公开(公告)号：US20200242034A1

公开(公告)日：2020-07-30

申请号：US16256726

申请日：2019-01-24

Applicant: VMware, Inc.

Inventor： Wenguang WANG ,  Christoph KLEE ,  Adrian DRZEWIECKI ,  Christos KARAMANOLIS ,  Richard P. SPILLANE ,  Maxime AUSTRUY

IPC: G06F12/0815 ,  G06F12/1027

Abstract: The present disclosure provides techniques for managing a cache of a computer system using a cache management data structure. The cache management data structure includes a cold queue, a ghost queue, and a hot queue. The techniques herein improve the functioning of the computer because management of the cache management data structure can be performed in parallel with multiple cores or multiple processors, because a sequential scan will only pollute (i.e., add unimportant memory pages) cold queue, and to an extent, ghost queue, but not hot queue, and also because the cache management data structure has lower memory requirements and lower CPU overhead on cache hit than some prior art algorithms.

公开(公告)号：US20200241939A1

公开(公告)日：2020-07-30

申请号：US16256713

申请日：2019-01-24

Applicant: VMware, Inc.

Inventor： Wenguang WANG ,  Christoph KLEE ,  Adrian DRZEWIECKI ,  Christos KARAMANOLIS ,  Richard P. SPILLANE ,  Maxime AUSTRUY

IPC: G06F9/54

Abstract: The disclosure provides an approach for performing an operation by a first process on behalf of a second process, the method comprising: obtaining, by the first process, a memory handle from the second process, wherein the memory handle allows access, by the first process, to at least some of the address space of the second process; dividing the address space of the memory handle into a plurality of sections; receiving, by the first process, a request from the second process to perform an operation; determining, by the first process, a section of the plurality of sections that is to be mapped from the address space of the memory handle to the address space of the first process for the performance of the operation by the first process; mapping the section from the address space of the memory handle to the address space of the first process; and performing the operation by the first process on behalf of the second process.

公开(公告)号：US20230376302A1

公开(公告)日：2023-11-23

申请号：US18358617

申请日：2023-07-25

Applicant: VMware, Inc.

Inventor： Tobias STUMPF ,  Ashish KAILA ,  Adrian DRZEWIECKI ,  Vishnu SEKHAR ,  Stanley ZHANG

IPC: G06F8/656 ,  G06F9/48 ,  G06F9/455 ,  G06F21/60 ,  G06F12/0815

CPC classification number: G06F8/656 ,  G06F9/4856 ,  G06F9/4555 ,  G06F21/604 ,  G06F12/0815 ,  G06F9/45558 ,  G06F2212/1032 ,  G06F2221/2113 ,  G06F2009/45583 ,  G06F9/4401

Abstract: The disclosure provides an approach for a non-disruptive system upgrade. Embodiments include installing an upgraded version of an operating system (OS) on a computing system while a current version of the OS continues to run. Embodiments include entering a maintenance mode on the computing system, including preventing the addition of new applications and modifying the handling of storage operations on the computing system for the duration of the maintenance mode. Embodiments include, during the maintenance mode, configuring the upgraded version of the OS. Embodiments include, after configuring the upgraded version of the OS, suspending a subset of applications running on the computing system, transferring control over resources of the computing system to the upgraded version of the OS, and resuming the subset of the applications running on the computing system. Embodiments include exiting the maintenance mode on the computing system.

公开(公告)号：US20220222098A1

公开(公告)日：2022-07-14

申请号：US17148428

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek SRIVASTAVA ,  David A. DUNN ,  Jesse POOL ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  G06F9/50

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes storing, in a trust authority, a pre-defined attestation report for a workload executing in a virtual machine (VM) managed by the virtualization layer, the pre-defined attestation report including a hash of at least a portion of an image of the VM; receiving, at the trust authority from a security module of a host in which the VM executes, an attestation report generated by measuring memory of the VM; comparing the attestation report with the pre-defined attestation report; and generating an indication of validity for the workload based on a result of the comparison.

公开(公告)号：US20210311792A1

公开(公告)日：2021-10-07

申请号：US16838613

申请日：2020-04-02

Applicant: VMware, Inc.

Inventor： Jared Sean ROSOFF ,  Mark Russell JOHNSON ,  Adrian DRZEWIECKI

IPC: G06F9/50 ,  G06F9/54 ,  G06F9/455

Abstract: An example method of managing an application in a virtualized computing system that includes a cluster of hosts managed by a virtualization management server, the hosts including a virtualization layer executing on hardware platforms is described. The method includes: receiving a specification for a namespace at the virtualization management server, the specification defining resource constraints and authorization constraints for the namespace; preparing an environment within the virtualized computing system for the namespace in response to the specification, the environment including: a resource pool implementing at least a portion of the resource constraints as reservations and limits of resources in the virtualized computing system; and a user access policy implementing the authorization constraints within the virtualized computing system for the namespace; and managing, by the virtualization management server as a single unit, workloads of the application, the workloads deployed on the virtualization layer within the resource pool consistent with the user access policy.

公开(公告)号：US20210232418A1

公开(公告)日：2021-07-29

申请号：US16751505

申请日：2020-01-24

Applicant: VMware, Inc.

Inventor： Benjamin J. CORRIE ,  Mark Russell JOHNSON ,  Adrian DRZEWIECKI

IPC: G06F9/455 ,  G06F8/61

Abstract: Container images are managed in a clustered container host system with a shared storage device. Hosts of the system include a virtualization software layer that supports execution of virtual machines (VMs) in the hosts, and one or more VMs have implemented therein a container engine that supports execution of containers within the respective VMs. Deploying a container in a first VM includes creating a virtual disk in the storage device, storing a container image in the virtual disk, mounting the virtual disk to the first VM, and updating a metadata cache to associate the container image to the virtual disk. Deploying the container in a second VM executed in a host different from a host in which the first VM is executed, includes checking the metadata cache to determine that the container image is stored in the virtual disk, and mounting the virtual disk to the second VM.

公开(公告)号：US20210232419A1

公开(公告)日：2021-07-29

申请号：US16751544

申请日：2020-01-24

Applicant: VMware, Inc.

Inventor： Daniel MUELLER ,  Adrian DRZEWIECKI

IPC: G06F9/455

Abstract: Memory shortage is detected in a clustered container host system so that workloads can be shut down gracefully. A method of managing memory in a virtual machine (VM) in which containers are executed, includes the steps of: monitoring a dummy process that runs in the VM concurrently with the containers, the dummy process being configured to be terminated by an operating system of the VM under a low memory condition before any other processes running in the VM; upon detecting that the dummy process has been terminated, selecting one of the containers to be terminated; and terminating processes of the selected container.

公开(公告)号：US20200026858A1

公开(公告)日：2020-01-23

申请号：US16042373

申请日：2018-07-23

Applicant: VMware, Inc.

Inventor： Samyuktha SUBRAMANIAN ,  Daniel MULLER ,  Mukund GUNTI ,  Adrian DRZEWIECKI

IPC: G06F21/57 ,  G06F21/64 ,  G06F21/51 ,  H04L9/32 ,  G06F9/455

Abstract: An example method of authenticating software executing in a computer system includes verifying first software executing on the computer system, the software including a hypervisor, verifying second software executing in a virtual machine (VM) managed by the hypervisor, generating a binding key having public and private portions, signing an object to identifies the VM using the private portion of the binding key, and verifying a signature of the object using a public portion of the binding key.

公开(公告)号：US20200026544A1

公开(公告)日：2020-01-23

申请号：US16585701

申请日：2019-09-27

Applicant: VMware, Inc.

Inventor： Xavier DEGUILLARD ,  Mukund GUNTI ,  Adrian DRZEWIECKI ,  Rajesh VENKATASUBRAMANIAN

IPC: G06F9/455 ,  G06F3/06 ,  G06F8/656 ,  G06F9/4401

Abstract: A hypervisor exchange, e.g., an upgrade, can include consolidating resident virtual machines into a single host virtual machine, exchanging an old hypervisor with a new (upgraded) hypervisor, and disassociating the virtual resident virtual machines by migrating them to the new hypervisor. The consolidating can involve migrating the resident virtual machines from the old hypervisor to a guest hypervisor on the host virtual machine. The exchange can involve: 1) suspending the host virtual machine before the exchange; and 2) resuming the host virtual machine after the exchange; or migrating the host virtual machine from a partition including the old hypervisor to a partition hosting the new hypervisor. Either way, an exchange (upgrade) is achieve without requiring a bandwidth consuming migration over a network to a standby machine.

公开(公告)号：US20190286558A1

公开(公告)日：2019-09-19

申请号：US16420549

申请日：2019-05-23

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Harvey TUCH ,  Andrei WARKENTIN ,  Adrian DRZEWIECKI

IPC: G06F12/02 ,  G06F12/06 ,  G06F12/04 ,  G06F9/455

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.