Method and system for providing a hardware machine function in a protected virtual machine
First Claim
1. In a computer system including a hardware machine having an operating system which supervises a plurality of virtual-machine sessions, a method for protecting the operating environment of one or more of said virtual-machine sessions, the method comprising the steps of:
- defining a plurality of session types for said virtual-machine sessions, including a session type of protected virtual-machine sessions, said protected virtual-machine sessions including program code for implementing a service in support of a defined set of interactions, and a session type of corresponding interacting virtual-machine sessions, said interacting virtual-machine sessions being permitted to interact with said protected virtual-machine sessions to request said service therefrom;
defining one or more of said protected virtual-machine sessions within the operating system;
defining one or more of said corresponding interacting virtual-machine sessions within the operating system;
supervising and enabling the occurrence of said interactions between said defined protected virtual-machine sessions and said defined interacting virtual-machine sessions through the operating system; and
interrogating the operating environment of said defined protected virtual-machine sessions if said service is requested therefrom to verify the continued integrity of said operating environment.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention describes a method and system for virtualizing an internal capability of a computing system; specifically, the invention describes a method and system for establishing a virtual machine containing a programmed hardware-machine function that is normally executed natively as proprietary internal code in its own hardware environment, a Central Electronics Complex (CEC) or logical partition of a CEC. The code resides in a separate hardware domain of the CEC called the Service Element (SE). The IBM VM/ESA (VM) operating system requests the SE to transfer a copy of the code into a virtual machine that VM has initialized, where the machine function is provided (in the current embodiment) as an isolated and encapsulated part of a virtual Parallel Sysplex system comprising multiple virtual CECs in a testing environment.
-
Citations
27 Claims
-
1. In a computer system including a hardware machine having an operating system which supervises a plurality of virtual-machine sessions, a method for protecting the operating environment of one or more of said virtual-machine sessions, the method comprising the steps of:
-
defining a plurality of session types for said virtual-machine sessions, including a session type of protected virtual-machine sessions, said protected virtual-machine sessions including program code for implementing a service in support of a defined set of interactions, and a session type of corresponding interacting virtual-machine sessions, said interacting virtual-machine sessions being permitted to interact with said protected virtual-machine sessions to request said service therefrom;
defining one or more of said protected virtual-machine sessions within the operating system;
defining one or more of said corresponding interacting virtual-machine sessions within the operating system;
supervising and enabling the occurrence of said interactions between said defined protected virtual-machine sessions and said defined interacting virtual-machine sessions through the operating system; and
interrogating the operating environment of said defined protected virtual-machine sessions if said service is requested therefrom to verify the continued integrity of said operating environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. In a computer system including a hardware machine having an operating system which supervises a plurality of virtual-machine sessions, an apparatus for protecting the operating environment of one or more of said virtual-machine sessions, the apparatus comprising:
-
means for defining a plurality of session types for said virtual-machine sessions, including a session type of protected virtual-machine sessions, said protected virtual-machine sessions including program code for implementing a service in support of a defined set of interactions, and a session type of corresponding interacting virtual-machine sessions, said interacting virtual-machine sessions being permitted to interact with said protected virtual-machine sessions to request said service therefrom;
means for defining one or more of said protected virtual-machine sessions within the operating system;
means for defining one or more of said corresponding interacting virtual-machine sessions within the operating system;
means for supervising and enabling the occurrence of said interactions between said defined protected virtual-machine sessions and said defined interacting virtual-machine sessions through the operating system; and
means for interrogating the operating environment of said defined protected virtual-machine sessions if said service is requested therefrom to verify the continued integrity of said operating environment. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification