System for provisioning, allocating, and managing virtual and physical desktop computers in a network computing environment

US 8,560,593 B2
Filed: 03/27/2008
Issued: 10/15/2013
Est. Priority Date: 03/27/2008
Status: Active Grant

First Claim

Patent Images

1. A system for managing user access to a computer system over a network, comprising:

a server computer configured to receive a connection request from at least one client device over a network, wherein said connection request comprises connection information about said at least one user client device;

a desktop group comprising a cluster of a plurality of virtual desktops and a plurality of physical desktops, the plurality of virtual desktops comprising a plurality of virtual machines executing on at least one physical computing device, each of the plurality of physical desktops executing on at least one physical computing device, wherein each of the virtual desktops and each of the physical desktops are configured to operate a single-user operating system that is configured to run a first shell application that initializes initialize a desktop associated with the single-user operating system, wherein the desktop group of the virtual and physical desktops act substantially equivalent to a Terminal Server and each virtual desktop and each physical desktop is substantially equivalent to a Terminal Server user session, and wherein each of the virtual machines encapsulates;

an operating system environment of the single-user operating system;

applications configured to run natively on the operating system;

memory; and

storage resources;

a second shell program configured to provide multi-user Terminal Server functionality of allowing a user to start a desired application without starting a full desktop in an operating system configuration that is not capable of running as a multi-user Terminal Server, wherein the second shell program modifies the registry of the operating system and prevent the first shell application from starting, and wherein the second shell program is configured to receive, from the client device, an instruction to start a desired application rather than the desktop;

a broker service running on said server computer, the broker service configured to;

receive said connection request from a terminal device operated by a user;

determine the user'"'"'s authorized access to the virtual desktops and the physical desktops in the desktop group based on an access control list;

determine the user'"'"'s authorized access to one or more applications available in the virtual and physical desktops based on the access control list;

display on the terminal device operated by the user, the virtual desktops, the physical desktops and the one or more applications authorized to be accessed by the user;

select either a first virtual desktop from the plurality of virtual desktops or a first physical desktop from the plurality of physical desktops in response to user input;

route said connection request to either the first virtual desktop or the first physical desktop based at least partly on said connection information;

receive status information of the virtual and physical desktops and notification of events occurring on the virtual and physical desktops and record the events within a management database; and

issue commands to cause the virtual and physical desktops in the desktop group to terminate a process, log off a user, shut down, or reboot;

andan agent service running in said first virtual desktop, the agent service configured to;

collect information about event information comprising user logon, logoff and disconnect events associated with the user client device; and

send said event information to the broker service, wherein the broker service is configured to notify a user of the at least one client device to proceed with a connection to the first virtual desktop.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for provisioning, allocating, and managing virtual and physical desktop computers in an enterprise network computing environment allows for these physical and desktop computers to be grouped logically based on personnel, organizational, or networking efficiencies without regard to the hardware or server that will ultimately run the virtual machine terminal once it is accessed. A connection broker connects incoming connections to one desktop in a desktop group, based on information relating to that incoming connection.

37 Citations

View as Search Results

15 Claims

1. A system for managing user access to a computer system over a network, comprising:
- a server computer configured to receive a connection request from at least one client device over a network, wherein said connection request comprises connection information about said at least one user client device;
  
  a desktop group comprising a cluster of a plurality of virtual desktops and a plurality of physical desktops, the plurality of virtual desktops comprising a plurality of virtual machines executing on at least one physical computing device, each of the plurality of physical desktops executing on at least one physical computing device, wherein each of the virtual desktops and each of the physical desktops are configured to operate a single-user operating system that is configured to run a first shell application that initializes initialize a desktop associated with the single-user operating system, wherein the desktop group of the virtual and physical desktops act substantially equivalent to a Terminal Server and each virtual desktop and each physical desktop is substantially equivalent to a Terminal Server user session, and wherein each of the virtual machines encapsulates;
  
  an operating system environment of the single-user operating system;
  
  applications configured to run natively on the operating system;
  
  memory; and
  
  storage resources;
  
  a second shell program configured to provide multi-user Terminal Server functionality of allowing a user to start a desired application without starting a full desktop in an operating system configuration that is not capable of running as a multi-user Terminal Server, wherein the second shell program modifies the registry of the operating system and prevent the first shell application from starting, and wherein the second shell program is configured to receive, from the client device, an instruction to start a desired application rather than the desktop;
  
  a broker service running on said server computer, the broker service configured to;
  
  receive said connection request from a terminal device operated by a user;
  
  determine the user'"'"'s authorized access to the virtual desktops and the physical desktops in the desktop group based on an access control list;
  
  determine the user'"'"'s authorized access to one or more applications available in the virtual and physical desktops based on the access control list;
  
  display on the terminal device operated by the user, the virtual desktops, the physical desktops and the one or more applications authorized to be accessed by the user;
  
  select either a first virtual desktop from the plurality of virtual desktops or a first physical desktop from the plurality of physical desktops in response to user input;
  
  route said connection request to either the first virtual desktop or the first physical desktop based at least partly on said connection information;
  
  receive status information of the virtual and physical desktops and notification of events occurring on the virtual and physical desktops and record the events within a management database; and
  
  issue commands to cause the virtual and physical desktops in the desktop group to terminate a process, log off a user, shut down, or reboot;
  
  andan agent service running in said first virtual desktop, the agent service configured to;
  
  collect information about event information comprising user logon, logoff and disconnect events associated with the user client device; and
  
  send said event information to the broker service, wherein the broker service is configured to notify a user of the at least one client device to proceed with a connection to the first virtual desktop.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further comprising a plurality of application resources, wherein said application resources are published to the first virtual desktop to which the connection request has been routed.
  - 3. The system of claim 2, wherein said application resources are published to the first virtual desktop based on an access control list (ACL) for each published resource.
  - 4. The system of claim 1, wherein the plurality of physical desktops comprise blade computing devices.
  - 5. The system of claim 1, wherein at least one of the virtual desktops in the desktop group inherits application access rights associated with the desktop group.
  - 6. The system of claim 1, wherein the desktop group inherits a user-level policy.
  - 7. The system of claim 1, further comprising a plurality of application resources, wherein at least a portion of the plurality of application resources is published to the first virtual desktop.
  - 8. The system of claim 7, wherein each of the published application resources further comprises an access control list (ACL), and wherein user access to the published application resources is controlled based on the ACL.

9. A system for managing user access to a computer system over a network, the system comprising:
- at least one server computer configured to receive a connection request from at least one client device over a network, wherein the connection request comprises connection information about the at least one client device;
  
  a broker module executing on the at least one server computer, the broker module being configured to route the connection request, based on said connection information, to at least one of a cluster of a plurality of virtual desktops and a plurality of physical desktops, the plurality of virtual desktops comprising a plurality of virtual machines executing on at least one physical computing device, wherein each of the virtual desktops and the physical desktops are configured to operate a single-user operating system that is configured to run a first shell application that initializes a desktop associated with the single-user operating system in response to the connection request, wherein the cluster of virtual desktops and physical desktops form is a desktop group that is substantially equivalent to a Terminal Server and each virtual desktop and each physical desktop is substantially equivalent to a Terminal Server user session, and wherein each of the virtual machines encapsulates;
  
  an operating system environment of the single-user operating system;
  
  applications configured to run natively on the operating system;
  
  memory; and
  
  storage resources;
  
  wherein the broker module is further configured to;
  
  receive said connection request from a terminal device operated by a user;
  
  determine the user'"'"'s authorized access to the virtual desktops and the physical desktops in the desktop group based on an access control list;
  
  determine the user'"'"'s authorized access to one or more applications available in the virtual and physical desktops based on the access control list;
  
  display on the terminal device operated by the user, the virtual desktops, the physical desktops and the one or more applications authorized to be accessed by the user;
  
  select either a first virtual desktop from the cluster plurality of virtual desktops or a first physical desktop from the plurality of physical desktops in response to user input;
  
  route said connection request to either the first virtual desktop or the first physical desktop based at least partly on said connection information;
  
  receive status information of the virtual and physical desktops and notification of events occurring on the virtual and physical desktops and record the events within a management database; and
  
  issue commands to cause the virtual and physical desktops in the desktop group to terminate a process, log off a user, shut down, or reboot;
  
  a second shell program configured to provide multi-user Terminal Server functionality of allowing a user to start a desired application without starting a full desktop in an operating system configuration that is not capable of running as a multi-user Terminal Server, wherein the second shell program modifies the registry of the operating system and prevents the first shell application from starting, and wherein the second shell program is configured to receive from the client device, an instruction to start a desired application rather than the desktop; and
  
  a plurality of data collector modules, each of the data collector modules configured to;
  
  obtain event information regarding a selected one of the cluster of virtual and physical desktops, and wherein the plurality of data collector modules is configured to transmit the event information to the broker module, the event information comprising information regarding one or more of user log on, log off, and disconnect events, andsend heartbeat information to the broker module, the heartbeat information reflecting status of the selected virtual desktop or physical desktop, such that the broker module is further configured to mark the selected virtual or physical desktop offline in response to not receiving the heartbeat information.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of Claim 9, wherein the plurality of physical desktops comprises blade computing devices.
  - 11. The system of Claim 9, further comprising a plurality of application resources, wherein at least a portion of the plurality of application resources is published to at least one of the virtual desktops.
  - 12. The system of claim 11, wherein each of the published application resources further comprises an access control list (ACL), and wherein user access to the published application resources is controlled based on the ACL.
  - 13. The system of claim 11, wherein the desktop group comprises a predetermined number of virtual desktops corresponding to a predetermined number of users that are authorized to access the plurality of application resources.
  - 14. The system of claim 9, wherein the desktop group comprises at least a second desktop group, wherein the desktop group and the second desktop group comprise policy settings determining application access rights, and wherein the desktop group inherits the policy settings of the second desktop group.
  - 15. The system of claim 9, wherein the desktop group comprises at least a second desktop group, wherein the desktop group and the second desktop group have policy settings determining application access rights, and wherein the desktop group overrides the policy settings of the second desktop group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Ghostine, Peter E.
Primary Examiner(s)
JACOBS, LASHONDA T

Application Number

US12/078,174
Publication Number

US 20090248869A1
Time in Patent Office

2,028 Days
Field of Search

709/201, 709/238, 718/1
US Class Current

709/201
CPC Class Codes

H04L 51/046   Interoperability with other...

H04L 67/00   Network arrangements or pro...

H04L 67/01   Protocols

H04L 67/63   Routing a service request d...

H04W 48/08   Access restriction or acces...

H04W 76/40   for selective distribution ...

H04W 8/30   Network data restoration; N...

System for provisioning, allocating, and managing virtual and physical desktop computers in a network computing environment

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System for provisioning, allocating, and managing virtual and physical desktop computers in a network computing environment

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links