DOMAIN CONTROLLER SAFETY-FEATURES AND CLONING
First Claim
1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for deploying a domain controller within the network by cloning, the method comprising:
- an act of a obtaining a copy of a virtual hard disk, the copy of the virtual hard disk having originated from a source domain controller on another virtual machine, the source domain controller selected for cloning;
an act of the domain controller detecting that a virtual machine generation ID for the domain controller has changed;
an act of the domain controller detecting the presence of domain controller configuration, the domain controller clone configuration for configuring the domain controller to appropriately interact with the network;
an act of the domain controller inferring that the domain controller is being cloned by detecting the change in the virtual machine generation ID and by detecting the presence of the domain controller clone configuration;
an act of the domain controller verifying with another domain controller that the source domain controller is authorized to be cloned; and
an act of the domain controller utilizing the domain controller configuration to configure appropriate interaction with the network.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for domain controller safety-features and cloning. Embodiments include cloning virtual domain controllers. Cloning permits virtual domain controllers to be rapidly deployed by copying/cloning the entire operating system state of an existing virtual domain controller. Other embodiments provide safety features protecting domain controllers running within virtual machines from introducing distributed corruption into a directory services data system. Protection is facilitated by detecting when a hypervisor or Virtual Machine Manager (“VMM”) uses features that cause a virtual machine to be rolled back in time outside of an operating system'"'"'s awareness. In response to detecting a feature that causes rollback, safeties can be implemented to compensate for otherwise divergent state and prevent the introduction of duplicate unique identifiers.
19 Citations
20 Claims
-
1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for deploying a domain controller within the network by cloning, the method comprising:
-
an act of a obtaining a copy of a virtual hard disk, the copy of the virtual hard disk having originated from a source domain controller on another virtual machine, the source domain controller selected for cloning; an act of the domain controller detecting that a virtual machine generation ID for the domain controller has changed; an act of the domain controller detecting the presence of domain controller configuration, the domain controller clone configuration for configuring the domain controller to appropriately interact with the network; an act of the domain controller inferring that the domain controller is being cloned by detecting the change in the virtual machine generation ID and by detecting the presence of the domain controller clone configuration; an act of the domain controller verifying with another domain controller that the source domain controller is authorized to be cloned; and an act of the domain controller utilizing the domain controller configuration to configure appropriate interaction with the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
-
an act of creating a snapshot of the state of a source domain controller at a first logical time, the source domain controller having an initial invocation ID, a saved virtual machine generation ID, and a current virtual machine generation ID, the saved virtual machine generation ID and the current virtual machine generation ID being consistent at the first logical time; at a second logical time, the second logical time after the first logical time; an act of writing first data to the source domain controller to change the state of the source domain controller; and an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can apply state changes consistent with the state changes at the source domain controller; an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to the first logical time, the snapshot applied at a third logical time; an act of changing the current virtual machine generation ID in response to applying the snapshot; an act of receiving second data that, when written to the source domain controller, further changes the state of the source domain controller, the second data received subsequent to snapshot being applied and subsequent to the first logical time; an act of prior to writing the second data to the source domain controller, an act of the source domain controller detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent; in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent; an act of creating a subsequent invocation ID, the subsequent invocation ID differing from the initial invocation ID; and an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and at a fourth logical time, the fourth logical time after the first logical time; an act of writing the second data to the source domain controller to further change the state of the source domain controller; and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes without violating the consistency of state changes associated with the initial invocation ID. - View Dependent Claims (13, 14, 15, 16)
-
-
17. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
-
an act of a target domain controller receiving first data and an initial invocation ID from a source domain controller, the first data written at the source domain controller to change the state of the source domain controller at a first logical time; an act of the target domain controller maintaining a first version of state from the source domain controller by writing the first data to change the state at the target domain controller, the first version of state from the source domain controller corresponding to the initial invocation ID; an act of the target domain controller receiving second data and a subsequent invocation ID from the source domain controller, the second data written at the source domain controller to change the state of the source domain controller at a second logical time, the second logical time after the first logical time; and an act of the target domain controller maintaining a separate second version of state from the source domain controller along with the first version of state from the source domain controller by writing the second data to change the state at the target domain controller without violating the consistency of the state changes in the maintained first version of state from the source domain controller, the second version of state from the source domain controller corresponding to the subsequent invocation ID. - View Dependent Claims (18, 19, 20)
-
Specification