公开(公告)号：US20070226792A1

公开(公告)日：2007-09-27

申请号：US11756606

申请日：2007-05-31

申请人： Paul McKenney ,  Orran Krieger ,  Boas Betzler

发明人： Paul McKenney ,  Orran Krieger ,  Boas Betzler

IPC分类号： H04L9/32

CPC分类号： A63F13/73 ,  A63F13/10 ,  A63F2300/201 ,  G06F21/123 ,  G06F21/445 ,  G06F21/6281 ,  G06F21/70 ,  G06F21/71 ,  G06F21/78 ,  G06F21/79 ,  G06F21/82 ,  G06F2221/0797 ,  G06F2221/2103 ,  G06F2221/2109 ,  G06F2221/2149 ,  H04N7/163 ,  H04N21/442 ,  H04N21/4431

摘要： A method and apparatus for restricting access of an application to computer hardware. The apparatus includes both an authentication module and a validation module. The authentication module is within the trusted firmware layer. The purpose of the authentication module is to verify a cryptographic key presented by an application. The validation module is responsive to the authentication module and limits access of the application to the computer hardware. The authentication modules may be implemented in software through a firmware call, or through a hardware register of the computer.

摘要翻译： 一种用于限制应用程序访问计算机硬件的方法和装置。 该装置包括认证模块和验证模块。 认证模块位于受信任的固件层内。 验证模块的目的是验证应用程序呈现的加密密钥。 验证模块响应于认证模块，并将应用程序的访问限制到计算机硬件。 认证模块可以通过固件呼叫的软件或通过计算机的硬件寄存器来实现。

公开(公告)号：US20070061372A1

公开(公告)日：2007-03-15

申请号：US11227761

申请日：2005-09-14

申请人： Jonathan Appavoo ,  Andrew Baumann ,  Dilma da Silva ,  Orran Krieger ,  Robert Wisniewski

发明人： Jonathan Appavoo ,  Andrew Baumann ,  Dilma da Silva ,  Orran Krieger ,  Robert Wisniewski

IPC分类号： G06F17/30

CPC分类号： G06F8/67 ,  G06F8/656

摘要： To dynamically update an operating system, a new factory object may have one or more new and/or updated object instances. A corresponding old factory object is then located and its version is checked for compatibility. A dynamic update procedure is then executed, which includes (a) changing a factory reference pointer within the operating system from the old factory object to the new factory object. For the case of updated object instances, (b) hot swapping each old object instance for its corresponding updated object instance, and (c) removing the old factory object. This may be performed for multiple updated object instances in the new factory object, preferably each separately. For the case of new object instances, they are created by the new factory and pointers established to invoke them. A single factory object may include multiple updated objects from a class, and/or new object instances from different classes, and the update may be performed without the need to reboot the operating system.

摘要翻译： 为了动态更新操作系统，新的工厂对象可能具有一个或多个新的和/或更新的对象实例。 然后找到相应的旧工厂对象，并检查其版本的兼容性。 然后执行动态更新过程，其中包括（a）将操作系统内的工厂参考指针从旧工厂对象更改为新的工厂对象。 对于更新的对象实例的情况，（b）热交换其对应的更新对象实例的每个旧对象实例，以及（c）删除旧的工厂对象。 这可以针对新的工厂对象中的多个更新的对象实例来执行，优选地每个单独地执行。 对于新对象实例的情况，它们由新工厂创建，并且已建立的指针用于调用它们。 单个工厂对象可以包括来自类的多个更新对象和/或来自不同类的新对象实例，并且可以执行更新而不需要重新启动操作系统。

公开(公告)号：US20060155886A1

公开(公告)日：2006-07-13

申请号：US11032876

申请日：2005-01-11

申请人： Dilma da Silva ,  Elmootazbellah Elnozahy ,  Orran Krieger ,  Hazim Shafi ,  Xiaowei Shen ,  Balaram Sinharoy ,  Robert Tremaine

发明人： Dilma da Silva ,  Elmootazbellah Elnozahy ,  Orran Krieger ,  Hazim Shafi ,  Xiaowei Shen ,  Balaram Sinharoy ,  Robert Tremaine

IPC分类号： G06F3/00

CPC分类号： G06F12/08 ,  G06F12/0893 ,  G06F2212/251 ,  G06F2212/253

摘要： Methods, systems, and media for reducing memory latency seen by processors by providing a measure of control over on-chip memory (OCM) management to software applications, implicitly and/or explicitly, via an operating system are contemplated. Many embodiments allow part of the OCM to be managed by software applications via an application program interface (API), and part managed by hardware. Thus, the software applications can provide guidance regarding address ranges to maintain close to the processor to reduce unnecessary latencies typically encountered when dependent upon cache controller policies. Several embodiments utilize a memory internal to the processor or on a processor node so the memory block used for this technique is referred to as OCM.

摘要翻译： 考虑通过操作系统提供对软件应用（OCM）的控制的措施来减少处理器所看到的存储器延迟的方法，系统和媒体。 许多实施例允许OCM的一部分由软件应用程序通过应用程序接口（API）和由硬件管理的部分来管理。 因此，软件应用程序可以提供关于地址范围的指导，以保持靠近处理器，以减少在依赖于缓存控制器策略时通常遇到的不必要的延迟。 几个实施例利用处理器内部或处理器节点上的存储器，因此用于该技术的存储器块被称为OCM。

公开(公告)号：US20050246505A1

公开(公告)日：2005-11-03

申请号：US10834699

申请日：2004-04-29

申请人： Paul McKenney ,  Orran Krieger ,  Michal Ostrowski

发明人： Paul McKenney ,  Orran Krieger ,  Michal Ostrowski

IPC分类号： G06F9/46 ,  G06F12/00 ,  G06F12/10

CPC分类号： G06F9/52 ,  G06F12/1018 ,  G06F12/1036 ,  G06F12/109 ,  G06F2212/656

摘要： A system, method and computer program product for efficient sharing of memory between first and second applications running under first and second operating systems on a shared hardware system. The hardware system runs a hypervisor that supports concurrent execution of the first and second operating systems, and further includes a region of shared memory managed on behalf of the first and second applications. Techniques are used to avoid preemption when the first application is accessing the shared memory region. In this way, the second application will not be unduly delayed when attempting to access the shared memory region due to delays stemming from the first application's access of the shared memory region. This is especially advantageous when the second application and operating system are adapted for real-time processing. Additional benefits can be obtained by taking steps to minimize memory access faults.

摘要翻译： 一种用于在共享硬件系统上在第一和第二操作系统下运行的第一和第二应用之间高效共享存储器的系统，方法和计算机程序产品。 硬件系统运行支持并行执行第一和第二操作系统的管理程序，并且还包括代表第一和第二应用程序管理的共享存储器的区域。 当第一个应用程序正在访问共享内存区域时，技术用于避免抢占。 以这种方式，由于来自第一应用程序访问共享存储器区域的延迟，尝试访问共享存储器区域时，第二应用将不会被不适当地延迟。 当第二应用和操作系统适于实时处理时，这是特别有利的。 通过采取措施尽量减少内存访问故障可以获得额外的好处。

公开(公告)号：US20050086446A1

公开(公告)日：2005-04-21

申请号：US10679076

申请日：2003-10-04

申请人： Paul McKenney ,  Orran Krieger

发明人： Paul McKenney ,  Orran Krieger

IPC分类号： G06F12/00

CPC分类号： G06F9/526

摘要： Utilizing a software locking approach to execute a code section, upon failure of a hardware transactional approach, is disclosed. A method is disclosed that includes utilizing a hardware approach to transactional memory to execute a code section relating to memory. Where utilizing the hardware approach fails a threshold in executing the code section, the software approach is instead utilized to execute the code section relating to the memory. The threshold may include the hardware approach aborting execution of the code section a predetermined one or more times. The hardware approach includes starting a transaction inclusive of the code section, conditionally executing the transaction, and upon successfully completing the transaction, committing execution to memory. The software locking approach includes placing a lock on memory, executing the code section, committing execution of the code section to the memory as the code section is executed, and then removing the lock from the memory.

摘要翻译： 利用软件锁定方法来执行代码部分，在硬件事务处理失败的情况下被公开。 公开了一种方法，其包括利用事务存储器的硬件​​方法来执行与存储器相关的代码部分。 在执行代码部分的情况下利用硬件方法失败阈值的情况下，代替利用软件方法来执行与存储器有关的代码部分。 阈值可以包括硬件方法预定一次或多次中止代码段的执行。 硬件方法包括启动包括代码段的事务，有条件地执行事务，以及成功完成事务，将执行提交到内存。 软件锁定方法包括在存储器上放置锁定，执行代码部分，执行代码部分将代码段执行到存储器，然后从存储器中移除锁定。

公开(公告)号：US20140059375A1

公开(公告)日：2014-02-27

申请号：US13593060

申请日：2012-08-23

申请人： Glenn Bruce MCELHOE ,  Hoki TAM ,  Dwayne REEVES ,  Orran KRIEGER ,  Philip MCGACHEY

发明人： Glenn Bruce MCELHOE ,  Hoki TAM ,  Dwayne REEVES ,  Orran KRIEGER ,  Philip MCGACHEY

IPC分类号： G06F11/14

CPC分类号： G06F11/1484 ,  G06F9/45558 ,  G06F11/2033 ,  G06F2009/45562 ,  G06F2009/45595

摘要： Embodiments include a recovery system, a computer-readable storage medium, and a method of recreating a state of a datacenter. The embodiments include a plurality of program modules that is executable by a processor to gather metadata from a first datacenter that includes at least one virtual machine (VM), wherein the metadata includes data representative of a virtual infrastructure of the first datacenter. The program modules are also executable by the processor to recreate a state of the first datacenter within a second datacenter using the metadata upon a determination that a failure occurred within the first datacenter, and to recreate the VM within the second datacenter.

摘要翻译： 实施例包括恢复系统，计算机可读存储介质和重新创建数据中心状态的方法。 实施例包括可由处理器执行以从包括至少一个虚拟机（VM）的第一数据中心收集元数据的多个程序模块，其中所述元数据包括表示第一数据中心的虚拟基础设施的数据。 程序模块还可由处理器执行，以在确定在第一数据中心内发生故障并且在第二数据中心内重新创建VM时，使用元数据在第二数据中心内重建第一数据中心的状态。

公开(公告)号：US08505097B1

公开(公告)日：2013-08-06

申请号：US13173877

申请日：2011-06-30

申请人： Ari Juels ,  Orran Krieger ,  Dennis Moreau

发明人： Ari Juels ,  Orran Krieger ,  Dennis Moreau

IPC分类号： G06F7/04 ,  G06F11/00

CPC分类号： G06F21/552

摘要： A processing device comprises a processor coupled to a memory and implements a refresh-and-rotation process to protect a system comprising information technology infrastructure from a persistent security threat. The processing device is configured to replace one or more identified resources of a resource pool of the information technology infrastructure with one or more corresponding refreshed resources so as to provide a refreshed resource pool, and to remap elements of a set of workloads running on the information technology infrastructure to elements of the refreshed resource pool in order to deter the persistent security threat. The processing device may maintain within the resource pool a set of reserve resource pool elements that have no workload elements mapped to them, and can add resource pool elements to and remove resource pool elements from the set of reserve resource pool elements in conjunction with the remapping of workload elements to resource pool elements.

摘要翻译： 处理设备包括处理器，其耦合到存储器并且实现刷新和旋转过程，以保护包括信息技术基础设施的系统免受持久的安全威胁。 处理设备被配置为用一个或多个对应的刷新资源来替换信息技术基础设施的资源池中的一个或多个所识别的资源，以便提供刷新的资源池，并重新映射在信息上运行的一组工作负载的元素 技术基础设施到更新的资源池的元素，以阻止持续的安全威胁。 处理设备可以在资源池内维护一组没有工作负载元素映射到它们的备用资源池元素，并且可以将资源池元素从该组备用资源池元素中与重新映射相结合添加资源池元素 的工作量元素到资源池元素。

公开(公告)号：US20080168239A1

公开(公告)日：2008-07-10

申请号：US11620293

申请日：2007-01-05

申请人： Xiaowei Shen ,  Robert W. Wisniewski ,  Orran Krieger

发明人： Xiaowei Shen ,  Robert W. Wisniewski ,  Orran Krieger

IPC分类号： G06F12/00

CPC分类号： G06F12/0842 ,  G06F12/0862 ,  G06F12/10 ,  G06F12/1027

摘要： Memory Access Coloring provides architecture support that allows software to classify memory accesses into different congruence classes by specifying a color for each memory access operation. The color information is received and recorded by the underlying system with appropriate granularity. This allows hardware to monitor color-based cache monitoring information and provide such feedback to the software to enable various runtime optimizations. It also enables enforcement of different memory consistency models for memory regions with different colors at the same time.

摘要翻译： 内存访问着色提供架构支持，允许软件通过为每个内存访问操作指定颜色来将内存访问分类为不同的同余类。 颜色信息由底层系统以适当的粒度接收和记录。 这允许硬件监视基于颜色的缓存监视信息，并向软件提供这样的反馈以启用各种运行时优化。 它还可以同时实现具有不同颜色的存储器区域的不同存储器一致性模型。

公开(公告)号：US20050071811A1

公开(公告)日：2005-03-31

申请号：US10673587

申请日：2003-09-29

申请人： Jonathan Appavoo ,  Marc Auslander ,  Kevin Hui ,  Orran Krieger ,  Dilma Silva ,  Robert Wisniewski

发明人： Jonathan Appavoo ,  Marc Auslander ,  Kevin Hui ,  Orran Krieger ,  Dilma Silva ,  Robert Wisniewski

IPC分类号： G06F9/44 ,  G06F9/445

CPC分类号： G06F8/656

摘要： Systems, especially operating systems, are becoming more complex to the point where maintaining them by humans is becoming nearly impossible. Many corporations have recognized this trend and have begun investing in autonomic technology. Autonomic technology allows a piece of software to monitor, diagnose, and repair itself. This can be used for improved performance, reliability, maintainability, security, etc. Disclosed herein is a mechanism to allow operating systems to hot swap a piece of operating system code, while continuing to offer to the user the service which that code is providing. This can be used, for examples, to increase the performance of an application or to fix a detected security hole live without bringing the machine down. Some autonomic ability will be mandatory in next generation operating system for without it they will collapse under their own complexity. The invention offers a key component of being able to achieve autonomic computing.

摘要翻译： 系统尤其是操作系统正在变得越来越复杂，人们几乎不可能维系这些系统。 许多公司已经认识到这一趋势，并开始投资于自主技术。 自动技术允许一个软件来监视，诊断和修复自身。 这可以用于改进的性能，可靠性，可维护性，安全性等。这里公开了一种允许操作系统热插拔操作系统代码的机制，同时继续向用户提供该代码提供的服务。 例如，这可以用于增加应用程序的性能或者在不使机器停机的情况下固定检测到的安全漏洞。 一些自主能力在下一代操作系统中将是强制性的，没有它们将在自己的复杂性下崩溃。 本发明提供能够实现自主计算的关键组件。

公开(公告)号：US08874744B2

公开(公告)日：2014-10-28

申请号：US12699631

申请日：2010-02-03

申请人： Xianan Zhang ,  Eddie Ma ,  Umit Rencuzogullari ,  Irfan Ahmad ,  Orran Krieger ,  Mukil Kesavan

发明人： Xianan Zhang ,  Eddie Ma ,  Umit Rencuzogullari ,  Irfan Ahmad ,  Orran Krieger ,  Mukil Kesavan

IPC分类号： G06F15/16 ,  G06F15/173 ,  G06F9/455

CPC分类号： H04L47/125 ,  G06F9/455 ,  G06F15/173 ,  H04L43/0876

摘要： A resource management system for a virtual machine computing environment includes a software component that optimizes capacity between server clusters or groups by monitoring the capacity of server clusters or groups and automatically adding and removing host systems to and from server clusters or groups. The software component may be implemented at a server cluster management level to monitor and execute host system moves between server clusters and/or at a higher level in the resource management hierarchy. At the higher level, the software component is configured to monitor and execute host system moves between sets of server clusters being managed by different server cluster management agents.

摘要翻译： 用于虚拟机计算环境的资源管理系统包括通过监视服务器集群或组的容量并自动地向服务器集群或组中添加和移除主机系统来优化服务器集群或组之间的容量的软件组件。 软件组件可以在服务器集群管理级别上实现，以在服务器集群之间和/或在资源管理层级中的较高级别上监视和执行主机系统移动。 在较高级别，软件组件被配置为监视和执行由不同的服务器集群管理代理管理的服务器集群之间的主机系统移动。