Policy based configuration of interfaces in a virtual machine environment
    1.
    发明授权
    Policy based configuration of interfaces in a virtual machine environment 有权
    虚拟机环境中基于策略的接口配置

    公开(公告)号:US08639783B1

    公开(公告)日:2014-01-28

    申请号:US12584010

    申请日:2009-08-28

    IPC分类号: G06F15/177 G06F13/00

    摘要: In one embodiment, an apparatus includes a port profile manager for receiving a port configuration policy and creating a port profile for the port configuration policy. The apparatus further includes a management interface for transmitting the port profile to a management station operable to receive input mapping the port profile to one or more interfaces associated with virtual machines. The port profile manager receives and stores the mapping input at the management station, for use in configuring the interfaces according to the port configuration policy. A method for policy based configuration of interfaces in a virtual machine environment is also disclosed.

    摘要翻译: 在一个实施例中,一种装置包括端口简档管理器,用于接收端口配置策略并为端口配置策略创建端口配置文件。 该装置还包括用于将端口简档发送到管理站的管理接口,管理站可操作以接收将端口简档映射到与虚拟机相关联的一个或多个接口的输入。 端口配置文件管理器在管理站接收并存储映射输入,用于根据端口配置策略配置接口。 还公开了一种用于虚拟机环境中的接口的基于策略的配置的方法。

    Virtual local area networks in a virtual machine environment
    2.
    发明申请
    Virtual local area networks in a virtual machine environment 审中-公开
    虚拟局域网在虚拟机环境中

    公开(公告)号:US20120131662A1

    公开(公告)日:2012-05-24

    申请号:US12927785

    申请日:2010-11-23

    IPC分类号: G06F21/00 G06F9/455

    摘要: In one embodiment, a method includes identifying virtual machines operating at a network device and virtual local area networks associated with the virtual machines, creating an allowed list of virtual local area networks at the network device based on the virtual machines operating at the network device, and updating the allowed list in response to changes in the virtual machines at the network device. The network device is configured to forward traffic received from the virtual local area networks on the allowed list to a virtual switch at the network device, and drop traffic received from a virtual local area network not on the allowed list. An apparatus and logic are also disclosed.

    摘要翻译: 在一个实施例中,一种方法包括识别在网络设备上操作的虚拟机以及与虚拟机相关联的虚拟局域网,基于在网络设备上操作的虚拟机在网络设备上创建允许的虚拟局域网列表, 以及响应于网络设备上的虚拟机的变化来更新允许的列表。 网络设备被配置为将从允许的列表上的虚拟局域网接收的流量转发到网络设备上的虚拟交换机,并且丢弃从不在允许列表上的虚拟局域网接收的流量。 还公开了一种装置和逻辑。

    OFFLOAD STACK FOR NETWORK, BLOCK AND FILE INPUT AND OUTPUT
    3.
    发明申请
    OFFLOAD STACK FOR NETWORK, BLOCK AND FILE INPUT AND OUTPUT 有权
    网络,块和文件输入和输出的卸载堆栈

    公开(公告)号:US20110173295A1

    公开(公告)日:2011-07-14

    申请号:US13069304

    申请日:2011-03-22

    IPC分类号: G06F15/16

    摘要: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

    摘要翻译: 用于从操作系统卸载网络,块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令,当被执行时,在内部网络,块和文件系统接口处接收来自操作系统之一的数据传输请求,并允许数据在内部接口和多个外部接口之间传输, 操作系统执行数据传输并代表操作系统执行数据传输。

    SESSION-BASED TARGET/LUN MAPPING FOR A STORAGE AREA NETWORK AND ASSOCIATED METHOD
    4.
    发明申请
    SESSION-BASED TARGET/LUN MAPPING FOR A STORAGE AREA NETWORK AND ASSOCIATED METHOD 有权
    用于存储区域网络的基于会话的目标/ LUN映射及相关方法

    公开(公告)号:US20060265529A1

    公开(公告)日:2006-11-23

    申请号:US11382692

    申请日:2006-05-10

    IPC分类号: G06F13/38

    摘要: A storage router having an internet protocol (IP) port for coupling to a network supporting IP packets, a fibre channel port for coupling to a fibre channel network to a plurality of storage devices, and a SCSI router having an iSCSI interface that extracts SCSI command and data information from packets received through the IP port, wherein the SCSI router passes the extracted SCSI command and data information to the fiber channel port. Some embodiments further include a session to an information-handling system. The session supports a target-only mapping (wherein a source-specified target value is replaced by a mapped target value that is then passed by the SCSI router toward a first storage device and its LUNs), or target-and-LUN mapping (wherein source-specified target and LUN information is replaced by mapped target-and LUN information such as a loop-ID and LUN combination, a WWPN and LUN combination, or a WWNN).

    摘要翻译: 具有用于耦合到支持IP分组的网络的因特网协议(IP)端口的存储路由器,用于将光纤通道网络耦合到多个存储设备的光纤通道端口以及具有提取SCSI命令的iSCSI接口的SCSI路由器 以及从通过IP端口接收的分组的数据信息,其中SCSI路由器将提取的SCSI命令和数据信息传递到光纤通道端口。 一些实施例还包括到信息处理系统的会话。 该会话支持仅目标映射(其中源指定的目标值被映射的目标值替换,然后由SCSI路由器向第一存储设备及其LUN传递)或目标和LUN映射(其中 源指定的目标和LUN信息被映射的目标和LUN信息(如循环ID和LUN组合,WWPN和LUN组合或WWNN)所替代。

    Network context triggers for activating virtualized computer applications
    5.
    发明授权
    Network context triggers for activating virtualized computer applications 有权
    用于激活虚拟化计算机应用程序的网络上下文触发器

    公开(公告)号:US08127412B2

    公开(公告)日:2012-03-06

    申请号:US11731728

    申请日:2007-03-30

    摘要: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

    摘要翻译: 一种计算机系统,包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档,其中所述漏洞简档中的每一个包括应用程序标识符,操作系统标识符,描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行,以检测与所述漏洞相关联的异常,以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介,并采取补救措施。

    Zero-copy network and file offload for web and application servers
    7.
    发明申请
    Zero-copy network and file offload for web and application servers 有权
    网络和应用程序服务器的零拷贝网络和文件卸载

    公开(公告)号:US20060294234A1

    公开(公告)日:2006-12-28

    申请号:US11386487

    申请日:2006-03-22

    IPC分类号: G06F15/173

    摘要: Methods and apparatus for transferring data from an application server are provided. By offloading network and file system stacks to a common stack accessible by multiple operating systems in a virtual computing system, embodiments of the present invention may achieve data transfer support for web and application servers without the data needing to be copied to or reside in the address space of the server operating systems.

    摘要翻译: 提供了从应用服务器传送数据的方法和装置。 通过将网络和文件系统堆栈卸载到由虚拟计算系统中的多个操作系统可访问的公共堆栈,本发明的实施例可以实现对web和应用服务器的数据传输支持,而不需要将数据复制到或驻留在地址中 服务器操作系统的空间。

    Offload stack for network, block and file input and output
    8.
    发明授权
    Offload stack for network, block and file input and output 有权
    卸载堆栈用于网络,块和文件的输入和输出

    公开(公告)号:US07949766B2

    公开(公告)日:2011-05-24

    申请号:US11472678

    申请日:2006-06-21

    IPC分类号: G06F15/16

    摘要: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

    摘要翻译: 用于从操作系统卸载网络,块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令,当被执行时,在内部网络,块和文件系统接口处接收来自操作系统之一的数据传输请求,并允许数据在内部接口和多个外部接口之间传输, 操作系统执行数据传输并代表操作系统执行数据传输。

    Network context triggers for activating virtualized computer applications
    9.
    发明申请
    Network context triggers for activating virtualized computer applications 有权
    激活虚拟化计算机应用程序的网络上下文触发器

    公开(公告)号:US20080244747A1

    公开(公告)日:2008-10-02

    申请号:US11731728

    申请日:2007-03-30

    IPC分类号: G06F11/00

    摘要: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

    摘要翻译: 一种计算机系统,包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档,其中所述漏洞简档中的每一个包括应用程序标识符,操作系统标识符,描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行,以检测与所述漏洞相关联的异常,以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介,并采取补救措施。

    Offload stack for network, block and file input and output
    10.
    发明申请
    Offload stack for network, block and file input and output 有权
    卸载堆栈用于网络,块和文件的输入和输出

    公开(公告)号:US20070011272A1

    公开(公告)日:2007-01-11

    申请号:US11472678

    申请日:2006-06-21

    IPC分类号: G06F15/16

    摘要: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

    摘要翻译: 用于从操作系统卸载网络,块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令,当被执行时,在内部网络,块和文件系统接口处接收来自操作系统之一的数据传输请求,并允许数据在内部接口和多个外部接口之间传输, 操作系统执行数据传输并代表操作系统执行数据传输。