-determined period of time . US20080244028A1 CLAIM 16 . A computer-usable medium (source host) having computer-readable program code embodied therein for causing a method for maintaining synchronization between a master computer disk and a customized slave disk , said method comprising : receiving a master computer disk ; utilizing a snapshot function to clone at least one slave disk from said master computer disk ; providing at least one customization portion to said at least one slave disk clone ; tracking changes to said master computing disk ; providing an anchor for synchronizing said slave disk to said master computing disk when said changes to said master computing disk are recognized without requiring an agent ; and synchronizing said slave disk to said master computing disk while maintaining said at least one customization portion of said slave disk such that said slave disk remains a clone with respect to said master computer disk while also retaining said at least one customization portion which is distinct from said master computing disk . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software program) . |
US20080244028A1 CLAIM 8 . The computer implemented method as recited in claim 1 further comprising : performing said synchronizing of the clone disk with respect to said master computing disk when said slave disk is offline ; providing a go offline command to a slave software program (positioning hardware, hardware configuration) running on a slave computer loaded from said slave disk after a pre-determined time period has passed since synchronization was available and said slave disk has not been offline ; and providing a power down command to said slave computer coupled with said slave disk if said slave software program does not respond to said go-offline command in a pre-determined period of time . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (software program) or access to a positioning service . |
US20080244028A1 CLAIM 8 . The computer implemented method as recited in claim 1 further comprising : performing said synchronizing of the clone disk with respect to said master computing disk when said slave disk is offline ; providing a go offline command to a slave software program (positioning hardware, hardware configuration) running on a slave computer loaded from said slave disk after a pre-determined time period has passed since synchronization was available and said slave disk has not been offline ; and providing a power down command to said slave computer coupled with said slave disk if said slave software program does not respond to said go-offline command in a pre-determined period of time . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (usable medium) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080244028A1 CLAIM 16 . A computer-usable medium (source host) having computer-readable program code embodied therein for causing a method for maintaining synchronization between a master computer disk and a customized slave disk , said method comprising : receiving a master computer disk ; utilizing a snapshot function to clone at least one slave disk from said master computer disk ; providing at least one customization portion to said at least one slave disk clone ; tracking changes to said master computing disk ; providing an anchor for synchronizing said slave disk to said master computing disk when said changes to said master computing disk are recognized without requiring an agent ; and synchronizing said slave disk to said master computing disk while maintaining said at least one customization portion of said slave disk such that said slave disk remains a clone with respect to said master computer disk while also retaining said at least one customization portion which is distinct from said master computing disk . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software program) of the target host . |
US20080244028A1 CLAIM 8 . The computer implemented method as recited in claim 1 further comprising : performing said synchronizing of the clone disk with respect to said master computing disk when said slave disk is offline ; providing a go offline command to a slave software program (positioning hardware, hardware configuration) running on a slave computer loaded from said slave disk after a pre-determined time period has passed since synchronization was available and said slave disk has not been offline ; and providing a power down command to said slave computer coupled with said slave disk if said slave software program does not respond to said go-offline command in a pre-determined period of time . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (usable medium) to the target host . |
US20080244028A1 CLAIM 16 . A computer-usable medium (source host) having computer-readable program code embodied therein for causing a method for maintaining synchronization between a master computer disk and a customized slave disk , said method comprising : receiving a master computer disk ; utilizing a snapshot function to clone at least one slave disk from said master computer disk ; providing at least one customization portion to said at least one slave disk clone ; tracking changes to said master computing disk ; providing an anchor for synchronizing said slave disk to said master computing disk when said changes to said master computing disk are recognized without requiring an agent ; and synchronizing said slave disk to said master computing disk while maintaining said at least one customization portion of said slave disk such that said slave disk remains a clone with respect to said master computer disk while also retaining said at least one customization portion which is distinct from said master computing disk . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software program) of the target host from a trusted platform module . |
US20080244028A1 CLAIM 8 . The computer implemented method as recited in claim 1 further comprising : performing said synchronizing of the clone disk with respect to said master computing disk when said slave disk is offline ; providing a go offline command to a slave software program (positioning hardware, hardware configuration) running on a slave computer loaded from said slave disk after a pre-determined time period has passed since synchronization was available and said slave disk has not been offline ; and providing a power down command to said slave computer coupled with said slave disk if said slave software program does not respond to said go-offline command in a pre-determined period of time . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (usable medium) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080244028A1 CLAIM 16 . A computer-usable medium (source host) having computer-readable program code embodied therein for causing a method for maintaining synchronization between a master computer disk and a customized slave disk , said method comprising : receiving a master computer disk ; utilizing a snapshot function to clone at least one slave disk from said master computer disk ; providing at least one customization portion to said at least one slave disk clone ; tracking changes to said master computing disk ; providing an anchor for synchronizing said slave disk to said master computing disk when said changes to said master computing disk are recognized without requiring an agent ; and synchronizing said slave disk to said master computing disk while maintaining said at least one customization portion of said slave disk such that said slave disk remains a clone with respect to said master computer disk while also retaining said at least one customization portion which is distinct from said master computing disk . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (usable medium) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080244028A1 CLAIM 16 . A computer-usable medium (source host) having computer-readable program code embodied therein for causing a method for maintaining synchronization between a master computer disk and a customized slave disk , said method comprising : receiving a master computer disk ; utilizing a snapshot function to clone at least one slave disk from said master computer disk ; providing at least one customization portion to said at least one slave disk clone ; tracking changes to said master computing disk ; providing an anchor for synchronizing said slave disk to said master computing disk when said changes to said master computing disk are recognized without requiring an agent ; and synchronizing said slave disk to said master computing disk while maintaining said at least one customization portion of said slave disk such that said slave disk remains a clone with respect to said master computer disk while also retaining said at least one customization portion which is distinct from said master computing disk . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080263670A1 Filed: 2008-03-26 Issued: 2008-10-23 Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks (Original Assignee) Wiresoft Net Inc (Current Assignee) Wiresoft Net Inc Ovidiu Stavrica |
|---|---|
| US9678774B2 CLAIM 20 . The computer-readable storage medium of claim 18 , wherein the alert includes an email message (electronic mail messages) . |
US20080263670A1 CLAIM 13 . The method of claim 1 wherein the originating computer comprises a POP3 server , the data stream or plurality of data packets encode electronic mail messages (email message) , the temporary storing and scanning applies only to attachment portions of the electronic mail messages , and replacing at least some of the attachments with a computer readable link to where the removed data can be found . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080189700A1 Filed: 2008-01-21 Issued: 2008-08-07 Admission Control for Virtual Machine Cluster (Original Assignee) VMware Inc (Current Assignee) VMware Inc Rene W. Schmidt, Sridhar Rajagopal |
|---|---|
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (management system) . |
US20080189700A1 CLAIM 1 . A system comprising : plural virtualization systems configured as a cluster ; a failover system that , responsive to an interruption of , or on , a particular one of the virtualization systems , transitions at least one virtual machine to another virtualization system of the cluster and resumes thereon computations of the transitioned virtual machine ; and a management system (readable storage, platform module) that tracks , for each virtual machine , a set of resource requirements , the management system admitting virtual machine computations to the cluster based on an admission control policy that , consonant with the resource requirements of virtual machines provisioned to any particular set of virtualization systems , assures sufficient excess capacity on other virtualization systems of the cluster to support , in the event of interruption of the particular set , transition of all virtual machines operative thereon to the other virtualization systems of the cluster . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (n storage) , a geolocation device (n storage) , or a positioning service . |
US20080189700A1 CLAIM 18 . The high-availability cluster of claim 17 , further comprising : a storage system that maintains , for each of the virtual machines , an encapsulated representation of virtual machine state , including at least a description of the hardware system virtualized together with backing state therefor , in storage (network device, geolocation device) accessible to each virtualization system of the cluster . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2008073618A2 Filed: 2007-11-02 Issued: 2008-06-19 Instant on platform (Original Assignee) Devicevm, Inc. Mark M. Lee, Phillip Sheu, Robert P. Ha, Thomas Deng, Wenchi Fang, Xun Fang, Yuchung Lu |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (Web site) . |
WO2008073618A2 CLAIM 3 . The apparatus of Claim 1 , said user operating system comprising any of : a network configuration gadget , a media and peer-to-peer sharing gadget , a profile manager gadget , a Web site (positioning service) design gadget , a backup configuration gadget , and a network configuration gadget for network connections . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (providing power) . |
WO2008073618A2 CLAIM 12 . The apparatus of Claim 1 , further comprising : means for providing power (platform module) savings via virtualization by any of : allowing system hardware to power down or to throttle back hardware reserves to what is minimally required by a currently running virtual machines , including powering down unused cores or scheduling ; virtual machines sharing cores when a computing task is not demanding ; based on a virtual machine or virtual environment running , powering off certain pieces of hardware ; and depending on a virtual machine running , using peer-evaluated performance requirements to throttle back and/or turn off processors or cores to meet performance requirements for said currently running virtual machine . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
WO2008073618A2 CLAIM 1 . An apparatus that allows multiple computer operating system (operating system) s (OS) and/or personalities to run concurrently , comprising : an instant-on platform comprising a lightweight hypervisor that virtualizes a system network stack , wherein said instant-on platform is placed in the path of network and disk traffic between said user OS and actual system hardware ; and a user operating system environment , wherein said user OS receives network traffic from said instant-on platform , which comprises a resource management service , a caching service , a profile manager , a network stack driver which effects TCP/IP communication with the OS , and at least one appliance . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (Web site) . |
WO2008073618A2 CLAIM 3 . The apparatus of Claim 1 , said user operating system comprising any of : a network configuration gadget , a media and peer-to-peer sharing gadget , a profile manager gadget , a Web site (positioning service) design gadget , a backup configuration gadget , and a network configuration gadget for network connections . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090089682A1 Filed: 2007-09-27 Issued: 2009-04-02 Collaborative environment for sharing visualizations of industrial automation data (Original Assignee) Rockwell Automation Technologies Inc (Current Assignee) Rockwell Automation Technologies Inc John Joseph Baier, Clifton Harold Bromley, Mark Hobbs, Teunis Hendrik Schouten, Douglas James Reichard, Kevin George Gordon, Taryl Jon Jasper, Robert Joseph McGreevy, Bruce Gordan Fuller |
|---|---|
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance (displays information) of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090089682A1 CLAIM 7 . The system of claim 1 , the view component provides for a user' ; s display to serve as a thin client that displays information (control performance) from other disparately located displays of interest . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance (displays information) of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090089682A1 CLAIM 7 . The system of claim 1 , the view component provides for a user' ; s display to serve as a thin client that displays information (control performance) from other disparately located displays of interest . |
| US9678774B2 CLAIM 20 . The computer-readable storage medium of claim 18 , wherein the alert includes an email message (common view) . |
US20090089682A1 CLAIM 1 . A visualization system that generates a collaborative visualization environment in an industrial automation environment , comprising : a view component that maps a plurality of displays to respective users ; a visualization component that dynamically generates a visualization from a set of display objects to present to a user that is a function of the received information and inferred or determined entity context ; and a collaboration component that receives instructions or requests to initiate a collaboration with another user , machine , or displays the collaboration component provides for joining multiple users , machines , or displays to create a common view (email message) or workspace via the view component and the visualization component . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | JP2009075718A Filed: 2007-09-19 Issued: 2009-04-09 仮想i/oパスの管理方法、情報処理システム及びプログラム (Original Assignee) Hitachi Ltd; 株式会社日立製作所 Takanari Baba, Jun Okitsu, Yoshiko Yasuda, 淑子 保田, 潤 沖津, 貴成 馬場 |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (少なくとも) or access to a positioning service . |
JP2009075718A CLAIM 6 物理I/Oポートに仮想I/Oポートを設定可能なI/Oアダプタを備えたノードを複数有し、前記各ノードのI/Oアダプタを接続するポートを備えたI/Oスイッチを備えて、前記複数のノード間で前記仮想I/Oポートを介してデータの転送を行う情報処理システムであって、 前記ノードは、 前記I/Oスイッチのポートの情報を収集するスイッチ情報取得部と、 前記I/Oアダプタの仮想I/Oポート毎に帯域を取得するローカル管理部と、を備え、 前記複数のノードのうちの少なくとも (positioning hardware) 一つは、前記複数のノードのI/Oアダプタの仮想I/Oポート間を接続する仮想I/Oパスを設定するグローバルQoS管理部を有し、 前記グローバルQoS管理部は、 前記スイッチ情報取得部とローカル管理部から前記I/Oスイッチのポートの情報と仮想I/Oポート毎の帯域を各ノードから取得するローカル情報取得部と、 送信元のノードの情報と送信先のノードの情報と帯域を含む仮想I/Oパスの生成要求を受け付けて、前記I/Oスイッチのポートの情報から前記送信元のノードから送信先のノードまでの仮想I/Oパスの経路を選択する仮想I/Oパス選択部と、 前記選択した仮想I/Oパスの経路上の仮想I/Oポートを抽出し、当該抽出した仮想I/Oポートに前記取得した帯域と前記生成要求に含まれる帯域から当該仮想I/Oパスを設定可能か否かを判定し、当該仮想I/Oパスを設定可能なときには、前記仮想I/Oパス上のポートに当該仮想I/Oパスを設定する仮想I/Oパス設定部と、 を有することを特徴とする情報処理システム。 |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (データ) , a geolocation device , or a positioning service . |
JP2009075718A CLAIM 1 物理I/Oポートに仮想I/Oポートを設定可能なI/Oアダプタを備えたノードを複数有し、前記ノードのI/OアダプタをI/Oスイッチのポートに接続し、前記複数のノード間で前記仮想I/Oポートを介してデータ (network device) の転送を行う情報処理システムにおける仮想I/Oパスの管理方法であって、 前記複数のノードのうちのいずれか一つが、前記I/Oスイッチのポートの情報を収集するステップと、 前記各ノードがそれぞれのノードが備えたI/Oアダプタの仮想I/Oポート毎に帯域を取得するステップと、 前記複数のノードのうちのいずれか一つが、前記I/Oスイッチのポートの情報と、前記帯域を取得するステップと、 前記I/Oスイッチのポートの情報と、前記帯域を取得した前記ノードが、送信元のノードの情報と送信先のノードの情報と帯域を含む仮想I/Oパスの生成要求を受け付けるステップと、 前記仮想I/Oパスの生成要求を受け付けたノードが、前記I/Oスイッチのポートの情報から前記送信元のノードから送信先のノードまでの仮想I/Oパスの経路を選択するステップと、 前記仮想I/Oパスの生成要求を受け付けたノードが、前記選択した仮想I/Oパスの経路上の仮想I/Oポートを抽出し、抽出した仮想I/Oポートに前記取得した帯域と前記生成要求に含まれる帯域から当該仮想I/Oパスを設定可能か否かを判定するステップと、 前記仮想I/Oパスの生成要求を受け付けたノードが、前記仮想I/Oパスを設定可能と判定しときに、前記仮想I/Oパス上のポートに当該仮想I/Oパスを設定するステップと、 を含むことを特徴とする仮想I/Oパスの管理方法。 |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20090007264A1 Filed: 2007-06-26 Issued: 2009-01-01 Security system with compliance checking and remediation (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC Arindam Chatterjee, Anders Samuelsson, Nils Dussart, Charles G. Jeffries, Amit R. Kulkarni |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (second provider) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090007264A1 CLAIM 10 . A computer-readable medium storing computer-executable instructions that , when executed , cause a computer system to perform a method for causing an analyzed computer system to comply with a security policy , the method comprising : receiving a compliance template , the compliance template having multiple compliance documents , at least one of the compliance documents indicating a compliance criterion and a remediation action ; providing the compliance criterion to a first provider component , the first provider component associated with a first operating system component and exposing a first programming interface wherein the first programming interface is common to a second provider (computing device) component , the second provider component associated with a second operating system component , wherein the first provider component and the second provider component are not the same provider component ; receiving from the first provider component an indication of whether the compliance criterion is satisfied ; and when the compliance criterion is not satisfied , performing the remediation action . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (second provider) . |
US20090007264A1 CLAIM 10 . A computer-readable medium storing computer-executable instructions that , when executed , cause a computer system to perform a method for causing an analyzed computer system to comply with a security policy , the method comprising : receiving a compliance template , the compliance template having multiple compliance documents , at least one of the compliance documents indicating a compliance criterion and a remediation action ; providing the compliance criterion to a first provider component , the first provider component associated with a first operating system component and exposing a first programming interface wherein the first programming interface is common to a second provider (computing device) component , the second provider component associated with a second operating system component , wherein the first provider component and the second provider component are not the same provider component ; receiving from the first provider component an indication of whether the compliance criterion is satisfied ; and when the compliance criterion is not satisfied , performing the remediation action . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (second provider) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20090007264A1 CLAIM 10 . A computer-readable medium storing computer-executable instructions that , when executed , cause a computer system to perform a method for causing an analyzed computer system to comply with a security policy , the method comprising : receiving a compliance template , the compliance template having multiple compliance documents , at least one of the compliance documents indicating a compliance criterion and a remediation action ; providing the compliance criterion to a first provider component , the first provider component associated with a first operating system component and exposing a first programming interface wherein the first programming interface is common to a second provider (computing device) component , the second provider component associated with a second operating system component , wherein the first provider component and the second provider component are not the same provider component ; receiving from the first provider component an indication of whether the compliance criterion is satisfied ; and when the compliance criterion is not satisfied , performing the remediation action . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080270564A1 Filed: 2007-04-25 Issued: 2008-10-30 Virtual machine migration (Original Assignee) Microsoft Corp (Current Assignee) Microsoft Technology Licensing LLC Dharshan Rangegowda, Robert Fries |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (virtualization system) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080270564A1 CLAIM 8 . A virtualization system (hardware configuration) , comprising : a virtual machine configured to execute on a first host computer ; a LUN (logical unit number) of a storage array that is mapped to a virtual drive of the virtual machine ; and a LUN mask configured to associate the LUN with the first host computer of the virtual machine , the LUN mask being configurable to unmask the LUN to migrate the virtual machine from the first host computer to the second host computer . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (virtualization system) . |
US20080270564A1 CLAIM 8 . A virtualization system (hardware configuration) , comprising : a virtual machine configured to execute on a first host computer ; a LUN (logical unit number) of a storage array that is mapped to a virtual drive of the virtual machine ; and a LUN mask configured to associate the LUN with the first host computer of the virtual machine , the LUN mask being configurable to unmask the LUN to migrate the virtual machine from the first host computer to the second host computer . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (virtualization system) of the target host . |
US20080270564A1 CLAIM 8 . A virtualization system (hardware configuration) , comprising : a virtual machine configured to execute on a first host computer ; a LUN (logical unit number) of a storage array that is mapped to a virtual drive of the virtual machine ; and a LUN mask configured to associate the LUN with the first host computer of the virtual machine , the LUN mask being configurable to unmask the LUN to migrate the virtual machine from the first host computer to the second host computer . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (virtualization system) of the target host from a trusted platform module . |
US20080270564A1 CLAIM 8 . A virtualization system (hardware configuration) , comprising : a virtual machine configured to execute on a first host computer ; a LUN (logical unit number) of a storage array that is mapped to a virtual drive of the virtual machine ; and a LUN mask configured to associate the LUN with the first host computer of the virtual machine , the LUN mask being configurable to unmask the LUN to migrate the virtual machine from the first host computer to the second host computer . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080016570A1 Filed: 2007-04-20 Issued: 2008-01-17 System and method for analyzing unauthorized intrusion into a computer network (Original Assignee) Alen Capalik Alen Capalik |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080016570A1 CLAIM 21 . The system of claim 13 , wherein the virtualized operating system module and the processing module are contained in memory on the same or separate computing device (computing device) s that each includes a processor . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
US20080016570A1 CLAIM 21 . The system of claim 13 , wherein the virtualized operating system module and the processing module are contained in memory on the same or separate computing device (computing device) s that each includes a processor . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080016570A1 CLAIM 21 . The system of claim 13 , wherein the virtualized operating system module and the processing module are contained in memory on the same or separate computing device (computing device) s that each includes a processor . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device (network device) , a geolocation device , or a positioning service . |
US20080016570A1 CLAIM 1 . A method for analyzing unauthorized intrusion into a computer network , the method comprising : allowing access to an apparently vulnerable virtualized decoy operating system running on a hypervisor operating system hosted on a decoy network device (network device) ; using an introspection module comprising a virtual-machine-based rootkit module and its associated userland processes running on the hypervisor operating system to intercept a network attack on the virtualized operating system , wherein the network attack includes attack-identifying information ; and generating forensic data on the network attack from the attack-identifying information . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080244569A1 Filed: 2007-03-30 Issued: 2008-10-02 System and Method for Reporting the Trusted State of a Virtual Machine (Original Assignee) Lenovo Singapore Pte Ltd (Current Assignee) Lenovo PC International Ltd David Carroll Challener, Mark Charles Davis |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (more software) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080244569A1 CLAIM 1 . A machine-implemented method comprising : executing a start sequence of an information handling system that includes a hardware based trust platform module (TPM) , wherein a plurality of platform configuration registers (PCRs) stored in the TPM are initialized to a predetermined state when the start sequence commences ; during the execution of the start sequence , loading one or more software (positioning hardware, hardware configuration) modules in a memory of the information handling system , wherein one of the software modules is a hypervisor ; calculating a plurality of PCR values resulting from the loading of the software modules ; comparing the PCR values that resulted from the loading of the hypervisor with one or more expected PCR values ; in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor match the expected PCR values , creating a virtual environment under the hypervisor , wherein the virtual environment includes a virtual machine and a virtual trust platform module (vTPM) used by the virtual machine ; and in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor do not match the expected PCR values , inhibiting the creation of the virtual environment . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (more software) . |
US20080244569A1 CLAIM 1 . A machine-implemented method comprising : executing a start sequence of an information handling system that includes a hardware based trust platform module (TPM) , wherein a plurality of platform configuration registers (PCRs) stored in the TPM are initialized to a predetermined state when the start sequence commences ; during the execution of the start sequence , loading one or more software (positioning hardware, hardware configuration) modules in a memory of the information handling system , wherein one of the software modules is a hypervisor ; calculating a plurality of PCR values resulting from the loading of the software modules ; comparing the PCR values that resulted from the loading of the hypervisor with one or more expected PCR values ; in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor match the expected PCR values , creating a virtual environment under the hypervisor , wherein the virtual environment includes a virtual machine and a virtual trust platform module (vTPM) used by the virtual machine ; and in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor do not match the expected PCR values , inhibiting the creation of the virtual environment . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (more software) or access to a positioning service . |
US20080244569A1 CLAIM 1 . A machine-implemented method comprising : executing a start sequence of an information handling system that includes a hardware based trust platform module (TPM) , wherein a plurality of platform configuration registers (PCRs) stored in the TPM are initialized to a predetermined state when the start sequence commences ; during the execution of the start sequence , loading one or more software (positioning hardware, hardware configuration) modules in a memory of the information handling system , wherein one of the software modules is a hypervisor ; calculating a plurality of PCR values resulting from the loading of the software modules ; comparing the PCR values that resulted from the loading of the hypervisor with one or more expected PCR values ; in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor match the expected PCR values , creating a virtual environment under the hypervisor , wherein the virtual environment includes a virtual machine and a virtual trust platform module (vTPM) used by the virtual machine ; and in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor do not match the expected PCR values , inhibiting the creation of the virtual environment . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (more software) of the target host . |
US20080244569A1 CLAIM 1 . A machine-implemented method comprising : executing a start sequence of an information handling system that includes a hardware based trust platform module (TPM) , wherein a plurality of platform configuration registers (PCRs) stored in the TPM are initialized to a predetermined state when the start sequence commences ; during the execution of the start sequence , loading one or more software (positioning hardware, hardware configuration) modules in a memory of the information handling system , wherein one of the software modules is a hypervisor ; calculating a plurality of PCR values resulting from the loading of the software modules ; comparing the PCR values that resulted from the loading of the hypervisor with one or more expected PCR values ; in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor match the expected PCR values , creating a virtual environment under the hypervisor , wherein the virtual environment includes a virtual machine and a virtual trust platform module (vTPM) used by the virtual machine ; and in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor do not match the expected PCR values , inhibiting the creation of the virtual environment . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (more software) of the target host from a trusted platform module . |
US20080244569A1 CLAIM 1 . A machine-implemented method comprising : executing a start sequence of an information handling system that includes a hardware based trust platform module (TPM) , wherein a plurality of platform configuration registers (PCRs) stored in the TPM are initialized to a predetermined state when the start sequence commences ; during the execution of the start sequence , loading one or more software (positioning hardware, hardware configuration) modules in a memory of the information handling system , wherein one of the software modules is a hypervisor ; calculating a plurality of PCR values resulting from the loading of the software modules ; comparing the PCR values that resulted from the loading of the hypervisor with one or more expected PCR values ; in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor match the expected PCR values , creating a virtual environment under the hypervisor , wherein the virtual environment includes a virtual machine and a virtual trust platform module (vTPM) used by the virtual machine ; and in response to the comparison revealing that the PCR values that resulted from the loading of the hypervisor do not match the expected PCR values , inhibiting the creation of the virtual environment . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US7996836B1 Filed: 2006-12-29 Issued: 2011-08-09 Using a hypervisor to provide computer security (Original Assignee) Symantec Corp (Current Assignee) NortonLifeLock Inc Bruce McCorkendale, Peter Ferrie |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (storing computer program) that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US7996836B1 CLAIM 1 . A system for providing security in a computer having a virtual machine controlled by a hypervisor , the virtual machine having an operating system with an operating system kernel and an operating system protection module that detects modifications to the operating system kernel , the system comprising : a computer processor ; and a non-transitory computer-readable storage medium storing computer program (computer instructions) modules configured to execute on the computer processor , the computer program modules comprising : a security initialization module for modifying the operating system kernel of the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a system call issued by a process executing within the virtual machine , wherein modifying the operating system kernel comprises : setting a breakpoint in the operating system kernel to cause an interrupt upon the system call being issued by the process and setting an exception bitmap in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to the interrupt ; a disabling module for setting a state in the virtual machine to pass control to the hypervisor during execution of the operating system protection module and for altering functioning of the operating system protection module to prevent the operating system protection module from detecting the modification of the operating system kernel ; and a security module activated responsive to execution being passed to the hypervisor due to the modification by the security initialization module and for analyzing the process to determine whether the process poses a security threat . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (storing computer program) that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US7996836B1 CLAIM 1 . A system for providing security in a computer having a virtual machine controlled by a hypervisor , the virtual machine having an operating system with an operating system kernel and an operating system protection module that detects modifications to the operating system kernel , the system comprising : a computer processor ; and a non-transitory computer-readable storage medium storing computer program (computer instructions) modules configured to execute on the computer processor , the computer program modules comprising : a security initialization module for modifying the operating system kernel of the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a system call issued by a process executing within the virtual machine , wherein modifying the operating system kernel comprises : setting a breakpoint in the operating system kernel to cause an interrupt upon the system call being issued by the process and setting an exception bitmap in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to the interrupt ; a disabling module for setting a state in the virtual machine to pass control to the hypervisor during execution of the operating system protection module and for altering functioning of the operating system protection module to prevent the operating system protection module from detecting the modification of the operating system kernel ; and a security module activated responsive to execution being passed to the hypervisor due to the modification by the security initialization module and for analyzing the process to determine whether the process poses a security threat . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (storing computer program) that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US7996836B1 CLAIM 1 . A system for providing security in a computer having a virtual machine controlled by a hypervisor , the virtual machine having an operating system with an operating system kernel and an operating system protection module that detects modifications to the operating system kernel , the system comprising : a computer processor ; and a non-transitory computer-readable storage medium storing computer program (computer instructions) modules configured to execute on the computer processor , the computer program modules comprising : a security initialization module for modifying the operating system kernel of the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a system call issued by a process executing within the virtual machine , wherein modifying the operating system kernel comprises : setting a breakpoint in the operating system kernel to cause an interrupt upon the system call being issued by the process and setting an exception bitmap in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to the interrupt ; a disabling module for setting a state in the virtual machine to pass control to the hypervisor during execution of the operating system protection module and for altering functioning of the operating system protection module to prevent the operating system protection module from detecting the modification of the operating system kernel ; and a security module activated responsive to execution being passed to the hypervisor due to the modification by the security initialization module and for analyzing the process to determine whether the process poses a security threat . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (storing computer program) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US7996836B1 CLAIM 1 . A system for providing security in a computer having a virtual machine controlled by a hypervisor , the virtual machine having an operating system with an operating system kernel and an operating system protection module that detects modifications to the operating system kernel , the system comprising : a computer processor ; and a non-transitory computer-readable storage medium storing computer program (computer instructions) modules configured to execute on the computer processor , the computer program modules comprising : a security initialization module for modifying the operating system kernel of the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a system call issued by a process executing within the virtual machine , wherein modifying the operating system kernel comprises : setting a breakpoint in the operating system kernel to cause an interrupt upon the system call being issued by the process and setting an exception bitmap in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to the interrupt ; a disabling module for setting a state in the virtual machine to pass control to the hypervisor during execution of the operating system protection module and for altering functioning of the operating system protection module to prevent the operating system protection module from detecting the modification of the operating system kernel ; and a security module activated responsive to execution being passed to the hypervisor due to the modification by the security initialization module and for analyzing the process to determine whether the process poses a security threat . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (storing computer program) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US7996836B1 CLAIM 1 . A system for providing security in a computer having a virtual machine controlled by a hypervisor , the virtual machine having an operating system with an operating system kernel and an operating system protection module that detects modifications to the operating system kernel , the system comprising : a computer processor ; and a non-transitory computer-readable storage medium storing computer program (computer instructions) modules configured to execute on the computer processor , the computer program modules comprising : a security initialization module for modifying the operating system kernel of the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a system call issued by a process executing within the virtual machine , wherein modifying the operating system kernel comprises : setting a breakpoint in the operating system kernel to cause an interrupt upon the system call being issued by the process and setting an exception bitmap in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to the interrupt ; a disabling module for setting a state in the virtual machine to pass control to the hypervisor during execution of the operating system protection module and for altering functioning of the operating system protection module to prevent the operating system protection module from detecting the modification of the operating system kernel ; and a security module activated responsive to execution being passed to the hypervisor due to the modification by the security initialization module and for analyzing the process to determine whether the process poses a security threat . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (storing computer program) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US7996836B1 CLAIM 1 . A system for providing security in a computer having a virtual machine controlled by a hypervisor , the virtual machine having an operating system with an operating system kernel and an operating system protection module that detects modifications to the operating system kernel , the system comprising : a computer processor ; and a non-transitory computer-readable storage medium storing computer program (computer instructions) modules configured to execute on the computer processor , the computer program modules comprising : a security initialization module for modifying the operating system kernel of the virtual machine to pass execution from the virtual machine to the hypervisor responsive to a system call issued by a process executing within the virtual machine , wherein modifying the operating system kernel comprises : setting a breakpoint in the operating system kernel to cause an interrupt upon the system call being issued by the process and setting an exception bitmap in the virtual machine to pass execution from the virtual machine to the hypervisor responsive to the interrupt ; a disabling module for setting a state in the virtual machine to pass control to the hypervisor during execution of the operating system protection module and for altering functioning of the operating system protection module to prevent the operating system protection module from detecting the modification of the operating system kernel ; and a security module activated responsive to execution being passed to the hypervisor due to the modification by the security initialization module and for analyzing the process to determine whether the process poses a security threat . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20070089111A1 Filed: 2006-09-29 Issued: 2007-04-19 Virtual environment manager (Original Assignee) Intel Corp (Current Assignee) Intel Corp Scott Robinson, Vijay Tewari, Robert Knauerhase |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (computing device) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070089111A1 CLAIM 25 . A descriptor to create and manage virtual machine (VM) environments , comprising : a description of resources accessible to a VM environment on a computing device (computing device) having a virtual machine monitor (VMM) : a description of data files associated with the VM environment : a description of user permissions for the VM environment : an access control list for authenticating users to access the VM environment ; a management policy to enforce restrictions on the resources , data , and permissions during execution of the VM environment . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (computing device) . |
US20070089111A1 CLAIM 25 . A descriptor to create and manage virtual machine (VM) environments , comprising : a description of resources accessible to a VM environment on a computing device (computing device) having a virtual machine monitor (VMM) : a description of data files associated with the VM environment : a description of user permissions for the VM environment : an access control list for authenticating users to access the VM environment ; a management policy to enforce restrictions on the resources , data , and permissions during execution of the VM environment . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (software applications, file system) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070089111A1 CLAIM 26 . The descriptor of claim 25 , wherein the resources comprise one of , hardware devices , circuitry , persistent data storage devices , memory , networking , operating systems , and software applications (hardware configuration) ; wherein the data files comprise one of addresses in the persistent data storage device , a file system (hardware configuration) , meta-data , audio data , video data , data blocks , and software applications ; wherein the user permissions include one of a read data permission , a write data permission , and execute permission , owner permissions , same group as owner permissions , and other than owner permissions ; wherein the authentication includes an access control list (ACL) ; wherein the management policies include one of a personal management policy , a family management policy , a work management policy , a desktop computer management policy , a laptop computer management policy , and a corporate management policy . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (software applications, file system) . |
US20070089111A1 CLAIM 26 . The descriptor of claim 25 , wherein the resources comprise one of , hardware devices , circuitry , persistent data storage devices , memory , networking , operating systems , and software applications (hardware configuration) ; wherein the data files comprise one of addresses in the persistent data storage device , a file system (hardware configuration) , meta-data , audio data , video data , data blocks , and software applications ; wherein the user permissions include one of a read data permission , a write data permission , and execute permission , owner permissions , same group as owner permissions , and other than owner permissions ; wherein the authentication includes an access control list (ACL) ; wherein the management policies include one of a personal management policy , a family management policy , a work management policy , a desktop computer management policy , a laptop computer management policy , and a corporate management policy . |
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device (computing device) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070089111A1 CLAIM 25 . A descriptor to create and manage virtual machine (VM) environments , comprising : a description of resources accessible to a VM environment on a computing device (computing device) having a virtual machine monitor (VMM) : a description of data files associated with the VM environment : a description of user permissions for the VM environment : an access control list for authenticating users to access the VM environment ; a management policy to enforce restrictions on the resources , data , and permissions during execution of the VM environment . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (software applications, file system) of the target host . |
US20070089111A1 CLAIM 26 . The descriptor of claim 25 , wherein the resources comprise one of , hardware devices , circuitry , persistent data storage devices , memory , networking , operating systems , and software applications (hardware configuration) ; wherein the data files comprise one of addresses in the persistent data storage device , a file system (hardware configuration) , meta-data , audio data , video data , data blocks , and software applications ; wherein the user permissions include one of a read data permission , a write data permission , and execute permission , owner permissions , same group as owner permissions , and other than owner permissions ; wherein the authentication includes an access control list (ACL) ; wherein the management policies include one of a personal management policy , a family management policy , a work management policy , a desktop computer management policy , a laptop computer management policy , and a corporate management policy . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (software applications, file system) of the target host from a trusted platform module . |
US20070089111A1 CLAIM 26 . The descriptor of claim 25 , wherein the resources comprise one of , hardware devices , circuitry , persistent data storage devices , memory , networking , operating systems , and software applications (hardware configuration) ; wherein the data files comprise one of addresses in the persistent data storage device , a file system (hardware configuration) , meta-data , audio data , video data , data blocks , and software applications ; wherein the user permissions include one of a read data permission , a write data permission , and execute permission , owner permissions , same group as owner permissions , and other than owner permissions ; wherein the authentication includes an access control list (ACL) ; wherein the management policies include one of a personal management policy , a family management policy , a work management policy , a desktop computer management policy , a laptop computer management policy , and a corporate management policy . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
US20070089111A1 CLAIM 21 . The method of claim 1 , further comprising : using a virtual environment manager (VEM) to automatically translate first information of the first descriptor into second information of the second descriptor , wherein the second information allows the second VM environment to be executed on an operating system (operating system) that is unable to execute the first VM environment . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US7788235B1 Filed: 2006-09-29 Issued: 2010-08-31 Extrusion detection using taint analysis (Original Assignee) Symantec Corp (Current Assignee) CAI Software LLC Matthew Yeo |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (new location) or access to a positioning service (new location) . |
US7788235B1 CLAIM 1 . A method for preventing release of sensitive data from a computer , the method comprising the steps of : indicating in a taint memory of the computer a location of sensitive data stored in an other memory of the computer , the taint memory comprising a plurality of taint bits , each taint bit corresponding to a unit of the other memory ; responsive to a transaction that propagates the sensitive data in the other memory of the computer to a new location (positioning hardware, positioning service) in the other memory , indicating in the taint memory that the new location stores sensitive data ; monitoring an exit of the computer to detect a potential release of outbound data from the computer ; responsive to detecting the potential release of outbound data , determining , using the indications in the taint memory , whether the outbound data are sensitive ; and responsive to the outbound data being sensitive , executing an action to prevent the release from occurring . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (new location) . |
US7788235B1 CLAIM 1 . A method for preventing release of sensitive data from a computer , the method comprising the steps of : indicating in a taint memory of the computer a location of sensitive data stored in an other memory of the computer , the taint memory comprising a plurality of taint bits , each taint bit corresponding to a unit of the other memory ; responsive to a transaction that propagates the sensitive data in the other memory of the computer to a new location (positioning hardware, positioning service) in the other memory , indicating in the taint memory that the new location stores sensitive data ; monitoring an exit of the computer to detect a potential release of outbound data from the computer ; responsive to detecting the potential release of outbound data , determining , using the indications in the taint memory , whether the outbound data are sensitive ; and responsive to the outbound data being sensitive , executing an action to prevent the release from occurring . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | WO2007023467A2 Filed: 2006-08-23 Issued: 2007-03-01 Flow control based on flow policies in a communication network (Original Assignee) Netronome Systems Inc Johann Heinrich TÖNSING, Gysbert Floris Van Beek Van Leeuwen, Roelof Nico Du Toit, Jan Niel Viljoen, David Wells, Leon Johannes Brits, Jan Christoffel Du Toit |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (network bandwidth) , a request to migrate a virtual machine from a source host to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (network bandwidth) . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . |
| US9678774B2 CLAIM 8 . A computing system (network bandwidth) , comprising : a computing device (network bandwidth) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (packet payload) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . WO2007023467A2 CLAIM 19 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising fields in packet headers ; data in packet payload (cause performance) s ; and protocols and sets of protocols . |
| US9678774B2 CLAIM 9 . The computing system (network bandwidth) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (packet payload) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . WO2007023467A2 CLAIM 19 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising fields in packet headers ; data in packet payload (cause performance) s ; and protocols and sets of protocols . |
| US9678774B2 CLAIM 10 . The computing system (network bandwidth) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (packet payload) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . WO2007023467A2 CLAIM 19 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising fields in packet headers ; data in packet payload (cause performance) s ; and protocols and sets of protocols . |
| US9678774B2 CLAIM 11 . The computing system (network bandwidth) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . |
| US9678774B2 CLAIM 12 . The computing system (network bandwidth) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (packet payload) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module (operating system, real time) . |
WO2007023467A2 CLAIM 13 . The system claimed in Claim 1 , which includes a processor having an operating system (operating system, platform module) with at least one real time (operating system, platform module) processing function , and an application hosted within a kernel of the operating system or a user space of the operating system , and in which the directing means directs at least a part of the flow along a path that includes the application . WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . WO2007023467A2 CLAIM 19 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising fields in packet headers ; data in packet payload (cause performance) s ; and protocols and sets of protocols . |
| US9678774B2 CLAIM 13 . The computing system (network bandwidth) of claim 9 , wherein the information comprises a hash of an operating system (operating system, real time) of the target host and a private key . |
WO2007023467A2 CLAIM 13 . The system claimed in Claim 1 , which includes a processor having an operating system (operating system, platform module) with at least one real time (operating system, platform module) processing function , and an application hosted within a kernel of the operating system or a user space of the operating system , and in which the directing means directs at least a part of the flow along a path that includes the application . WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . |
| US9678774B2 CLAIM 14 . The computing system (network bandwidth) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance (packet payload) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . WO2007023467A2 CLAIM 19 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising fields in packet headers ; data in packet payload (cause performance) s ; and protocols and sets of protocols . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance (network bandwidth) of : in response to receipt of a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance (network bandwidth) of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
WO2007023467A2 CLAIM 18 . The system claimed in Claim 1 , in which the flow policy determining means determines the flow policy for a flow in accordance with criteria selected from the group comprising memory usage , network bandwidth (computing device, computing system, control performance) use , power dissipation , feedback from guest operating systems in virtual machines , feedback from applications , feedback from a processing means , and feedback from a forwarding means . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20070043860A1 Filed: 2006-08-10 Issued: 2007-02-22 Virtual systems management (Original Assignee) TOUTVIRTUAL Inc (Current Assignee) TOUTVIRTUAL Inc Vipul Pabari |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (application software) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070043860A1 CLAIM 25 . A method for automatic management of a virtualization environment in a computer network , the method comprising : performing one or more functions from the group of functions consisting of (1) identification and management of network resources and virtual assets , (2) provisioning of virtual assets in response to network workflow demands , (3) dynamic deployment of virtual assets across the computer network , (4) performance measurement and reporting of resources and virtual assets , and (5) planning and forecasting of resource demands and asset utilization of the virtualization environment ; wherein such functions are carried out without regard to processors , operating systems , virtualization platforms , and application software (hardware configuration) of the virtualization environment . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (application software) . |
US20070043860A1 CLAIM 25 . A method for automatic management of a virtualization environment in a computer network , the method comprising : performing one or more functions from the group of functions consisting of (1) identification and management of network resources and virtual assets , (2) provisioning of virtual assets in response to network workflow demands , (3) dynamic deployment of virtual assets across the computer network , (4) performance measurement and reporting of resources and virtual assets , and (5) planning and forecasting of resource demands and asset utilization of the virtualization environment ; wherein such functions are carried out without regard to processors , operating systems , virtualization platforms , and application software (hardware configuration) of the virtualization environment . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (application software) of the target host . |
US20070043860A1 CLAIM 25 . A method for automatic management of a virtualization environment in a computer network , the method comprising : performing one or more functions from the group of functions consisting of (1) identification and management of network resources and virtual assets , (2) provisioning of virtual assets in response to network workflow demands , (3) dynamic deployment of virtual assets across the computer network , (4) performance measurement and reporting of resources and virtual assets , and (5) planning and forecasting of resource demands and asset utilization of the virtualization environment ; wherein such functions are carried out without regard to processors , operating systems , virtualization platforms , and application software (hardware configuration) of the virtualization environment . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (application software) of the target host from a trusted platform module (operating system, real time) . |
US20070043860A1 CLAIM 1 . A method for automatic management of a virtualization environment in a computer network , the method comprising : determining an inventory of network resources and virtual assets available to a virtualization environment of the computer network ; assigning prioritization to members of the available inventory for the virtualization environment ; provisioning virtual assets from among the available inventory , thereby establishing a provisioned virtualization environment ; determining real time (operating system, platform module) performance metrics for the provisioned virtualization environment ; producing a reallocation of the virtual assets automatically in response to the real time performance metrics ; and initiating the reallocation of the virtual assets . US20070043860A1 CLAIM 25 . A method for automatic management of a virtualization environment in a computer network , the method comprising : performing one or more functions from the group of functions consisting of (1) identification and management of network resources and virtual assets , (2) provisioning of virtual assets in response to network workflow demands , (3) dynamic deployment of virtual assets across the computer network , (4) performance measurement and reporting of resources and virtual assets , and (5) planning and forecasting of resource demands and asset utilization of the virtualization environment ; wherein such functions are carried out without regard to processors , operating system (operating system, platform module) s , virtualization platforms , and application software (hardware configuration) of the virtualization environment . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system, real time) of the target host and a private key . |
US20070043860A1 CLAIM 1 . A method for automatic management of a virtualization environment in a computer network , the method comprising : determining an inventory of network resources and virtual assets available to a virtualization environment of the computer network ; assigning prioritization to members of the available inventory for the virtualization environment ; provisioning virtual assets from among the available inventory , thereby establishing a provisioned virtualization environment ; determining real time (operating system, platform module) performance metrics for the provisioned virtualization environment ; producing a reallocation of the virtual assets automatically in response to the real time performance metrics ; and initiating the reallocation of the virtual assets . US20070043860A1 CLAIM 25 . A method for automatic management of a virtualization environment in a computer network , the method comprising : performing one or more functions from the group of functions consisting of (1) identification and management of network resources and virtual assets , (2) provisioning of virtual assets in response to network workflow demands , (3) dynamic deployment of virtual assets across the computer network , (4) performance measurement and reporting of resources and virtual assets , and (5) planning and forecasting of resource demands and asset utilization of the virtualization environment ; wherein such functions are carried out without regard to processors , operating system (operating system, platform module) s , virtualization platforms , and application software of the virtualization environment . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20080025288A1 Filed: 2006-07-27 Issued: 2008-01-31 Dual network types solution for computer interconnects (Original Assignee) International Business Machines Corp (Current Assignee) International Business Machines Corp Alan Benner, Ramakrishnan Rajamony, Eugen Schenfeld, Craig Brian Stunkel, Peter A. Walker |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (optical connections) . |
US20080025288A1 CLAIM 9 . The system of claim 1 wherein the circuit switched network is an optical circuit switched network with optical connections (positioning service) among the processing nodes . |
| US9678774B2 CLAIM 8 . A computing system (computing system) , comprising : a computing device comprising one (optical switch) or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . US20080025288A1 CLAIM 15 . The system of claim 15 wherein the circuit switched network comprises one or more optical switch (computing device comprising one) es connecting all the inter-cluster opto electronic links of all the clusters . |
| US9678774B2 CLAIM 9 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . |
| US9678774B2 CLAIM 10 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . |
| US9678774B2 CLAIM 11 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . |
| US9678774B2 CLAIM 12 . The computing system (computing system) of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . |
| US9678774B2 CLAIM 13 . The computing system (computing system) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . |
| US9678774B2 CLAIM 14 . The computing system (computing system) of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (optical connections) . |
US20080025288A1 CLAIM 1 . A computing system (computing system) comprising : a plurality of tightly coupled processing nodes ; a plurality of circuit switched networks using a circuit switching mode , interconnecting the processing nodes , and for handling data transfers that meet one or more criteria ; and a plurality of electronic packet switched networks , also interconnecting the processing nodes , for handling data transfers that do not meet the at least one criteria ; wherein the circuit switched network and the electronic packet switched network operate simultaneously . US20080025288A1 CLAIM 9 . The system of claim 1 wherein the circuit switched network is an optical circuit switched network with optical connections (positioning service) among the processing nodes . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20070250833A1 Filed: 2006-04-14 Issued: 2007-10-25 Managing virtual machines with system-wide policies (Original Assignee) Microsoft Corp (Current Assignee) ServiceNow Inc Nelson Araujo, Abhishek Dhasmana, Lloyd Giberson, Angel Monterrubio, John Parry, Eugene Polonsky, Kendra Yourtee, Brian Wahlert |
|---|---|
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware or access to a positioning service (more parameter) . |
US20070250833A1 CLAIM 1 . At a virtual machine manager in a computerized environment , the virtual machine manager being configured to manage one or more virtual machines at one or more virtual machine hosts , a method of automatically managing the creation and operation of the one or more virtual machines through delegated authority , comprising the acts of : receiving electronic control instructions from a virtual machine authority , the control instructions comprising one or more policy settings ; passing the one or more policy settings to a configuration store ; receiving a user request to create a virtual machine in accordance with one or more parameter (positioning service) s ; determining from the one or more policy settings that the user request can be granted ; and sending electronic management instructions to a virtual machine host , wherein the management instructions identify that the requested virtual machine can be created in accordance with the one or more parameters . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service (more parameter) . |
US20070250833A1 CLAIM 1 . At a virtual machine manager in a computerized environment , the virtual machine manager being configured to manage one or more virtual machines at one or more virtual machine hosts , a method of automatically managing the creation and operation of the one or more virtual machines through delegated authority , comprising the acts of : receiving electronic control instructions from a virtual machine authority , the control instructions comprising one or more policy settings ; passing the one or more policy settings to a configuration store ; receiving a user request to create a virtual machine in accordance with one or more parameter (positioning service) s ; determining from the one or more policy settings that the user request can be granted ; and sending electronic management instructions to a virtual machine host , wherein the management instructions identify that the requested virtual machine can be created in accordance with the one or more parameters . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20070239942A1 Filed: 2006-03-30 Issued: 2007-10-11 Transactional memory virtualization (Original Assignee) Intel Corp (Current Assignee) Intel Corp Ravi Rajwar, Haitham Akkary, Konrad Lai |
|---|---|
| US9678774B2 CLAIM 8 . A computing system , comprising : a computing device comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (second instruction, first instruction) that , in response to execution by the one or more processor units , cause performance (more processor) of : in response to a request to migrate a virtual machine from a source host to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070239942A1 CLAIM 15 . The apparatus of claim 12 , further comprising one or more processor (cause performance) cores to perform one or more operations corresponding to one or more of the transactional memory access requests . US20070239942A1 CLAIM 21 . A method comprising : storing data corresponding to a transactional memory instruction that has caused a hardware overflow into a persistent portion of a memory ; updating a stored value corresponding to a number of transactional memory access requests that are uncommitted in response to at least the first instruction (executable instructions, computer instructions) ; and performing one or more operations in response to the first instruction in accordance with the stored data . US20070239942A1 CLAIM 25 . A system comprising : a first memory to store data ; a processor to fetch a first instruction corresponding to a start of a transactional memory access and a second instruction (executable instructions, computer instructions) corresponding to an end of the transactional memory access , the processor to store data corresponding to a transactional memory access request that has caused a second memory to overflow in the first memory and to update a value stored in a storage unit in response to performing one or more of the first instruction and the second instruction . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (second instruction, first instruction) that , in response to execution by the one or more processor units , cause performance (more processor) of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration of the target host . |
US20070239942A1 CLAIM 15 . The apparatus of claim 12 , further comprising one or more processor (cause performance) cores to perform one or more operations corresponding to one or more of the transactional memory access requests . US20070239942A1 CLAIM 21 . A method comprising : storing data corresponding to a transactional memory instruction that has caused a hardware overflow into a persistent portion of a memory ; updating a stored value corresponding to a number of transactional memory access requests that are uncommitted in response to at least the first instruction (executable instructions, computer instructions) ; and performing one or more operations in response to the first instruction in accordance with the stored data . US20070239942A1 CLAIM 25 . A system comprising : a first memory to store data ; a processor to fetch a first instruction corresponding to a start of a transactional memory access and a second instruction (executable instructions, computer instructions) corresponding to an end of the transactional memory access , the processor to store data corresponding to a transactional memory access request that has caused a second memory to overflow in the first memory and to update a value stored in a storage unit in response to performing one or more of the first instruction and the second instruction . |
| US9678774B2 CLAIM 10 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (second instruction, first instruction) that , in response to execution by the one or more processor units , cause performance (more processor) of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20070239942A1 CLAIM 15 . The apparatus of claim 12 , further comprising one or more processor (cause performance) cores to perform one or more operations corresponding to one or more of the transactional memory access requests . US20070239942A1 CLAIM 21 . A method comprising : storing data corresponding to a transactional memory instruction that has caused a hardware overflow into a persistent portion of a memory ; updating a stored value corresponding to a number of transactional memory access requests that are uncommitted in response to at least the first instruction (executable instructions, computer instructions) ; and performing one or more operations in response to the first instruction in accordance with the stored data . US20070239942A1 CLAIM 25 . A system comprising : a first memory to store data ; a processor to fetch a first instruction corresponding to a start of a transactional memory access and a second instruction (executable instructions, computer instructions) corresponding to an end of the transactional memory access , the processor to store data corresponding to a transactional memory access request that has caused a second memory to overflow in the first memory and to update a value stored in a storage unit in response to performing one or more of the first instruction and the second instruction . |
| US9678774B2 CLAIM 11 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (second instruction, first instruction) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070239942A1 CLAIM 21 . A method comprising : storing data corresponding to a transactional memory instruction that has caused a hardware overflow into a persistent portion of a memory ; updating a stored value corresponding to a number of transactional memory access requests that are uncommitted in response to at least the first instruction (executable instructions, computer instructions) ; and performing one or more operations in response to the first instruction in accordance with the stored data . US20070239942A1 CLAIM 25 . A system comprising : a first memory to store data ; a processor to fetch a first instruction corresponding to a start of a transactional memory access and a second instruction (executable instructions, computer instructions) corresponding to an end of the transactional memory access , the processor to store data corresponding to a transactional memory access request that has caused a second memory to overflow in the first memory and to update a value stored in a storage unit in response to performing one or more of the first instruction and the second instruction . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions (second instruction, first instruction) that , in response to execution by the one or more processor units , cause performance (more processor) of : obtain , by the hidden process , the information indicating the hardware configuration of the target host from a trusted platform module . |
US20070239942A1 CLAIM 15 . The apparatus of claim 12 , further comprising one or more processor (cause performance) cores to perform one or more operations corresponding to one or more of the transactional memory access requests . US20070239942A1 CLAIM 21 . A method comprising : storing data corresponding to a transactional memory instruction that has caused a hardware overflow into a persistent portion of a memory ; updating a stored value corresponding to a number of transactional memory access requests that are uncommitted in response to at least the first instruction (executable instructions, computer instructions) ; and performing one or more operations in response to the first instruction in accordance with the stored data . US20070239942A1 CLAIM 25 . A system comprising : a first memory to store data ; a processor to fetch a first instruction corresponding to a start of a transactional memory access and a second instruction (executable instructions, computer instructions) corresponding to an end of the transactional memory access , the processor to store data corresponding to a transactional memory access request that has caused a second memory to overflow in the first memory and to update a value stored in a storage unit in response to performing one or more of the first instruction and the second instruction . |
| US9678774B2 CLAIM 14 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions (second instruction, first instruction) that , in response to execution by the one or more processor units , cause performance (more processor) of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20070239942A1 CLAIM 15 . The apparatus of claim 12 , further comprising one or more processor (cause performance) cores to perform one or more operations corresponding to one or more of the transactional memory access requests . US20070239942A1 CLAIM 21 . A method comprising : storing data corresponding to a transactional memory instruction that has caused a hardware overflow into a persistent portion of a memory ; updating a stored value corresponding to a number of transactional memory access requests that are uncommitted in response to at least the first instruction (executable instructions, computer instructions) ; and performing one or more operations in response to the first instruction in accordance with the stored data . US20070239942A1 CLAIM 25 . A system comprising : a first memory to store data ; a processor to fetch a first instruction corresponding to a start of a transactional memory access and a second instruction (executable instructions, computer instructions) corresponding to an end of the transactional memory access , the processor to store data corresponding to a transactional memory access request that has caused a second memory to overflow in the first memory and to update a value stored in a storage unit in response to performing one or more of the first instruction and the second instruction . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | GB2423168A Filed: 2006-02-09 Issued: 2006-08-16 Managing software updates in multiple virtual machines (Original Assignee) Dell Products LP (Current Assignee) Dell Products LP Timothy Ables, Balasubramanian Chandrasekaran |
|---|---|
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (hardware configuration) , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
GB2423168A CLAIM 1 CLAIMS : 1 . A system for maintaining virtual machines of a virtual data center , the system comprising : global data operable to store plural virtual machines ; plural virtual machines stored in the global data , each virtual machine having a hardware configuration (hardware configuration) and a software image , the software image having at least one application system preparation file ; an application read only image stored in the global data ; plural processing components operable to run the virtual machines ; and a resource virtualization engine operable to run a virtual machine instance on the processing components by populating the application read only image with the application system preparation file to generate a runtime instance of the application . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (hardware configuration) . |
GB2423168A CLAIM 1 CLAIMS : 1 . A system for maintaining virtual machines of a virtual data center , the system comprising : global data operable to store plural virtual machines ; plural virtual machines stored in the global data , each virtual machine having a hardware configuration (hardware configuration) and a software image , the software image having at least one application system preparation file ; an application read only image stored in the global data ; plural processing components operable to run the virtual machines ; and a resource virtualization engine operable to run a virtual machine instance on the processing components by populating the application read only image with the application system preparation file to generate a runtime instance of the application . |
| US9678774B2 CLAIM 9 . The computing system of claim 8 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (hardware configuration) of the target host . |
GB2423168A CLAIM 1 CLAIMS : 1 . A system for maintaining virtual machines of a virtual data center , the system comprising : global data operable to store plural virtual machines ; plural virtual machines stored in the global data , each virtual machine having a hardware configuration (hardware configuration) and a software image , the software image having at least one application system preparation file ; an application read only image stored in the global data ; plural processing components operable to run the virtual machines ; and a resource virtualization engine operable to run a virtual machine instance on the processing components by populating the application read only image with the application system preparation file to generate a runtime instance of the application . |
| US9678774B2 CLAIM 12 . The computing system of claim 9 , wherein the memory has further stored therein computer instructions that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (hardware configuration) of the target host from a trusted platform module . |
GB2423168A CLAIM 1 CLAIMS : 1 . A system for maintaining virtual machines of a virtual data center , the system comprising : global data operable to store plural virtual machines ; plural virtual machines stored in the global data , each virtual machine having a hardware configuration (hardware configuration) and a software image , the software image having at least one application system preparation file ; an application read only image stored in the global data ; plural processing components operable to run the virtual machines ; and a resource virtualization engine operable to run a virtual machine instance on the processing components by populating the application read only image with the application system preparation file to generate a runtime instance of the application . |
| US9678774B2 CLAIM 13 . The computing system of claim 9 , wherein the information comprises a hash of an operating system (operating system) of the target host and a private key . |
GB2423168A CLAIM 2 . The system of Claim I wherein the application comprises an operating system (operating system) . |
| US9678774B2 Filed: 2012-03-08 Issued: 2017-06-13 Secure migration of virtual machines (Original Assignee) Empire Technology Development LLC (Current Assignee) INVINCIBLE IP LLC Oscar Khesin | US20070180509A1 Filed: 2006-01-11 Issued: 2007-08-02 Practical platform for high risk applications (Original Assignee) Swartz Alon R; Liraz Siri Alon Swartz, Liraz Siri |
|---|---|
| US9678774B2 CLAIM 1 . A method , comprising : receiving , at a computing device (output interfaces) , a request to migrate a virtual machine from a source host (wireless local area network) to a target host ; determining , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allowing , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , denying , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070180509A1 CLAIM 2 . The method of claim 1 , wherein the network includes a computer communication component selected from the group consisting of : a local area network ; a wireless local area network (source host) (WLAN) ; a wide area network (WAN) ; a telephone network ; an intranet ; and the internet . US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . |
| US9678774B2 CLAIM 2 . The method of claim 1 , wherein the hidden process is configured to run on the computing device (output interfaces) . |
US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . |
| US9678774B2 CLAIM 4 . The method of claim 1 , further comprising responsive to a determination that a configuration of the target host is other than a proper hardware configuration (client software) , denying , via the hidden process , the migration of the virtual machine from the source host (wireless local area network) to the target host . |
US20070180509A1 CLAIM 1 . A method for securing the client side of a transaction between a client and a service provider through a network comprising providing the client with an apparatus that a computer can boot from in order to provide an independent operating system environment , the apparatus comprising : (a) a portable non-volatile memory element ; (b) an operating system environment stored on the portable non-volatile memory element ; (c) the operating system environment including client software (hardware configuration) for interfacing with the service provider to perform the transaction , wherein the client software is configured to encrypt communication with the service provider ; and (d) a bootloader for booting the operating system environment from the portable non-volatile memory element . US20070180509A1 CLAIM 2 . The method of claim 1 , wherein the network includes a computer communication component selected from the group consisting of : a local area network ; a wireless local area network (source host) (WLAN) ; a wide area network (WAN) ; a telephone network ; an intranet ; and the internet . |
| US9678774B2 CLAIM 5 . The method of claim 4 , further comprising determining , via the hidden process , whether the configuration of the target host is the proper hardware configuration (client software) . |
US20070180509A1 CLAIM 1 . A method for securing the client side of a transaction between a client and a service provider through a network comprising providing the client with an apparatus that a computer can boot from in order to provide an independent operating system environment , the apparatus comprising : (a) a portable non-volatile memory element ; (b) an operating system environment stored on the portable non-volatile memory element ; (c) the operating system environment including client software (hardware configuration) for interfacing with the service provider to perform the transaction , wherein the client software is configured to encrypt communication with the service provider ; and (d) a bootloader for booting the operating system environment from the portable non-volatile memory element . |
| US9678774B2 CLAIM 7 . The method of claim 6 , wherein the proper configuration includes positioning hardware (configuration data) or access to a positioning service . |
US20070180509A1 CLAIM 141 . The apparatus of claim 139 , wherein the application data that is migrated by the migration agent includes predetermined types of application content data and application configuration data (positioning hardware) . |
| US9678774B2 CLAIM 8 . A computing system (output interfaces) , comprising : a computing device (output interfaces) comprising one or more processor units ; and a memory communicatively coupled to the one or more processor units when the computing system is operational , the memory having stored therein computer instructions (lock device) that , in response to execution by the one or more processor units , cause performance of : in response to a request to migrate a virtual machine from a source host (wireless local area network) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070180509A1 CLAIM 2 . The method of claim 1 , wherein the network includes a computer communication component selected from the group consisting of : a local area network ; a wireless local area network (source host) (WLAN) ; a wide area network (WAN) ; a telephone network ; an intranet ; and the internet . US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . US20070180509A1 CLAIM 100 . The apparatus of claim 99 , wherein the persistent safe storage component includes a component for setting up the opaque container as a virtual block device (computer instructions) containing a filesystem . |
| US9678774B2 CLAIM 9 . The computing system (output interfaces) of claim 8 , wherein the memory has further stored therein computer instructions (lock device) that , in response to execution by the one or more processor units , cause performance of : verify whether the target host has a proper configuration based on information that indicates a hardware configuration (client software) of the target host . |
US20070180509A1 CLAIM 1 . A method for securing the client side of a transaction between a client and a service provider through a network comprising providing the client with an apparatus that a computer can boot from in order to provide an independent operating system environment , the apparatus comprising : (a) a portable non-volatile memory element ; (b) an operating system environment stored on the portable non-volatile memory element ; (c) the operating system environment including client software (hardware configuration) for interfacing with the service provider to perform the transaction , wherein the client software is configured to encrypt communication with the service provider ; and (d) a bootloader for booting the operating system environment from the portable non-volatile memory element . US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . US20070180509A1 CLAIM 100 . The apparatus of claim 99 , wherein the persistent safe storage component includes a component for setting up the opaque container as a virtual block device (computer instructions) containing a filesystem . |
| US9678774B2 CLAIM 10 . The computing system (output interfaces) of claim 9 , wherein the memory has further stored therein computer instructions (lock device) that , in response to execution by the one or more processor units , cause performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , prevent , via the hidden process , execution of the virtual machine on the target host . |
US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . US20070180509A1 CLAIM 100 . The apparatus of claim 99 , wherein the persistent safe storage component includes a component for setting up the opaque container as a virtual block device (computer instructions) containing a filesystem . |
| US9678774B2 CLAIM 11 . The computing system (output interfaces) of claim 9 , wherein the memory has further stored therein computer instructions (lock device) that , in response to execution by the one or more processor units , performance of : in response to a determination that the verified configuration of the target host is other than the proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (wireless local area network) to the target host . |
US20070180509A1 CLAIM 2 . The method of claim 1 , wherein the network includes a computer communication component selected from the group consisting of : a local area network ; a wireless local area network (source host) (WLAN) ; a wide area network (WAN) ; a telephone network ; an intranet ; and the internet . US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . US20070180509A1 CLAIM 100 . The apparatus of claim 99 , wherein the persistent safe storage component includes a component for setting up the opaque container as a virtual block device (computer instructions) containing a filesystem . |
| US9678774B2 CLAIM 12 . The computing system (output interfaces) of claim 9 , wherein the memory has further stored therein computer instructions (lock device) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , the information indicating the hardware configuration (client software) of the target host from a trusted platform module . |
US20070180509A1 CLAIM 1 . A method for securing the client side of a transaction between a client and a service provider through a network comprising providing the client with an apparatus that a computer can boot from in order to provide an independent operating system environment , the apparatus comprising : (a) a portable non-volatile memory element ; (b) an operating system environment stored on the portable non-volatile memory element ; (c) the operating system environment including client software (hardware configuration) for interfacing with the service provider to perform the transaction , wherein the client software is configured to encrypt communication with the service provider ; and (d) a bootloader for booting the operating system environment from the portable non-volatile memory element . US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . US20070180509A1 CLAIM 100 . The apparatus of claim 99 , wherein the persistent safe storage component includes a component for setting up the opaque container as a virtual block device (computer instructions) containing a filesystem . |
| US9678774B2 CLAIM 13 . The computing system (output interfaces) of claim 9 , wherein the information comprises a hash of an operating system of the target host and a private key . |
US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . |
| US9678774B2 CLAIM 14 . The computing system (output interfaces) of claim 8 , wherein the memory has further stored therein computer instructions (lock device) that , in response to execution by the one or more processor units , cause performance of : obtain , by the hidden process , information indicating the geographic location from at least one of a network device , a geolocation device , or a positioning service . |
US20070180509A1 CLAIM 70 . The apparatus of claim 31 , wherein the operating system environment includes a raw input output and memory protection component for preventing direct raw access to the operating system' ; s virtual memory and to the operating system' ; s hardware input output interfaces (computing device, computing system) . US20070180509A1 CLAIM 100 . The apparatus of claim 99 , wherein the persistent safe storage component includes a component for setting up the opaque container as a virtual block device (computer instructions) containing a filesystem . |
| US9678774B2 CLAIM 15 . A non-transitory computer-readable storage medium having stored therein processor-executable instructions that , in response to execution by one or more processor units , cause the one or more processor units to perform or control performance of : in response to receipt of a request to migrate a virtual machine from a source host (wireless local area network) to a target host , determine , via a hidden process , whether a geographic location of the target host is within a particular perimeter , wherein the hidden process is executable by the virtual machine ; and in response to a determination that the geographic location of the target host is within the particular perimeter , allow , via the hidden process , a migration of the virtual machine from the source host to the target host ; and in response to a determination that the geographic location of the target host is outside of the particular perimeter , deny , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070180509A1 CLAIM 2 . The method of claim 1 , wherein the network includes a computer communication component selected from the group consisting of : a local area network ; a wireless local area network (source host) (WLAN) ; a wide area network (WAN) ; a telephone network ; an intranet ; and the internet . |
| US9678774B2 CLAIM 17 . The computer-readable storage medium of claim 16 , wherein the processor-executable instructions further comprise instructions that , in response to execution by the one or more processor units , cause the one or more processor units to perform or control performance of : in response to a determination that the configuration of the target host is other than a proper configuration , deny , via the hidden process , the migration of the virtual machine from the source host (wireless local area network) to the target host ; and in response to a determination that the configuration of the target host is the proper configuration , allow , via the hidden process , the migration of the virtual machine from the source host to the target host . |
US20070180509A1 CLAIM 2 . The method of claim 1 , wherein the network includes a computer communication component selected from the group consisting of : a local area network ; a wireless local area network (source host) (WLAN) ; a wide area network (WAN) ; a telephone network ; an intranet ; and the internet . |
| US9678774B2 CLAIM 20 . The computer-readable storage medium of claim 18 , wherein the alert includes an email message (instant messaging, email service, mail server) . |
US20070180509A1 CLAIM 3 . The method of claim 1 , wherein the transaction between the client and the service provider includes operations selected from the group consisting of : performing a financial transaction ; accessing financial information ; accessing medical records ; accessing a virtual private network ; accessing a website ; accessing an intranet portal ; accessing a file server ; accessing a database ; accessing an email service (email message) ; accessing an instant messaging (email message) service ; accessing a voice over ip service ; accessing a project collaboration service ; accessing a source code repository ; accessing a terminal client server ; and accessing a custom application . US20070180509A1 CLAIM 143 . The apparatus of claim 139 , wherein the first software application is selected from the group consisting of : a web server ; a mail server (email message) ; a database server ; a file server ; a name server ; and a firewall . |