METHODS AND SYSTEMS FOR PROVIDING SECURE IMAGE MOBILITY

US 20100235833A1
Filed: 03/13/2009
Published: 09/16/2010
Est. Priority Date: 03/13/2009
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method of loading and booting a virtual server, comprising steps of:

selecting a physical compute host from a plurality of available physical compute hosts, each physical compute host including a motherboard including a processor, a peripheral device, a secure management controller that includes a secure memory for storing a BIOS image, a device image and a virtual server identity data, and a BIOS memory accessible by the processor under control of the secure management controller;

selecting virtual server secure profile data from a repository that is separate from the selected compute host, the selected virtual server secure profile data identifying a selected virtual server identity data, a selected device image and a selected BIOS image;

transmitting the virtual server secure profile data from the repository to the physical compute host over a secure network distinct from a second network over which a selected application and a selected operating system are accessible;

storing the selected virtual server secure profile data in the secure memory of the selected compute host;

loading the BIOS image into the BIOS memory under control of the secure management controller;

enabling the peripheral device to read the device image such that the peripheral device is configured in accordance with the device image;

enabling the motherboard of the selected compute host to read the selected BIOS image from the BIOS memory and to read the selected virtual server identity data from the secure memory, andloading over the second network and running the selected operating system and the selected application on the selected physical compute host.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method allows a virtual server to be assigned to any of a plurality of physical computes hosts in a networked computing system. Each physical compute host includes a motherboard and a secure management controller that includes a secure memory vault for storing virtual server secure profile data and a BIOS switch for loading a BIOS memory with a BIOS image from the secure memory and controlling access to the BIOS memory by the motherboard. The virtual server secure profile data is transmitted to the secure memory under the exclusive control of a secure infrastructure layer including a common system controller a secure network that is distinct from the network over which the operating system and application stack is loaded.

52 Citations

View as Search Results

20 Claims

1. A computer-implemented method of loading and booting a virtual server, comprising steps of:
- selecting a physical compute host from a plurality of available physical compute hosts, each physical compute host including a motherboard including a processor, a peripheral device, a secure management controller that includes a secure memory for storing a BIOS image, a device image and a virtual server identity data, and a BIOS memory accessible by the processor under control of the secure management controller;
  
  selecting virtual server secure profile data from a repository that is separate from the selected compute host, the selected virtual server secure profile data identifying a selected virtual server identity data, a selected device image and a selected BIOS image;
  
  transmitting the virtual server secure profile data from the repository to the physical compute host over a secure network distinct from a second network over which a selected application and a selected operating system are accessible;
  
  storing the selected virtual server secure profile data in the secure memory of the selected compute host;
  
  loading the BIOS image into the BIOS memory under control of the secure management controller;
  
  enabling the peripheral device to read the device image such that the peripheral device is configured in accordance with the device image;
  
  enabling the motherboard of the selected compute host to read the selected BIOS image from the BIOS memory and to read the selected virtual server identity data from the secure memory, andloading over the second network and running the selected operating system and the selected application on the selected physical compute host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the motherboard of the selected physical compute host is not powered up during the step of selecting the physical compute host.
  - 3. The method of claim 1 wherein the motherboard of the selected physical compute host is not powered up during the transmitting step.
  - 4. The method of claim 2, further comprising the step of powering up the motherboard of the selected physical compute host prior to causing the motherboard to access the selected BIOS image from the BIOS memory.
  - 5. The method of claim 1, wherein the physical compute host further includes a switch connected to the BIOS memory and operable to connect the BIOS memory to the processor under control of the secure management controller.
  - 6. The method of claim 1, wherein the device image includes an identifier of the device.
  - 7. The method of claim 6, wherein the identifier is selected from the group consisting of a MAC (media access control) address and a fiber channel WWN (world wide name).
  - 8. The method of claim 1, wherein the virtual server secure profile data includes at least one IP (interne protocol) address.
  - 9. The method of claim 1, wherein the virtual server secure profile data includes remote service identification data that identifies remote service with which the virtual server communicates.
  - 10. The method of claim 9, wherein the remote service identification data includes a datum selected from the group consisting of a WWN of a storage server, a file server address for a NAS (network attached storage) device;
    - and an operating system image identifier for identifying an operating system image on a storage server or device.

11. A physical compute host comprising:
- a motherboard including a processor;
  
  a peripheral device connected to the motherboard;
  
  a BIOS memory; and
  
  a secure management controller connected to the peripheral device and including a module control processor, an interface to a secure network, a BIOS switch connected to the BIOS memory and the module control processor, and a secure memory for storing a BIOS image, a device image and a virtual server identity data, the BIOS switch being operable to connect the BIOS memory to the processor under control of the module control processor;
  
  wherein the secure management controller is configured to perform the steps ofreceiving virtual server secure profile data via the secure network, the virtual server secure profile data including a selected virtual server identity data, a selected device image and a selected BIOS image;
  
  storing the virtual server secure profile data in the secure memory;
  
  transferring the BIOS image to the BIOS memory;
  
  controlling the BIOS switch to allow the processor to read from the BIOS memory;
  
  providing the peripheral device with data from the device image; and
  
  providing the processor with data from the virtual server identity data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The physical compute host of claim 11, wherein the motherboard further includes a power controller operable to supply power to the processor and connected to the secure management controller, and wherein the secure management controller is configured to perform the step of supplying power to the processor prior to the controlling step.
  - 13. The physical compute host of claim 11, wherein the peripheral device complies with a PCI (peripheral component interconnect) standard.
  - 14. The physical compute host of claim 11, wherein the BIOS memory is located on the motherboard.
  - 15. The physical compute host of claim 11, wherein the BIOS memory is located in the secure management controller.
  - 16. The physical compute host of claim 11, wherein the secure management controller further includes a peripheral device boot access controller connected to the module control processor, the peripheral device and the secure memory, and wherein the module control processor is configured to control the peripheral device boot access controller to allow the peripheral device to read the device image stored in the secure memory.
  - 17. The physical compute host of claim 11, wherein the BIOS switch is operable under control of the module control processor to allow the processor to have different levels of access to the secure memory, including a first level in which the processor has no access to the secure memory, a second level in which the processor has read access to the secure memory, and a third level in which the processor has read and write access to the secure memory.
  - 18. The physical compute host of claim 11, wherein the processor on the motherboard is configured to load at least one operating system and at least one application via the peripheral device using a second network distinct from the secure network.
  - 19. A system comprising:
    - a repository for storing virtual server secure profile data for at least one virtual server;
      
      a plurality of physical compute hosts according to claim 11 connected to the repository via a secure network;
      
      a system controller connected to the secure network; and
      
      a boot image storage device connectable to the physical compute host via a second network distinct from the secure network;
      
      wherein the system controller is configured to perform the steps ofselecting a physical compute host from among the plurality of physical compute hosts; and
      
      transmitting the virtual server secure profile data to the selected physical compute host via the secure network; and
      
      wherein the physical compute host is configured to load the operating system and the application from the boot image storage device.
  - 20. The system of claim 19, wherein the repository includes virtual server secure profile data for a plurality of virtual servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liquid Computing Corporation
Original Assignee
Liquid Computing Corporation
Inventors
Kemp, Michael F., Huang, Kaiyuan

Application Number

US12/403,742
Publication Number

US 20100235833A1
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 21/575 Secure boot

METHODS AND SYSTEMS FOR PROVIDING SECURE IMAGE MOBILITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHODS AND SYSTEMS FOR PROVIDING SECURE IMAGE MOBILITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others