公开(公告)号：US20170286142A1

公开(公告)日：2017-10-05

申请号：US15085454

申请日：2016-03-30

Applicant: Intel Corporation

Inventor： Stephen T. Palermo ,  Scott P. Dubal ,  Rashmin N. Patel

IPC: G06F9/455 ,  H04L29/06

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L63/0428

Abstract: Technologies for dynamically allocating acceleration units of a network device include a network device configured to determine a present compute usage value associated with a workload of the virtual machine, determine whether to accelerate the virtual machine as a function of the present compute usage and a compute capability usage limit, and select, in response to a determination to accelerate the virtual machine, an acceleration unit from one or more acceleration units, as a function of a type of the workload. Additionally, the network device is configured to allocate the identified acceleration unit. Other embodiments are described and claimed.

公开(公告)号：US11805116B2

公开(公告)日：2023-10-31

申请号：US16957628

申请日：2018-03-31

Applicant: INTEL CORPORATION

Inventor： Changzheng Wei ,  Weigang Li ,  Danny Y. Zhou ,  Junyuan Wang ,  Hari K. Tadepalli ,  Rashmin N. Patel

IPC: H04W12/04 ,  H04W12/06 ,  H04L9/40 ,  H04W12/00 ,  H04L9/32 ,  G06F21/72

CPC classification number: H04L63/0823 ,  H04L9/3242 ,  H04L63/12 ,  H04W12/009 ,  H04L2463/062

Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.

公开(公告)号：US09934062B2

公开(公告)日：2018-04-03

申请号：US15085454

申请日：2016-03-30

Applicant: Intel Corporation

Inventor： Stephen T. Palermo ,  Scott P. Dubal ,  Rashmin N. Patel

IPC: G06F9/46 ,  G06F9/455 ,  H04L29/06

CPC classification number: G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L63/0428

Abstract: Technologies for dynamically allocating acceleration units of a network device include a network device configured to determine a present compute usage value associated with a workload of the virtual machine, determine whether to accelerate the virtual machine as a function of the present compute usage and a compute capability usage limit, and select, in response to a determination to accelerate the virtual machine, an acceleration unit from one or more acceleration units, as a function of a type of the workload. Additionally, the network device is configured to allocate the identified acceleration unit. Other embodiments are described and claimed.

公开(公告)号：US20170180325A1

公开(公告)日：2017-06-22

申请号：US14979134

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Stephen T. Palermo ,  Hari K. Tadepalli ,  Rashmin N. Patel ,  Andrew J. Herdrich ,  Edwin Verplanke

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/04 ,  G06F21/53 ,  G06F2221/2141 ,  H04L41/0806 ,  H04L41/0893 ,  H04L43/0847 ,  H04L63/102

Abstract: Technologies for enforcing virtual machine network access control include a network computing device that includes a plurality of virtual machines. The network computing device is configured to receive an access request from a virtual function assigned to a requesting virtual machine of the network computing device. The network computing device is additionally configured to determine a first privilege level assigned to the requesting machine and a second privilege level assigned to the destination virtual machine, and determine whether the requesting virtual machine is authorized to access the destination virtual machine based on a comparison of the first and second privilege levels. Upon determining the requesting virtual machine is authorized to access the destination virtual machine, the network computing device is additionally configured to allow the requesting virtual machine access to the destination virtual machine. Other embodiments are described herein.

公开(公告)号：US09454497B2

公开(公告)日：2016-09-27

申请号：US14460530

申请日：2014-08-15

Applicant: Intel Corporation

Inventor： Jun Nakajima ,  Jr-Shian Tsai ,  Ravi L. Sahita ,  Mesut A. Ergin ,  Edwin Verplanke ,  Rashmin N. Patel ,  Alexander W. Min ,  Ren Wang ,  Tsung-Yuan C. Tai

IPC: G06F12/14 ,  G06F9/455 ,  G06F21/44 ,  G06F21/60 ,  G06F9/50 ,  H04L12/931

CPC classification number: G06F12/1475 ,  G06F9/455 ,  G06F9/45558 ,  G06F9/50 ,  G06F21/44 ,  G06F21/606 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2212/1052 ,  H04L49/70

Abstract: Technologies for secure inter-virtual-machine shared memory communication include a computing device with hardware virtualization support. A virtual machine monitor (VMM) authenticates a view switch component of a target virtual machine. The VMM adds configures a secure memory view to access a shared memory segment. The shared memory segment may include memory pages of a source virtual machine or the VMM. The view switch component switches to the secure memory view without generating a virtual machine exit event, using the hardware virtualization support. The view switch component may switch to the secure memory view by modifying an extended page table (EPT) pointer. The target virtual machine accesses the shared memory segment via the secure memory view. The target virtual machine and the source virtual machine may coordinate ownership of memory pages using a secure view control structure stored in the shared memory segment. Other embodiments are described and claimed.

Abstract translation: 用于安全的虚拟机间共享存储器通信的技术包括具有硬件虚拟化支持的计算设备。 虚拟机监视器（VMM）验证目标虚拟机的视图切换组件。 VMM添加配置安全内存视图以访问共享内存段。 共享内存段可以包括源虚拟机或VMM的存储器页面。 视图切换组件切换到安全存储器视图，而不会使用硬件虚拟化支持生成虚拟机退出事件。 视图切换组件可以通过修改扩展页表（EPT）指针来切换到安全存储器视图。 目标虚拟机通过安全内存视图访问共享内存段。 目标虚拟机和源虚拟机可以使用存储在共享存储器段中的安全视图控制结构来协调存储器页的所有权。 描述和要求保护其他实施例。