公开(公告)号：US09354906B1

公开(公告)日：2016-05-31

申请号：US13468805

申请日：2012-05-10

Applicant: Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

Inventor： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

IPC: G06F9/46 ,  G06F12/00 ,  G06F9/455 ,  G06F12/10

CPC classification number: G06F9/45545 ,  G06F9/5027 ,  G06F9/5077 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2209/5018

Abstract: Managing the guest operating system's eviction of memory pages from a virtual machine. A guest operating system or a hypervisor may cause one or more memory pages within a guest physical frame to become unlikely or ineligible for selection as a candidate for eviction by the guest operating system. Each of the one or more memory pages may also reside, or be intended to reside, in the memory of one or more other virtual machines. In this way, memory pages that are shared across multiple virtual machines may become less likely to be evicted, thereby using memory more efficiently.

Abstract translation: 管理客户机操作系统从虚拟机中删除内存页面。 客户机操作系统或管理程序可能导致客户物理帧内的一个或多个存储器页面变得不太可能或不符合选择作为客户操作系统驱逐的候选者的资格。 一个或多个存储器页面中的每一个也可以驻留或者意图驻留在一个或多个其他虚拟机的存储器中。 以这种方式，跨多个虚拟机共享的内存页可能不太可能被驱逐，从而更有效地使用内存。

公开(公告)号：US09135038B1

公开(公告)日：2015-09-15

申请号：US13468742

申请日：2012-05-10

Applicant: Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

Inventor： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F9/5027 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2209/5018

Abstract: Reducing an amount of memory used by a virtual machine. A system includes multiple virtual machines that share common pages of memory. The number of private pages associated with each virtual machine is minimized by ensuring that pages that a guest operating system regards as now free or zeroed are efficiently mapped by the hypervisor to a shared zero page. Upon a hypervisor determining that one or more guest physical frame numbers are assigned to free memory pages, the hypervisor updates mapping data to map the one or more guest physical frame numbers to a shared zero page within the machine frame.

Abstract translation: 减少虚拟机使用的内存量。 一个系统包括多个共享共享页面的虚拟机。 通过确保客户机操作系统视为现在空闲或归零的页面被管理程序有效地映射到共享零页面，从而最小化与每个虚拟机相关联的私有页面的数量。 在管理程序确定将一个或多个客体物理帧号码分配给空闲存储器页面时，管理程序更新映射数据以将一个或多个客户物理帧号映射到机器帧内的共享零页面。

公开(公告)号：US08352482B2

公开(公告)日：2013-01-08

申请号：US12506965

申请日：2009-07-21

Applicant: Jacob Gorm Hansen

Inventor： Jacob Gorm Hansen

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30174 ,  G06F9/45558 ,  G06F11/1484 ,  G06F11/2025 ,  G06F11/2041 ,  G06F11/2048 ,  G06F11/2097 ,  G06F17/30067 ,  G06F17/30233 ,  G06F17/30286 ,  G06F17/30345 ,  G06F2009/45583 ,  G06F2009/45595

Abstract: A replicated decentralized storage system comprises a plurality of servers that locally store disk images for locally running virtual machines as well as disk images, for failover purposes, for remotely running virtual machines. To ensure that disk images stored for failover purposes are properly replicated upon an update of the disk image on the server running the virtual machine, a hash of a unique value known only to the server running the virtual machine is used to verify the origin of update operations that have been transmitted by the server to the other servers storing replications of the disk image for failover purposes. If verified, the update operations are added to such failover disk images.

Abstract translation: 复制的分散存储系统包括多个服务器，其本地存储用于本地运行的虚拟机的磁盘映像以及用于故障切换目的的用于远程运行虚拟机的磁盘映像。 为了确保在运行虚拟机的服务器上更新磁盘映像时，为了故障切换而存储的磁盘映像被正确地复制，使用仅对运行虚拟机的服务器知道的唯一值的散列来验证更新的原点 由服务器传送到存储磁盘映像的复制的其他服务器进行故障转移目的的操作。 如果验证，更新操作将添加到此类故障转移磁盘映像。

公开(公告)号：US20110022883A1

公开(公告)日：2011-01-27

申请号：US12507013

申请日：2009-07-21

Applicant: Jacob Gorm HANSEN

Inventor： Jacob Gorm HANSEN

IPC: G06F11/20 ,  H04L9/32

CPC classification number: H04L9/085 ,  G06F11/1484 ,  G06F11/2028 ,  G06F11/2035 ,  G06F11/2097

Abstract: A replicated decentralized storage system comprises a plurality of servers that locally store disk images for locally running virtual machines as well as disk images, for failover purposes, for remotely running virtual machines. To ensure that disk images stored for failover purposes are properly replicated upon an update of the disk image on the server running the virtual machine, a hash of a unique value known only to the server running the virtual machine is used to verify the origin of update operations that have been transmitted by the server to the other servers storing replications of the disk image for failover purposes. If verified, the update operations are added to such failover disk images. To enable the replicated decentralized system to recover from a failure of the primary server, the master secret is subdivided into parts and distributed to other servers in the cluster. Upon a failure of the primary server, a secondary server receives a threshold number of the parts and is able to recreate the master secret and failover virtual machines that were running in the failed primary server.

Abstract translation: 复制的分散存储系统包括多个服务器，其本地存储用于本地运行的虚拟机的磁盘映像以及用于故障切换目的的用于远程运行虚拟机的磁盘映像。 为了确保在运行虚拟机的服务器上更新磁盘映像时，为了故障切换而存储的磁盘映像被正确地复制，使用仅对运行虚拟机的服务器知道的唯一值的散列来验证更新的原点 由服务器传送到存储磁盘映像的复制的其他服务器进行故障转移目的的操作。 如果验证，更新操作将添加到此类故障转移磁盘映像。 要使复制的分散系统从主服务器的故障中恢复，主密钥被细分为部分并分发到集群中的其他服务器。 在主服务器发生故障时，辅助服务器将接收部件的阈值数，并能够重新创建主故障主服务器中运行的主密钥和故障转移虚拟机。

公开(公告)号：US07836303B2

公开(公告)日：2010-11-16

申请号：US11298859

申请日：2005-12-09

Applicant: Henry M. Levy ,  Steven Gribble ,  Jacob Gorm Hansen ,  Richard S. Cox

Inventor： Henry M. Levy ,  Steven Gribble ,  Jacob Gorm Hansen ,  Richard S. Cox

IPC: H04L9/00

CPC classification number: H04L63/102 ,  H04L67/02

Abstract: A Web browsing system using a browser operating system (BOS), which provides a trusted software layer on which Web browsers execute. The BOS runs the client-side component of each Web application (e.g., on-line banking, and Web mail) in its own virtual machine, which provides strong isolation between Web services and the user's local resources. Web publishers can thus limit the scope of their Web applications by specifying the URLs and other resources that their browsers are allowed to access, which limits the harm that can be caused by a compromised browser. Web applications are treated as first-class objects that users explicitly install and manage, giving them explicit knowledge about and control over downloaded content and code. An initial embodiment implemented using Linux and the Xen virtual machine monitor has been shown to prevent or contain about 87% of the vulnerabilities that have been identified in a conventional web browser environment.

Abstract translation: 一种使用浏览器操作系统（BOS）的Web浏览系统，它提供Web浏览器执行的可信软件层。 BOS在其自己的虚拟机中运行每个Web应用程序的客户端组件（例如，在线银行和Web邮件），这提供了Web服务与用户本地资源之间的强大隔离。 因此，网络发布商可以通过指定其浏览器允许访问的URL和其他资源来限制其Web应用程序的范围，从而限制受损浏览器可能导致的损害。 Web应用程序被视为用户显式安装和管理的第一类对象，给予他们对下载内容和代码的明确知识和控制。 已经显示了使用Linux和Xen虚拟机监视器实现的初始实施例，以防止或包含常规Web浏览器环境中已识别的大约87％的漏洞。

公开(公告)号：US09792131B1

公开(公告)日：2017-10-17

申请号：US13468781

申请日：2012-05-10

Applicant: Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

Inventor： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

IPC: G06F9/455

CPC classification number: G06F9/455 ,  G06F9/45545 ,  G06F9/5027 ,  G06F9/5077 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2209/5018

Abstract: Approaches for creating a template virtual machine. An in-memory state of a virtual machine and/or a set of applications executing within the virtual machine are adjusted and/or configured based on the intended use of the template virtual machine. Thereafter, the virtual machine is established as a template virtual machine. The template virtual machine may be used to create one or more virtual machines using a copy-on-write memory process.

公开(公告)号：US20110022574A1

公开(公告)日：2011-01-27

申请号：US12506965

申请日：2009-07-21

Applicant: Jacob Gorm Hansen

Inventor： Jacob Gorm Hansen

IPC: G06F12/16 ,  G06F12/00 ,  G06F9/455

CPC classification number: G06F17/30174 ,  G06F9/45558 ,  G06F11/1484 ,  G06F11/2025 ,  G06F11/2041 ,  G06F11/2048 ,  G06F11/2097 ,  G06F17/30067 ,  G06F17/30233 ,  G06F17/30286 ,  G06F17/30345 ,  G06F2009/45583 ,  G06F2009/45595

Abstract: A replicated decentralized storage system comprises a plurality of servers that locally store disk images for locally running virtual machines as well as disk images, for failover purposes, for remotely running virtual machines. To ensure that disk images stored for failover purposes are properly replicated upon an update of the disk image on the server running the virtual machine, a hash of a unique value known only to the server running the virtual machine is used to verify the origin of update operations that have been transmitted by the server to the other servers storing replications of the disk image for failover purposes. If verified, the update operations are added to such failover disk images.

Abstract translation: 复制的分散存储系统包括多个服务器，其本地存储用于本地运行的虚拟机的磁盘映像以及用于故障切换目的的用于远程运行虚拟机的磁盘映像。 为了确保在运行虚拟机的服务器上更新磁盘映像时，为了故障切换而存储的磁盘映像被正确地复制，使用仅对运行虚拟机的服务器知道的唯一值的散列来验证更新的原点 由服务器传送到存储磁盘映像的复制的其他服务器进行故障转移目的的操作。 如果验证，更新操作将添加到此类故障转移磁盘映像。

公开(公告)号：US08352490B2

公开(公告)日：2013-01-08

申请号：US12604334

申请日：2009-10-22

Applicant: Jacob Gorm Hansen

Inventor： Jacob Gorm Hansen

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30106 ,  G06F11/2097 ,  G06F17/30949 ,  G06F17/30952 ,  G06F17/30979

Abstract: A two dimensional bit array is maintained to keep track of the location of data records in a log file that is organized as a plurality of log segments, each comprising a plurality of data records. The data records are indexed in the log file according to randomized unique ids. Each column of the two dimensional bit array represents a Bloom filter corresponding to a log segment of the log file such that, given a particular randomized unique id, log segments that may contain the data record corresponding to the particular randomized unique id can be efficiently identified by utilizing Bloom filter techniques to analyze the columns of the two dimensional bit array.

Abstract translation: 维持二维比特阵列以跟踪被组织为多个日志段的日志文件中的数据记录的位置，每个日志段包括多个数据记录。 数据记录根据随机化的唯一ID被记录在日志文件中。 二维位阵列的每列表示与日志文件的日志段相对应的布隆式过滤器，使得在给定特定随机唯一标识符的情况下，可以有效地识别可能包含对应于特定随机唯一标识符的数据记录的日志段 通过利用Bloom滤波技术来分析二维位阵列。

公开(公告)号：US08234518B2

公开(公告)日：2012-07-31

申请号：US12507013

申请日：2009-07-21

Applicant: Jacob Gorm Hansen

Inventor： Jacob Gorm Hansen

IPC: G06F11/07

CPC classification number: H04L9/085 ,  G06F11/1484 ,  G06F11/2028 ,  G06F11/2035 ,  G06F11/2097

Abstract: A replicated decentralized storage system comprises a plurality of servers that locally store disk images for locally running virtual machines as well as disk images, for failover purposes, for remotely running virtual machines. To ensure that disk images stored for failover purposes are properly replicated upon an update of the disk image on the server running the virtual machine, a hash of a unique value known only to the server running the virtual machine is used to verify the origin of update operations that have been transmitted by the server to the other servers storing replications of the disk image for failover purposes. If verified, the update operations are added to such failover disk images. To enable the replicated decentralized system to recover from a failure of the primary server, the master secret is subdivided into parts and distributed to other servers in the cluster. Upon a failure of the primary server, a secondary server receives a threshold number of the parts and is able to recreate the master secret and failover virtual machines that were running in the failed primary server.

Abstract translation: 复制的分散存储系统包括多个服务器，其本地存储用于本地运行的虚拟机的磁盘映像以及用于故障切换目的的用于远程运行虚拟机的磁盘映像。 为了确保在运行虚拟机的服务器上更新磁盘映像时，为了故障切换而存储的磁盘映像被正确地复制，使用仅对运行虚拟机的服务器知道的唯一值的散列来验证更新的原点 由服务器传送到存储磁盘映像的复制的其他服务器进行故障转移目的的操作。 如果验证，更新操作将添加到此类故障转移磁盘映像。 要使复制的分散系统从主服务器的故障中恢复，主密钥被细分为部分并分发到集群中的其他服务器。 在主服务器发生故障时，辅助服务器将接收部件的阈值数，并能够重新创建主故障主服务器中运行的主密钥和故障转移虚拟机。

公开(公告)号：US09104544B1

公开(公告)日：2015-08-11

申请号：US13468843

申请日：2012-05-10

Applicant: Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

Inventor： Krzysztof Uchronski ,  Martin O'Brien ,  Jacob Gorm Hansen ,  Kiran Bondalapati ,  Ian Pratt ,  Gaurav Banga ,  Vikram Kapoor

IPC: G06F3/06 ,  G06F12/02

CPC classification number: G06F12/02 ,  G06F3/0608 ,  G06F3/0641 ,  G06F3/0671 ,  G06F9/45558 ,  G06F9/5027 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2209/5018

Abstract: Mitigating eviction of the memory pages of virtualized machines. Upon detecting that a request to perform an I/O operation has been issued against a block stored a disk, a determination is made as to whether a pristine copy of the contents of the block is stored in memory. If a pristine copy of the contents of the block is stored in memory, then the request may be performed by updating mapping data that maps a page of memory to a location in memory at which the pristine copy is stored. In this way, the request is performed without performing the I/O operation against the block stored on disk. Various approaches for resharing memory, including memory of a template virtual machine, are discussed.

Abstract translation: 减轻虚拟化机器的内存页面。 在检测到针对存储的盘的块发出对I / O操作的请求时，确定块的内容的原始副本是否存储在存储器中。 如果块的内容的原始副本存储在存储器中，则可以通过更新将存储器页映射到存储原始副本的存储器中的位置的映射数据来执行请求。 以这种方式，执行请求而不对存储在磁盘上的块执行I / O操作。 讨论了重新共享内存的各种方法，包括模板虚拟机的内存。