公开(公告)号：US09331906B1

公开(公告)日：2016-05-03

申请号：US14551057

申请日：2014-11-23

Applicant: Netronome Systems, Inc.

Inventor： Jason Scott McMullan ,  Trevor William Patrie ,  Peter Liudmilov Djalaliev ,  Roelof Nico Du Toit

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/08 ,  G06F9/455 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC classification number: H04L41/0806 ,  G06F9/455 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L12/6418 ,  H04L63/0807 ,  H04L67/025

Abstract: A device has physical network interface port through which a user can monitor and configure the device. A backend process and a virtual machine (VM) execute on a host operating system (OS). A front end user interface process executes on the VM, and is therefore compartmentalized in the VM. There is no front end user interface executing on the host OS outside the VM. The only management access channel into the device is via a first communication path through the physical network interface port, to the VM, up the VM's stack, and to the front end process. If the backend process is to be instructed to take an action, then the front end process forwards an application layer instruction to the backend process via a second communication path. The instruction passes down the VM stack, across a virtual secure network link, up the host stack, and to the backend process.

Abstract translation: 设备具有物理网络接口端口，用户可以通过该端口监视和配置设备。 后台进程和虚拟机（VM）在主机操作系统（OS）上执行。 前端用户界面进程在VM上执行，因此在VM中进行分区。 在VM外部的主机操作系统上没有执行前端用户界面。 设备中唯一的管理访问通道是通过物理网络接口端口，VM，VM堆栈以及前端进程的第一通信路径。 如果要指示后端进程采取行动，则前端进程通过第二通信路径将应用层指令转发到后端进程。 该指令通过虚拟机堆栈，跨虚拟安全网络链接，主机堆栈以及后端进程传递。