METHODS AND SYSTEMS FOR PROVIDING SECURE IMAGE MOBILITY
First Claim
1. A computer-implemented method of loading and booting a virtual server, comprising steps of:
- selecting a physical compute host from a plurality of available physical compute hosts, each physical compute host including a motherboard including a processor, a peripheral device, a secure management controller that includes a secure memory for storing a BIOS image, a device image and a virtual server identity data, and a BIOS memory accessible by the processor under control of the secure management controller;
selecting virtual server secure profile data from a repository that is separate from the selected compute host, the selected virtual server secure profile data identifying a selected virtual server identity data, a selected device image and a selected BIOS image;
transmitting the virtual server secure profile data from the repository to the physical compute host over a secure network distinct from a second network over which a selected application and a selected operating system are accessible;
storing the selected virtual server secure profile data in the secure memory of the selected compute host;
loading the BIOS image into the BIOS memory under control of the secure management controller;
enabling the peripheral device to read the device image such that the peripheral device is configured in accordance with the device image;
enabling the motherboard of the selected compute host to read the selected BIOS image from the BIOS memory and to read the selected virtual server identity data from the secure memory, andloading over the second network and running the selected operating system and the selected application on the selected physical compute host.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method allows a virtual server to be assigned to any of a plurality of physical computes hosts in a networked computing system. Each physical compute host includes a motherboard and a secure management controller that includes a secure memory vault for storing virtual server secure profile data and a BIOS switch for loading a BIOS memory with a BIOS image from the secure memory and controlling access to the BIOS memory by the motherboard. The virtual server secure profile data is transmitted to the secure memory under the exclusive control of a secure infrastructure layer including a common system controller a secure network that is distinct from the network over which the operating system and application stack is loaded.
52 Citations
20 Claims
-
1. A computer-implemented method of loading and booting a virtual server, comprising steps of:
-
selecting a physical compute host from a plurality of available physical compute hosts, each physical compute host including a motherboard including a processor, a peripheral device, a secure management controller that includes a secure memory for storing a BIOS image, a device image and a virtual server identity data, and a BIOS memory accessible by the processor under control of the secure management controller; selecting virtual server secure profile data from a repository that is separate from the selected compute host, the selected virtual server secure profile data identifying a selected virtual server identity data, a selected device image and a selected BIOS image; transmitting the virtual server secure profile data from the repository to the physical compute host over a secure network distinct from a second network over which a selected application and a selected operating system are accessible; storing the selected virtual server secure profile data in the secure memory of the selected compute host; loading the BIOS image into the BIOS memory under control of the secure management controller; enabling the peripheral device to read the device image such that the peripheral device is configured in accordance with the device image; enabling the motherboard of the selected compute host to read the selected BIOS image from the BIOS memory and to read the selected virtual server identity data from the secure memory, and loading over the second network and running the selected operating system and the selected application on the selected physical compute host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A physical compute host comprising:
-
a motherboard including a processor; a peripheral device connected to the motherboard; a BIOS memory; and a secure management controller connected to the peripheral device and including a module control processor, an interface to a secure network, a BIOS switch connected to the BIOS memory and the module control processor, and a secure memory for storing a BIOS image, a device image and a virtual server identity data, the BIOS switch being operable to connect the BIOS memory to the processor under control of the module control processor; wherein the secure management controller is configured to perform the steps of receiving virtual server secure profile data via the secure network, the virtual server secure profile data including a selected virtual server identity data, a selected device image and a selected BIOS image; storing the virtual server secure profile data in the secure memory; transferring the BIOS image to the BIOS memory; controlling the BIOS switch to allow the processor to read from the BIOS memory; providing the peripheral device with data from the device image; and providing the processor with data from the virtual server identity data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification