-
21.发明授权公开(公告)号:US11249660B2
公开(公告)日:2022-02-15
申请号:US17012411
申请日:2020-09-04
Applicant: VMWARE, INC.
Inventor: Mounesh Badiger , Wenguang Wang , Adrian Drzewiecki
Abstract: Examples provide a method of communication between a client application and a filesystem server in a virtualized computing system. The client application executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client application, first shared memory in a guest virtual address space of the client application; creating a guest application shared memory channel between the client application and the filesystem server upon request by the client application to a driver in the VM, the driver in communication with the filesystem server, the guest application shared memory channel using the first shared memory; sending authentication information associated with the client application to the filesystem server to create cached authentication information at the filesystem server; and submitting a command in the guest application shared memory channel from the client application to the filesystem server, the command including the authentication information.
-
公开(公告)号:US10963290B2
公开(公告)日:2021-03-30
申请号:US16585701
申请日:2019-09-27
Applicant: VMware, Inc.
Inventor: Xavier Deguillard , Mukund Gunti , Adrian Drzewiecki , Rajesh Venkatasubramanian
IPC: G06F9/455 , G06F3/06 , G06F9/4401 , G06F8/656
Abstract: A hypervisor exchange, e.g., an upgrade, can include consolidating resident virtual machines into a single host virtual machine, exchanging an old hypervisor with a new (upgraded) hypervisor, and disassociating the virtual resident virtual machines by migrating them to the new hypervisor. The consolidating can involve migrating the resident virtual machines from the old hypervisor to a guest hypervisor on the host virtual machine. The exchange can involve: 1) suspending the host virtual machine before the exchange; and 2) resuming the host virtual machine after the exchange; or migrating the host virtual machine from a partition including the old hypervisor to a partition hosting the new hypervisor. Either way, an exchange (upgrade) is achieve without requiring a bandwidth consuming migration over a network to a standby machine.
-
公开(公告)号:US10853494B2
公开(公告)日:2020-12-01
申请号:US16042373
申请日:2018-07-23
Applicant: VMware, Inc.
Inventor: Samyuktha Subramanian , Daniel Muller , Mukund Gunti , Adrian Drzewiecki
Abstract: An example method of authenticating software executing in a computer system includes verifying first software executing on the computer system, the software including a hypervisor, verifying second software executing in a virtual machine (VM) managed by the hypervisor, generating a binding key having public and private portions, signing an object to identifies the VM using the private portion of the binding key, and verifying a signature of the object using a public portion of the binding key.
-
公开(公告)号:US20150212855A1
公开(公告)日:2015-07-30
申请号:US14304480
申请日:2014-06-13
Applicant: VMware, Inc.
Inventor: Christoph Klee , Mukund Gunti , Adrian Drzewiecki
CPC classification number: G06F9/50 , G06F3/0605 , G06F3/0659 , G06F3/0673 , G06F9/5005 , G06F9/52 , G06F9/545
Abstract: The approaches described herein implement synchronous execution of a user space operation from a kernel context. A thread, executing on a computing device, initializes a second kernel stack based on a first kernel stack. The computing device executes an operating system having a user space and a kernel space. The thread, executing in kernel space, performs a non-blocking call (e.g., an upcall) to execute an upcall function in user space. The upcall function may further call other user space functions or system calls. The system calls are performed using the second kernel stack. Upon termination of the upcall function, the thread continues execution on the first kernel stack.
Abstract translation: 这里描述的方法实现了从内核上下文中的用户空间操作的同步执行。 在计算设备上执行的线程基于第一内核栈初始化第二内核栈。 计算设备执行具有用户空间和内核空间的操作系统。 在内核空间中执行的线程执行非阻塞调用(例如,上调)以在用户空间中执行上调功能。 上调功能可以进一步调用其他用户空间功能或系统调用。 使用第二个内核堆栈执行系统调用。 在上调功能终止时,线程继续执行第一个内核堆栈。
-
公开(公告)号:US11513832B2
公开(公告)日:2022-11-29
申请号:US17013727
申请日:2020-09-07
Applicant: VMWARE, INC.
Inventor: Mounesh Badiger , Wenguang Wang , Adrian Drzewiecki , Maxime Austruy , Satish Pudi
IPC: G06F9/455 , G06F12/1036 , G06F12/02
Abstract: Examples provide a method of communication between a client driver and a filesystem server. The client driver executes in a virtual machine (VM) and the filesystem server executes in a hypervisor. The method includes: allocating, by the client driver, shared memory in an address space of the VM for the communication; sending identification information for the shared memory from the client driver to the filesystem server through an inter-process communication channel between the client driver and the filesystem server; identifying, by the filesystem server in cooperation with a kernel of the hypervisor, the shared memory within an address space of the hypervisor, based on the identification information, to create a shared memory channel; sending commands from the client driver to the filesystem server through the shared memory channel; and receiving completion messages for the commands from the filesystem server to the client driver through the shared memory channel.
-
Patent Agency Ranking
公开(公告)号:US11513830B2
公开(公告)日:2022-11-29
申请号:US16838432
申请日:2020-04-02
Applicant: VMware, Inc.
Inventor: Daniel Mueller , Abhishek Srivastava , Adrian Drzewiecki
Abstract: Introspection into containers running in virtual machines (VMs) that are instantiated on a host computer is achieved. A method of processing an introspection command for a container, funning in a virtual machine, is carried out by a VM management process, and includes the steps of receiving a first request that is formulated according to a first protocol, e.g., transmission control protocol, and includes the introspection command, identifying the virtual machine from the first request, formulating a second request that includes the introspection command, according to a second protocol (e.g., virtual socket protocol), and transmitting the second request to a container management process running in the virtual machine for the container management process to execute the introspection command.
-
公开(公告)号:US20220191025A1
公开(公告)日:2022-06-16
申请号:US17118978
申请日:2020-12-11
Applicant: VMware, Inc.
Inventor: Abhishek Srivastava , David Dunn , Jesse Pool , Adrian Drzewiecki
Abstract: In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.
-
公开(公告)号:US20210141655A1
公开(公告)日:2021-05-13
申请号:US16681990
申请日:2019-11-13
Applicant: VMware, Inc.
Inventor: Sahan Gamage , Benjamin J. Corrie , Adrian Drzewiecki , Pranshu Jain , Mark Johnson , Zhelong Pan , Rajesh Venkatasubramanian
Abstract: Various aspects are disclosed for unified resource management of containers and virtual machines. A podVM resource configuration for a pod virtual machine (podVM) is determined using container configurations. The podVM comprising a virtual machine (VM) that provides resource isolation for a pod based on the podVM resource configuration. A host selection for the podVM is received from a VM scheduler. The host selection identifies hardware resources for the podVM. A container scheduler is limited to bind the podVM to a node corresponding to the hardware resources of the host selection from the VM scheduler. The podVM is created in a host corresponding to the host selection. Containers are started within the podVM. The containers correspond to the container configurations.
-
公开(公告)号:US10509673B2
公开(公告)日:2019-12-17
申请号:US15921822
申请日:2018-03-15
Applicant: VMware, Inc.
Inventor: Christoph Klee , Mukund Gunti , Adrian Drzewiecki
Abstract: The approaches described herein implement synchronous execution of a user space operation from a kernel context. A thread, executing on a computing device, initializes a second kernel stack based on a first kernel stack. The computing device executes an operating system having a user space and a kernel space. The thread, executing in kernel space, performs a non-blocking call (e.g., an upcall) to execute an upcall function in user space. The upcall function may further call other user space functions or system calls. The system calls are performed using the second kernel stack. Upon termination of the upcall function, the thread continues execution on the first kernel stack.
-
公开(公告)号:US10331559B2
公开(公告)日:2019-06-25
申请号:US14838200
申请日:2015-08-27
Applicant: VMware, Inc.
Inventor: Christoph Klee , Adrian Drzewiecki , Aman Nijhawan
IPC: G06F12/0802 , G06F9/50 , G06F3/06
Abstract: Exemplary methods, apparatuses, and systems include a first input/output (I/O) filter receiving, from a first filter module within a virtualization stack of a host computer, an input/output (I/O) request originated by a virtual machine and directed to a first virtual disk. The first I/O filter determines to redirect the I/O request to a second virtual disk and, in response, forwards the I/O request to a second I/O filter associated with the second virtual disk. The first I/O filter is a part of a first instance of a filter framework within the host computer and the second I/O filter is part of a second, separate instance of the filter framework.
-
-
-
-
-
-
-
-
-
Search Results
44
records
(took 0.012 seconds)
