Patent application number | Description | Published |
20130024680 | ATOMIC SWITCHING OF IMAGES IN DESKTOP STREAMING OVER WIDE AREA NETWORKS - A method for replacing a current desktop image having a current operating system on storage media for a computing device is described. In the method, an agent process is executed on the computing device for downloading from a server to a staging area on local storage media a replacement desktop disk image having a replacement operating system. The replacement desktop image includes a prefetch set of files and metadata for additional files, the prefetch set of files including a minimal set of files necessary to boot the replacement operating system, the replacement desktop image not including contents of the additional files. The computing device is rebooted to replace the current desktop image with the replacement desktop image. The computing device is then rebooted again to load the replacement operating system using the prefetch set of files. | 01-24-2013 |
20130024862 | On-Line Replacement and Changing of Virtualization Software - In a virtualized system running one or more virtual machines on a first hypervisor, a second hypervisor is installed and control of the hardware resources of the physical computer supporting the virtualized system is migrated from the first hypervisor to the second hypervisor without interrupting the operation of the first hypervisor and the virtual machines. Initially a minimal set of hardware resources is hot-removed from control by the first hypervisor, and the second hypervisor is launched on the minimal set of hardware resources. Both the remaining hardware resources and the virtual machines are then migrated from the first hypervisor to the second hypervisor until all the virtual machines have been migrated over to the second hypervisor, while the virtual machines and the first hypervisor continue running largely unaffected by the migration process. | 01-24-2013 |
20130024940 | OFFLOADING OPERATIONS TO A REPLICATE VIRTUAL MACHINE - A method for detecting malicious code within a first virtual machine comprising creating a snapshot of the first virtual machine and transferring the snapshot to a second machine. A scan operation is run on the snapshot using resources of the second machine. In response to detecting malicious code during the scan operation, action is taken at the first virtual machine to address the detection of the malicious code. Thus, the action in response to detecting the malicious code may include placing the first virtual machine in quarantine. | 01-24-2013 |
20130036418 | In-Place Snapshots of a Virtual Disk Configured with Sparse Extent - A virtualized computer system employs a virtual disk with a space efficient (SE) format to store data for virtual machines running therein. Data within a virtual disk with a SE format is stored in a grain, where multiple grains are included in a storage block. Writes to a grain within shared storage block in a virtual disk with an SE format are serviced by allocating a new grain and storing the write data to the new grain. Metadata associated with the client that transmitted the write request to the virtual disk is then updated to point to the new grain instead of the grain within the shared storage block. | 02-07-2013 |
20130042084 | LOOSE SYNCHRONIZATION OF VIRTUAL DISKS - In order to synchronize copies of a virtual disk, a virtualization layer maintains a first record of file system blocks of a first copy of the virtual disk that are modified during an access session by a virtual machine using the first copy of the virtual disk. The file system blocks correspond to a file system of the virtual disk. During an attempt to synchronize the first copy with a second copy of the virtual disk, (i) a second record of file system blocks that are currently used by the file system is obtained from the guest operating system, and (ii) file system blocks in the first copy of the virtual disk that are present in both the first record and the second record are copied into the second copy of the virtual disk. | 02-14-2013 |
20130046948 | METHOD FOR REPLICATING A LOGICAL DATA STORAGE VOLUME - Replicated data storage units are autonomously identified and assembled into generationally related data storage volumes. A data storage manager, implementing a re-signaturing process executed at defined intervals or manually initiated on a server or client system connected to the storage area network, scans the collection of visible data storage units to identify those related as a data storage volume. Each replicated data storage unit includes metadata that embeds an identification of the replicated data storage unit and volume accessible to the data storage manager. To assemble a set of replicated data storage units into a generational volume, the data storage unit metadata is rewritten to establish a unique data storage volume identity including information to associate the data storage volume in a lineage with the source data storage volume. | 02-21-2013 |
20130067135 | SYSTEM AND METHOD FOR IMPROVING MEMORY LOCALITY OF VIRTUAL MACHINES - A system and related method of operation for migrating the memory of a virtual machine from one NUMA node to another. Once the VM is migrated to a new node, migration of memory pages is performed while giving priority to the most utilized pages, so that access to these pages becomes local as soon as possible. Various heuristics are described to enable different implementations for different situations or scenarios. | 03-14-2013 |
20130067277 | Method and System for Enabling Checkpointing Fault Tolerance Across Remote Virtual Machines - A checkpointing fault tolerance network architecture enables a backup computer system to be remotely located from a primary computer system. An intermediary computer system is situated between the primary computer system and the backup computer system to manage the transmission of checkpoint information to the backup VM in an efficient manner. The intermediary computer system is networked to the primary VM through a first connection and is networked to the backup VM through a second connection. The intermediary computer system identifies updated data corresponding to memory pages that have been less frequently modified by the primary VM and transmits such updated data to the backup VM through the first connection. In such manner, the intermediary computer system holds back updated data corresponding to more frequently modified memory pages, since such memory pages may be more likely to be updated again in the future. | 03-14-2013 |
20130097120 | Policy-Based Checkpointing Fault Tolerance Across Remote Virtual Machines - Embodiments include a checkpointing fault tolerance network architecture enables a first computer system to be remotely located from a second computer system. An intermediary computer system is situated between the first computer system and the second computer system to manage the transmission of checkpoint information from the first computer system to the second computer system in an efficient manner. The intermediary computer system responds to requests from the second computer system for updated data corresponding to memory pages selected by the second computer system, or memory pages identified through application of policy information defined by the second computer system. | 04-18-2013 |
20130097359 | SYSTEM AND METHOD TO ENHANCE MEMORY PROTECTION FOR PROGRAMS IN A VIRTUAL MACHINE ENVIRONMENT - In a computer system supporting execution of virtualization software and at least one instance of virtual system hardware, an interface is provided into the virtualization software to allow a program to directly define the access characteristics of its program data stored in physical memory. The technique includes providing data identifying memory pages and their access characteristics to the virtualization software which then derives the memory access characteristics from the specified data. Optionally, the program may also specify a pre-defined function to be performed upon the occurrence of a fault associated with access to an identified memory page. In this manner, programs operating both internal and external to the virtualization software can protect his memory pages, without intermediation by the operating system software. | 04-18-2013 |
20130117424 | Computer Device and Method of Providing Configuration Files in a Computer Device - A computer device ( | 05-09-2013 |
20130124559 | METHOD AND SYSTEM FOR INSERTING DATA RECORDS INTO FILES - Methods and system for adding a data record to a file comprise maintaining a data structure to track locations of data records within the file, wherein each entry in the data structure is a Bloom filter that corresponds to a different portion of the file that includes a plurality of data records. When an instruction to write data to the file is received, a data record is generated to append to the file, wherein the data record comprises a randomized unique id and the data from the received instruction. A Bloom filter bit pattern is extracted from the randomized unique id and bits in a current Bloom filter entry of the data structure are set, wherein the set bits correspond to the same bit positions as the Bloom filter bit pattern. The data record is thus able to be added to the file. | 05-16-2013 |
20130125122 | SYSTEM AND METHOD FOR USING LOCAL STORAGE TO EMULATE CENTRALIZED STORAGE - Methods and systems for utilizing local storage of host computers to emulate a centralized storage system comprise receiving a write operation from a virtual machine running on a first host computer, wherein the write operation corresponds to a disk image that is locally stored in a first host computer. The disk image and a second disk image is updated in accordance with the write operation, wherein (i) the second disk image is locally stored on a second host computer that is networked to the first host computer, (ii) the second disk image serves as a back-up to the disk image, and (ii) the second host computer is configured to support the running of other virtual machines that access other disks images that (a) are locally stored on the second host computer, and (b) are further backed-up on at least a third host computer. | 05-16-2013 |
20130130651 | PROVISIONING WORK ENVIRONMENTS ON PERSONAL MOBILE DEVICES - A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a hypervisor component and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the hypervisor component is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings. | 05-23-2013 |
20130130652 | CONTROLLING USE OF A BUSINESS ENVIRONMENT ON A MOBILE DEVICE - A business environment on a mobile device can be controlled by an enterprise server by receiving identifying information transmitted from a mobile device, wherein the identifying information identifies a user of the mobile device to the enterprise server. A virtual phone template is transmitted to the mobile device, wherein the virtual phone template (i) corresponds to the identifying information, and (ii) is configured to provide the business environment on the mobile device as a virtual machine running on a hypervisor installed on top of a host operating system of the mobile device. The enterprise server then receives a periodic transmission from the mobile device to indicate that the mobile device remains in periodic communication with the enterprise server. | 05-23-2013 |
20130130653 | USER INTERFACE FOR CONTROLLING USE OF A BUSINESS ENVIRONMENT ON A MOBILE DEVICE - A graphical user interface to provision business environments on mobile devices presents a navigation panel that displays a virtual phone template menu item and a policy setting menu item. Upon selection of the virtual phone template menu item, a template user interface is presented that enables an administrator to customize virtual phone image templates for users to be delivered to mobile devices that are configured to run the virtual phone image templates as virtual machines on the mobile devices in order to provide a business environment. Upon selection of the policy setting menu item, a policy user interface is presented that enables the administrator to set security policies, wherein each of the security policies specifies a time interval within which a mobile device running a virtual machine corresponding to one of the virtual phone image templates should communicate with an enterprise server to comply with the security policy. | 05-23-2013 |
20130132957 | SYSTEM AND METHOD FOR COOPERATIVE VIRTUAL MACHINE MEMORY SCHEDULING - A resource scheduler for managing a distribution of host physical memory (HPM) among a plurality of virtual machines (VMs) monitors usage by each of the VMs of respective guest physical memories (GPM) to determine how much of the HPM should be allocated to each of the VMs. On determining that an amount of HPM allocated to a source VM should be reallocated to a target VM, the scheduler sends allocation parameters to a balloon application executing in the source VM causing it to reserve and write a value to a guest virtual memory (GVM) location in the source VM. The scheduler identifies the HPM location that corresponds to the reserved GVM and allocates it to the target VM by mapping a guest physical memory location of the target VM to the HPM location. | 05-23-2013 |
20130133061 | METHOD AND SYSTEM FOR VPN ISOLATION USING NETWORK NAMESPACES - One embodiment of the present invention provide a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. | 05-23-2013 |
20130138864 | SYSTEM AND METHOD TO REDUCE TRACE FAULTS IN SOFTWARE MMU VIRTUALIZATION - A system for identifying an exiting process and removing traces and shadow page table pages corresponding to the process' page table pages. An accessed minimum virtual address is maintained corresponding to an address space. In one embodiment, whenever a page table entry corresponding to the accessed minimum virtual address changes from present to not present, the process is determined to be exiting and removal of corresponding trace and shadow page table pages is begun. In a second embodiment, consecutive present to not-present PTE transitions are tracked for guest page tables on a per address space basis. When at least two guest page tables each has at least four consecutive present to not-present PTE transitions, a next present to not-present PTE transition event in the address space leads to the corresponding guest page table trace being dropped and the shadow page table page being removed. | 05-30-2013 |
20130145354 | SHARING AND PERSISTING CODE CACHES - Computer code from an application program comprising a plurality of modules that each comprise a separately loadable file is code cached in a shared and persistent caching system. A shared code caching engine receives native code comprising at least a portion of a single module of the application program, and stores runtime data corresponding to the native code in a cache data file in the non-volatile memory. The engine then converts cache data file into a code cache file and enables the code cache file to be pre-loaded as a runtime code cache. These steps are repeated to store a plurality of separate code cache files at different locations in non-volatile memory. | 06-06-2013 |
20130145377 | SYSTEM AND METHOD FOR COOPERATIVE VIRTUAL MACHINE MEMORY SCHEDULING - A resource scheduler for managing a distribution of host physical memory (HPM) among a plurality of virtual machines (VMs) monitors usage by each of the VMs of respective guest physical memories (GPM) to determine how much of the HPM should be allocated to each of the VMs. On determining that an amount of HPM allocated to a source VM should be reallocated to a target VM, the scheduler sends allocation parameters to a balloon application executing in the source VM causing it to reserve and write a value to a guest virtual memory (GVM) location in the source VM. The scheduler identifies the HPM location that corresponds to the reserved GVM and allocates it to the target VM by mapping a guest physical memory location of the target VM to the HPM location. | 06-06-2013 |
20130151824 | BINARY TRANSLATOR WITH PRECISE EXCEPTION SYNCHRONIZATION MECHANISM - A source computer system with one instruction set architecture (ISA) configured to run on a target hardware system that has its own ISA. During execution from binary translation, synchronous exceptions may be either transparent (requiring processing action wholly within the target computer system) or non-transparent (requiring processing that alters a visible state of the source system, and asynchronous exceptions may also be either transparent or non-transparent, in which case an action that alters a visible state of the computer system needs to be applied. The system also includes subsystems, and related methods of operation, for detecting the occurrence of all of these types of exceptions, to handle them, and to do so with precise reentry into the interrupted instruction stream. The binary translation and exception-handling subsystems are included as components of a virtual machine monitor which is installed between the target hardware system and the source system. | 06-13-2013 |
20130159635 | SYSTEM AND METHOD FOR MAINTAINING MEMORY PAGE SHARING IN A VIRTUAL ENVIRONMENT - In a virtualized system using memory page sharing, a method is provided for maintaining sharing when Guest code attempts to write to the shared memory. In one embodiment, virtualization logic uses a pattern matcher to recognize and intercept page zeroing code in the Guest OS. When the page zeroing code is about to run against a page that is already zeroed, i.e., contains all zeros, and is being shared, the memory writes in the page zeroing code have no effect. The virtualization logic skips over the writes, providing an appearance that the Guest OS page zeroing code has run to completion but without performing any of the writes that would have caused a loss of page sharing. The pattern matcher can be part of a binary translator that inspects code before it executes. | 06-20-2013 |
20130159639 | Optimizing for Page Sharing in Virtualized Java Virtual Machines - Methods, systems, and computer programs manage memory of a runtime environment executing on a virtual machine. A runtime environment, such as a Java Virtual Machine, may deterministically arrange immutable data within memory such that a hypervisor may perform page sharing on the immutable data. The runtime environment may page-align the immutable data within memory. The runtime environment may further store the immutable within memory using self-referenced or self-relative pointers. | 06-20-2013 |
20130160011 | HIBERNATE MECHANISM FOR VIRTUALIZED JAVA VIRTUAL MACHINES - Methods, systems, and computer programs manage memory of a runtime environment executing on a virtual machine. A controller acts as an intermediary layer between the runtime environment and outside clients. The runtime environment coordinates with the controller to “hibernate” during idle periods to more efficiently utilize memory, and to quickly “refresh” state upon receiving an access attempt. A hypervisor may perform memory page compression on one or more guest “physical” memory pages utilized by an idle runtime environment. While hibernating, the runtime environment may use a listener thread to monitor for refresh requests and awaken the runtime environment when needed. | 06-20-2013 |
20130167147 | VIRTUAL MACHINE APPLIANCES FOR JAVA APPLICATION SERVERS - Methods, systems, and computer programs for providing an application server appliance utilizing one or more virtual machines are described. The application server appliance may be a virtual machine having a reduced guest operating system, a runtime environment, and a management agent installed therein. An appliance controller automatically determines one or more configurations and/or settings for the runtime environment based on a variety of factors, including the set up of the virtual machine appliance. The appliance controller generates an application package having the determined settings and transmits the package to the application server appliance, wherein the application package is configured to be executed by the runtime environment. | 06-27-2013 |
20130167155 | FILE SYSTEM INDEPENDENT CONTENT AWARE CACHE - A server supporting the implementation of virtual machines includes a local memory used for caching, such as a solid state device drive. During I/O intensive processes, such as a boot storm, a “content aware” cache filter component of the server first accesses a cache structure in a content cache device to determine whether data blocks have been stored in the cache structure prior to requesting the data blocks from a networked disk array via a standard I/O stack of the hypervisor. | 06-27-2013 |
20130167213 | METHOD AND SYSTEM FOR VERIFYING USER INSTRUCTIONS - A method for verifying instructions communicated from a user to a relying entity is described. A trusted entity receives a request from the relying entity to verify instructions received from the user wherein the request includes verification information corresponding to the instructions communicated to the relying entity from the user. The trusted entity sends a request to the user to provide verification information corresponding to the instructions. The trusted entity receives the verification information from the user and compares it to the verification information received from the relying entity. The trusted entity then verifies the instructions based on the comparing. | 06-27-2013 |
20130179655 | METHOD AND SYSTEM FOR OPTIMIZING LIVE MIGRATION OF PERSISTENT DATA OF VIRTUAL MACHINE USING DISK I/O HEURISTICS - Techniques for migrating persistent data between and across data stores are implemented using monitoring methods. The method includes classifying frequently updated blocks of persistent data to distinguish those blocks from less frequently updated blocks of persistent data. The less frequently updated blocks are copied from the source data store to the destination data store, such that persistent data is copied to the destination data store in the absence of the persistent data of the frequently updated blocks. The method further includes identifying a modified set of the less frequently updated blocks that are modified during the copying. The modified set of less frequently updated blocks is copied from the source data store to the destination data store, without copying the frequently updated blocks. It is then determined whether to copy the frequently updated blocks of persistent data from the source data store to the destination data store. | 07-11-2013 |
20130179985 | SECURING USER DATA IN CLOUD COMPUTING ENVIRONMENTS - Systems and methods for obfuscating user data in a remote web-based application are disclosed. According to one method, user inputs to a displayed web page of the remote web-based application are received at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application. The user inputs are transmitted to a management component that is configured to interact with a second web browser that communicates with the web-based application. The management component obfuscates at least a portion of the user-inputted data and forwards the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application. | 07-11-2013 |
20130185509 | COMPUTING MACHINE MIGRATION - Systems and methods for migration between computing machines are disclosed. The source and target machines can be either physical or virtual; the source can also be a machine image. The target machine is connected to a snapshot or image of the source machine file system, and a redo-log file is created on the file system associated with the target machine. The target machine begins operation by reading data directly from the snapshot or image of the source machine file system. Thereafter, all writes are made to the redo-log file, and subsequent reads are made from the redo-log file if it contains data for the requested sector or from the snapshot or image if it does not. The source machine continues to be able to run separately and simultaneously after the target machine begins operation. | 07-18-2013 |
20130185723 | CENTRALIZED MANAGEMENT OF VIRTUAL MACHINES - A method enables a central management service to operate on individual files within virtual disks associated with different virtual machines (VMs) running in one or more host computers that are each networked to a remote storage system. An IO request from a VM is received at a virtualization software layer on a host computer, wherein the IO request relates to a file stored in a virtual disk associated with the VM, and the file is individually stored in the remote storage system in accordance with a file system. The central management service is notified of the received IO request and uses the file system to access the file in the remote storage system to perform a management task on the file, and the IO request is then performed on the file by the virtualization software layer upon a notification of a successful completion of the management task. | 07-18-2013 |
20130198246 | INITIALIZING FILE DATA BLOCKS - A method and system is provided for initializing files such as, for example and without limitation, pre-allocated files or raw device mapping (RDM) files, by delaying initializing file blocks. In accordance with one or more embodiments of the present invention, file blocks are associated with corresponding indicators to track un-initialized blocks. | 08-01-2013 |
20130204927 | VIDEO STREAM MANAGEMENT FOR REMOTE GRAPHICAL USER INTERFACES - Embodiments enable display updates other than a video stream in a graphical user interface (GUI) to be rendered, encoded, and transmitted exclusive of the video stream. A virtual machine generates a GUI that includes an encoded video stream and other display updates. A virtual graphics processing unit (VGPU) stack associated with the VM renders the other display updates of the GUI to a framebuffer. The rendered display updates are encoded and transmitted to a client for display. The encoded video stream, or a modified (e.g., reduced bit rate) version of the encoded video stream, may be transmitted to the client, such that the client can display the encoded video stream within the GUI. For example, the encoded video stream may be selectively transmitted to the client based on the performance capabilities of the client. | 08-08-2013 |
20130205062 | SYSTEM AND METHOD TO PRIORITIZE LARGE MEMORY PAGE ALLOCATION IN VIRTUALIZED SYSTEMS - The prioritization of large memory page mapping is a function of the access bits in the L1 page table. In a first phase of operation, the number of set access bits in each of the L1 page tables is counted periodically and a current count value is calculated therefrom. During the first phase, no pages are mapped large even if identified as such. After the first phase, the current count value is used to prioritize among potential large memory pages to determine which pages to map large. The system continues to calculate the current count value even after the first phase ends. When using hardware assist, the access bits in the nested page tables are used and when using software MMU, the access bits in the shadow page tables are used for large page prioritization. | 08-08-2013 |
20130205106 | MAPPING GUEST PAGES TO DISK BLOCKS TO IMPROVE VIRTUAL MACHINE MANAGEMENT PROCESSES - In a virtualized computer system, guest memory pages are mapped to disk blocks that contain identical contents and the mapping is used to improve management processes performed on virtual machines, such as live migration and snapshots. These processes are performed with less data being transferred because the mapping data of those guest memory pages that have identical content stored on disk are transmitted instead of the their contents. As a result, live migration and snapshots can be carried out more quickly. The mapping of the guest memory pages to disk blocks can also be used to optimize other tasks, such as page swaps and memory error corrections. | 08-08-2013 |
20130205113 | METHOD OF ALLOCATING REFERENCED MEMORY PAGES FROM A FREE LIST - Memory pages that are allocated to a memory consumer and continue to be accessed by the memory consumer are included in a free list, so that they may be immediately allocated to another memory consumer as needed during the course of normal operation without preserving the original contents of the memory page. When a memory page in the free list is accessed to perform a read, a generation number associated with the memory page is compared with a stored copy. If the two match, the read is performed on the memory page. If the two do not match, the read is not performed on the memory page. | 08-08-2013 |