Network isolation in virtual desktop infrastructure

US 10,459,743 B2
Filed: 11/09/2017
Issued: 10/29/2019
Est. Priority Date: 11/09/2017
Status: Active Grant

First Claim

Patent Images

1. A method for isolating a connection between a client machine and a remote desktop application, the method comprising:

providing the connection between the client machine and the remote desktop application to exchange remote desktop protocol data by using a first virtual network interface card (VNIC) on a virtual machine (VM),wherein the VM is configured to execute the remote desktop application and one or more other applications, the remote desktop application providing a virtual desktop to the client machine, andwherein the first VNIC is exclusively accessible by the remote desktop application and inaccessible to the one or more other applications; and

providing another connection between a remote server and one of the one or more other applications using a second VNIC on the VM, in response to the remote desktop application receiving an indication from the virtual desktop to execute the one application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods and apparatus for isolating a connection between a client machine and a remote desktop application running on a virtual machine (VM), the remote desktop application providing a virtual desktop to the client machine. The VM is configured to execute the remote desktop application and one or more other applications. The connection between the client machine and the remote desktop application, for exchanging remote desktop protocol data, is provided by using a first virtual network interface card (VNIC) on the VM, where the first VNIC is exclusively accessible by the remote desktop application and inaccessible to the one or more other applications. Another connection between a remote server and one of the one or more other applications is provided using a second VNIC on the VM, in response to the remote desktop application receiving an indication from the virtual desktop to execute the one application.

2 Citations

20 Claims

1. A method for isolating a connection between a client machine and a remote desktop application, the method comprising:
- providing the connection between the client machine and the remote desktop application to exchange remote desktop protocol data by using a first virtual network interface card (VNIC) on a virtual machine (VM),wherein the VM is configured to execute the remote desktop application and one or more other applications, the remote desktop application providing a virtual desktop to the client machine, andwherein the first VNIC is exclusively accessible by the remote desktop application and inaccessible to the one or more other applications; and
  
  providing another connection between a remote server and one of the one or more other applications using a second VNIC on the VM, in response to the remote desktop application receiving an indication from the virtual desktop to execute the one application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first VNIC operates in a kernel space of a guest operating system of the VM.
  - 3. The method of claim 2, wherein the first VNIC is associated with a first network protocol stack in a user space of the guest operating system making the first VNIC being inaccessible to the one or more other applications.
  - 4. The method of claim 3, wherein the first network protocol stack is inaccessible to the one or more other applications.
  - 5. The method of claim 1, wherein the second VNIC operates in a kernel space of a guest operating system of the VM.
  - 6. The method of claim 5, wherein the second VNIC is associated with a second network protocol stack operating in the kernel space of the guest operating system.
  - 7. The method of claim 1, wherein the connection between the client machine and the remote desktop application is brokered by a connection broker.

8. A non-transitory computer readable medium comprising instructions to be executed in a computer system, wherein the instructions when executed in the computer system perform a method for isolating a connection between a client machine and a remote desktop application, the method comprising:
- providing the connection between the client machine and the remote desktop application to exchange remote desktop protocol data by using a first virtual network interface card (VNIC) on a virtual machine (VM),wherein the VM is configured to execute the remote desktop application and one or more other applications, the remote desktop application providing a virtual desktop to the client machine, and wherein the first VNIC is exclusively accessible by the remote desktop application and inaccessible to the one or more other applications; and
  
  providing another connection between a remote server and one of the one or more other applications using a second VNIC on the VM, in response to the remote desktop application receiving an indication from the virtual desktop to execute the one application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, wherein the first VNIC operates in a kernel space of a guest operating system of the VM.
  - 10. The non-transitory computer readable medium of claim 9, wherein the first VNIC is associated with a first network protocol stack in a user space of the guest operating system making the first VNIC being inaccessible to the one or more other applications.
  - 11. The non-transitory computer readable medium of claim 10, wherein the first network protocol stack is inaccessible to the one or more other applications.
  - 12. The non-transitory computer readable medium of claim 8, wherein the second VNIC operates in a kernel space of a guest operating system of the VM.
  - 13. The non-transitory computer readable medium of claim 12, wherein the second VNIC is associated with a second network protocol stack operating in the kernel space of the guest operating system.
  - 14. The non-transitory computer readable medium of claim 8, wherein the connection between the client machine and the remote desktop application is brokered by a connection broker.

15. A computer system comprising:
- a processor; and
  
  a memory comprising system software for the computer system that when executed by the processor perform a method for isolating a connection between a client machine and a remote desktop application, the method comprising;
  
  providing the connection between the client machine and the remote desktop application to exchange remote desktop protocol data by using a first virtual network interface card (VNIC) on a virtual machine (VM),wherein the VM is configured to execute the remote desktop application and one or more other applications, the remote desktop application providing a virtual desktop to the client machine, and wherein the first VNIC is exclusively accessible by the remote desktop application and inaccessible to the one or more other applications; and
  
  providing another connection between a remote server and one of the one or more other applications using a second VNIC on the VM, in response to the remote desktop application receiving an indication from the virtual desktop to execute the one application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein the first VNIC operates in a kernel space of a guest operating system of the VM.
  - 17. The computer system of claim 16, wherein the first VNIC is associated with a first network protocol stack in a user space of the guest operating system making the first VNIC being inaccessible to the one or more other applications.
  - 18. The computer system of claim 17, wherein the first network protocol stack is inaccessible to the one or more other applications.
  - 19. The computer system of claim 15, wherein the second VNIC operates in a kernel space of a guest operating system of the VM.
  - 20. The computer system of claim 19, wherein the second VNIC is associated with a second network protocol stack operating in the kernel space of the guest operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Hu, Jinxing, Liu, Lu, Wei, Yuping, Li, Lina
Primary Examiner(s)
Lee, Adam

Application Number

US15/807,951
Publication Number

US 20190138324A1
Time in Patent Office

719 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 9/452   Remote windowing, e.g. X-Wi...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/468   Specific access rights for ...

G06F 9/54   Interprogram communication

G06F 9/547   Remote procedure calls [RPC...

Network isolation in virtual desktop infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

2 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network isolation in virtual desktop infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links