公开(公告)号：US20230229476A1

公开(公告)日：2023-07-20

申请号：US17580488

申请日：2022-01-20

Applicant: VMware, Inc.

Inventor： Brian Masao OKI ,  Ramsés V. MORALES ,  Adrian DRZEWIECKI ,  Konstantinos ROUSSOS ,  Olivier Alain CREMEL

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/4557

Abstract: An example method of deploying a virtual machine (VM) in a software-defined data center (SDDC) includes: receiving a VM specification for the VM at an elastic control plane executing in a cluster of hosts having a virtualization layer; composing, by the elastic control plane in response to the VM specification, logical resources of the cluster managed by the virtualization layer; composing, by the elastic control plane, physical resources of the SDDC to add new hardware to the cluster; expanding, by the elastic control plane, the logical resources with new logical resources managed by the virtualization layer and backed by the new hardware; and deploying, by the elastic control plane, the VM in a virtual environment composed from the logical resources as expanded.

公开(公告)号：US20230153106A1

公开(公告)日：2023-05-18

申请号：US18150224

申请日：2023-01-05

Applicant: VMware, Inc.

Inventor： Tobias Franz Rolf STUMPF ,  Ashish KAILA ,  Adrian DRZEWIECKI ,  Vishnu Mohan SEKHAR ,  Stanley ZHANG

IPC: G06F8/656 ,  G06F9/48 ,  G06F9/455 ,  G06F21/60 ,  G06F12/0815

CPC classification number: G06F8/656 ,  G06F9/4856 ,  G06F9/4555 ,  G06F21/604 ,  G06F12/0815 ,  G06F9/45558 ,  G06F2212/1032 ,  G06F2221/2113 ,  G06F2009/45583 ,  G06F9/4401

Abstract: The disclosure provides an approach for a non-disruptive system upgrade. Embodiments include installing an upgraded version of an operating system (OS) on a computing system while a current version of the OS continues to run. Embodiments include entering a maintenance mode on the computing system, including preventing the addition of new applications and modifying the handling of storage operations on the computing system for the duration of the maintenance mode. Embodiments include, during the maintenance mode, configuring the upgraded version of the OS. Embodiments include, after configuring the upgraded version of the OS, suspending a subset of applications running on the computing system, transferring control over resources of the computing system to the upgraded version of the OS, and resuming the subset of the applications running on the computing system. Embodiments include exiting the maintenance mode on the computing system.

公开(公告)号：US20220222100A1

公开(公告)日：2022-07-14

申请号：US17148461

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek SRIVASTAVA ,  David A. DUNN ,  Jesse POOL ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  G06F9/50 ,  G06F21/60

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; receiving, at the guest from a trust authority, a secret in response to verification of the attestation report; obtaining, at the guest from an entity, at least one key using transport layer security (TLS) data in the secret to verify identity of the guest to the entity; and using, at the guest, the at least one key to access or verify at least one disk attached thereto

公开(公告)号：US20220129175A1

公开(公告)日：2022-04-28

申请号：US17647291

申请日：2022-01-06

Applicant: VMware, Inc.

Inventor： Mounesh BADIGER ,  Wenguang WANG ,  Adrian DRZEWIECKI

IPC: G06F3/06 ,  G06F12/10 ,  G06F9/455 ,  G06F12/06 ,  G06F21/44 ,  G06F16/172

Abstract: Examples provide a method of communication between a client application and a filesystem server in a virtualized computing system. The client application executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client application, first shared memory in a guest virtual address space of the client application; creating a guest application shared memory channel between the client application and the filesystem server upon request by the client application to a driver in the VM, the driver in communication with the filesystem server, the guest application shared memory channel using the first shared memory; sending authentication information associated with the client application to the filesystem server to create cached authentication information at the filesystem server; and submitting a command in the guest application shared memory channel from the client application to the filesystem server, the command including the authentication information.

公开(公告)号：US20220019362A1

公开(公告)日：2022-01-20

申请号：US17012411

申请日：2020-09-04

Applicant: VMWARE, INC.

Inventor： MOUNESH BADIGER ,  Wenguang WANG ,  Adrian DRZEWIECKI

IPC: G06F3/06 ,  G06F12/10 ,  G06F9/455 ,  G06F16/172 ,  G06F12/06 ,  G06F21/44

Abstract: Examples provide a method of communication between a client application and a filesystem server in a virtualized computing system. The client application executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client application, first shared memory in a guest virtual address space of the client application; creating a guest application shared memory channel between the client application and the filesystem server upon request by the client application to a driver in the VM, the driver in communication with the filesystem server, the guest application shared memory channel using the first shared memory; sending authentication information associated with the client application to the filesystem server to create cached authentication information at the filesystem server; and submitting a command in the guest application shared memory channel from the client application to the filesystem server, the command including the authentication information.

公开(公告)号：US20210311759A1

公开(公告)日：2021-10-07

申请号：US16838542

申请日：2020-04-02

Applicant: VMware, Inc.

Inventor： Benjamin J. CORRIE ,  Abhishek SRIVASTAVA ,  Adrian DRZEWIECKI

IPC: G06F9/455

Abstract: A virtualized computing system includes: a host cluster including hosts executing a virtualization layer on hardware platforms thereof, the virtualization layer configured to support execution of virtual machines (VMs), the VMs including a pod VM, the pod VM including a container engine configured to support execution of containers in the pod VM, the pod VM including a first virtual disk attached thereto; and an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server in communication with a pod VM controller, the pod VM controller configured to execute in the virtualization layer external to the VMs and cooperate with a pod VM agent in the pod VM, the pod VM agent generating root directories for the containers in the pod VM, each of the root directories comprising a union a read/write ephemeral layer stored on the first virtual disk and a read-only layer.

公开(公告)号：US20160266842A1

公开(公告)日：2016-09-15

申请号：US14645733

申请日：2015-03-12

Applicant: VMware, Inc.

Inventor： Adrian DRZEWIECKI ,  Christoph KLEE

IPC: G06F3/06 ,  G06F12/08

CPC classification number: G06F12/0802 ,  G06F3/06 ,  G06F12/0868 ,  G06F2212/224

Abstract: A method for processing a read request comprises intercepting a read request that includes a logical block address (LBA) of the storage device by an IO filter driver and retrieving a disk identifier (ID) associated with the LBA from a metadata file associated with the storage device. The method further comprises sending the LBA and the disk ID to a daemon configured to read and write to a cache. If the daemon returns cached data associated with the LBA and the disk ID, the method returns the cached data in response to the read request. If the daemon does not return cached data associated with the LBA and the disk ID, the method transmits the read request to the storage device.

Abstract translation: 一种用于处理读取请求的方法包括：通过IO过滤器驱动程序拦截包含存储设备的逻辑块地址（LBA）的读取请求，并从与存储器相关联的元数据文件中检索与LBA相关联的磁盘标识符（ID） 设备。 该方法还包括将LBA和盘ID发送到被配置为读取和写入高速缓存的守护程序。 如果守护程序返回与LBA和磁盘ID相关联的缓存数据，则该方法将响应读取请求返回缓存的数据。 如果守护程序不返回与LBA和磁盘ID相关联的缓存数据，则该方法将读请求发送到存储设备。

公开(公告)号：US20160266800A1

公开(公告)日：2016-09-15

申请号：US14656152

申请日：2015-03-12

Applicant: VMware, Inc.

Inventor： Christoph KLEE ,  Adrian DRZEWIECKI ,  Jesse POOL ,  Nishant YADAV

IPC: G06F3/06 ,  G06F17/30

CPC classification number: G06F3/0604 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/0673 ,  G06F17/30171 ,  G06F17/30233

Abstract: A method for opening a virtual disk comprises reading information from a metadata file that identifies the current owner of the virtual disk. The method further includes sending a release request to the current owner of the virtual disk to release the virtual disk, writing information to the metadata file identifying the new owner, and then opening the virtual disk.

Abstract translation: 用于打开虚拟磁盘的方法包括从识别虚拟磁盘的当前所有者的元数据文件读取信息。 该方法还包括向虚拟磁盘的当前所有者发送释放请求以释放虚拟磁盘，向识别新所有者的元数据文件写入信息，然后打开虚拟磁盘。

公开(公告)号：US20240143381A1

公开(公告)日：2024-05-02

申请号：US18501605

申请日：2023-11-03

Applicant: VMware, Inc.

Inventor： Jared Sean ROSOFF ,  Mark Russell JOHNSON ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  G06F9/445 ,  G06F9/48 ,  G06F9/54

CPC classification number: G06F9/45558 ,  G06F9/44505 ,  G06F9/45545 ,  G06F9/4881 ,  G06F9/54 ,  G06F2009/4557 ,  G06F2009/45595

Abstract: An example virtualized computing system includes a host cluster having a virtualization layer directly executing on hardware platforms of hosts, the virtualization layer supporting execution of virtual machines (VMs), the VMs including pod VMs, the pod VMs including container engines supporting execution of containers in the pod VMs; an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server and pod VM controllers, the pod VM controllers executing in the virtualization layer external to the VMs, the pod VM controllers configured as agents of the master server to manage the pod VMs; pod VM agents, executing in the pod VMs, configured as agents of the pod VM controllers to manage the containers executing in the pod VMs.

公开(公告)号：US20220222099A1

公开(公告)日：2022-07-14

申请号：US17148445

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek SRIVASTAVA ,  David A. DUNN ,  Jesse POOL ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  G06F9/38

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.