System and method for secure migration of virtual machines between host servers
First Claim
1. A server set comprising:
- a first server including a first central processing unit (CPU) and a first baseboard management controller (BMC), wherein the first CPU hosts a source virtual machine (VM); and
a second server including a second CPU and a second BMC, wherein the second CPU hosts a target VM, wherein the first server and the second server are connected by a first connection and the first BMC and the second BMC are connected by a second connection distinct from the first connection, and wherein;
the source VM is migrated from the first server to the second server over the first connection, andin response to migrating the source VM, security data corresponding to the source VM is communicated from the first BMC to the second BMC over the second connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM.
7 Assignments
0 Petitions
Accused Products
Abstract
A pair of servers may include a source server hosting a source virtual machine (VM) and a target server hosting a target VM. The source server may include a source central processing unit (CPU) and a source baseboard management controller (BMC), and the target server may include a target CPU and a target BMC. The source server and the target server are connected by an inband connection, and the source BMC and the target BMC are connected by a connection distinct from the inband connection. The source VM may be migrated to the target server over the inband connection, and in response to migrating the source VM, security data corresponding to the source VM is communicated from the source BMC to the target BMC over the connection between the BMCs.
29 Citations
20 Claims
-
1. A server set comprising:
-
a first server including a first central processing unit (CPU) and a first baseboard management controller (BMC), wherein the first CPU hosts a source virtual machine (VM); and a second server including a second CPU and a second BMC, wherein the second CPU hosts a target VM, wherein the first server and the second server are connected by a first connection and the first BMC and the second BMC are connected by a second connection distinct from the first connection, and wherein; the source VM is migrated from the first server to the second server over the first connection, and in response to migrating the source VM, security data corresponding to the source VM is communicated from the first BMC to the second BMC over the second connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A source server comprising:
-
a source central processing unit (CPU), wherein the source CPU hosts a source virtual machine (VM); a source baseboard management controller (BMC), wherein the source CPU and the source BMC are communicatively connected internal to the server by an internal server connection providing a communication channel between the source BMC and the source CPU, and wherein; in response to identifying a target VM on a target server, the source VM is migrated to the target VM over an inband connection connecting the source server to the target server, and in response to migrating the source VM, security data corresponding to the source VM is transferred from a BIOS hosted by the source CPU to the source BMC over the internal server connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM. - View Dependent Claims (12, 13, 14)
-
-
15. A method comprising:
-
identifying a target virtual machine (VM) hosted by a target central processing unit (CPU) of a target server, the target server including a target baseboard management controller (BMC); migrating a source VM hosted by a source CPU of a source server over a first connection between the source server and the target server to the target server, the source server including a source BMC; and in response to migrating the source VM, communicating security data corresponding to the source VM from the source BMC to the target BMC over a second connection connecting source BMC with target BMC and distinct from the first connection, wherein the security data includes a time-limited duration that is negotiated between the source BMC and the target VM. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification