157 results about "Hardware virtualization" patented technology

A data center has several dis-aggregated data clusters that connect to the Internet through a firewall and load-balancer. Each dis-aggregated data cluster has several dis-aggregated compute/switch/disk chassis that are connected together by a mesh of Ethernet links. Each dis-aggregated compute/switch/disk chassis has many processing nodes, disk nodes, and I/O nodes on node cards that are inserted into the chassis. These node cards are connected together by a direct interconnect fabric. Using the direct interconnect fabric, remote I/O and disk nodes appear to the operating system to be located on the local processor's own peripheral bus. A virtual Ethernet controller and a virtual generic peripheral act as virtual endpoints for the local processor's peripheral bus. I/O and disk node peripherals are virtualized by hardware without software drivers. Rack and aggregation Ethernet switches are eliminated using the direct interconnect fabric, which provides a flatter, dis-aggregated hierarchy.

A computing device hosts a virtual machine executing a guest that issues guest hardware requests by way of any of a plurality of paths. Such paths include a path to non-existent virtual hardware, where an emulator intercepts and processes such guest hardware request with a corresponding actual hardware command; a path to an instantiated operating system, where the instantiated operating system processes each such guest hardware request with a corresponding actual hardware request; and a path to device hardware, where the device hardware directly processes each such guest hardware request.

The present invention provides a cluster load balancing method transparent to an operation system. Main functional modules comprise a load balancing module, a processor migrating module and a communication module. The method is characterized by comprising the following steps: 1, driving a virtual processor to migrate; 2, driving balance migration; 3, sending a migrating request to a target node and negotiating; 4, storing and restoring a state of the virtual processor; and 5, communicating. The method better solves the problem of low resource utilization rate of a cluster system. Along with the development of more popularization of the cluster system and the continuous development of hardware virtualization technology in the future, the method can be a good solution for the low resource utilization rate of the cluster system and has good application prospect.

Embodiments of the present invention provide an architecture for securely and efficiently executing byte code generated from a general programming language. In particular, a computer system is divided into a hierarchy comprising multiple types of virtual machines. A thin layer of software, known as a virtual machine monitor, virtualizes the hardware of the computer system and emulates the hardware of the computer system to form a first type of virtual machine. This first type of virtual machine implements a virtual operating domain that allows running its own operating system. Within a virtual operating domain, a byte code interpreter may further implement a second type of virtual machine that executes byte code generated from a program written in a general purpose programming language. The byte code interpreter is incorporated into the operating system running in the virtual operating domain. The byte code interpreter implementing the virtual machine that executes byte code may be divided into a kernel component and one or more user level components. The kernel component of the virtual machine is integrated into the operating system kernel. The user level component provides support for execution of an applet and couples the applet to the operating system. In addition, an operating system running in a virtual operating domain may be configured as a special purpose operating system that is optimized for the functions of a particular byte code interpreter.

A multi-computer system has many processors that share peripherals. The peripherals are virtualized by hardware without software drivers. Remote peripherals appear to the operating system to be located on the local processor's own peripheral bus. A processor, DRAM, and north bridge connect to a south bridge interconnect fabric chip that has a virtual Ethernet controller and a virtual generic peripheral that act as virtual endpoints for the local processor's peripheral bus. Requests received by the virtual endpoints are encapsulated in interconnect packets and sent over an interconnect fabric to a device manager that accesses remote peripherals on a shared remote peripheral bus so that data can be returned. Ethernet Network Interface Cards (NIC), hard disks, consoles, and BIOS are remote peripherals that can be virtualized. Processors can boot entirely from the remote BIOS without additional drivers or a local BIOS. Peripheral costs are reduced by sharing remote peripherals.

Embodiments of the present invention provide an architecture for securely and efficiently executing byte code generated from a general programming language. In particular, a computer system is divided into a hierarchy comprising multiple types of virtual machines. A thin layer of software, known as a virtual machine monitor, virtualizes the hardware of the computer system and emulates the hardware of the computer system to form a first type of virtual machine. This first type of virtual machine implements a virtual operating domain that allows running its own operating system. Within a virtual operating domain, a byte code interpreter may further implement a second type of virtual machine that executes byte code generated from a program written in a general purpose programming language. The byte code interpreter is incorporated into the operating system running in the virtual operating domain. In addition, an operating system running in a virtual operating domain may be configured as a special purpose operating system that is optimized for the functions of a particular byte code interpreter.

Hardware virtualization support is used to isolate kernel extensions. A kernel and various kernel extensions are executed in a plurality of hardware protection domains. Each hardware protection domain defines computer resource privileges allowed to code executing in that hardware protection domain. Kernel extensions execute with appropriate computer resource privileges to complete tasks without comprising the stability of the computer system.

A method and apparatus for managing simultaneous virtual connections with multiple wireless networks. A plurality of ports in a hardware driver may be each associated with a corresponding wireless network and maintain a unique MAC state relative to other ports. Each port may have a corresponding virtual NIC that communicates directly with the radio hardware via a hardware virtualization layer that multiplexes communication between the virtual NICs and the radio hardware. Simultaneous virtual connections may be made with one or more infrastructure networks or adhoc networks, and/or the computer may function as an access point for one or more of the networks.

A virtualizer system based on processor virtualization technology consists of processor with virtualization technique, bottom layer hardware, virtualizer monitor and a numbers of virtual operation system. It is featured as switching in one end of virtualizer monitor to various virtual operation systems through virtual hardware platform interface and another end to said bottom layer hardware device except processor and connecting various operation systems directly to processor.

Provided is a magnetic disc file operation monitoring system based on Xen hardware full virtualization. The magnetic disc file operation monitoring system comprises a supervision module, an information sending module, a monitoring module and a safety module. The supervision module obtains behavior information through interception of magnetic disc file operations of a full-virtualization user operation system so as to achieve the purpose of supervision. The information sending module and the monitoring module enable the behavior information to be transmitted from a domU to a domO. The safety module guarantees operation safety of the information sending module and the monitoring module. The invention provides a monitoring method which includes the steps of intercepting and replacing call of the magnetic disc file operation system in full virtualization, determining types of monitored files, determining whether the files need to be monitored in the operation process, comprehensively determining whether a behavior needs to be monitored according to operation types, the file types and process information, obtaining the behavior information, obtaining an operation target absolute path, sending information, performing information monitoring, and detecting whether the supervision module and the information sending module are attacked when codes are operated, wherein the supervision module and the information sending module are operated under the domU. According to the magnetic disc file operation monitoring system and the monitoring method based on Xen hardware virtualization, real-time monitoring is achieved, and I/O efficiency of an Xen full-virtualization network is improved.

In one implementation, a host provides virtualized computing to one or more customer networks. The virtualized computing may include hardware virtualization quantified in the resources of the virtual machines, services virtualization quantified in the quantity or types of services performed on host, or processing virtualization quantified by process occurrences. When the host receives a request for computing virtualization from a user device, the host derives an authentication value and accesses a virtualization service level from a memory. The host is configured to deliver the computing virtualization to the user device according the virtualization service level.

The invention relates to a method for protecting the interaction integrity and confidentiality of a trusted application and a common application. The method comprises the following steps: establishingmemory isolation between a kernel of a rich execution environment and an application by using a virtualization technology; by means of a virtual machine monitor and hardware virtualization support, operations of system calling, interruption and memory page swap-in and swap-out are transparently processed under the condition that a kernel and application codes are not modified; and establishing atrusted application and common application interaction library which is compatible with the original system and is not supported by the kernel drive. Compared with the prior art, the method has the advantages that multiple threads of hardware are supported, the kernel of the rich execution environment does not need to be modified, and more complete protection can be provided for common application.

A system and method for providing hardware virtualization and resource management in a virtual machine environment. In accordance with an embodiment, an application server environment includes a computer system, application server, and virtual machine (for example, a Java Virtual Machine or JVM). In accordance with an embodiment, a virtualization layer is provided at each physical machine, including a hypervisor for partitioning virtual machines over the machine. An execution layer runs a single Java-based application, focusing on running that application as efficiently as possible. In accordance with another embodiment, the system comprises two main components: a lower-level, execution environment that replaces the usual operating system; and a higher-level, resource broker that is responsible for handing out new virtual machines to the above layers, and for monitoring the current resource usage of the running virtual machines.

The invention discloses a shared library isolation protection method based on the hardware virtualization technology. The method includes a novel application address space model is provided, and the memory mapping relationship between an application and a shared library can be more accurately and clearly described; according to the address space model, an isolation mechanism based on the hardware virtualization technology is provided, and the shared library can be efficiently placed in the other isolated address space; an isolated address space interactive control mechanism is provided, the address space is switched when the shared library is in normal interaction with other modules, and at the same time, malicious code execution and data access behaviors occurring during the operation of the shared library are detected. Accordingly, a corresponding system is also provided. The method is suitable for safety isolation and protection of a series of standard and commercial shared libraries, and can avoid the security threats caused by application vulnerabilities to the shared libraries.

The invention provides a password protection system based on hardware virtualization, which aims at the current situation that a traditional password protection system cannot defend an inner nuclear layer rootkit. The password protection system based on hardware virtualization deploys a password protection module and a scheduling management module in an inner nuclear layer of an operation system, provides a safe input environment and an interactive interface, and simultaneously deploys an instruction intercepting module and an inner core protection module in a manager layer of a virtual machine. The instruction intercepting module is used for intercepting privileged instructions, and transmitting the current privileged instruction information to the inner core protection module so as to lead an execution flow path to enter a manger of the virtual machine from the inner nuclear layer of the operation system. The inner core protection module prevents the rootkit from randomly modifying nuclear data and service in the operation system, and guarantees password protection in the inner nuclear layer of the operation system. The password protection system based on hardware virtualization moves a trusted computing base (TCB) from the inner nuclear layer of the operation system to the manager layer of the virtual machine, thereby achieving lower level and higher safety.

Aspects relate to Input/Output (IO) Memory Management Units (MMUs) that include hardware structures for implementing virtualization. Some implementations allow guests to setup and maintain device IO tables within memory regions to which those guests have been given permissions by a hypervisor. Some implementations provide hardware page table walking capability within the IOMMU, while other implementations provide static tables. Such static tables may be maintained by a hypervisor on behalf of guests. Some implementations reduce a frequency of interrupts or invocation of hypervisor by allowing transactions to be setup by guests without hypervisor involvement within their assigned device IO regions. Devices may communicate with IOMMU to setup the requested memory transaction, and completion thereof may be signaled to the guest without hypervisor involvement. Various other aspects will be evident from the disclosure.