公开(公告)号：US10404520B2

公开(公告)日：2019-09-03

申请号：US13904756

申请日：2013-05-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： David Matthew Kruse ,  Lars Reuther ,  Kevin Michael Broas

IPC: G06F9/54 ,  G06F9/455 ,  H04L29/06 ,  H04L29/08

Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.

公开(公告)号：US09996384B2

公开(公告)日：2018-06-12

申请号：US15360011

申请日：2016-11-23

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Robert Bradley Bennett ,  René A. Vega ,  Shuvabrata Ganguly ,  Matthew Douglas Hendel ,  Rajesh Natvarlal Davé ,  Lars Reuther ,  Tamás Gál ,  Yuan Zheng

IPC: G06F9/455 ,  G06F9/48 ,  G06F9/50 ,  G06F3/06

CPC classification number: G06F9/45558 ,  G06F3/0604 ,  G06F3/0647 ,  G06F3/0664 ,  G06F3/0683 ,  G06F9/4856 ,  G06F9/5055 ,  G06F2009/4557

Abstract: Described is a technology by which a virtual machine may be safely migrated to a computer system with a different platform. Compatibility of the virtual machine may be checked by comparing the virtual machine's capabilities against those of the new platform. To ensure compatibility, when created the virtual machine may have its capabilities limited by the lowest common capabilities of the different platforms available for migration. Computer systems may be grouped into migration pools based upon similar capabilities, and/or a virtual machine may be mapped to certain computer systems based upon capabilities needed by that virtual machine, such as corresponding to needed performance, fault tolerance and/or flexibility.

公开(公告)号：US20170286153A1

公开(公告)日：2017-10-05

申请号：US15189557

申请日：2016-06-22

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yevgeniy M. Bak ,  Lars Reuther ,  Kevin M. Broas ,  Mehmet Iyigun ,  Hari R. Pulapaka ,  Morakinyo Korede Olugbade ,  Benjamin M. Schultz

IPC: G06F9/48 ,  G06F9/54 ,  G06F9/455

CPC classification number: G06F9/485 ,  G06F9/45558 ,  G06F9/5022 ,  G06F9/542 ,  G06F2009/45583

Abstract: An operating system running on a computing device uses containers for hardware resource partitioning. Using the techniques discussed herein, pausing and resuming of containers is managed to reduce the pressure a container exerts on system resources when paused. Resuming of containers can further be managed to reduce the startup time for containers. This managing of containers can implemented various different techniques, such as stopping scheduling of virtual processors, stopping scheduling of processes or threads, compressing memory, swapping pages of memory for the container to a page file on a hard drive, and so forth.

公开(公告)号：US20170109240A1

公开(公告)日：2017-04-20

申请号：US15219958

申请日：2016-07-26

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Angshuman Bezbaruah ,  Lars Reuther ,  Taylor O'Neil Brown ,  John Andrew Starks

IPC: G06F11/14 ,  G06F3/06 ,  G06F9/455

CPC classification number: G06F11/1451 ,  G06F3/0619 ,  G06F3/065 ,  G06F3/067 ,  G06F9/45558 ,  G06F11/1446 ,  G06F2009/45579 ,  G06F2009/45591 ,  G06F2201/815 ,  G06F2201/84

Abstract: A computer system maintains identifiers that identify changed blocks of virtual machine (VM) storage. The computer system accesses a stable VM checkpoint comprising a restorable VM image at a time, and that stores a representation of data of at least one block as it existed at the time. The computer system converts the checkpoint to a reference point. Reference point information is transferable with the VM, such that if the VM is moved to a different computing system, any data identified by the reference point is recoverable. The conversion includes querying the storage to determine an identifier corresponding to the block of the checkpoint at the time, storing this identifier as a part of the reference point, and releasing the representation of the data of the block from the checkpoint. The computer system then uses the reference point to identify changes in the blocks of the storage since the time.

公开(公告)号：US20170075716A1

公开(公告)日：2017-03-16

申请号：US15360011

申请日：2016-11-23

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Robert Bradley Bennett ,  René A. Vega ,  Shuvabrata Ganguly ,  Matthew Douglas Hendel ,  Rajesh Natvarlal Davé ,  Lars Reuther ,  Tamás Gál ,  Yuan Zheng

IPC: G06F9/455 ,  G06F9/48 ,  G06F3/06

CPC classification number: G06F9/45558 ,  G06F3/0604 ,  G06F3/0647 ,  G06F3/0664 ,  G06F3/0683 ,  G06F9/4856 ,  G06F9/5055 ,  G06F2009/4557

Abstract: Described is a technology by which a virtual machine may be safely migrated to a computer system with a different platform. Compatibility of the virtual machine may be checked by comparing the virtual machine's capabilities against those of the new platform. To ensure compatibility, when created the virtual machine may have its capabilities limited by the lowest common capabilities of the different platforms available for migration. Computer systems may be grouped into migration pools based upon similar capabilities, and/or a virtual machine may be mapped to certain computer systems based upon capabilities needed by that virtual machine, such as corresponding to needed performance, fault tolerance and/or flexibility.

Abstract translation: 描述了可以将虚拟机安全迁移到具有不同平台的计算机系统的技术。 可以通过将虚拟机的功能与新平台的功能进行比较来检查虚拟机的兼容性。 为了确保兼容性，创建虚拟机时，其功能可能受到可用于迁移的不同平台最低的常见功能的限制。 可以基于类似的能力将计算机系统分组到迁移池中，和/或可以基于虚拟机所需的能力（例如对应于所需的性能，容错和/或灵活性）将虚拟机映射到某些计算机系统。

公开(公告)号：US12158980B2

公开(公告)日：2024-12-03

申请号：US17459445

申请日：2021-08-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ronald Aigner ,  Giridhar Viswanathan ,  Lars Reuther ,  Alvin Morales Caro ,  David Kimler Altobelli ,  Dan Ma

IPC: G06F21/78 ,  H04L9/08 ,  H04L9/32

Abstract: Distributed security key management for protecting roaming data via a trusted platform module is performed by systems that include first and second processors, and first and second respective hardware security modules. The first security module encrypts a security key using a public key from the second security module, and the encrypted security key is provided to the second security module. A virtual machine (VM) executed by the first processor has a first virtual security module instance having state data that includes a storage key encrypting VM virtual disk data and that is encrypted with the security key. When a transfer condition is determined, the VM is transferred and executed by the second processor, using a second virtual security module instance, based on decrypting the security key by the second security module using a private key and decrypting the state data for the second virtual security module using the security key.

公开(公告)号：US10826749B2

公开(公告)日：2020-11-03

申请号：US16437928

申请日：2019-06-11

Applicant: Microsoft Technology Licensing, LLC

Inventor： David Matthew Kruse ,  Lars Reuther ,  Kevin Michael Broas

IPC: H04L29/06 ,  G06F9/54 ,  G06F9/455 ,  H04L29/08

Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.

公开(公告)号：US20190114095A1

公开(公告)日：2019-04-18

申请号：US16020820

申请日：2018-06-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Dustin L. Green ,  Jacob K. Oshins ,  Lars Reuther

IPC: G06F3/06 ,  H04L29/08 ,  G06F9/455 ,  G06F11/20

Abstract: Described is a technology by which a virtual hard disk is migrated from a source storage location to a target storage location without needing any shared physical storage, in which a machine may continue to use the virtual hard disk during migration. This facilitates use the virtual hard disk in conjunction with live-migrating a virtual machine. Virtual hard disk migration may occur fully before or after the virtual machine is migrated to the target host, or partially before and partially after virtual machine migration. Background copying, sending of write-through data, and/or servicing read requests may be used in the migration. Also described is throttling data writes and/or data communication to manage the migration of the virtual hard disk.

公开(公告)号：US10025509B2

公开(公告)日：2018-07-17

申请号：US14789860

申请日：2015-07-01

Applicant: Microsoft Technology Licensing, LLC

Inventor： Dustin L. Green ,  Jacob K. Oshins ,  Lars Reuther

IPC: G06F3/06 ,  G06F11/20 ,  G06F9/455 ,  H04L29/08

Abstract: Described is a technology by which a virtual hard disk is migrated from a source storage location to a target storage location without needing any shared physical storage, in which a machine may continue to use the virtual hard disk during migration. This facilitates use the virtual hard disk in conjunction with live-migrating a virtual machine. Virtual hard disk migration may occur fully before or after the virtual machine is migrated to the target host, or partially before and partially after virtual machine migration. Background copying, sending of write-through data, and/or servicing read requests may be used in the migration. Also described is throttling data writes and/or data communication to manage the migration of the virtual hard disk.

公开(公告)号：US20170353496A1

公开(公告)日：2017-12-07

申请号：US15171917

申请日：2016-06-02

Applicant: Microsoft Technology Licensing, LLC

Inventor： Navin Narayan Pai ,  Charles G. Jeffries ,  Giridhar Viswanathan ,  Benjamin M. Schultz ,  Frederick J. Smith ,  Lars Reuther ,  Michael B. Ebersol ,  Gerardo Diaz Cuellar ,  Ivan Dimitrov Pashov ,  Poornananda R. Gaddehosur ,  Hari R. Pulapaka ,  Vikram Mangalore Rao

IPC: H04L29/06 ,  H04L12/46 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06F21/53 ,  H04L12/4641 ,  H04L63/08 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  H04L67/02

Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.