1407 results about "Hypervisor" patented technology

A method for making a hypermedium page interactive, the hypermedium page displayed by a network browser, includes the step of selecting a hyperlink on the hypermedium page displayed on a client machine, the hyperlink identifying a desired computing resource. A hyperlink configuration file is retrieved, the hyperlink configuration file corresponding to the hyperlink and identifying a server machine. A client agent is started on the client machine. The client agent creates, via a terminal services session, a communication link to a virtual machine executing on the server identified by the hyperlink configuration file, the virtual machine executed by a hypervisor executing in the terminal services session provided by an operating system executing on the server. The client agent receives data from the virtual machine and displays, on the client machine, the received data without intervention by the network browser.

A platform, method, and computer program product, provides virtual machine technology within a processing platform. A computing platform automatically deploys one or more servers in response to receiving corresponding server specifications. Each server specification identifies a server application that a corresponding server should execute and defines communication network and storage network connectivity for the server. The platform includes a plurality of processor nodes and virtual machine hypervisor. The virtual machine hypervisor logic has logic for instantiating and controlling the execution of one or more guest virtual machines on a computer processor. In response to interpreting the server specification, control software deploys computer processors or guest virtual machines to execute the identified server application and automatically configures the defined communication network and storage network connectivity to the selected computer processors or guest virtual machines to thereby deploy the server defined in the server specification.

Backup systems and methods are disclosed for a virtual computing environment. Certain examples include a system having a backup management server that communicates with a host server having at least one virtual machine. The management server coordinates with the host server to perform backup copies of entire virtual machine disks from outside the guest operating system of the virtual machine. In certain examples, such backup systems further utilize a volume shadow copy service executing on the host server to quiesce virtual machine applications to put data in a consistent state to be backed up. The backup system then utilizes hypervisor snapshot capabilities of the host server to record intended changes to the virtual machine disk files while such files are being copied (e.g., backed up) by the host server. Such recorded changes can be later committed to the virtual machine disk files once the backup operation has completed.

Embodiments of the present invention provide a cloud gateway system, a cloud hypervisor system, and methods for implementing same. The cloud gateway system extends the security, manageability, and quality of service membrane of a corporate enterprise network into cloud infrastructure provider networks, enabling cloud infrastructure to be interfaced as if it were on the enterprise network. The cloud hypervisor system provides an interface to cloud infrastructure provider management systems and infrastructure instances that enables existing enterprise systems management tools to manage cloud infrastructure substantially the same as they manage local virtual machines via common server hypervisor APIs.

A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event. Lightweight, run-time attestation reports are generated which include selected information about software modules executed by the processors, for use in determining whether the processor is trusted to provide secure services.

An electronic system (1400) includes a processor (1422, 2610) having a pipeline, a bus (2655) coupled to the pipeline, a storage (1435, 1440, 2650) coupled to the bus (2655), the storage (1435, 2650) having a real time operating system (RTOS) and a real-time application, a non-real-time operating system (HLOS), a secure environment kernel (SE), and a software monitor (2310); and protective circuitry (2460) coupled to the processor and operable to establish a first signal (VP1_Active) and a second signal (NS) each having states and together having combinations of the states representing a first category (2430) for the real-time operating system and the real-time application, a second category (2420) for the non-real-time operating system, and a third category (2450) for the secure environment kernel.

The present invention is directed towards methods and systems for redirecting an access request to an unsecure virtual machine. A computing device may execute a hypervisor hosting a secure virtual machine and an unsecure virtual machine. A control virtual machine, hosted by a hypervisor executing on the computing device, may intercept a request to access an unsecure resource. The unsecure resource may include one of: a file, an application and an uniform resource locator (URL). The control virtual machine may further determine that the request originates from a secure virtual machine executing on the computing device. The control virtual machine may redirect, responsive to the determination, the request to an unsecure virtual machine executing on the computing device, whereupon the unsecure virtual machine may provide access to the requested unsecure resource.

A virtualization infrastructure that allows multiple guest partitions to run within a host hardware partition. The host system is divided into distinct logical or virtual partitions and special infrastructure partitions are implemented to control resource management and to control physical I/O device drivers that are, in turn, used by operating systems in other distinct logical or virtual guest partitions. Host hardware resource management runs as a tracking application in a resource management “ultravisor” partition, while host resource management decisions are performed in a higher level command partition based on policies maintained in a separate operations partition. The conventional hypervisor is reduced to a context switching and containment element (monitor) for the respective partitions, while the system resource management functionality is implemented in the ultravisor partition. The ultravisor partition maintains the master in-memory database of the hardware resource allocations and serves a command channel to accept transactional requests for assignment of resources to partitions. It also provides individual read-only views of individual partitions to the associated partition monitors. Host hardware I/O management is implemented in special redundant I/O partitions. Operating systems in other logical or virtual partitions communicate with the I/O partitions via memory channels established by the ultravisor partition. The guest operating systems in the respective logical or virtual partitions are modified to access monitors that implement a system call interface through which the ultravisor, I/O, and any other special infrastructure partitions may initiate communications with each other and with the respective guest partitions. The guest operating systems are modified so that they do not attempt to use the “broken” instructions in the x86 system that complete virtualization systems must resolve by inserting traps.

A system and method for allocating resources in a cloud environment includes providing an abstraction layer between a cloud environment and one or more data centers by generating a virtual hypervisor as an application programming interface. Responsive to a workload request by the one or more data centers, resources are partitioned and virtual machines are instantiated in the one or more data centers using the virtual hypervisor such that non-functional requirements of the workload are addressed at the abstraction level using the virtual hypervisor.

A method and an apparatus of hypervisor level distributed load-balancing are disclosed. In one aspect, a method includes determining a location to direct a packet. The method also includes distributing the packet to process the packet through a processor. The method also includes assigning the packet to a guest such that a distribution of the packet to the guest is based on an algorithm. The method further includes altering a first destination address of the packet to a second destination address. The second destination address may be based on a virtual network interface of the guest. The method further includes convincing the guest the packet is from a virtual switch based on the second destination address. In addition, the method includes adjusting the distribution of the packet to the guest. The method also includes reducing a load of the guest through the adjustment.

A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.

A virtualization infrastructure that allows multiple guest partitions to run within a host hardware partition. The host system is divided into distinct logical or virtual partitions and special infrastructure partitions are implemented to control resource management and to control physical I/O device drivers that are, in turn, used by operating systems in other distinct logical or virtual guest partitions. Host hardware resource management runs as a tracking application in a resource management “ultravisor” partition, while host resource management decisions are performed in a higher level command partition based on policies maintained in a separate operations partition. The conventional hypervisor is reduced to a context switching and containment element (monitor) for the respective partitions, while the system resource management functionality is implemented in the ultravisor partition. The ultravisor partition maintains the master in-memory database of the hardware resource allocations and serves a command channel to accept transactional requests for assignment of resources to partitions. It also provides individual read-only views of individual partitions to the associated partition monitors. Host hardware I/O management is implemented in special redundant I/O partitions. A scalable partition memory mapping system is implemented in the ultravisor partition so that the virtualized system is scalable to a virtually unlimited number of pages. A log (2¹⁰) based allocation allows the virtual partition memory sizes to grow over multiple generations without increasing the overhead of managing the memory allocations. Each page of memory is assigned to one partition descriptor in the page hierarchy and is managed by the ultravisor partition.

Systems, methods, and computer program products are provided for instant recovery of a virtual machine (VM) from a compressed image level backup without fully extracting the image level backup file's contents to production storage. The method receives restore parameters and initializes a virtual storage. The method attaches the virtual storage to a hypervisor configured to launch a recovered VM. The method stores virtual disk data changes inflicted by a running operating system (OS), applications, and users in a changes storage. The method provides the ability to migrate the actual VM disk state (taking into account changed disk data blocks accumulated in changes storage) so as to prevent data loss resulting from the VM running during the recovery and accessing virtual storage, to production storage without downtime. In embodiments, the method displays receives restore parameters in an interactive interface and delivers the recovery results via an automated message, such as an email message.

This disclosure describes, generally, methods and systems for implementing transcendent page caching. The method includes establishing a plurality of virtual machines on a physical machine. Each of the plurality of virtual machines includes a private cache, and a portion of each of the private caches is used to create a shared cache maintained by a hypervisor. The method further includes delaying the removal of the at least one of stored memory pages, storing the at least one of stored memory pages in the shared cache, and requesting, by one of the plurality of virtual machines, the at least one of the stored memory pages from the shared cache. Further, the method includes determining that the at least one of the stored memory pages is stored in the shared cache, and transferring the at least one of the stored shared memory pages to the one of the plurality of virtual machines.

An untrusted component exposing a high level storage object interface within an untrusted client virtual machine accepts application level storage object operations. Responsive to a storage object operation, the untrusted component passes a message through the underlying hypervisor to an associated trusted component. The trusted component processes the message by authenticating the client virtual machine and locating an internal mapping between the client virtual machine and an associated customer-specific set of backend storage resources to which the requested storage object operation is to be applied. The trusted component uses a trust relationship with the backend storage system to securely communicate the storage object operation to the backend storage system, and passes the operation results through the hypervisor back to the untrusted component in the source client virtual machine from which the storage object request originated.

Long distance cloud migration (LDCM) to overcome the limitations faced by the cloud migration techniques over long distance, high speed WAN infrastructures. LDCM overcomes the negative effects of existing TCP/IP mechanisms on the efficient use of available bandwidth. LDCM also acts as an acceleration engine to optimize various hypervisor, storage and security applications.

A system, method, and program product is provided that executes a start sequence of an information handling system that includes a hardware based TPM. Multiple PCRs are stored in the TPM and are initialized to a predetermined state when the start sequence commences. During execution of the start sequence, software modules, including a hypervisor, are loaded the system's memory. PCR values resulting from the loading of the software modules are calculated. The resulting PCR values are compared with expected PCR values. If the PCR values match the expected PCR values, then a virtual environment is created under the hypervisor. The virtual environment includes a VM and a virtual trust platform module (vTPM) that is used by the virtual machine to satisfy the virtual machines TPM requests.

Systems and algorithm for controlling a virtualized computer service remotely through a client includes defining a virtual infrastructure in which a plurality of virtual machines are running on a hypervisor with at least one of the virtual machine executing an image processor algorithm. The image processor algorithm is configured to receive a connection request from the client for controlling the virtualized computer service (or simply, virtual service) available at a specific virtual machine. The request includes a plurality of connection parameters that describe the connection requirements of the client and is received at the virtual machine that is equipped with the image processor algorithm. The connection parameters are interrogated using the image processor algorithm to identify a specific virtual machine that provides the requested virtualized computer service. A framebuffer data for the identified virtual machine located in virtual memory is accessed and read directly through a hypervisor. The framebuffer data is processed into a plurality of image data packets using the image processor algorithm and transmitted to the client for presenting on a display device associated with the client. The image data packet grammar is tailored to the client and represents an image of the virtual machine display for the identified virtual machine.

Hypervisor-based intrusion prevention platform is provided. The hypervisor-based intrusion prevention platform comprises a virtual network intrusion prevention system (vIPS) framework which obtains internal information of a virtualization system from a hypervisor and performs security control on the hypervisor in response to the result of intrusion detection carried out by using the internal information of the virtualization system, a hypervisor security application programming interface (API) module which provides an API used by the vIPS framework to access the hypervisor, an administrator account management and authentication module which manages an administrator account of a vIPS and authenticates the administrator account, an environment setting management module which manages environment setting values of modules within the vIPS, and an external interface module which provides an interface for system control and security control.

A hardware switch for use with hypervisors and blade servers is disclosed. The hardware switch enables switching to occur between different guest OSs running in the same server, or between different servers in a multi-root IOV system, or between different guest OSs running in the same server in single-root IOV systems. Whether embedded in a host bus adapter (HBA), converged network adapter (CNA), network interface card (NIC) or other similar device, the hardware switch can provide fast switching with access to and sharing of at least one external network port such as a Fibre Channel (FC) port, 10 Gigabit Ethernet (10 GbE) port, FC over Ethernet (FCOE) port, or other similar port. The hardware switch can be utilized when no hypervisor is present or when one or more servers have hypervisors, because it allows for switching (e.g. Ethernet switching) between the OSs on a single hypervisor.