Domain controller safety-features and cloning
First Claim
1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
- at a first logical time;
an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time;
at a second logical time after the first logical time;
an act of writing first data to the source domain controller to change the state of the source domain controller; and
an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can save state changes applied at the source domain controller;
at a third logical time after the second logical time;
an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time;
in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID;
in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller;
in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;
an act of creating a subsequent invocation ID for the rolled back source domain controller; and
an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and
an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and
at a fourth logical time after the third logical time;
an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and
and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for domain controller safety-features and cloning. Embodiments include cloning virtual domain controllers. Cloning permits virtual domain controllers to be rapidly deployed by copying/cloning the entire operating system state of an existing virtual domain controller. Other embodiments provide safety features protecting domain controllers running within virtual machines from introducing distributed corruption into a directory services data system. Protection is facilitated by detecting when a hypervisor or Virtual Machine Manager (“VMM”) uses features that cause a virtual machine to be rolled back in time outside of an operating system'"'"'s awareness. In response to detecting a feature that causes rollback, safeties can be implemented to compensate for otherwise divergent state and prevent the introduction of duplicate unique identifiers.
-
Citations
15 Claims
-
1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
-
at a first logical time; an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time; at a second logical time after the first logical time; an act of writing first data to the source domain controller to change the state of the source domain controller; and an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can save state changes applied at the source domain controller; at a third logical time after the second logical time; an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time; in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID; in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller; in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent; an act of creating a subsequent invocation ID for the rolled back source domain controller; and an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and at a fourth logical time after the third logical time; an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system connected to a network along with one or more other computer systems, the computer system comprising:
-
one or more processors; and system memory having stored computer executable instructions which, when executed by the one or more processors, implement a method for maintaining domain controller consistency when a domain controller is rolled back, the method including; at a first logical time; an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time; at a second logical time after the first logical time; an act of writing first data to the source domain controller to change the state of the source domain controller; at a third logical time after the second logical time; an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time; in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID; in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller; In response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent; an act of creating a subsequent invocation ID for the rolled back source domain controller; and an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and at a fourth logical time after the third logical time; an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A memory device having stored computer executable instructions which, when executed by one or more processors of a computing system, implement a method for maintaining domain controller consistency by the computing system when a domain controller is rolled back, the method including:
-
at a first logical time; an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time; at a second logical time after the first logical time; an act of writing first data to the source domain controller to change the state of the source domain controller; and an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can save state changes applied at the source domain controller; at a third logical time after the second logical time; an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time; in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID; in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller; in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent; an act of creating a subsequent invocation ID for the rolled back source domain controller; and an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and at a fourth logical time after the third logical time; an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID. - View Dependent Claims (12, 13, 14, 15)
-
Specification