Mechanism to transition control between components in a virtual machine environment
First Claim
Patent Images
1. A method comprising:
- a privileged system layer in a virtualization enabled platform enabling a communication portal for executing a service requested by a first component, between the first and a second component of the platform, wherein the first component executes in a first virtual machine on the platform and the second component executes in a second virtual machine on the platform;
performing validation by the privileged system layer that the second component is authorized to execute at least one service on behalf of the first component, further comprising;
retrieving a portal index and local name for the second component from an outbound portal connector descriptor of the first component,translating the local name for the second component into a global name for the second component using a using a name translation table maintained by the privileged system layer,retrieving an inbound portal connector descriptor comprising a local name for a source component from the second component, the second component associated with the portal index and translated global name for the second component,translating the local name for the source component into a global name for the source component using a using a name translation table maintained by the privileged system layer,comparing the translated global name for the source component to the global name for the first component to ensure a match; and
validating by the privileged system layer that the second component is authorized to execute the requested service, further comprising;
comparing a portal validator to an activity descriptor to ensure that the requested service is authorized, wherein the activity descriptor comprises a range descriptor.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, the invention efficiently manages, sets up, controls and performs communication between isolated components using portals. In a platform having virtualization architecture, a component in a first virtual machine requests a service to be performed by a component in a second virtual machine. A privileged system layer validates the ability to create a communication portal between the two components. The validation is a two-level validation to ensure that a portal is permitted between the two components and that the requested activity is also permitted. Other embodiments are described and claimed.
-
Citations
12 Claims
-
1. A method comprising:
-
a privileged system layer in a virtualization enabled platform enabling a communication portal for executing a service requested by a first component, between the first and a second component of the platform, wherein the first component executes in a first virtual machine on the platform and the second component executes in a second virtual machine on the platform; performing validation by the privileged system layer that the second component is authorized to execute at least one service on behalf of the first component, further comprising; retrieving a portal index and local name for the second component from an outbound portal connector descriptor of the first component, translating the local name for the second component into a global name for the second component using a using a name translation table maintained by the privileged system layer, retrieving an inbound portal connector descriptor comprising a local name for a source component from the second component, the second component associated with the portal index and translated global name for the second component, translating the local name for the source component into a global name for the source component using a using a name translation table maintained by the privileged system layer, comparing the translated global name for the source component to the global name for the first component to ensure a match; and validating by the privileged system layer that the second component is authorized to execute the requested service, further comprising; comparing a portal validator to an activity descriptor to ensure that the requested service is authorized, wherein the activity descriptor comprises a range descriptor. - View Dependent Claims (2, 3, 4)
-
-
5. A system comprising:
-
at least one processor residing on a virtualization enabled platform, the platform having a privileged component, the platform to run a plurality of non-privileged components, each of the plurality of components to run in a virtual machine (VM) on the platform; a plurality of data structures stored in memory, each data structure accessible to the privileged component and to a corresponding non-privileged component to describe authorized communication portals for the corresponding non-privileged component; and a name translation table stored in memory, the name translation table accessible to the privileged component and inaccessible to the non-privileged components, wherein the privileged component is to perform a 2-level validation of a requested communication portal between a first non-privileged component and a second non-privileged component, wherein the 2-level validation further comprises; a first validation that the first component and second component have an authorized communication portal, and a second validation that a service requested of the second component, by the first component, is an authorized service request for the authorized communication portal, wherein to perform the second validation, the privileged component is to compare a portal validator to an activity descriptor to ensure that the requested service is authorized, and wherein the activity description comprises a range descriptor. - View Dependent Claims (6, 7, 8)
-
-
9. A machine readable storage medium having instructions stored thereon that when executed by a privileged system layer running on a processor in a virtualization enabled platform cause the platform to:
-
enable a communication portal for executing a service requested by a first component, between the first and a second component of the platform, wherein the first component executes in a first virtual machine on the platform and the second component executes in a second virtual machine on the platform; perform validation by the privileged system layer that the second component is authorized to execute at least one service on behalf of the first component, further comprising instructions to; retrieve a portal index and local name for the second component from an outbound portal connector descriptor of the first component, translate the local name for the second component into a global name for the second component using a using a name translation table maintained by the privileged system layer, retrieve an inbound portal connector descriptor comprising a local name for a source component from the second component, the second component associated with the portal index and translated global name for the second component, translate the local name for the source component into a global name for the source component using a using a name translation table maintained by the privileged system layer, compare the translated global name for the source component to the global name for the first component to ensure a match; and validate by the privileged system layer that the second component is authorized to execute the requested service, further comprising instructions to; compare a portal validator to an activity descriptor to ensure that the requested service is authorized, wherein the activity description comprises a range descriptor. - View Dependent Claims (10, 11, 12)
-
Specification