Remote Network Access Via Virtual Machine

US 20070300220A1
Filed: 03/21/2007
Published: 12/27/2007
Est. Priority Date: 06/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a customized virtual machine image to a user on a host computer so as to permit establishment of a virtual machine on the host computer, the method comprising:

providing a virtual machine image for loading onto the host computer, such image having an operating system and as yet not customized to the user; and

providing previously generated customized configuration data from a source outside of the image for use by the operating system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual machine project manager creates a generic, i.e., not user-specific, virtual machine image file. Copies of this image file may be distributed to one or more users, each of whom may then use an automated procedure to generate a user-specific virtual machine image file and, thus, a user-specific virtual machine on his/her remote host computer. The generic virtual machine image file may be distributed on computer-readable media, such as a DVD disks, or the file may be stored on a server and downloaded (such as via the Internet) by the users. Each user also receives or downloads a token, which contains a small amount of user-specific information that is used by the automated procedure to provision the generic virtual machine image file for the particular user. A virtual machine accesses a security token connected to a host computer to automatically authenticate or re-authenticate a user, such as when a virtual private network connection is restarted. Substantially identical session identifiers are used by a host computer and a virtual machine, or by two or more virtual machines and, when communicating with an integrated access server. A file server stores virtual machine images that are accessed by a plurality of host computers.

Citations

52 Claims

1. A method of provisioning a customized virtual machine image to a user on a host computer so as to permit establishment of a virtual machine on the host computer, the method comprising:
- providing a virtual machine image for loading onto the host computer, such image having an operating system and as yet not customized to the user; and
  
  providing previously generated customized configuration data from a source outside of the image for use by the operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising determining additional configuration data from predefined rules and providing the additional data for use by the operating system.
  - 3. A method according to claim 1, wherein the virtual machine image also includes instructions and data for establishing a VPN connection between the virtual machine and a computer environment.
  - 4. A method according to claim 1, wherein the host computer is unmanaged.
  - 5. A method according to claim 1, wherein the virtual machine image includes computer instructions establishing an automated mini-setup procedure for the operating system and the customized configuration data include data that are provided as answers to the automated mini-setup procedure.
  - 6. A method according to claim 3, wherein the virtual machine image includes computer instructions establishing an authentication component to implement an authentication policy of an interactive logon model, such component prompting for user-supplied credentials necessary for establishing the VPN connection.
  - 7. A method according to claim 6, wherein the authentication component also causes generation of a log file external to the virtual machine, the log file containing diagnostic information concerning at least one application running in the virtual machine.
  - 8. A method according to claim 7, wherein the at least one application includes the authentication component itself.
  - 9. A method according to claim 7, wherein the at least one application includes a VPN monitor.
  - 10. A method according to claim 7, wherein the at least one application includes a VPN helper.
  - 11. A method according to claim 2, where the additional configuration data includes a memory size associated with the virtual machine.
  - 12. A method according to claim 1, wherein the virtual machine image also includes instructions for causing log out from the operating system in response closing of a user interface window related to the virtual machine.

13. A method of providing access by a remote computer to a computing environment, such environment having a virtual private network connection, the method comprising:
- providing a virtual machine image for loading onto the remote computer, such image (i) permitting establishment of a virtual machine on the remote computer, (ii) having an operating system, (iii) including instructions and data for establishing a VPN connection between the virtual machine and a computer environment, and (iv) being as yet not customized to a specific user; and
  
  providing previously generated customized configuration data from a source outside of the image to the operating system, such configuration data permitting the virtual machine to log in to the environment and become registered onto a domain of the environment.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method of claim 13, further comprising determining additional configuration data from predefined rules and providing the additional data for use by the operating system.
  - 15. A method according to claim 13, wherein the host computer is unmanaged.
  - 16. A method according to claim 13, wherein the virtual machine image includes computer instructions establishing an automated mini-setup procedure for the operating system and the customized configuration data include data that are provided as answers to the automated mini-setup procedure.
  - 17. A method according to claim 13, wherein the virtual machine image includes computer instructions establishing an authentication component to implement an authentication policy of an interactive logon model, such component prompting for user-supplied credentials necessary for logging onto the VPN connection.
  - 18. A method according to claim 17, wherein the authentication component also causes generation of a log file external to the virtual machine, the log file containing diagnostic information concerning at least one application running in the virtual machine.
  - 19. A method according to claim 18, wherein the at least one application includes the authentication component itself.
  - 20. A method according to claim 18, wherein the at least one application includes a VPN monitor.
  - 21. A method according to claim 18, wherein the at least one application includes a VPN helper.
  - 22. A method according to claim 14, where the additional configuration data includes memory size associated with the virtual machine.
  - 23. A method according to claim 13, wherein the virtual machine image also includes instructions for causing log out from the operating system in response closing of a user interface window related to the virtual machine.

24. A computer program product comprising:
- a computer-readable medium on which is stored a virtual machine image for loading onto a host computer, such image having an operating system and as yet not customized to a user.
- View Dependent Claims (25)
- - 25. A computer program product according to claim 24, wherein the virtual machine image includes computer instructions for:
    - receiving previously generated customized configuration data from a source outside of the image; and
      
      customizing the operating system to a particular user, according to the received previously generated customized configuration data from a source other than the computer-readable medium.

26. A method of automatically obtaining at least one user credential, comprising:
- connecting a security token to a port of a host computer;
  
  executing a virtual machine on the host computer;
  
  from within the virtual machine, accessing the port and reading from the security token data associated with at least one user credential related to a user; and
  
  from within the virtual machine, using the data thus read to log the user into an operating system executed by the virtual machine.

27. A method of automatically obtaining at least one user credential, comprising:
- connecting a security token to a port of a host computer;
  
  executing a virtual machine on the host computer;
  
  from within the virtual machine, accessing the port and reading from the security token data associated with at least one user credential related to a user; and
  
  using the data thus read to establish a network connection between the virtual machine and a server.

28. A method of automatically obtaining at least one user credential, comprising:
- connecting a security token to a port of a host computer;
  
  executing a virtual machine on the host computer;
  
  executing a virtual machine player on the host computer;
  
  from within the player, accessing the port and reading from the security token data associated with at least one user credential related to a user; and
  
  from within the virtual machine, accessing the player to obtain the data thus read.
- View Dependent Claims (29, 30)
- - 29. A method according to claim 28, further comprising, from within the virtual machine, using the obtained data to log the user into an operating system executed by the virtual machine.
  - 30. A method according to claim 28, further comprising, from within the virtual machine, using the obtained data to establish a network connection between the virtual machine and a server.

31. A method of automatically obtaining at least one user credential, comprising:
- executing a host operating system on a host computer;
  
  within the host operating system, caching at least one user credential related to a user who is logged into the host operating system;
  
  executing a virtual machine on the host computer;
  
  from within a virtual machine player, obtaining the at least one cached user credential from the host operating system; and
  
  from within the virtual machine, using the obtained at least one user credential to log the user into an operating system executed by the virtual machine.

32. A method of establishing parallel sessions between a host computer and an integrated access server and between a virtual machine being executed on the host computer and the integrated access server, comprising:
- using a first session identifier to establish a session between the host computer and the integrated access server; and
  
  using a second session identifier, substantially identical to the first session identifier, to establish a session between the virtual machine and the integrated access server.
- View Dependent Claims (33, 34)
- - 33. A method according to claim 32, further comprising:
    - on the host computer, generating the first session identifier, based at least in part on identification data associated with the host computer;
      
      communicating, from the host computer to the virtual machine, information about the identification data associated with the host computer; and
      
      using the communicated information to generate the second session identifier.
  - 34. A method according to claim 33, wherein the identification data associated with the host computer comprises a media access control (MAC) address of the host computer.

35. A method of establishing parallel sessions between a first virtual machine being executed on a host computer and an integrated access server and between a second virtual machine being executed by the host computer and the integrated access server, comprising:
- using a first session identifier to establish a session between the first virtual machine and the integrated access server; and
  
  using a second session identifier, substantially identical to the first session identifier, to establish a session between the second virtual machine and the integrated access server.
- View Dependent Claims (36, 37, 38)
- - 36. A method according to claim 35, further comprising:
    - communicating, from the host computer to the first virtual machine, identification data associated with the host computer;
      
      using the communicated identification data to generate the first session identifier;
      
      communicating, from the host computer to the second virtual machine, the identification data associated with the host computer; and
      
      using the communicated identification data to generate the second session identifier.
  - 37. A method according to claim 36, wherein the identification data associated with the host computer comprises a media access control (MAC) address of the host computer.
  - 38. A method according to claim 36, wherein communicating the identification data from the host computer to the first virtual machine comprises executing a virtual machine player on the host computer.

39. A method of coordinating an access request from a computer to a first integrated access server and an access request from the computer to a second integrated access server, wherein the first and the second integrated access servers maintain distinct universes of patient identifiers, the method comprising:
- receiving a patient identifier that identifies a patient within the universe of patient identifiers maintained by the first integrated access server;
  
  sending the received patient identifier to the first integrated access server;
  
  mapping the received patient identifier into a second patient identifier that identifies the same patient within the universe of patient identifiers maintained by the second integrated access server; and
  
  sending the second patient identifier to the second integrated access server.
- View Dependent Claims (40)
- - 40. A method according to claim 39, further comprising executing a virtual machine on the computer;
    - and wherein sending the second patient identifier comprises setting the second patient identifier from the virtual machine to the second integrated access server.

41. In a network that includes a plurality of host computers interconnected to a file server, a method of executing a virtual machine, comprising:
- storing a plurality of virtual machine images on the file server;
  
  loading a selected one of the plurality of virtual machine images from the file server onto a first selected one of the host computers; and
  
  executing the loaded virtual machine image on the first selected one of the host computers.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 42. A method according to claim 41, wherein:
    - storing the plurality of virtual machine images on the file server comprises storing a plurality of generic virtual machine images on the file server; and
      
      further comprising;
      
      after loading the selected one of the plurality of virtual machine images from the file server onto the first selected one of the host computers, automatically provisioning the virtual machine on the host computer.
  - 43. A method according to claim 41, further comprising:
    - suspending execution of the virtual machine on the first selected one of the host computers; and
      
      storing information about the suspended virtual machine on the file server.
  - 44. A method according to claim 43, wherein suspending execution of the virtual machine comprises suspending execution of the virtual machine in response to a user command issued on the first selected one of the host computers.
  - 45. A method according to claim 43, wherein suspending execution of the virtual machine comprises suspending execution of the virtual machine in response to information stored on the file server.
  - 46. A method according to claim 43, wherein suspending execution of the virtual machine comprises suspending execution of the virtual machine in response to a remote procedure call.
  - 47. A method according to claim 43, further comprising:
    - loading the information about the suspended virtual machine from the file server onto a second selected one of the host computers, different than the first selected one of the host computers; and
      
      resuming execution of the suspended virtual machine on the second selected one of the host computers.
  - 48. A method according to claim 43, further comprising:
    - resuming execution of the suspended virtual machine on the file server.
  - 49. A method according to claim 43, further comprising:
    - loading the information about the suspended virtual machine from the file server onto a compute server; and
      
      resuming execution of the suspended virtual machine on the compute server.
  - 50. A method according to claim 49, further comprising:
    - loading information about at least one other suspended virtual machine from the file server onto the compute server; and
      
      resuming execution of the at least one other suspended virtual machine on the compute server.
  - 51. A method according to claim 43, further comprising:
    - automatically provisioning the virtual machine on the first selected one of the host computers; and
      
      wherein;
      
      storing the plurality of virtual machine images on the file server comprises storing a plurality of generic virtual machine images on the file server; and
      
      the information about the suspended virtual machine comprises information about differences between a current state of the virtual machine and one of the generic virtual machine images.
  - 52. A method according to claim 41, wherein:
    - storing the plurality of virtual machine images on the file server comprises storing a plurality of generic virtual machine images on the file server; and
      
      further comprising;
      
      after loading the selected one of the plurality of virtual machine images from the file server onto the first selected one of the host computers, automatically provisioning the virtual machine on the host computer;
      
      after provisioning the virtual machine, suspending execution of the virtual machine on the first selected one of the host computers; and
      
      storing information about differences between a current state of the virtual machine and one of the generic virtual machine images on the first selected one of the host computers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Sentillion Incorporated (Microsoft Corporation)
Inventors
Fusari, David, Hartz, George, Fontana, Eric, Seliger, Rob

Granted Patent

US 9,392,078 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/45595   Network integration; Enabli...

G06F 8/61   Installation

G06F 8/63   Image based installation; C...

G06F 9/44505   Configuring for program ini...

G06F 9/45537   Provision of facilities of ...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/146   Markers for unambiguous ide...

H04L 67/34   involving the movement of s...

H04L 9/40   Network security protocols

Remote Network Access Via Virtual Machine

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Remote Network Access Via Virtual Machine

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links