DOMAIN CONTROLLER SAFETY-FEATURES AND CLONING

US 20130191828A1
Filed: 01/24/2012
Published: 07/25/2013
Est. Priority Date: 01/24/2012
Status: Active Grant

First Claim

Patent Images

1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for deploying a domain controller within the network by cloning, the method comprising:

an act of a obtaining a copy of a virtual hard disk, the copy of the virtual hard disk having originated from a source domain controller on another virtual machine, the source domain controller selected for cloning;

an act of the domain controller detecting that a virtual machine generation ID for the domain controller has changed;

an act of the domain controller detecting the presence of domain controller configuration, the domain controller clone configuration for configuring the domain controller to appropriately interact with the network;

an act of the domain controller inferring that the domain controller is being cloned by detecting the change in the virtual machine generation ID and by detecting the presence of the domain controller clone configuration;

an act of the domain controller verifying with another domain controller that the source domain controller is authorized to be cloned; and

an act of the domain controller utilizing the domain controller configuration to configure appropriate interaction with the network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for domain controller safety-features and cloning. Embodiments include cloning virtual domain controllers. Cloning permits virtual domain controllers to be rapidly deployed by copying/cloning the entire operating system state of an existing virtual domain controller. Other embodiments provide safety features protecting domain controllers running within virtual machines from introducing distributed corruption into a directory services data system. Protection is facilitated by detecting when a hypervisor or Virtual Machine Manager (“VMM”) uses features that cause a virtual machine to be rolled back in time outside of an operating system'"'"'s awareness. In response to detecting a feature that causes rollback, safeties can be implemented to compensate for otherwise divergent state and prevent the introduction of duplicate unique identifiers.

19 Citations

View as Search Results

20 Claims

1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for deploying a domain controller within the network by cloning, the method comprising:
- an act of a obtaining a copy of a virtual hard disk, the copy of the virtual hard disk having originated from a source domain controller on another virtual machine, the source domain controller selected for cloning;
  
  an act of the domain controller detecting that a virtual machine generation ID for the domain controller has changed;
  
  an act of the domain controller detecting the presence of domain controller configuration, the domain controller clone configuration for configuring the domain controller to appropriately interact with the network;
  
  an act of the domain controller inferring that the domain controller is being cloned by detecting the change in the virtual machine generation ID and by detecting the presence of the domain controller clone configuration;
  
  an act of the domain controller verifying with another domain controller that the source domain controller is authorized to be cloned; and
  
  an act of the domain controller utilizing the domain controller configuration to configure appropriate interaction with the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, further comprising an act of rebooting the domain controller to apply the configuration for appropriate interaction on the network, rebooting transitioning the domain controller to a fully operational domain controller on the network.
  - 3. The method as recited in claim 1, further comprising prior to obtaining a copy of the virtual hard disk, an act of verifying that the source domain controller has a cloning-safe set of applications.
  - 4. The method as recited in claim 1, wherein the act of obtaining a copy of a virtual hard disk comprises an act of receiving a command to clone the source domain controller from a hypervisor.
  - 5. The method as recited in claim 1, wherein the act of the domain controller detecting that a virtual machine generation ID for the domain controller has changed comprise an act of detecting that a current virtual machine generation ID differs from a prior virtual machine generation ID.
  - 6. The method as recited in claim 5, further comprising an act of rebooting or resuming the virtual machine where the cloned domain controller is to reside;
    - and whereinthe act of detecting that a current virtual machine generation ID differs from a prior virtual machine generation ID comprises an act of detecting that a current virtual machine generation ID differs from a prior virtual machine generation ID when the virtual machine is starting.
  - 7. The method as recited in claim 1, wherein the act of the domain controller detecting the presence of a domain controller configuration comprises an act of detecting the presence of a domain controller configuration that contains state changes to be applied at the domain controller.
  - 8. The method as recited in claim 1, wherein the act of the domain controller detecting the presence of the domain controller configuration comprises an act of detecting the presence of domain controller configuration that contains one or more of:
    - new name for the domain controller, a new site for the domain controller, and a new Internet Protocol address for the domain controller.
  - 9. The method as recited in claim 1, wherein the act of the domain controller utilizing the domain controller configuration information to configure appropriate interaction with the network comprises an act of changing one or more of:
    - the name of the domain controller, the site for the domain controller, and the Internet Protocol address for the domain controller.
  - 10. The method as recited in claim 1, wherein the act of the domain controller utilizing the domain controller configuration to configure appropriate interaction with the network comprises an act of utilizing the domain controller configuration to configure appropriate interaction with other domain controllers on the network.
  - 11. The method as recited in claim 1, further comprising:
    - an act of determining that the domain controller configuration does not supply a name for the domain controller; and
      
      an act of assigning a name to the domain controller.

12. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
- an act of creating a snapshot of the state of a source domain controller at a first logical time, the source domain controller having an initial invocation ID, a saved virtual machine generation ID, and a current virtual machine generation ID, the saved virtual machine generation ID and the current virtual machine generation ID being consistent at the first logical time;
  
  at a second logical time, the second logical time after the first logical time;
  
  an act of writing first data to the source domain controller to change the state of the source domain controller; and
  
  an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can apply state changes consistent with the state changes at the source domain controller;
  
  an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to the first logical time, the snapshot applied at a third logical time;
  
  an act of changing the current virtual machine generation ID in response to applying the snapshot;
  
  an act of receiving second data that, when written to the source domain controller, further changes the state of the source domain controller, the second data received subsequent to snapshot being applied and subsequent to the first logical time;
  
  an act of prior to writing the second data to the source domain controller, an act of the source domain controller detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;
  
  in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;
  
  an act of creating a subsequent invocation ID, the subsequent invocation ID differing from the initial invocation ID; and
  
  an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and
  
  at a fourth logical time, the fourth logical time after the first logical time;
  
  an act of writing the second data to the source domain controller to further change the state of the source domain controller; and
  
  an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes without violating the consistency of state changes associated with the initial invocation ID.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method as recited in claim 12, further comprising:
    - An act of receiving back the first data along with the initial invocation ID from the target domain controller; and
      
      an act of re-writing the first data to the source domain controller to change the state of the source domain controller.
  - 14. The method as recited in claim 13, further comprising:
    - an act of maintaining one version of state from writing the second data and associated with the subsequent invocation ID; and
      
      an act of maintaining another version of state from re-writing the first data and associated with the initial invocation ID.
  - 15. The method as recited in claim 12 wherein the act of sending the first data along with the initial invocation ID comprises an act of sending data corresponding to one or more Update Sequence Numbers
  - 16. The method as recited in claim 12, wherein an act of creating a subsequent invocation ID comprises an act of creating a subsequent invocation ID that is statistically unique among all other invocation IDs on the network.

17. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
- an act of a target domain controller receiving first data and an initial invocation ID from a source domain controller, the first data written at the source domain controller to change the state of the source domain controller at a first logical time;
  
  an act of the target domain controller maintaining a first version of state from the source domain controller by writing the first data to change the state at the target domain controller, the first version of state from the source domain controller corresponding to the initial invocation ID;
  
  an act of the target domain controller receiving second data and a subsequent invocation ID from the source domain controller, the second data written at the source domain controller to change the state of the source domain controller at a second logical time, the second logical time after the first logical time; and
  
  an act of the target domain controller maintaining a separate second version of state from the source domain controller along with the first version of state from the source domain controller by writing the second data to change the state at the target domain controller without violating the consistency of the state changes in the maintained first version of state from the source domain controller, the second version of state from the source domain controller corresponding to the subsequent invocation ID.
- View Dependent Claims (18, 19, 20)
- - 18. The method as recited in claim 17, further comprising an act of sending the first data along with the initial invocation ID back to the source domain controller so that the source domain controller can reapply state changes associated with the initial invocation ID.
  - 19. The method as recited in claim 17, wherein the act of a target domain controller receiving first data and an initial invocation ID from a source domain controller comprises an act of receiving a first set of USNs;
    - andwherein the act of a target domain controller receiving second data and an subsequent invocation ID from a source domain controller comprises an act of receiving a second set of USNs.
  - 20. The method as recited in claim 19, wherein an act of the target domain controller maintaining a separate second version of state from the source domain controller along with the first version of state from the source domain controller comprises an act of maintaining separate versions of state from the source domain controller to prevent inconsistency between the first set of USNs and the second set of USNs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hegde, Uday, Hill, Richard, Wells, Dean Anthony, Guetat, Gregoire, Johnson, Gregory Christopher

Granted Patent

US 8,726,277 B2
Time in Patent Office

Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 8/63   Image based installation; C...

G06F 9/45558   Hypervisor-specific managem...

DOMAIN CONTROLLER SAFETY-FEATURES AND CLONING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DOMAIN CONTROLLER SAFETY-FEATURES AND CLONING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links