Mechanism to transition control between components in a virtual machine environment
First Claim
Patent Images
1. A method comprising:
- a privileged system layer in a virtualization enabled platform enabling a communication portal for executing a service requested by a first component, between the first and a second component of the platform, wherein the first component executes in a first virtual machine on the platform and the second component executes in a second virtual machine on the platform;
performing validation by the privileged system layer that the second component is authorized to execute at least one service on behalf of the first component; and
validating by the privileged system layer that the second component is authorized to execute the requested service.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention efficiently manages, sets up, controls and performs communication between isolated components using portals. In a platform having virtualization architecture, a component in a first virtual machine requests a service to be performed by a component in a second virtual machine. A privileged system layer validates the ability to create a communication portal between the two components. The validation is a two-level validation to ensure that a portal is permitted between the two components and that the requested activity is also permitted. Other embodiments are described and claimed.
35 Citations
19 Claims
-
1. A method comprising:
-
a privileged system layer in a virtualization enabled platform enabling a communication portal for executing a service requested by a first component, between the first and a second component of the platform, wherein the first component executes in a first virtual machine on the platform and the second component executes in a second virtual machine on the platform;
performing validation by the privileged system layer that the second component is authorized to execute at least one service on behalf of the first component; and
validating by the privileged system layer that the second component is authorized to execute the requested service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a virtualization enabled platform having a privileged component, the platform to run a plurality of non-privileged components, each of the plurality of components to run in a virtual machine (VM) on the platform;
a plurality of data structures stored in memory, each data structure accessible to the privileged component and to a corresponding non-privileged component to describe authorized communication portals for the corresponding non-privileged component; and
a name translation table stored in memory, the name translation table accessible to the privileged component and inaccessible to the non-privileged components, wherein the privileged component is to perform a 2-level validation of a requested communication portal between a first component and a second component. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A machine readable medium having instructions that when executed by a privileged system layer in a virtualization enabled platform cause the platform to:
-
enable a communication portal for executing a service requested by a first component, between the first and a second component of the platform, wherein the first component executes in a first virtual machine on the platform and the second component executes in a second virtual machine on the platform;
perform validation by the privileged system layer that the second component is authorized to execute at least one service on behalf of the first component; and
validate by the privileged system layer that the second component is authorized to execute the requested service. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification