公开(公告)号：US09116737B2

公开(公告)日：2015-08-25

申请号：US13874298

申请日：2013-04-30

Applicant: VMware, Inc.

Inventor： Tejasvi Aswathanarayana ,  Komal Desai ,  Patrick William Penzias Dirks ,  Sujay Godbole ,  Jesse Pool ,  Ilia Sokolinski ,  Derek Uluski

IPC: G06F13/00 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20

CPC classification number: G06F9/45558 ,  G06F11/14 ,  G06F11/1448 ,  G06F11/1471 ,  G06F11/20 ,  G06F2009/45579 ,  G06F2201/815 ,  G06F2201/84

Abstract: A framework for converting between copy-on-write (COW) and redo-based technologies is disclosed. To take a virtual disk snapshot, disk descriptor files, which include metadata information about data stored in virtual volumes (vvols), are “swizzled” such that the descriptor file for a latest redo log, to which IOs are currently performed, points to the base vvol of a COW-based vvol hierarchy. A disk descriptor file previously associated with the base vvol may also be updated to point to the vvol newly created by the snapshot operation. To revert to an earlier disk state, a snapshot may be taken before copying contents of a snapshot vvol of the COW-based vvol hierarchy to a base vvol of the hierarchy, thereby ensuring that the reversion can be rolled back if it is unsuccessful. Reference counting is performed to ensure that vvols in the vvol hierarchy are not orphaned in delete and revert use cases. Differences between vvols in the COW-based vvol hierarchy are used to clone the hierarchy and to migrate the hierarchy to a redo-based disk hierarchy.

Abstract translation: 公开了一种用于在写时复制（COW）和重做技术之间进行转换的框架。 要获取虚拟磁盘快照，包含有关存储在虚拟卷（vvols）中的数据的元数据信息的磁盘描述符文件会“旋转”，以便当前执行IO的最新重做日志的描述符文件指向 基于COW的vvol层次结构的基础vvol。 以前与基本vvol相关联的磁盘描述符文件也可以被更新为指向由快照操作新创建的vvol。 要恢复到较早的磁盘状态，可能会在将基于COW的vvol层次结构的快照vvol的内容复制到层次结构的基础vvol之前进行快照，从而确保如果不成功可以回退。 执行引用计数以确保vvol层次结构中的vvols在删除和还原用例中不会成为孤立的。 基于COW的vvol层次结构中的vvols之间的差异用于克隆层次结构，并将层次结构迁移到基于重做的磁盘层次结构。

公开(公告)号：US11799670B2

公开(公告)日：2023-10-24

申请号：US17119068

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455

CPC classification number: H04L9/3268 ,  G06F9/45558 ,  H04L9/3247 ,  G06F2009/4557 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

公开(公告)号：US11709700B2

公开(公告)日：2023-07-25

申请号：US17148445

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David A. Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

公开(公告)号：US11893410B2

公开(公告)日：2024-02-06

申请号：US17148428

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David A. Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: G06F9/455 ,  G06F9/50 ,  G06F21/53

CPC classification number: G06F9/45558 ,  G06F9/505 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes storing, in a trust authority, a pre-defined attestation report for a workload executing in a virtual machine (VM) managed by the virtualization layer, the pre-defined attestation report including a hash of at least a portion of an image of the VM; receiving, at the trust authority from a security module of a host in which the VM executes, an attestation report generated by measuring memory of the VM; comparing the attestation report with the pre-defined attestation report; and generating an indication of validity for the workload based on a result of the comparison.

公开(公告)号：US20220191046A1

公开(公告)日：2022-06-16

申请号：US17119068

申请日：2020-12-11

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: H04L9/32 ,  G06F9/455

Abstract: A framework is provided that assigns a digital certificate to each VM-based control plane element and computing node (i.e., worker VM) of a workload orchestration platform implemented in a virtualized environment, where the digital certificate is signed by a trusted entity and provides cryptographic proof that the control plane element/worker VM has been successfully attested by that trusted entity using hardware-based attestation. Each control plane element/worker VM is configured to verify the digital certificates of other platform components prior to communicating with those components. With these digital certificates in place, when an end-user submits to the platform's front-end control plane element a new workload for deployment, the end-user can verify the digital certificate of the front-end control plane element in order to be assured that the workload will be deployed and executed by the platform in a secure manner.

公开(公告)号：US10956041B2

公开(公告)日：2021-03-23

申请号：US14528276

申请日：2014-10-30

Applicant: VMware, Inc.

Inventor： Nishant Yadav ,  Jesse Pool ,  Li Zheng ,  Gabriel Tarasuk-Levin ,  Nick Michael Ryan

IPC: G06F3/06

Abstract: To create a backup of a live (running) virtual machine, a backup agent may take a snapshot of the virtual machine, backup the virtual machine from the snapshot disk, and delete the snapshot. Deleting the snapshot initiates a snapshot consolidation process where delta disks of the virtual machine are collapsed. A virtual disk layer sets up a mirror driver between a current virtual disk and a target virtual disk. Data sectors of the delta disk are copied over to the target virtual disk in a single pass, while the mirror driver mirrors write request for the current virtual disk to the target virtual disk.

公开(公告)号：US09053065B2

公开(公告)日：2015-06-09

申请号：US13710215

申请日：2012-12-10

Applicant: VMware, Inc.

Inventor： Alexander Thomas Garthwaite ,  Yury Baskakov ,  Irene Zhang ,  Kevin Scott Christopher ,  Jesse Pool

IPC: G06F12/00 ,  G06F12/16

CPC classification number: G06F12/16 ,  G06F9/45558 ,  G06F9/461 ,  G06F2009/45575 ,  G06F2009/45583

Abstract: A process for lazy checkpointing is enhanced to reduce the number of read/write accesses to the checkpoint file and thereby speed up the checkpointing process. The process for restoring a state of a virtual machine (VM) running in a physical machine from a checkpoint file that is maintained in persistent storage includes the steps of detecting access to a memory page of the virtual machine that has not been read into physical memory of the VM from the checkpoint file, determining a storage block of the checkpoint file to which the accessed memory page maps, writing contents of the storage block in a buffer, and copying contents of a block of memory pages that includes the accessed memory page from the buffer to corresponding locations of the memory pages in the physical memory of the VM. The storage block of the checkpoint file may be compressed or uncompressed.

Abstract translation: 增强了用于延迟检查点的过程，以减少对检查点文件的读/写访问次数，从而加快了检查点处理过程。 从维护在持久存储器中的检查点文件恢复在物理机器中运行的虚拟机（VM）的状态的过程包括以下步骤：检测对尚未被读入物理存储器的虚拟机的存储器页面的访问 从所述检查点文件确定所述VM的存储块，确定所访问的存储器页映射到的所述检查点文件的存储块，将所述存储块的内容写入缓冲器，以及将包括所访问的存储器页的存储器页块的内容从 缓冲区到VM的物理内存中的内存页的相应位置。 检查点文件的存储块可以被压缩或未压缩。

公开(公告)号：US10585690B2

公开(公告)日：2020-03-10

申请号：US15282740

申请日：2016-09-30

Applicant: VMware, Inc.

Inventor： Mohammed Junaid Ahmed ,  Nishant Yadav ,  Jesse Pool

IPC: G06F9/455

Abstract: One or more embodiments provide techniques for promoting a linked clone virtual machine to a full clone virtual machine. In one embodiment, a method includes receiving an instruction to promote the linked clone virtual machine to a full clone virtual machine. The method also includes creating a second base disk for the linked clone virtual machine. The method includes installing a mirror driver between the first delta disk and the second base disk. The method includes copying the contents of the first delta disk to the second base disk with the mirror driver. After the contents of the first delta disk have been copied to the second base disk, the method includes removing the mirror driver and operating the linked clone virtual machine as a full clone virtual machine on the second base disk.

公开(公告)号：US09575658B2

公开(公告)日：2017-02-21

申请号：US14656152

申请日：2015-03-12

Applicant: VMware, Inc.

Inventor： Christoph Klee ,  Adrian Drzewiecki ,  Jesse Pool ,  Nishant Yadav

IPC: G06F12/00 ,  G06F3/06 ,  G06F17/30

CPC classification number: G06F3/0604 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/0673 ,  G06F17/30171 ,  G06F17/30233

Abstract: A method for opening a virtual disk comprises reading information from a metadata file that identifies the current owner of the virtual disk. The method further includes sending a release request to the current owner of the virtual disk to release the virtual disk, writing information to the metadata file identifying the new owner, and then opening the virtual disk.

Abstract translation: 用于打开虚拟磁盘的方法包括从识别虚拟磁盘的当前所有者的元数据文件读取信息。 该方法还包括向虚拟磁盘的当前所有者发送释放请求以释放虚拟磁盘，向识别新所有者的元数据文件写入信息，然后打开虚拟磁盘。

公开(公告)号：US09454489B2

公开(公告)日：2016-09-27

申请号：US14802839

申请日：2015-07-17

Applicant: VMware, Inc.

Inventor： Kiran Tati ,  Gabriel Tarasuk-Levin ,  Ka Wing Ho ,  Jesse Pool

IPC: G06F12/08 ,  G06F12/10 ,  G06F9/455

CPC classification number: G06F12/0882 ,  G06F9/45558 ,  G06F12/08 ,  G06F12/10 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2212/1008 ,  G06F2212/151 ,  G06F2212/654 ,  G06F2212/657

Abstract: When a request is made to retrieve a guest physical page from memory and a page fault occurs, a guest virtual page address that corresponds to the guest physical page is identified along with addresses for guest virtual pages that are near the guest virtual page in the virtual address space. Each identified guest virtual page address is translated into a corresponding guest physical page address and the corresponding guest physical pages are loaded into memory.