公开(公告)号：US08924967B2

公开(公告)日：2014-12-30

申请号：US13096188

申请日：2011-04-28

申请人： Michael Nelson ,  Keith Farkas ,  Elisha Ziskind ,  Sridhar Rajagopal ,  Guoqiang Shu ,  Ron Passerini ,  Joanne Ren

发明人： Michael Nelson ,  Keith Farkas ,  Elisha Ziskind ,  Sridhar Rajagopal ,  Guoqiang Shu ,  Ron Passerini ,  Joanne Ren

IPC分类号： G06F15/173 ,  G06F9/455 ,  G06F9/46 ,  G06F11/00 ,  G06F9/54

CPC分类号： G06F11/1438 ,  G06F9/45533 ,  G06F9/542 ,  G06F11/0757

摘要： Embodiments maintain high availability of software application instances in a fault domain. Subordinate hosts are monitored by a master host. The subordinate hosts publish heartbeats via a network and datastores. Based at least in part on the published heartbeats, the master host determines the status of each subordinate host, distinguishing between subordinate hosts that are entirely inoperative and subordinate hosts that are operative but partitioned (e.g., unreachable via the network). The master host may restart software application instances, such as virtual machines, that are executed by inoperative subordinate hosts or that cease executing on partitioned subordinate hosts.

摘要翻译： 实施例在故障域中保持软件应用程序实例的高可用性。 主机由主机监控。 下级主机通过网络和数据存储发布心跳。 至少部分地基于所发布的心跳，主主机确定每个从属主机的状态，区分完全不起作用的下级主机和可操作但被分区的下级主机（例如，经由网络不可达）。 主主机可以重新启动由不能操作的下属主机执行的软件应用程序实例，例如虚拟机，或者停止在分区的下级主机上执行。

公开(公告)号：US20120278801A1

公开(公告)日：2012-11-01

申请号：US13096188

申请日：2011-04-28

申请人： Michael NELSON ,  Keith Farkas ,  Elisha Ziskind ,  Sridhar Rajagopal ,  Guoqiang Shu ,  Ron Passerini ,  Joanne Ren

发明人： Michael NELSON ,  Keith Farkas ,  Elisha Ziskind ,  Sridhar Rajagopal ,  Guoqiang Shu ,  Ron Passerini ,  Joanne Ren

IPC分类号： G06F9/455

CPC分类号： G06F11/1438 ,  G06F9/45533 ,  G06F9/542 ,  G06F11/0757

摘要： Embodiments maintain high availability of software application instances in a fault domain. Subordinate hosts are monitored by a master host. The subordinate hosts publish heartbeats via a network and datastores. Based at least in part on the published heartbeats, the master host determines the status of each subordinate host, distinguishing between subordinate hosts that are entirely inoperative and subordinate hosts that are operative but partitioned (e.g., unreachable via the network). The master host may restart software application instances, such as virtual machines, that are executed by inoperative subordinate hosts or that cease executing on partitioned subordinate hosts.

摘要翻译： 实施例在故障域中保持软件应用程序实例的高可用性。 主机由主机监控。 下级主机通过网络和数据存储发布心跳。 至少部分地基于所发布的心跳，主主机确定每个从属主机的状态，区分完全不起作用的从属主机和可操作但被分区的下级主机（例如，经由网络不可达）。 主主机可以重新启动由不能操作的下属主机执行的软件应用程序实例，例如虚拟机，或者停止在分区的下级主机上执行。

公开(公告)号：US08984508B2

公开(公告)日：2015-03-17

申请号：US13151862

申请日：2011-06-02

申请人： Guoqiang Shu ,  Keith Farkas ,  Eddie Ma ,  Michael Nelson ,  Elisha Ziskind ,  Sridhar Rajagopal ,  Minwen Ji

发明人： Guoqiang Shu ,  Keith Farkas ,  Eddie Ma ,  Michael Nelson ,  Elisha Ziskind ,  Sridhar Rajagopal ,  Minwen Ji

IPC分类号： G06F9/455 ,  G06F9/46 ,  G06F9/48 ,  G06F9/50

CPC分类号： G06F9/4818 ,  G06F9/45558 ,  G06F9/5077 ,  G06F2009/45575

摘要： A method for restarting a virtual machine in a virtual computing system having a plurality of hosts and a resource scheduler for the plurality of hosts includes writing a placement request for the virtual machine to a shared channel that is accessible by the resource scheduler. The method further includes reading a placement result from the shared channel, wherein the placement result is generated by the resource scheduler responsive to the placement request; and restarting the virtual machine in accordance with the placement result.

摘要翻译： 一种用于在具有多个主机和多个主机的资源调度器的虚拟计算系统中重新启动虚拟机的方法包括将虚拟机的放置请求写入由资源调度器可访问的共享信道。 所述方法还包括从所述共享信道读取布置结果，其中所述布局结果由所述资源调度器响应于所述放置请求而生成; 并根据放置结果重新启动虚拟机。

公开(公告)号：US08549364B2

公开(公告)日：2013-10-01

申请号：US12388334

申请日：2009-02-18

申请人： Elisha Ziskind ,  Marc Sevigny ,  Sridhar Rajagopal ,  Rostislav Vavrick ,  Ronald Passerini

发明人： Elisha Ziskind ,  Marc Sevigny ,  Sridhar Rajagopal ,  Rostislav Vavrick ,  Ronald Passerini

IPC分类号： G06F11/00

CPC分类号： G06F11/0709 ,  G06F11/0757

摘要： In one or more embodiments of the invention, communication among host agents providing high availability in a computer cluster is implemented by reading and writing to files on a shared data store. Each host agent holds a lock on a file on the shared data store corresponding to a liveness indicator for the host agent and a coordinator host agent periodically monitors the liveness indicators for host failures.

摘要翻译： 在本发明的一个或多个实施例中，通过读取和写入共享数据存储器上的文件来实现在计算机集群中提供高可用性的主机代理之间的通信。 每个主机代理对共享数据存储器上的文件进行锁定，对应于用于主机代理的活动指示符，并且协调器主机代理周期性地监视主机故障的活动指示器。

公开(公告)号：US08635493B2

公开(公告)日：2014-01-21

申请号：US13109300

申请日：2011-05-17

申请人： Elisha Ziskind ,  Guoqiang Shu

发明人： Elisha Ziskind ,  Guoqiang Shu

IPC分类号： G06F11/00

CPC分类号： H04L41/0659 ,  G06F9/455 ,  G06F11/1484 ,  G06F11/2023

摘要： In one embodiment, a method attempts, by a computing device, to determine a placement of a set of virtual machines on available hosts upon failure of a host. The placement considers the set of virtual machines as being not powered on any of the available hosts. The method further determines, by the computing device, a placed list of virtual machines in the set of virtual machines as a recommendation to power on to the available hosts. The determination of the placed list of virtual machines is used to determine a power off list of virtual machines in the set of virtual machines to power off, wherein virtual machines in the power off list of virtual machines are currently powered on available hosts but were considered to be powered off to determine the placement.

摘要翻译： 在一个实施例中，方法通过计算设备尝试在主机故障时确定一组虚拟机在可用主机上的放置。 该展示位置会将该组虚拟机视为未启动任何可用主机。 该方法还通过计算设备确定虚拟机组中的放置的虚拟机列表，作为对可用主机加电的建议。 确定放置的虚拟机列表用于确定虚拟机集合中的虚拟机的电源关闭列表以关闭，其中虚拟机的电源关闭列表中的虚拟机当前已通过可用主机供电，但被认为是 关闭电源以确定放置位置。

公开(公告)号：US08510590B2

公开(公告)日：2013-08-13

申请号：US12726119

申请日：2010-03-17

申请人： Minwen Ji ,  Elisha Ziskind ,  Anne Marie Holler

发明人： Minwen Ji ,  Elisha Ziskind ,  Anne Marie Holler

IPC分类号： G06F11/00

CPC分类号： G06F11/1448 ,  G06F9/45533 ,  G06F9/45558 ,  G06F11/1438 ,  G06F11/1484 ,  G06F11/203 ,  G06F2009/45579

摘要： Methods and systems for cluster resource management in virtualized computing environments are described. VM spares are used to reserve (or help discover or otherwise obtain) a set of computing resources for a VM. While VM spares may be used for a variety of scenarios, particular uses of VM spares include using spares to ensure resource availability for requests to power on VMs as well as for discovering, obtaining, and defragmenting the resources and VMs on a cluster, e.g., in response to requests to reserve resources for a VM or to respond to a notification of a failure for a given VM.

摘要翻译： 描述了虚拟化计算环境中集群资源管理的方法和系统。 VM备件用于为VM预留（或帮助发现或以其他方式获取）一组计算资源。 虽然VM备件可用于各种场景，但VM备件的特定用途包括使用备件来确保为VM启动的请求的资源可用性，以及发现，获取和碎片整理群集上的资源和VM，例如， 响应于为VM预留资源的请求或响应给定VM的故障通知。

公开(公告)号：US07016980B1

公开(公告)日：2006-03-21

申请号：US09483876

申请日：2000-01-18

申请人： Alain Mayer ,  Avishai Wool ,  Elisha Ziskind

发明人： Alain Mayer ,  Avishai Wool ,  Elisha Ziskind

IPC分类号： G06F15/16

CPC分类号： H04L41/145 ,  H04L41/0853 ,  H04L41/12 ,  H04L63/0263 ,  H04L63/1433 ,  H04L63/20

摘要： A method and apparatus are disclosed for analyzing the operation of one or more network gateways, such as firewalls or routers, that perform a packet filtering function in a network environment. Given a user query, the disclosed firewall analysis tool simulates the behavior of the various firewalls, taking into account the topology of the network environment, and determines which portions of the services or machines specified in the original query would manage to reach from the source to the destination. The relevant packet-filtering configuration files are collected and an internal representation of the implied security policy is derived. A graph data structure is used to represent the network topology. A gateway-zone graph permits the firewall analysis tool to determine where given packets will travel in the network, and which gateways will be encountered along those paths. In this manner, the firewall analysis tool can evaluate a query object against each rule-base object, for each gateway node in the gateway-zone graph that is encountered along each path between the source and destination. A graphical user interface is provided for receiving queries, such as whether one or more given services are permitted between one or more given machines, and providing results. A spoofing attack can be simulated by allowing the user to specify where packets are to be injected into the network, which may not be the true location of the source host-group.

摘要翻译： 公开了一种用于分析在网络环境中执行分组过滤功能的一个或多个网络网关（例如防火墙或路由器）的操作的方法和装置。 给定用户查询，所公开的防火墙分析工具模拟各种防火墙的行为，考虑到网络环境的拓扑，并确定原始查询中指定的服务或计算机的哪些部分将从源头到达 目的地。 收集相关的包过滤配置文件，并导出隐含的安全策略的内部表示。 图形数据结构用于表示网络拓扑。 网关区域图允许防火墙分析工具确定给定数据包在网络中传播的位置，以及沿着这些路径将遇到哪些网关。 以这种方式，防火墙分析工具可以根据源和目标之间的每个路径遇到的网关区域图中的每个网关节点，针对每个规则库对象评估查询对象。 提供用于接收查询的图形用户界面，诸如在一个或多个给定机器之间是允许一个或多个给定服务，还是提供结果。 可以通过允许用户指定要在网络中注入数据包的位置来模拟欺骗攻击，这可能不是源主机组的真实位置。