SYSTEM AND METHOD FOR INSPECTING A VIRTUAL APPLIANCE RUNTIME ENVIRONMENT

US 20090300076A1
Filed: 06/01/2009
Published: 12/03/2009
Est. Priority Date: 05/30/2008
Status: Active Grant

First Claim

Patent Images

1. A system for inspecting file system activity within a virtual machine, comprising:

a runtime environment configured to execute a base image within a virtual machine, wherein the runtime environment is further configured to;

load a new image having a pointer to the base image;

read data from one or more of the base image or the new image in response to the virtual machine receiving one or more requests to read data from a file system for the base image; and

write data to the new image in response to the virtual machine receiving one or more requests to write data to the file system for the base image; and

a monitoring engine configured to identify one or more changes between a file system for the new image and the file system for the base image, wherein the one or more changes result from runtime activity associated with executing the base image within the virtual machine.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for inspecting a virtual appliance runtime environment is provided. In particular, runtime activity within a virtual machine may be monitored and tracked to manage a file system associated with the runtime activity. For example, a new image having a pointer to a base image being executed may be created, wherein the new image may be empty when created, and wherein data may be written to the new image in response to any files being created, deleted, modified, or otherwise accessed during execution of the base image within the virtual machine. Thus, a file system for the new image may be compared to a file system for the base image to analyze the runtime activity for the base image, wherein the new image may preserve runtime changes to the file system and provide visibility into particular runtime modifications to the file system.

184 Citations

33 Claims

1. A system for inspecting file system activity within a virtual machine, comprising:
- a runtime environment configured to execute a base image within a virtual machine, wherein the runtime environment is further configured to;
  
  load a new image having a pointer to the base image;
  
  read data from one or more of the base image or the new image in response to the virtual machine receiving one or more requests to read data from a file system for the base image; and
  
  write data to the new image in response to the virtual machine receiving one or more requests to write data to the file system for the base image; and
  
  a monitoring engine configured to identify one or more changes between a file system for the new image and the file system for the base image, wherein the one or more changes result from runtime activity associated with executing the base image within the virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the data is read from the new image in response to the file system for the new image containing the requested data.
  - 3. The system of claim 2, wherein the data is read from the base image in response to the file system for the new image not containing the requested data.
  - 4. The system of claim 1, wherein the monitoring engine is further configured to:
    - retrieve a plurality of inodes containing metadata describing every object in the file system for the new image;
      
      retrieve a plurality of inodes containing metadata describing every object in the file system for the base image; and
      
      compare the plurality of inodes describing the file system for the new image to the plurality of inodes describing the file system for the base image to identify the one or more changes between the file system for the new image and the file system for the base image.
  - 5. The system of claim 4, wherein the identified changes include one or more files that were created during the runtime activity, one or more files that were deleted during the runtime activity, and one or more files that were modified during the runtime activity.
  - 6. The system of claim 5, wherein the monitoring engine is further configured to identify the created files in response to one or more of the inodes describing the file system for the new image not having corresponding inodes in the file system for the base image.
  - 7. The system of claim 5, wherein the monitoring engine is further configured to identify the deleted files in response to one or more of the inodes describing the file system for the new image containing metadata describing deletion times for corresponding inodes in the file system for the base image.
  - 8. The system of claim 5, wherein the monitoring engine is further configured to identify the modified files in response to one or more of the inodes describing the file system for the new image containing different metadata from corresponding inodes in the file system for the base image.
  - 9. The system of claim 8, wherein the monitoring engine is further configured to compare the modified files in the file system for the new image to the corresponding files in the file system for the base image to identify one or more changes within the modified files.
  - 10. The system of claim 9, further comprising a build engine configured to update the file system for the base image to include one or more of the changes identified within the modified files.
  - 11. The system of claim 4, wherein the monitoring engine is further configured to compare the plurality of inodes describing the file system for the new image to the plurality of inodes describing the file system for the base image to identify one or more files in the base image that were unused during the runtime activity.
  - 12. The system of claim 11, wherein monitoring engine is further configured to identify the unused files in response to one or more of the inodes describing the file system for the base image not having corresponding inodes in the file system for the new image.
  - 13. The system of claim 1, wherein the base image corresponds to a snapshot of a runtime state for the base image.
  - 14. The system of claim 13, wherein the identified changes correspond to runtime activity subsequent to when the snapshot was captured.
  - 15. The system of claim 1, further comprising a build engine configured to update the file system for the base image to include one or more of the changes resulting from the runtime activity associated with executing the base image within the virtual machine.
  - 16. The system of claim 1, wherein the new image comprises a copy-on-write image that is empty when originally loaded.

17. A system for inspecting runtime activity within a virtual machine, comprising:
- a runtime environment configured to execute an application within a virtual machine, wherein the runtime environment is further configured to;
  
  forward data read from a disk to a monitoring engine, wherein the data is forwarded within a stream in response to the runtime environment processing one or more read requests associated with executing the application; and
  
  forward data written to the disk to the monitoring engine, wherein the data is forwarded within the stream in response to the runtime environment processing one or more write requests associated with executing the application; and
  
  the monitoring engine configured to identify one or more changes to a file system stored on the disk, wherein the monitoring engine is further configured to;
  
  read a startup state of the file system in response to initiating execution of the application within the virtual machine;
  
  construct a first version of the file system at a first point in time using the startup state of the file system and the stream of data forwarded from the runtime environment;
  
  construct a second version of the file system at a second point in time using the startup state of the file system and the stream of data forwarded from the runtime environment; and
  
  identify one or more changes between the first version of the file system and the second version of the file system, wherein the one or more changes result from runtime activity associated with executing the application within the virtual machine between the first point in time and the second point in time.
- View Dependent Claims (18)
- - 18. The system of claim 17, further comprising a build engine configured to restore the first version of the file system using the stream of data, wherein the restored file system discards one or more of the changes resulting from the runtime activity between the first point in time and the second point in time.

19. A method for inspecting runtime activity within a virtual machine, comprising:
- loading a runtime environment configured to execute a base image within a virtual machine;
  
  load a new image having a pointer to the base image;
  
  reading data from one or more of the base image or the new image in response to the virtual machine receiving one or more requests to read data from a file system for the base image;
  
  writing data to the new image in response to the virtual machine receiving one or more requests to write data to the file system for the base image; and
  
  identifying one or more changes between a file system for the new image and the file system for the base image, wherein the one or more changes result from runtime activity associated with executing the base image within the virtual machine.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 20. The method of claim 19, wherein the data is read from the new image in response to the file system for the new image containing the requested data.
  - 21. The method of claim 20, wherein the data is read from the base image in response to the file system for the new image not containing the requested data.
  - 22. The method of claim 19, wherein identifying the one or more changes further includes:
    - retrieving a plurality of inodes containing metadata describing every object in the file system for the new image;
      
      retrieving a plurality of inodes containing metadata describing every object in the file system for the base image; and
      
      comparing the plurality of inodes describing the file system for the new image to the plurality of inodes describing the file system for the base image to identify the changes between the file system for the new image and the file system for the base image.
  - 23. The method of claim 22, wherein the identified changes include one or more files that were created during the runtime activity, one or more files that were deleted during the runtime activity, and one or more files that were modified during the runtime activity.
  - 24. The method of claim 23, wherein the created files are identified in response to one or more of the inodes describing the file system for the new image not having corresponding inodes in the file system for the base image.
  - 25. The method of claim 23, wherein the deleted files are identified in response to one or more of the inodes describing the file system for the new image containing metadata describing deletion times for corresponding inodes in the file system for the base image.
  - 26. The method of claim 23, wherein the modified files are identified in response to one or more of the inodes describing the file system for the new image containing different metadata from corresponding inodes in the file system for the base image.
  - 27. The method of claim 26, further comprising comparing the modified files in the file system for the new image to the corresponding files in the file system for the base image to identify one or more changes within the modified files.
  - 28. The method of claim 27, further comprising updating the file system for the base image to include one or more of the changes identified within the modified files.
  - 29. The method of claim 22, further comprising comparing the plurality of inodes describing the file system for the new image to the plurality of inodes describing the file system for the base image to identify one or more files in the base image that were unused during the runtime activity.
  - 30. The method of claim 29, wherein the unused files are identified in response to one or more of the inodes describing the file system for the base image not having corresponding inodes in the file system for the new image.
  - 31. The method of claim 19, wherein the base image corresponds to a snapshot of a runtime state for the base image.
  - 32. The method of claim 31, wherein the identified changes correspond to runtime activity subsequent to when the snapshot was captured.
  - 33. The method of claim 19, wherein the new image comprises a copy-on-write image that is empty when originally loaded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SUSE, LLC (SUSE Software Solutions Germany GmbH)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Icaza, Miguel de, Friedman, Nathaniel

Granted Patent

US 8,209,288 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3664 Environments for testing or...

SYSTEM AND METHOD FOR INSPECTING A VIRTUAL APPLIANCE RUNTIME ENVIRONMENT

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR INSPECTING A VIRTUAL APPLIANCE RUNTIME ENVIRONMENT

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links