-
公开(公告)号:US09135037B1
公开(公告)日:2015-09-15
申请号:US13350470
申请日:2012-01-13
CPC分类号: G06F9/45533 , G06F9/45558 , G06F2009/45587 , G06F2009/45595 , H04L12/4633
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an outgoing packet from a source virtual machine; obtaining a secret key for the source virtual machine, the secret key not being known by a destination virtual machine; obtaining a unique token derived at least partly from the secret key and a network address of the destination virtual machine; encapsulating the outgoing packet in a second packet along with the token and a token expiration time; and sending the second packet to the destination virtual machine.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于从源虚拟机接收输出分组; 获得源虚拟机的秘密密钥,目的虚拟机不知道该秘密密钥; 获得至少部分地从秘密密钥导出的唯一令牌和目的地虚拟机的网络地址; 将输出数据包与令牌一起封装在第二个数据包中以及令牌到期时间; 并将所述第二分组发送到所述目的地虚拟机。
-
公开(公告)号:US08958293B1
公开(公告)日:2015-02-17
申请号:US13312872
申请日:2011-12-06
申请人: Evan K. Anderson
发明人: Evan K. Anderson
IPC分类号: H04W36/22
CPC分类号: H04L67/1002
摘要: Systems and techniques are described for virtual machine (VM) load-balancing. A described technique includes running VMs that communicate via a virtual network, the VMs being configured to handle requests associated with at least a destination address on a public network and operating gateways that provide connectivity between the virtual network and the public network, and use a consistent mapping operation to perform load-balancing among the VMs. A gateway can obtain VM health information; determine based on the VM health information a group of healthy VMs; receive an incoming packet that includes a source address and the destination address; select a handling VM based on an output of the consistent mapping operation given the source address and the group of healthy VMs; forward the incoming packet to the handling VM via the virtual network; and create an entry to forward one or more additional incoming packets to the handling VM.
摘要翻译: 描述了虚拟机(VM)负载平衡的系统和技术。 所描述的技术包括运行通过虚拟网络进行通信的VM,VM被配置为处理与公共网络上的至少目的地地址相关联的请求,以及在虚拟网络和公共网络之间提供连接的操作网关,并且使用一致 映射操作以在VM之间执行负载平衡。 网关可以获取虚拟机的健康信息; 根据VM健康信息确定一组健康的虚拟机; 接收包含源地址和目的地址的传入数据包; 根据源地址和健康虚拟机组的一致性映射操作的输出,选择处理的虚拟机; 通过虚拟网络将传入的数据包转发到处理VM; 并创建一个条目以将一个或多个附加的传入分组转发到处理VM。
-
公开(公告)号:US08533343B1
公开(公告)日:2013-09-10
申请号:US13485846
申请日:2012-05-31
IPC分类号: G06F15/16
CPC分类号: G06F9/546 , H04L63/0876 , H04L63/126
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing virtual network pairs between virtual machines and other devices. In one aspect, a method includes receiving a plurality of outgoing packets from one or more source virtual machines executing on the data processing apparatus, each source virtual machine being a hardware virtualization of the data processing apparatus and each packet destined for a destination virtual machine; establishing a plurality of virtual network pairs, one for each unique pair of source and destination virtual machines, wherein establishing the plurality of virtual network pairs comprises obtaining, from an external data processing apparatus, a different network address for each destination virtual machine; encapsulating each outgoing packet in a message; and sending each message to the destination virtual machine for the respective packet by sending the message to the respective network destination address.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于在虚拟机和其他设备之间实现虚拟网络对。 一方面,一种方法包括从在数据处理装置上执行的一个或多个源虚拟机接收多个输出分组,每个源虚拟机是数据处理装置的硬件虚拟化和目的地是目的地虚拟机的每个分组; 建立多个虚拟网络对,其中一个用于每个唯一的源和目的地虚拟机对,其中建立所述多个虚拟网络对包括从外部数据处理设备获得每个目的地虚拟机的不同网络地址; 将每个输出分组封装在消息中; 并通过将消息发送到相应的网络目的地地址来将每个消息发送到目的地虚拟机用于相应的分组。
-
公开(公告)号:US09419921B1
公开(公告)日:2016-08-16
申请号:US13349063
申请日:2012-01-12
申请人: Evan K. Anderson
发明人: Evan K. Anderson
IPC分类号: H04L12/931 , H04L12/46 , H04L12/901 , G06F9/455 , H04W80/04 , H04W80/06 , H04L12/801
CPC分类号: H04L49/70 , G06F9/45533 , G06F9/45558 , G06F2009/4557 , G06F2009/45595 , H04L12/4641 , H04L47/193 , H04W80/04 , H04W80/06
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an outbound packet from a virtual machine executing on the data processing apparatus, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the virtual machine; selecting a different port than the source port from a plurality of ports associated with the virtual machine; changing the source port in the header information to the selected port; and sending the modified packet to an external network by way of a gateway that is configured to change the source IP address of the packet to an IP address of the gateway before routing the packet to its destination.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的计算机程序,用于从在数据处理装置上执行的虚拟机接收出站分组,该分组具有包括目的地因特网协议(IP)地址,目的地 端口,源IP地址和源端口,并且其中源IP地址和源端口与虚拟机相关联; 从与虚拟机相关联的多个端口中选择与源端口不同的端口; 将头信息中的源端口更改为所选端口; 并且通过配置为在将分组路由到其目的地之前将分组的源IP地址改变为网关的IP地址的网关,将修改的分组发送到外部网络。
-
公开(公告)号:US08874888B1
公开(公告)日:2014-10-28
申请号:US13344450
申请日:2012-01-05
申请人: Joseph S. Beda, III , Sanjeet Singh Mehat , Robert H. Earhart, III , Andrew Thornton , David T. McWherter , Evan K. Anderson , Frank Berreth
发明人: Joseph S. Beda, III , Sanjeet Singh Mehat , Robert H. Earhart, III , Andrew Thornton , David T. McWherter , Evan K. Anderson , Frank Berreth
CPC分类号: G06F9/4406 , G06F9/4401 , G06F9/4416 , G06F9/44505 , G06F9/455 , G06F9/45533 , G06F9/45558 , G06F2009/45575 , G06F2009/45579 , G06F2009/45595
摘要: Techniques and systems for managed boot are described. A described technique includes creating, at a server system, a boot image based on one or more user-specified parameters associated with virtual machine booting, providing a first virtual drive that includes the boot image, booting a virtual machine using the boot image on the first virtual drive, and providing a second virtual drive to the virtual machine, where the virtual machine mounts the second virtual drive as a root file system.
摘要翻译: 描述了用于管理引导的技术和系统。 所描述的技术包括在服务器系统处基于与虚拟机启动相关联的一个或多个用户指定的参数来创建引导映像,提供包括引导映像的第一虚拟驱动器,使用引导映像引导虚拟机 第一虚拟驱动器,以及向虚拟机提供第二虚拟驱动器,其中虚拟机将第二虚拟驱动器作为根文件系统安装。
-
公开(公告)号:US08533796B1
公开(公告)日:2013-09-10
申请号:US13094385
申请日:2011-04-26
申请人: Vittaldas Sachin Shenoy , Pankaj Risbood , Vivek Sahasranaman , Christoph Kern , Evan K. Anderson
发明人: Vittaldas Sachin Shenoy , Pankaj Risbood , Vivek Sahasranaman , Christoph Kern , Evan K. Anderson
IPC分类号: G06F7/04
CPC分类号: H04L63/08 , G06F21/31 , G06F21/335 , G06F21/6218 , H04L9/3226 , H04L63/0815 , H04L63/0846
摘要: In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token. The token providing system provides the first temporary authentication token for use by the first application program.
摘要翻译: 通常,本说明书中描述的主题可以体现在用于提供对安全资源的访问的方法,系统和程序产品中。 令牌提供系统存储用于获取临时认证令牌的主认证令牌。 令牌提供系统向无法访问主认证令牌的应用程序提供临时认证令牌。 令牌提供系统从应用程序的第一应用程序接收获得第一临时认证令牌的第一请求。 第一个请求不包括主验证令牌。 令牌提供系统发送第二请求以获得第一临时认证令牌。 第二个请求包括主认证令牌。 令牌提供系统接收第一临时认证令牌。 令牌提供系统提供第一个应用程序使用的第一个临时认证令牌。
-
公开(公告)号:US10228959B1
公开(公告)日:2019-03-12
申请号:US13186293
申请日:2011-07-19
摘要: Systems and techniques are described for virtual machine communication and migration. A described technique includes operating server systems that are configured to run virtual machines and providing a virtual network for Internet Protocol (IP) based communications to the virtual machines. The virtual machines can be assigned network addresses, such as IP addresses, on the virtual network. Providing the virtual network can include using separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines, respectively. The technique includes migrating a virtual machine running on a first server system to a second server system. The migrated virtual machine can maintain its assigned IP address. The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system.
-
公开(公告)号:US20140282510A1
公开(公告)日:2014-09-18
申请号:US13830013
申请日:2013-03-14
申请人: Evan K. Anderson , Alexander Mohr , Joseph S. Beda, III , Michael H. Waychison , Cory T. Maccarrone , Eric R. Northup , Sanjeet Singh Mehat
发明人: Evan K. Anderson , Alexander Mohr , Joseph S. Beda, III , Michael H. Waychison , Cory T. Maccarrone , Eric R. Northup , Sanjeet Singh Mehat
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/4555 , G06F2009/45595
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service bridges. In one aspect, a method includes a host operating system performs operations comprising: receiving, using one or more service bridges that execute in the host operating system, a plurality of requests from the one or more virtual machines, wherein each service bridge is associated with a different virtual machine of the one or more virtual machines, and wherein each request is a request to interface with one or more external services; modifying, using a respective service bridge, each request to be processed by the one or more external services; and providing each modified request from the respective service bridge to the one or more external services, where the respective service bridge communicates with the one or more external services over a network.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的用于服务桥的计算机程序。 一方面,一种方法包括主机操作系统执行操作,包括:使用在所述主机操作系统中执行的一个或多个服务桥接器接收来自所述一个或多个虚拟机的多个请求,其中每个服务桥与 所述一个或多个虚拟机的不同虚拟机,并且其中每个请求是与一个或多个外部服务接口的请求; 使用相应的服务桥修改由所述一个或多个外部服务处理的每个请求; 以及将来自相应服务网桥的每个经修改的请求提供给所述一个或多个外部服务,其中所述相应服务网桥通过网络与所述一个或多个外部服务通信。
-
公开(公告)号:US09258271B1
公开(公告)日:2016-02-09
申请号:US13350398
申请日:2012-01-13
申请人: Evan K. Anderson
发明人: Evan K. Anderson
IPC分类号: H04L29/12 , H04L12/935
CPC分类号: H04L61/2503 , G06F9/45558 , G06F2009/45595 , H04L49/3009 , H04L61/2517 , H04L61/2535 , H04L61/255 , H04L61/256
摘要: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.
摘要翻译: 方法,系统和装置,包括在计算机存储介质上编码的用于从客户端接收分组的计算机程序,该分组具有标题信息,其包括目的地因特网协议(IP)地址,目的地端口,源IP地址和 源端口,并且其中源IP地址和源端口与客户端相关联; 基于目的地端口选择目的地虚拟机; 通过使用所选择的目的地虚拟机的IP地址替换报头信息中的目的地IP地址来修改分组; 并将修改的分组发送到目的地虚拟机。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.018 秒)
