System and method for secure migration of virtual machines between host servers

US 10,489,594 B2
Filed: 07/19/2017
Issued: 11/26/2019
Est. Priority Date: 07/19/2017
Status: Active Grant

First Claim

Patent Images

1. A server set comprising:

a first server including a first central processing unit (CPU) and a first baseboard management controller (BMC), wherein the first CPU hosts a source virtual machine (VM); and

a second server including a second CPU and a second BMC, wherein the second CPU hosts a target VM, wherein the first server and the second server are connected by a first connection and the first BMC and the second BMC are connected by a second connection distinct from the first connection, and wherein;

the source VM is migrated from the first server to the second server over the first connection, andin response to migrating the source VM, security data corresponding to the source VM is communicated from the first BMC to the second BMC over the second connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A pair of servers may include a source server hosting a source virtual machine (VM) and a target server hosting a target VM. The source server may include a source central processing unit (CPU) and a source baseboard management controller (BMC), and the target server may include a target CPU and a target BMC. The source server and the target server are connected by an inband connection, and the source BMC and the target BMC are connected by a connection distinct from the inband connection. The source VM may be migrated to the target server over the inband connection, and in response to migrating the source VM, security data corresponding to the source VM is communicated from the source BMC to the target BMC over the connection between the BMCs.

29 Citations

20 Claims

1. A server set comprising:
- a first server including a first central processing unit (CPU) and a first baseboard management controller (BMC), wherein the first CPU hosts a source virtual machine (VM); and
  
  a second server including a second CPU and a second BMC, wherein the second CPU hosts a target VM, wherein the first server and the second server are connected by a first connection and the first BMC and the second BMC are connected by a second connection distinct from the first connection, and wherein;
  
  the source VM is migrated from the first server to the second server over the first connection, andin response to migrating the source VM, security data corresponding to the source VM is communicated from the first BMC to the second BMC over the second connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The server set of claim 1, wherein the first connection is an inband connection and the second connection is an out of band connection.
  - 3. The server set of claim 1, wherein the security data comprises an SBK corresponding to source VM and the SBK is to be used to securely boot the target VM.
  - 4. The server set of claim 1, wherein the security data is maintained at a first BIOS hosted by the first CPU.
  - 5. The server set of claim 4, wherein the first BMC and the first CPU are communicatively connected internal to the server by an internal server connection.
  - 6. The server set of claim 5, wherein in response to migrating the source VM, the security data is transferred from the first BIOS to the first BMC over the internal server connection.
  - 7. The server set of claim 6, wherein the internal server connection includes an SMA path.
  - 8. The server set of claim 1, wherein the second BMC and the second CPU are communicatively connected internal to the server by an internal server connection providing a communication channel between the second BMC and the second CPU.
  - 9. The server set of claim 8, wherein in response to migrating the source VM, the security data is obtained from the second BMC at the second CPU over the communication channel.
  - 10. The server set of claim 9, wherein migrating the source VM triggers execution of virtual runtime services at the second CPU and the virtual runtime services access a system configuration table of the second server to dynamically map a path to the second BMC to obtain the security data.

11. A source server comprising:
- a source central processing unit (CPU), wherein the source CPU hosts a source virtual machine (VM);
  
  a source baseboard management controller (BMC), wherein the source CPU and the source BMC are communicatively connected internal to the server by an internal server connection providing a communication channel between the source BMC and the source CPU, and wherein;
  
  in response to identifying a target VM on a target server, the source VM is migrated to the target VM over an inband connection connecting the source server to the target server, andin response to migrating the source VM, security data corresponding to the source VM is transferred from a BIOS hosted by the source CPU to the source BMC over the internal server connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM.
- View Dependent Claims (12, 13, 14)
- - 12. The source server of claim 11, wherein the security data includes an SBK for securely booting the target VM.
  - 13. The source server of claim 11, wherein the source BMC communicates the security data to a target BMC of the target server over a BMC connection distinct from the inband connection.
  - 14. The source server of claim 13, wherein the BMC connection is a sideband connection out of band with the inband connection.

15. A method comprising:
- identifying a target virtual machine (VM) hosted by a target central processing unit (CPU) of a target server, the target server including a target baseboard management controller (BMC);
  
  migrating a source VM hosted by a source CPU of a source server over a first connection between the source server and the target server to the target server, the source server including a source BMC; and
  
  in response to migrating the source VM, communicating security data corresponding to the source VM from the source BMC to the target BMC over a second connection connecting source BMC with target BMC and distinct from the first connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the security data includes a SBK corresponding to the source VM to be used to securely boot the target VM at the target server.
  - 17. The method of claim 15, wherein the first connection is an inband connection and the second connection is a sideband connection out of band to the inband connection.
  - 18. The method of claim 15, wherein the source CPU is connected to the source BMC by an internal server connection internal to the source server and the security data is communicated from a BIOS hosted by the source CPU to the source BMC over the internal server connection.
  - 19. The method of claim 15, wherein the target BMC and the target CPU are communicatively connected internal to the server by an internal server connection.
  - 20. The method of claim 19, wherein migrating the source VM triggers execution of virtual runtime services at the target CPU and the virtual runtime services access a system configuration table of the target server to dynamically map a path to the target BMC over the internal server connection to obtain the security data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Suryanarayana, Shekar Babu, Khemani, Lucky Pratap, Vidyadhara, Sumanth, Puthillathe, Chandrasekhar
Primary Examiner(s)
Moorthy, Aravind K

Application Number

US15/654,424
Publication Number

US 20190026467A1
Time in Patent Office

860 Days
Field of Search

726 26, 726 30, 713165, 713168, 713192, 713193
US Class Current
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/5088   involving task migration

System and method for secure migration of virtual machines between host servers

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure migration of virtual machines between host servers

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links