SECURING LIVE MIGRATION OF A VIRTUAL MACHINE WITHIN A SERVICE LANDSCAPE

US 20100071025A1
Filed: 09/15/2008
Published: 03/18/2010
Est. Priority Date: 09/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method for secure live migration of a virtual machine (VM) in a virtualized computing environment, the method comprising:

selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment;

live migrating the selected VM to the different virtualized computing environment and restarting the VM in the different virtualized computing environment;

establishing a secure communicative link between the restarted VM and at least one other of the VMs in the secure virtualized computing environment; and

,enabling data communications between the restarted VM and the at least one other of the VMs over the secure communicative link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM cna be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.

100 Citations

View as Search Results

10 Claims

1. A method for secure live migration of a virtual machine (VM) in a virtualized computing environment, the method comprising:
- selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment;
  
  live migrating the selected VM to the different virtualized computing environment and restarting the VM in the different virtualized computing environment;
  
  establishing a secure communicative link between the restarted VM and at least one other of the VMs in the secure virtualized computing environment; and
  
  ,enabling data communications between the restarted VM and the at least one other of the VMs over the secure communicative link.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - adding a tunnel between a routing core of the secure virtualized computing environment and the restarted VM; and
      
      ,responsive to determining an update to the routing core permitting routing of data packets from the VMs in the secure virtualized computing environment to the restarted VM, removing the tunnel.
  - 3. The method of claim 1, wherein establishing a secure communicative link between the restarted VM and at least one other of the VMs in the secure virtualized computing environment, comprises:
    - configuring an Internet protocol (IP) Security (IPSec) policy for secure communications between the restarted VM and the at least one other of the VMs in the secure virtualized computing environment; and
      
      ,establishing an IPSec conformant communicative link between the restarted VM and the at least one other of the VMs in the secure virtualized computing environment according to the configured IPSec policy.
  - 4. The method of claim 1, wherein enabling data communications between the restarted VM and the at least one other of the VMs over the secure communicative link, further comprises:
    - determining non-managed connections persisting between the selected VM and other communicative entities;
      
      identifying unsecured ones of the non-managed connections; and
      
      ,resetting the identified unsecured ones of the non-managed connections as secured connections and re-establishing the unsecured ones of the non-managed connections as secured connections.

5. A virtualized computing data processing system comprising:
- a secure virtualized computing environment comprising a hypervisor managing a plurality of virtual machines (VMs) within the secure virtualized computing environment;
  
  a different virtualized computing environment comprising a hypervisor managing a plurality of VMs within the different virtualized computing environment;
  
  live migration logic coupled to each of the secure virtualized computing environment and the different virtualized computing environment, the logic comprising program code enabled to select one of the VMs in a secure virtualized computing environment for live migration to the different virtualized computing environment and to block data communications with the selected VM and other VMs in the secure virtualized computing environment, to live migrate the selected VM to the different virtualized computing environment and to restart the VM in the different virtualized computing environment, to establish a secure communicative link between the restarted VM and at least one other of the VMs in the secure virtualized computing environment, and to enable data communications between the restarted VM and the at least one other of the VMs over the secure communicative link.
- View Dependent Claims (6)
- - 6. The system of claim 5, wherein the secure communicative link is an Internet protocol (IP) Security (IPSec) conformant secure communicative link.

7. A computer program product comprising a computer usable medium embodying computer usable program code for secure live migration of a virtual machine (VM) in a virtualized computing environment, the computer program product comprising:
- computer usable program code for selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment;
  
  computer usable program code for live migrating the selected VM to the different virtualized computing environment and restarting the VM in the different virtualized computing environment;
  
  computer usable program code for establishing a secure communicative link between the restarted VM and at least one other of the VMs in the secure virtualized computing environment; and
  
  ,computer usable program code for enabling data communications between the restarted VM and the at least one other of the VMs over the secure communicative link.
- View Dependent Claims (8, 9, 10)
- - 8. The computer program product of claim 7, further comprising:
    - computer usable program code for adding a tunnel between a routing core of the secure virtualized computing environment and the restarted VM; and
      
      ,computer usable program code for removing the tunnel in response to determining an update to the routing core permitting routing of data packets from the VMs in the secure virtualized computing environment to the restarted VM.
  - 9. The computer program product of claim 7, wherein the computer usable program code for establishing a secure communicative link between the restarted VM and at least one other of the VMs in the secure virtualized computing environment, comprises:
    - computer usable program code for configuring an Internet protocol (IP) Security (IPSec) policy for secure communications between the restarted VM and the at least one other of the VMs in the secure virtualized computing environment; and
      
      ,computer usable program code for establishing an IPSec conformant communicative link between the restarted VM and the at least one other of the VMs in the secure virtualized computing environment according to the configured IPSec policy.
  - 10. The computer program product of claim 7, wherein the computer usable program code for enabling data communications between the restarted VM and the at least one other of the VMs over the secure communicative link, further comprises:
    - computer usable program code for determining non-managed connections persisting between the selected VM and other communicative entities;
      
      computer usable program code for identifying unsecured ones of the non-managed connections; and
      
      ,computer usable program code for resetting the identified unsecured ones of the non-managed connections as secured connections and re-establishing the unsecured ones of the non-managed connections as secured connections.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Law, Michael S., Joseph, Dinakaran, Gottimukkala, Sivaram, Huynh, Lap T., Devine, Wesley M., Overby, Linwood H. JR.

Granted Patent

US 9,715,401 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/4856   resumption being on a diffe...

SECURING LIVE MIGRATION OF A VIRTUAL MACHINE WITHIN A SERVICE LANDSCAPE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

SECURING LIVE MIGRATION OF A VIRTUAL MACHINE WITHIN A SERVICE LANDSCAPE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others