公开(公告)号：US11995459B2

公开(公告)日：2024-05-28

申请号：US17002233

申请日：2020-08-25

Applicant: VMware, Inc.

Inventor： Arunachalam Ramanathan ,  Yanlei Zhao ,  Anurekh Saxena ,  Yury Baskakov ,  Jeffrey W. Sheldon ,  Gabriel Tarasuk-Levin ,  David A. Dunn ,  Sreekanth Setty

IPC: G06F9/455 ,  G06F9/50 ,  G06F12/1027

CPC classification number: G06F9/45558 ,  G06F9/5077 ,  G06F12/1027 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2212/152

Abstract: A virtual machine (VM) is migrated from a source host to a destination host in a virtualized computing system, the VM having a plurality of virtual central processing units (CPUs). The method includes copying, by VM migration software executing in the source host and the destination host, memory of the VM from the source host to the destination host by installing, at the source host, write traces spanning all of the memory and then copying the memory from the source host to the destination host over a plurality of iterations; and performing switch-over, by the VM migration software, to quiesce the VM in the source host and resume the VM in the destination host. The VM migration software installs write traces using less than all of the virtual CPUs, and using trace granularity larger than a smallest page granularity.

公开(公告)号：US11709700B2

公开(公告)日：2023-07-25

申请号：US17148445

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David A. Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

公开(公告)号：US20230229480A1

公开(公告)日：2023-07-20

申请号：US17704040

申请日：2022-03-25

Applicant: VMWARE, INC.

Inventor： Andrei Warkentin ,  Karthik Ramachandra ,  Timothy P. Mann ,  Jared McNeill ,  Sunil Kotian ,  Cyprien Laplace ,  David A. Dunn

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45595

Abstract: Disclosed are various examples of provisioning a data processing unit (DPU) management operating system using a capsule. A management hypervisor installer executed on a host device receives a listing DPU device from a baseboard management controller (BMC). A preinstalled DPU management operating system image is identified for a DPU device from the listing, and is wrapped with a capsule that specifies the capsule as a DPU management operating system image capsule. A server component provides the DPU management operating system image capsule at a particular URI, and the URI is transmitted to the BMC.

公开(公告)号：US11893410B2

公开(公告)日：2024-02-06

申请号：US17148428

申请日：2021-01-13

Applicant: VMware, Inc.

Inventor： Abhishek Srivastava ,  David A. Dunn ,  Jesse Pool ,  Adrian Drzewiecki

IPC: G06F9/455 ,  G06F9/50 ,  G06F21/53

CPC classification number: G06F9/45558 ,  G06F9/505 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes storing, in a trust authority, a pre-defined attestation report for a workload executing in a virtual machine (VM) managed by the virtualization layer, the pre-defined attestation report including a hash of at least a portion of an image of the VM; receiving, at the trust authority from a security module of a host in which the VM executes, an attestation report generated by measuring memory of the VM; comparing the attestation report with the pre-defined attestation report; and generating an indication of validity for the workload based on a result of the comparison.