公开(公告)号：US20200019427A1

公开(公告)日：2020-01-16

申请号：US16373404

申请日：2019-04-02

Applicant: VMware, Inc.

Inventor： Dilip KHANDEKAR ,  Dragutin PETKOVIC ,  Pratap SUBRAHMANYAM ,  Bich Cau LE

IPC: G06F9/455

Abstract: A provisioning server automatically configures a virtual machine (VM) according to user specifications and then deploys the VM on a physical host. The user may either choose from a list of pre-configured, ready-to-deploy VMs, or he may select which hardware, operating system and application(s) he would like the VM to have. The provisioning server then configures the VM accordingly, if the desired configuration is available, or it applies heuristics to configure a VM that best matches the user's request if it isn't. The invention also includes mechanisms for monitoring the status of VMs and hosts, for migrating VMs between hosts, and for creating a network of VMs.

公开(公告)号：US20160239339A1

公开(公告)日：2016-08-18

申请号：US15138136

申请日：2016-04-25

Applicant: VMware, Inc.

Inventor： Xiaoxin CHEN ,  Carl A. WALDSPURGER ,  Pratap SUBRAHMANYAM

IPC: G06F9/46 ,  G06F9/48 ,  G06F11/14 ,  G06F9/455

CPC classification number: G06F9/461 ,  G06F9/4486 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/4881 ,  G06F11/1451 ,  G06F11/1484 ,  G06F2009/45562 ,  G06F2009/45583 ,  G06F2201/815 ,  G06F2201/84

Abstract: A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

公开(公告)号：US20150100791A1

公开(公告)日：2015-04-09

申请号：US14048515

申请日：2013-10-08

Applicant: VMware, Inc.

Inventor： Xiaoxin CHEN ,  Carl A. WALDSPURGER ,  Pratap SUBRAHMANYAM ,  Tal GARFINKEL ,  Dan BONEH

IPC: G06F12/14

CPC classification number: G06F12/1408 ,  G06F12/1491 ,  G06F21/6218 ,  G06F2212/151

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

Abstract translation: 一种基于虚拟机的系统，可以保护应用程序数据的隐私和完整性，即使在整个操作系统受损的情况下也是如此。 应用程序呈现其资源的正常视图，但操作系统呈现加密视图。 这允许操作系统执行管理应用程序资源的复杂任务，而不允许它读取或修改它们。 呈现“物理”存储器的不同视图，这取决于执行访问的上下文。 提供了超越由传统操作系统和处理器实现的分级保护域的附加维度。

公开(公告)号：US20150019827A1

公开(公告)日：2015-01-15

申请号：US14262686

申请日：2014-04-25

Applicant: VMware, Inc.

Inventor： Carl A. WALDSPURGER ,  Michael NELSON ,  Daniel J. SCALES ,  Pratap SUBRAHMANYAM

IPC: G06F11/14

CPC classification number: G06F11/1407 ,  G06F11/1435 ,  G06F11/1438 ,  G06F11/1458 ,  G06F11/1471 ,  G06F11/1482 ,  G06F11/1484 ,  G06F12/16 ,  G06F2201/815 ,  G06F2201/84

Abstract: To generate a checkpoint for a virtual machine (VM), first, while the VM is still running, a copy-on-write (COW) disk file is created pointing to a parent disk file that the VM is using. Next, the VM is stopped, the VM's memory is marked COW, the device state of the VM is saved to memory, the VM is switched to use the COW disk file, and the VM begins running again for substantially the remainder of the checkpoint generation. Next, the device state that was stored in memory and the unmodified VM memory pages are saved to a checkpoint file. Also, a copy may be made of the parent disk file for retention as part of the checkpoint, or the original parent disk file may be retained as part of the checkpoint. If a copy of the parent disk file was made, then the COW disk file may be committed to the original parent disk file.

Abstract translation: 要为虚拟机（VM）生成检查点，首先，当VM仍在运行时，会创建指向VM所使用的父磁盘文件的写时复制（COW）磁盘文件。 接下来，VM停止，VM的内存被标记为COW，VM的设备状态被保存到内存，VM被切换为使用COW磁盘文件，并且VM再次开始运行，大部分剩下的检查点生成 。 接下来，将存储在存储器中的设备状态和未修改的VM内存页保存到检查点文件。 另外，作为检查点的一部分，可以将父磁盘文件作为副本作为保留，也可以将原始的父磁盘文件作为检查点的一部分进行保留。 如果生成了父磁盘文件的副本，则COW磁盘文件可能会提交到原始的父磁盘文件。

公开(公告)号：US20140149792A1

公开(公告)日：2014-05-29

申请号：US14170016

申请日：2014-01-31

Applicant: VMware, Inc.

Inventor： Daniel J. SCALES ,  Pratap SUBRAHMANYAM ,  Ganesh VENKITACHALAM ,  Michael NELSON

IPC: G06F11/14

CPC classification number: G06F11/1407 ,  G06F9/45558 ,  G06F11/1484 ,  G06F11/2038 ,  G06F11/2048 ,  G06F11/2097 ,  G06F2009/45583

Abstract: A virtualization platform provides fault tolerance for a primary virtual machine by continuously transmitting checkpoint information of the primary virtual machine to a collector process, such as a backup virtual machine. When implemented on a hardware platform comprising a multi-processor that supports nested page tables, the virtualization platform leverages the nested page table support to quickly identify memory pages that have been modified between checkpoints. The backup virtual machine provides feedback information to assist the virtualization platform in identifying candidate memory pages for transmitting actual modifications to the memory pages rather than the entire memory page as part of the checkpoint information. The virtualization platform further maintains a modification history data structure to identify memory pages that can be transmitted simultaneous with the execution of the primary virtual machine rather than while the primary virtual machine has been stunned.

Abstract translation: 虚拟化平台通过将主虚拟机的检查点信息连续传送到诸如备份虚拟机的收集器进程来为主虚拟机提供容错。 当在包含支持嵌套页表的多处理器的硬件平台上实现时，虚拟化平台利用嵌套页表支持来快速识别在检查点之间已经被修改的内存页。 备份虚拟机提供反馈信息，以帮助虚拟化平台识别用于发送对存储器页的实际修改的候选存储器页，而不是作为检查点信息的一部分的整个存储器页。 虚拟化平台还维护修改历史数据结构，以识别可以与主虚拟机的执行同时发送的存储器页面，而不是在主虚拟机被击晕时。

公开(公告)号：US20130097359A1

公开(公告)日：2013-04-18

申请号：US13693552

申请日：2012-12-04

Applicant: VMWARE, INC.

Inventor： Xiaoxin CHEN ,  Pratap SUBRAHMANYAM

IPC: G06F12/08

CPC classification number: G06F12/08 ,  G06F9/45558 ,  G06F12/145 ,  G06F21/79 ,  G06F2009/45583

Abstract: In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software.

Abstract translation: 在支持虚拟化软件的执行和虚拟系统硬件的至少一个实例的计算机系统中，向虚拟化软件提供接口以允许程序直接定义其存储在物理存储器中的程序数据的访问特性。 该技术包括向虚拟化软件提供识别存储器页面及其访问特性的数据，然后从指定的数据导出存储器访问特性。 可选地，程序还可以指定在发生与所识别的存储器页面的访问相关联的故障时执行的预定义功能。 以这种方式，在虚拟化软件内部和外部运行的程序可以保护他的存储器页面，而不受操作系统软件的中介。