Control and management of virtual systems

US 8,949,826 B2
Filed: 11/27/2007
Issued: 02/03/2015
Est. Priority Date: 10/17/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus for enforcing a policy associated with a virtual machine, the apparatus comprising:

a memory storing instructions; and

a computing device communicatively coupled to a first virtual machine, the computing device including a processor operably coupled to the memory device, the processor executing the instructions to;

receive a virtual machine event request;

detect non-compliance by the first virtual machine of a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system;

adapt the first virtual machine to comply with the policy-based compliance scheme;

process the virtual machine event request after adapting the first virtual machine; and

analyze adaptations made to the first virtual machine, after adapting the first virtual machine, to derive an optimized variant of the adapted first virtual machine to create a second different virtual machine,wherein adapting the first virtual machine includes validating adaptations made to the first virtual machine, andwherein validating adaptations made includes repeating policy-based compliance testing that was used to determine the first virtual machine was non-compliant.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for controlling and managing virtual machines and other such virtual systems. VM execution approval is based on compliance with policies controlling various aspects of VM. The techniques can be employed to benefit all virtual environments, such as virtual machines, virtual appliances, and virtual applications. For ease of discussion herein, assume that a virtual machine (VM) represents each of these environments. In one particular embodiment, a systems management partition (SMP) is created inside the VM to provide a persistent and resilient storage for management information (e.g., logical and physical VM metadata). The SMP can also be used as a staging area for installing additional content or agentry on the VM when the VM is executed. Remote storage of management information can also be used. The VM management information can then be made available for pre-execution processing, including policy-based compliance testing.

149 Citations

26 Claims

1. An apparatus for enforcing a policy associated with a virtual machine, the apparatus comprising:
- a memory storing instructions; and
  
  a computing device communicatively coupled to a first virtual machine, the computing device including a processor operably coupled to the memory device, the processor executing the instructions to;
  
  receive a virtual machine event request;
  
  detect non-compliance by the first virtual machine of a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system;
  
  adapt the first virtual machine to comply with the policy-based compliance scheme;
  
  process the virtual machine event request after adapting the first virtual machine; and
  
  analyze adaptations made to the first virtual machine, after adapting the first virtual machine, to derive an optimized variant of the adapted first virtual machine to create a second different virtual machine,wherein adapting the first virtual machine includes validating adaptations made to the first virtual machine, andwherein validating adaptations made includes repeating policy-based compliance testing that was used to determine the first virtual machine was non-compliant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The apparatus of claim 1, wherein the virtual machine event request includes at least one of a start virtual machine request and a stop virtual machine request.
  - 3. The apparatus of claim 1, wherein the virtual machine event request includes a pause virtual machine request.
  - 4. The apparatus of claim 1, wherein the virtual machine event request includes a move virtual machine request.
  - 5. The apparatus of claim 1, wherein the virtual machine event request includes a clone virtual machine request.
  - 6. The apparatus of claim 1, wherein the virtual machine event request includes a create new virtual machine request.
  - 7. The apparatus of claim 1, wherein the virtual machine event request includes a deploy virtual machine from template request.
  - 8. The apparatus of claim 1, wherein the non-compliance includes at least one of software that has not been installed on the first virtual machine, software that has been removed from the first virtual machine, and software that has not been updated on the first virtual machine.
  - 9. The apparatus of claim 1, wherein adapting the first virtual machine includes insertion of data into the first virtual machine.
  - 10. The apparatus of claim 1, wherein adapting the first virtual machine includes at least one of updating a virus definition, installing anti-virus software, installing a security patch, executing an anti-virus scanning application, removing malware, and disabling malware.
  - 11. The apparatus of claim 10, wherein the malware includes at least one of a virus, worm, trojan horse, rootkit, spyware, and adware.
  - 12. The apparatus of claim 1, wherein adapting the first virtual machine includes adjusting security settings associated with the first virtual machine.
  - 13. The apparatus of claim 1, wherein adapting the first virtual machine comprises deleting unauthorized content from the first virtual machine.
  - 14. The apparatus of claim 1, wherein adapting the first virtual machine includes at least one of obtaining necessary licensing associated with the first virtual machine and automatically issuing a notification to an administrator to obtain licensing associated with the first virtual machine.
  - 15. The apparatus of claim 1, wherein adapting the first virtual machine includes scheduling at least one of an agent and a process to carryout remedial action.
  - 16. The apparatus of claim 15, wherein scheduling at least one of an agent or process includes at least one of requesting, transferring, downloading, and installing at least one of security updates for the first virtual machine and security patches for the first virtual machine.
  - 17. The apparatus of claim 15, wherein scheduling at least one of an agent or process includes at least one of searching for and eradicating malware associated with the first virtual machine.
  - 18. The apparatus of claim 15, wherein scheduling at least one of an agent or process includes registering the first virtual machine for use in a managed system.
  - 19. The apparatus of claim 1, wherein adapting the first virtual machine includes restricting access permissions, so that the first virtual machine can only access certain content, resources, and areas of a managed system.
  - 20. The apparatus of claim 1, wherein adapting the first virtual machine includes at least one of adding, updating, and deleting user account information, so as to limit account authority associated with the first virtual machine.
  - 21. The apparatus of claim 1, wherein the first virtual machine is at least one of a virtual application and a virtual appliance.
  - 22. The apparatus of claim 1, wherein a group includes a plurality of virtual machines, and the computing device is programmed to include the adaptation in the first virtual machine if a quorum of the plurality of virtual machines have received the adaptation.
  - 23. The apparatus of claim 1, wherein the adaptations made to the first virtual machine include at least a first adaptation which occurred a plurality of times during a plurality of executions of the first virtual machine.
  - 24. The apparatus of claim 23, wherein the first adaptation was consistently made during execution of the first virtual machine.

25. An apparatus for enforcing a policy associated with a virtual machine, the apparatus comprising:
- a memory storing instructions; and
  
  a computing device communicatively coupled to a first virtual machine, the computing device including a processor operably coupled to the memory device, the processor executing the instructions to;
  
  receive a virtual machine event request;
  
  detect non-compliance by the first virtual machine of a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system;
  
  adapt the first virtual machine to comply with the policy-based compliance scheme;
  
  process the virtual machine event request after adapting the first virtual machine; and
  
  analyze adaptations made to the first virtual machine, after adapting the first virtual machine, to derive an optimized variant of the adapted first virtual machine to create a second different virtual machine,wherein the adaptations made to the first virtual machine include at least a first adaptation which occurred a plurality of times during a plurality of executions of the first virtual machine.
- View Dependent Claims (26)
- - 26. The apparatus of claim 25, wherein the first adaptation was consistently made during execution of the first virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Managelq Incorporated
Inventors
Fitzgerald, Joseph, Barenboim, Oleg
Primary Examiner(s)
An, Meng
Assistant Examiner(s)
Arcos, Caroline H

Application Number

US11/945,945
Publication Number

US 20080134178A1
Time in Patent Office

2,625 Days
Field of Search
US Class Current

718/1
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45575   Starting, stopping, suspend...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45537   Provision of facilities of ...

Control and management of virtual systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Control and management of virtual systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links