-
公开(公告)号:US09100246B1
公开(公告)日:2015-08-04
申请号:US12142549
申请日:2008-06-19
申请人: Lance TeNgaio , Randall R. Cook
发明人: Lance TeNgaio , Randall R. Cook
CPC分类号: H04L29/08099 , G06F9/45558 , G06F9/48 , G06F9/545 , G06F2009/45562 , G06F2009/45575 , G06F2209/542 , H04L29/06 , H04L29/08009 , H04L29/08081 , H04L29/0809 , H04L29/08117 , H04L29/08135 , H04L29/08144
摘要: Distributed application virtualization provides for the distribution, configuration and control of multiple application components, layered file systems, and configuration settings that may be applied on top of an operating system of each system configured to work in conjunction with other systems within a single distributed virtualization layer. A distributed software virtualization manager or service handles communication between systems within each distributed virtual layer. One distributed virtualization operation activates components, selected based on user-defined parameters, on systems across the network belonging to a selected distributed virtual application layer. Other virtualization operations, whether local and/or distributed, include capturing file system and configuration activity associated with the detected event and storing data representative of the captured file system and configuration activity to a virtual layer, such as a local or distributed application layer.
摘要翻译: 分布式应用程序虚拟化提供了可分配,配置和控制多个应用程序组件,分层文件系统和配置设置,这些配置设置可以应用于配置为与单个分布式虚拟化层内的其他系统配合工作的每个系统的操作系统之上 。 分布式软件虚拟化管理器或服务处理每个分布式虚拟层内的系统之间的通信。 一个分布式虚拟化操作在属于所选分布式虚拟应用层的网络上的系统上激活基于用户定义的参数选择的组件。 本地和/或分发的其他虚拟化操作包括捕获与检测到的事件相关联的文件系统和配置活动,并将表示所捕获的文件系统和配置活动的数据存储到诸如本地或分布式应用层的虚拟层。
-
公开(公告)号:US08639734B1
公开(公告)日:2014-01-28
申请号:US12059973
申请日:2008-03-31
申请人: Randall R. Cook
发明人: Randall R. Cook
IPC分类号: G06F12/10
CPC分类号: G06F17/30115
摘要: An apparatus or method in which information external to a file is used to select a directory within a file system where the file is to be stored. In one embodiment of the method a first request is received to create a first file in a file system, wherein the first request comprises a first file system path. First information is also received that describes data contained in a first data object. A first redirect file system path component is selected from a plurality of redirect file system path components in response to receiving the first information. The first file system path is then modified by adding the first redirect file system path component to the first file system path.
摘要翻译: 使用文件外部的信息来选择要存储文件的文件系统内的目录的装置或方法。 在该方法的一个实施例中,接收到第一请求以在文件系统中创建第一文件,其中第一请求包括第一文件系统路径。 还收到描述包含在第一数据对象中的数据的第一信息。 响应于接收到第一信息,从多个重定向文件系统路径组件中选择第一重定向文件系统路径组件。 然后通过将第一个重定向文件系统路径组件添加到第一个文件系统路径来修改第一个文件系统路径。
-
3.发明授权Methods and systems for defragmenting virtual machine prefetch data on physical storage 有权在物理存储上对虚拟机预取数据进行碎片整理的方法和系统公开(公告)号:US08332570B1
公开(公告)日:2012-12-11
申请号:US12242734
申请日:2008-09-30
CPC分类号: G06F3/0613 , G06F3/0646 , G06F3/0676 , G06F9/45558 , G06F2009/45579 , G06F2206/1004
摘要: A computer-implemented method for defragmenting virtual machine prefetch data. The method may include obtaining prefetch information associated with prefetch data of a virtual machine. The method may also include defragmenting, based on the prefetch information, the prefetch data on physical storage. The prefetch information may include a starting location and length of the prefetch data on a virtual disk. The prefetch information may include a geometry specification of the virtual disk. Defragmenting on physical storage may include placing the prefetch data contiguously on physical storage, placing the prefetch data in a fast-access segment of physical storage, and/or ordering the prefetch data according to the order in which it is accessed at system or application startup.
摘要翻译: 用于对虚拟机预取数据进行碎片整理的计算机实现的方法。 该方法可以包括获得与虚拟机的预取数据相关联的预取信息。 该方法还可以包括基于预取信息对物理存储器上的预取数据进行碎片整理。 预取信息可以包括虚拟磁盘上的预取数据的起始位置和长度。 预取信息可以包括虚拟磁盘的几何规格。 物理存储上的碎片整理可能包括将预取数据连续地放置在物理存储上,将预取数据放置在物理存储的快速访问段中,和/或根据系统或应用程序启动时访问顺序对预取数据进行排序 。
-
4.发明授权公开(公告)号:US08024556B1
公开(公告)日:2011-09-20
申请号:US12058785
申请日:2008-03-31
申请人: Randall R. Cook
发明人: Randall R. Cook
IPC分类号: G06F9/44
CPC分类号: G06F8/656
摘要: The disclosure is directed to systems, apparatus, and methods for layered execution pre-boot configuration. In one example, a system includes a local computer, a base operating system, a layered execution environment, and a layered environment manager. The system may further include an environment update service and one or more layered environment data store(s). The system may, before booting the base operating system and layered execution environment, perform such modification operations as applying an operating system patch, applying a program patch, changing a layer activation property, disabling a program, replacing a program, changing a configuration file, and installing a driver.
摘要翻译: 本公开涉及用于分层执行预引导配置的系统,装置和方法。 在一个示例中,系统包括本地计算机,基本操作系统,分层执行环境和分层环境管理器。 系统还可以包括环境更新服务和一个或多个分层环境数据存储。 在引导基本操作系统和分层执行环境之前,系统可以执行诸如应用操作系统补丁,应用程序补丁,改变层激活属性,禁用程序,替换程序,改变配置文件等修改操作, 并安装驱动程序。
-
5.发明授权Method and system for running an application in a clean operating environment using a layered computing system 有权使用分层计算系统在干净的操作环境中运行应用程序的方法和系统公开(公告)号:US07945897B1
公开(公告)日:2011-05-17
申请号:US11528858
申请日:2006-09-28
申请人: Randall R. Cook
发明人: Randall R. Cook
IPC分类号: G06F9/44 , G06F9/445 , G06F3/00 , G06F15/173
CPC分类号: G06F9/445
摘要: The disclosure is directed to computing systems that provide access to the content of layers. Layers may include, for example, application layers, baseline layers, data layers, patch layers, application patch layers, and sublayers. Prioritization schemes, including prioritization by layer type, by assigned priority weights, by access type, by sub-layers and by read-write indicators are provided. Layers may contain file reference information including exclusion or inclusion entries indicating what files may be written. Paths recorded in layers may also embed variables to true paths on a layered system. Detailed information on various example embodiments are provided in the Detailed Description, and the invention is defined by the appended claims.
摘要翻译: 本公开涉及提供对层内容的访问的计算系统。 层可以包括例如应用层,基线层,数据层,补丁层,应用补丁层和子层。 提供了优先级方案,包括层次类型优先级,分配优先级权重,接入类型,子层和读写指示符。 图层可以包含文件参考信息,包括排除或包含条目,指示可以写入什么文件。 记录在层中的路径也可以将变量嵌入到分层系统上的真实路径上。 各个示例性实施例的详细信息在详细描述中提供,并且本发明由所附权利要求限定。
-
公开(公告)号:US07512977B2
公开(公告)日:2009-03-31
申请号:US11081856
申请日:2005-03-16
IPC分类号: G06F11/30
CPC分类号: H04L63/1441 , G06F21/53 , G06F21/566 , H04L63/16
摘要: The inventions relate generally to protection of computing systems by isolating intrusive attacks into layers, those layers containing at least file objects and being accessible to applications, those layers further maintaining potentially intrusive file objects separately from regular file system objects such that the regular objects are protected and undisturbed. Also disclosed herein are computing systems which use layers and/or isolation layers, and various systems and methods for using those systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
摘要翻译: 本发明一般涉及通过将入侵攻击隔离成层,这些层至少包含文件对象并且可被应用程序访问的那些层,这些层进一步将常规文件系统对象分开保留潜在的侵入性文件对象,使得常规对象被保护 并不受干扰。 本文还公开了使用层和/或隔离层的计算系统以及用于使用这些系统的各种系统和方法。 在下面的详细描述中提供了关于本发明的各种示例性实施例的详细信息,并且本发明由所附权利要求限定。
-
7.发明授权Dynamic rights assignment apparatus and method using network directory services 失效使用网络目录服务的动态权限分配装置和方法
公开(公告)号:US6061726A
公开(公告)日:2000-05-09
申请号:US970173
申请日:1997-11-13
申请人: Randall R. Cook , Nicholas Huston Franklin , Bill Guy Bodine , Calvin R. Gaisford , Matthew G. Brooks
发明人: Randall R. Cook , Nicholas Huston Franklin , Bill Guy Bodine , Calvin R. Gaisford , Matthew G. Brooks
IPC分类号: G06F1/00 , G06F9/46 , G06F21/00 , G06F15/173
CPC分类号: G06F21/604 , G06F9/468
摘要: A directory services system includes a resource object, such as an application object for accessing an actual resource associated with the resource object. Rights attributes of the resource object reflects information for controlling rights of a user (or entity) to access the actual resource. The rights attributes may include criteria for distribution. The rights attributes may be used to rapidly, dynamically, remotely, and easily define and control access to available instances of a resource object based on certain criteria, such as organization, membership, etc. A utility (snap-in) module may be relied upon to manage the values of the attribute. Application programming interfaces (executables) in a dynamically linked library may be provided to "consume" (use) the attributes in the resource objects stored in directory services database.
摘要翻译: 目录服务系统包括资源对象,诸如用于访问与资源对象相关联的实际资源的应用对象。 资源对象的权限属性反映用于控制用户(或实体)访问实际资源的权限的信息。 权限属性可能包括分发标准。 可以使用权限属性来快速,动态地,远程地并且容易地基于某些标准(例如组织,成员资格等)来定义和控制对资源对象的可用实例的访问。可以依赖于实用程序(管理单元)模块 管理属性的值。 可以提供动态链接库中的应用程序编程接口(可执行程序)来“存储”(使用)存储在目录服务数据库中的资源对象中的属性。
-
公开(公告)号:US08688641B1
公开(公告)日:2014-04-01
申请号:US12058927
申请日:2008-03-31
CPC分类号: G06F17/30126
摘要: A method is proposed. The method includes receiving a file operation request from a process and performing a census of instances of a file applicable to the file operation request to populate a data structure. The data structure including a listing of the instances of the file applicable to the file operation request. The data structure also includes characteristics for a first instance from among the instances of the file applicable to the file operation request, and characteristics for a second instance of a selected file from among the instances of the file applicable to the file operation request. The method also includes eliminating the first instance from among the instances of the file applicable to the file operation request on the basis of a rule associated with properties from a record for the process, and the characteristics for the first instance.
摘要翻译: 提出了一种方法。 该方法包括从进程接收文件操作请求并执行适用于文件操作请求的文件的实例的普查以填充数据结构。 数据结构包括适用于文件操作请求的文件实例的列表。 数据结构还包括适用于文件操作请求的文件的实例中的第一实例的特性,以及可应用于文件操作请求的文件的实例之间的所选文件的第二实例的特性。 该方法还包括基于与来自用于进程的记录的属性相关联的规则以及第一实例的特征,从适用于文件操作请求的文件的实例中删除第一实例。
-
9.发明授权Filtering I/O communication of guest OS by inserting filter layer between hypervisor and VM and between hypervisor and devices 有权通过在虚拟机管理程序和VM之间以及虚拟机管理程序和设备之间插入过滤器层来过滤访客操作系统的I / O通信公开(公告)号:US08490086B1
公开(公告)日:2013-07-16
申请号:US12495420
申请日:2009-06-30
申请人: Randall R. Cook , Kenneth Berryman
发明人: Randall R. Cook , Kenneth Berryman
CPC分类号: G06F9/45558 , G06F11/301 , G06F11/3051 , G06F11/3072 , G06F11/3089 , G06F21/53 , G06F2009/45587
摘要: A computer-implemented method for filtering input/output communications of guest operating systems may include: 1) identifying a guest operating system running in a virtual machine, 2) creating an input/output filtering layer that resides outside the guest operating system, 3) intercepting, at the input/output filtering layer, an input/output communication involving the guest operating system, and then 4) performing a filtering operation on the input/output communication. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于过滤客户操作系统的输入/输出通信的计算机实现的方法可以包括:1)识别在虚拟机中运行的客户操作系统,2)创建驻留在客户操作系统之外的输入/输出过滤层,3) 在输入/输出过滤层处拦截涉及客户操作系统的输入/输出通信,然后4)对输入/输出通信进行滤波操作。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US08353044B1
公开(公告)日:2013-01-08
申请号:US12147744
申请日:2008-06-27
申请人: Howard Jones , Kevin Unbedacht , Randall R. Cook
发明人: Howard Jones , Kevin Unbedacht , Randall R. Cook
IPC分类号: H04L29/06
CPC分类号: H04L67/34 , H04L63/102 , H04L67/125
摘要: A computer-implemented method for remediation of a computing device attempting to access a network. The method may include detecting that the computing device is attempting to access the network. The method may also include determining that the computing device does not comply with a network-access-control policy of the network. The method may include using a virtualization layer to bring the computing device into compliance with the network-access-control policy. The method may include permitting the computing device to access the network after the computing device is brought into compliance with the network-access-control policy. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于修复试图访问网络的计算设备的计算机实现的方法。 该方法可以包括检测计算设备正试图访问网络。 该方法还可以包括确定计算设备不符合网络的网络访问控制策略。 该方法可以包括使用虚拟化层来使计算设备符合网络访问控制策略。 该方法可以包括允许计算设备在计算设备符合网络访问控制策略之后访问网络。 还公开了各种其它方法,系统和计算机可读介质。
-
-
-
-
-
-
-
-
-
搜索结果
34 条记录 (耗时 0.027 秒)
