公开(公告)号：US08639783B1

公开(公告)日：2014-01-28

申请号：US12584010

申请日：2009-08-28

申请人： Mark Bakke ,  David Thompson ,  Timothy Kuik ,  Saravanakumar Rajendran

发明人： Mark Bakke ,  David Thompson ,  Timothy Kuik ,  Saravanakumar Rajendran

IPC分类号： G06F15/177 ,  G06F13/00

CPC分类号： H04L45/16 ,  H04L41/0893 ,  H04L49/70

摘要： In one embodiment, an apparatus includes a port profile manager for receiving a port configuration policy and creating a port profile for the port configuration policy. The apparatus further includes a management interface for transmitting the port profile to a management station operable to receive input mapping the port profile to one or more interfaces associated with virtual machines. The port profile manager receives and stores the mapping input at the management station, for use in configuring the interfaces according to the port configuration policy. A method for policy based configuration of interfaces in a virtual machine environment is also disclosed.

摘要翻译： 在一个实施例中，一种装置包括端口简档管理器，用于接收端口配置策略并为端口配置策略创建端口配置文件。 该装置还包括用于将端口简档发送到管理站的管理接口，管理站可操作以接收将端口简档映射到与虚拟机相关联的一个或多个接口的输入。 端口配置文件管理器在管理站接收并存储映射输入，用于根据端口配置策略配置接口。 还公开了一种用于虚拟机环境中的接口的基于策略的配置的方法。

公开(公告)号：US08127412B2

公开(公告)日：2012-03-06

申请号：US11731728

申请日：2007-03-30

申请人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

发明人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F11/1415 ,  H04L63/1433 ,  H04L67/306

摘要： A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

摘要翻译： 一种计算机系统，包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档，其中所述漏洞简档中的每一个包括应用程序标识符，操作系统标识符，描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行，以检测与所述漏洞相关联的异常，以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介，并采取补救措施。

公开(公告)号：US20070112931A1

公开(公告)日：2007-05-17

申请号：US11622436

申请日：2007-01-11

申请人： Timothy Kuik ,  David Thompson ,  Mark Bakke ,  Clayton Haapala ,  Stephen De Groote ,  Craig Johnson ,  James Muchow

发明人： Timothy Kuik ,  David Thompson ,  Mark Bakke ,  Clayton Haapala ,  Stephen De Groote ,  Craig Johnson ,  James Muchow

IPC分类号： G06F15/167 ,  G06F13/00

CPC分类号： H04L67/1097 ,  G06F3/0607 ,  G06F3/0635 ,  G06F3/067 ,  H04L29/12009 ,  H04L61/00

摘要： A system and method for accessing Storage Area Networks over an IP network. A SCSI request is generated and encapsulated in one or more IP packets. The encapsulated SCSI request is routed over an IP network and received by a storage router. The storage router extracts the SCSI request from the one or more IP packets and routes the extracted SCSI request through a virtual SCSI router to the storage area network.

摘要翻译： 一种通过IP网络访问存储区域网络的系统和方法。 生成SCSI请求并封装在一个或多个IP数据包中。 封装的SCSI请求通过IP网络路由并由存储路由器接收。 存储路由器从一个或多个IP分组中提取SCSI请求，并通过虚拟SCSI路由器将提取的SCSI请求路由到存储区域网络。

公开(公告)号：US20060294234A1

公开(公告)日：2006-12-28

申请号：US11386487

申请日：2006-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson

IPC分类号： G06F15/173

CPC分类号： H04L69/16 ,  H04L69/161 ,  H04L69/162 ,  H04L69/32

摘要： Methods and apparatus for transferring data from an application server are provided. By offloading network and file system stacks to a common stack accessible by multiple operating systems in a virtual computing system, embodiments of the present invention may achieve data transfer support for web and application servers without the data needing to be copied to or reside in the address space of the server operating systems.

摘要翻译： 提供了从应用服务器传送数据的方法和装置。 通过将网络和文件系统堆栈卸载到由虚拟计算系统中的多个操作系统可访问的公共堆栈，本发明的实施例可以实现对web和应用服务器的数据传输支持，而不需要将数据复制到或驻留在地址中 服务器操作系统的空间。

公开(公告)号：US20060265529A1

公开(公告)日：2006-11-23

申请号：US11382692

申请日：2006-05-10

申请人： Timothy Kuik ,  David Thompson ,  Mark Bakke ,  Clayton Haapala ,  Stephen De Groote ,  Craig Johnson

发明人： Timothy Kuik ,  David Thompson ,  Mark Bakke ,  Clayton Haapala ,  Stephen De Groote ,  Craig Johnson

IPC分类号： G06F13/38

CPC分类号： H04L45/52 ,  H04L45/00 ,  H04L67/1097

摘要： A storage router having an internet protocol (IP) port for coupling to a network supporting IP packets, a fibre channel port for coupling to a fibre channel network to a plurality of storage devices, and a SCSI router having an iSCSI interface that extracts SCSI command and data information from packets received through the IP port, wherein the SCSI router passes the extracted SCSI command and data information to the fiber channel port. Some embodiments further include a session to an information-handling system. The session supports a target-only mapping (wherein a source-specified target value is replaced by a mapped target value that is then passed by the SCSI router toward a first storage device and its LUNs), or target-and-LUN mapping (wherein source-specified target and LUN information is replaced by mapped target-and LUN information such as a loop-ID and LUN combination, a WWPN and LUN combination, or a WWNN).

摘要翻译： 具有用于耦合到支持IP分组的网络的因特网协议（IP）端口的存储路由器，用于将光纤通道网络耦合到多个存储设备的光纤通道端口以及具有提取SCSI命令的iSCSI接口的SCSI路由器 以及从通过IP端口接收的分组的数据信息，其中SCSI路由器将提取的SCSI命令和数据信息传递到光纤通道端口。 一些实施例还包括到信息处理系统的会话。 该会话支持仅目标映射（其中源指定的目标值被映射的目标值替换，然后由SCSI路由器向第一存储设备及其LUN传递）或目标和LUN映射（其中 源指定的目标和LUN信息被映射的目标和LUN信息（如循环ID和LUN组合，WWPN和LUN组合或WWNN）所替代。

公开(公告)号：US20110173295A1

公开(公告)日：2011-07-14

申请号：US13069304

申请日：2011-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US07949766B2

公开(公告)日：2011-05-24

申请号：US11472678

申请日：2006-06-21

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US20080244747A1

公开(公告)日：2008-10-02

申请号：US11731728

申请日：2007-03-30

申请人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

发明人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

IPC分类号： G06F11/00

CPC分类号： G06F11/1415 ,  H04L63/1433 ,  H04L67/306

摘要： A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

摘要翻译： 一种计算机系统，包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档，其中所述漏洞简档中的每一个包括应用程序标识符，操作系统标识符，描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行，以检测与所述漏洞相关联的异常，以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介，并采取补救措施。

公开(公告)号：US20070011272A1

公开(公告)日：2007-01-11

申请号：US11472678

申请日：2006-06-21

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US08156230B2

公开(公告)日：2012-04-10

申请号：US13069304

申请日：2011-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。