Domain controller safety-features and cloning

US 8,726,277 B2
Filed: 01/24/2012
Issued: 05/13/2014
Est. Priority Date: 01/24/2012
Status: Active Grant

First Claim

Patent Images

1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:

at a first logical time;

an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time;

at a second logical time after the first logical time;

an act of writing first data to the source domain controller to change the state of the source domain controller; and

an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can save state changes applied at the source domain controller;

at a third logical time after the second logical time;

an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time;

in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID;

in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller;

in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;

an act of creating a subsequent invocation ID for the rolled back source domain controller; and

an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and

an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and

at a fourth logical time after the third logical time;

an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and

and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for domain controller safety-features and cloning. Embodiments include cloning virtual domain controllers. Cloning permits virtual domain controllers to be rapidly deployed by copying/cloning the entire operating system state of an existing virtual domain controller. Other embodiments provide safety features protecting domain controllers running within virtual machines from introducing distributed corruption into a directory services data system. Protection is facilitated by detecting when a hypervisor or Virtual Machine Manager (“VMM”) uses features that cause a virtual machine to be rolled back in time outside of an operating system'"'"'s awareness. In response to detecting a feature that causes rollback, safeties can be implemented to compensate for otherwise divergent state and prevent the introduction of duplicate unique identifiers.

Citations

15 Claims

1. At a computer system including one or more processors and system memory, the computer system connected to a network along with one or more other computer systems, a method for maintaining domain controller consistency when a domain controller is rolled back, the method comprising:
- at a first logical time;
  
  an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time;
  
  at a second logical time after the first logical time;
  
  an act of writing first data to the source domain controller to change the state of the source domain controller; and
  
  an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can save state changes applied at the source domain controller;
  
  at a third logical time after the second logical time;
  
  an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time;
  
  in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID;
  
  in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller;
  
  in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;
  
  an act of creating a subsequent invocation ID for the rolled back source domain controller; and
  
  an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and
  
  an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and
  
  at a fourth logical time after the third logical time;
  
  an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and
  
  and an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1, further comprising:
    - an act of receiving back the first data along with the initial invocation ID from the target domain controller; and
      
      an act of re-writing the first data to the source domain controller to change the state of the source domain controller.
  - 3. The method as recited in claim 2, further comprising:
    - an act of maintaining one version of state from the source domain controller by writing the second data and the subsequent invocation ID; and
      
      an act of maintaining another version of state from the source domain controller by re-writing the first data and with the initial invocation ID.
  - 4. The method as recited in claim 1 wherein the act of sending the first data along with the initial invocation ID comprises an act of sending data corresponding to one or more Update Sequence Numbers (USNs).
  - 5. The method as recited in claim 1, wherein an act of creating a subsequent invocation ID comprises an act of creating a subsequent invocation ID that is statistically unique among all other invocation IDs on the network.

6. A computer system connected to a network along with one or more other computer systems, the computer system comprising:
- one or more processors; and
  
  system memory having stored computer executable instructions which, when executed by the one or more processors, implement a method for maintaining domain controller consistency when a domain controller is rolled back, the method including;
  
  at a first logical time;
  
  an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time;
  
  at a second logical time after the first logical time;
  
  an act of writing first data to the source domain controller to change the state of the source domain controller;
  
  at a third logical time after the second logical time;
  
  an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time;
  
  in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID;
  
  in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller;
  
  In response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;
  
  an act of creating a subsequent invocation ID for the rolled back source domain controller; and
  
  an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and
  
  an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and
  
  at a fourth logical time after the third logical time;
  
  an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and
  
  an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system recited in claim 6, wherein the method further comprises:
    - an act of receiving back the first data along with the initial invocation ID from the target domain controller; and
      
      an act of re-writing the first data to the source domain controller to change the state of the source domain controller.
  - 8. The system as recited in claim 7, wherein the method further comprises:
    - an act of maintaining one version of state from the source domain controller by writing the second data and the subsequent invocation ID; and
      
      an act of maintaining another version of state from the source domain controller by re-writing the first data and the initial invocation ID.
  - 9. The system recited in claim 6, wherein the act of sending the first data along with the initial invocation ID comprises an act of sending data corresponding to one or more Update Sequence Numbers (USNs).
  - 10. The system recited in claim 6, wherein the act of creating a subsequent invocation ID comprises an act of creating a subsequent invocation ID that is statistically unique among all other invocation IDs on the network.

11. A memory device having stored computer executable instructions which, when executed by one or more processors of a computing system, implement a method for maintaining domain controller consistency by the computing system when a domain controller is rolled back, the method including:
- at a first logical time;
  
  an act of creating a snapshot for a source domain controller including copying a state of a virtual hard drive of the source domain controller associated with a virtual machine, wherein the source domain controller has an initial invocation ID which is unique to the source domain controller, a saved virtual machine generation ID, and a current virtual machine generation ID, and wherein the saved virtual machine generation ID and the current virtual machine generation ID are consistent at the first logical time;
  
  at a second logical time after the first logical time;
  
  an act of writing first data to the source domain controller to change the state of the source domain controller; and
  
  an act of sending the first data along with the initial invocation ID to a target domain controller so that the target domain controller can save state changes applied at the source domain controller;
  
  at a third logical time after the second logical time;
  
  an act of applying the snapshot at the source domain controller to roll the state of the source domain controller back to a state at the first logical time;
  
  in response to applying the snapshot, an act of changing the current virtual machine generation ID to a new ID;
  
  in response to changing the current virtual machine generation ID, an act of detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent at the source domain controller;
  
  in response to detecting that the saved virtual machine generation ID and the current virtual machine generation ID are inconsistent;
  
  an act of creating a subsequent invocation ID for the rolled back source domain controller; and
  
  an act of copying the current virtual machine generation ID to the saved virtual machine generation ID; and
  
  an act of receiving second data, the second data received subsequent to the snapshot being applied and subsequent to the second logical time; and
  
  at a fourth logical time after the third logical time;
  
  an act of writing the received second data to the source domain controller to further change the state of the source domain controller; and
  
  an act of sending the second data along with the subsequent invocation ID to the target domain controller so that the target domain controller can apply additional state changes consistent with the further state changes at the source domain controller, without violating the consistency of state changes associated with the initial invocation ID.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The memory device recited in claim 11, wherein the method further comprises:
    - an act of receiving back the first data along with the initial invocation ID from the target domain controller; and
      
      an act of re-writing the first data to the source domain controller to change the state of the source domain controller.
  - 13. The memory device as recited in claim 12, wherein the method further comprises:
    - an act of maintaining one version of state from the source domain controller by writing the second data and the subsequent invocation ID; and
      
      an act of maintaining another version of state from the source domain controller by re-writing the first data and the initial invocation ID.
  - 14. The memory device recited in claim 11, wherein the act of sending the first data along with the initial invocation ID comprises an act of sending data corresponding to one or more Update Sequence Numbers (USNs).
  - 15. The memory device recited in claim 11, wherein the act of creating a subsequent invocation ID comprises an act of creating a subsequent invocation ID that is statistically unique among all other invocation IDs on the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wells, Dean Anthony, Guetat, Gregoire, Johnson, Gregory Christopher, Hegde, Uday, Hill, Richard
Primary Examiner(s)
Bullock, Jr., Lewis A
Assistant Examiner(s)
KEPNANG, GILLES R

Application Number

US13/357,045
Publication Number

US 20130191828A1
Time in Patent Office

840 Days
Field of Search

707/204, 707/610, 709224-225, 709/249, 714/48, 717/171, 718/1, 719/312, 726/6
US Class Current

718/1
CPC Class Codes

G06F 2009/45579   I/O management, e.g. provid...

G06F 8/63   Image based installation; C...

G06F 9/45558   Hypervisor-specific managem...

Domain controller safety-features and cloning

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Domain controller safety-features and cloning

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links