Handoff of virtual machines based on security requirements

US 9,396,016 B1
Filed: 05/27/2015
Issued: 07/19/2016
Est. Priority Date: 05/27/2015
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of transitioning a virtual machine from a first hypervisor to a second hypervisor, the method comprising:

identifying a request to transition the virtual machine from the first hypervisor to the second hypervisor;

determining security trust requirements for the virtual machine;

exchanging trust information between the first hypervisor and the second hypervisor, wherein exchanging the trust information comprises transferring, from the first hypervisor to the second hypervisor, at least one security phrase, receiving, in the first hypervisor from the second hypervisor, a security phrase response, and comparing the security phrase response with an expected result;

determining whether the second hypervisor is capable of supporting the virtual machine based on the trust information and the security trust requirements for the virtual machine; and

if the second hypervisor is capable of supporting the virtual machine, initiating a handoff of the virtual machine from the first hypervisor to the second hypervisor.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples disclosed herein provide systems, methods, and software to handoff virtual machines between hypervisors. In one implementation, a method of transitioning a virtual machine from a first hypervisor to a second hypervisor includes identifying a request to transition the virtual machine from the first hypervisor to the second hypervisor. The method further provides determining security trust requirements for the virtual machine, and exchanging trust information between the first hypervisor and the second hypervisor. The method further provides determining if the second hypervisor can support the virtual machine based on the security trust requirements and the trust information, and transitioning the device to the second hypervisor if the second hypervisor can support the virtual machine.

38 Citations

View as Search Results

16 Claims

1. A computer implemented method of transitioning a virtual machine from a first hypervisor to a second hypervisor, the method comprising:
- identifying a request to transition the virtual machine from the first hypervisor to the second hypervisor;
  
  determining security trust requirements for the virtual machine;
  
  exchanging trust information between the first hypervisor and the second hypervisor, wherein exchanging the trust information comprises transferring, from the first hypervisor to the second hypervisor, at least one security phrase, receiving, in the first hypervisor from the second hypervisor, a security phrase response, and comparing the security phrase response with an expected result;
  
  determining whether the second hypervisor is capable of supporting the virtual machine based on the trust information and the security trust requirements for the virtual machine; and
  
  if the second hypervisor is capable of supporting the virtual machine, initiating a handoff of the virtual machine from the first hypervisor to the second hypervisor.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the first hypervisor executes on a first host computing system and wherein the second hypervisor executes on a second host computing system.
  - 3. The method of claim 1 wherein exchanging the trust information between the first hypervisor and the second hypervisor comprises obtaining, in the first hypervisor from the second hypervisor, at least one of time slice information, processing resource availability information, memory resource availability information, or currently executing virtual machine information.
  - 4. The method of claim 3 wherein the currently executing virtual machine information comprises operational information for each virtual machine executing on the second hypervisor.
  - 5. The method of claim 1 wherein the virtual machine comprises virtual network element configured to forward data packets for a data service.

6. An apparatus to transition a virtual machine from a first hypervisor to a second hypervisor, the apparatus comprising:
- a processing system;
  
  one or more non-transitory computer readable media; and
  
  processing instructions stored on the one or more non-transitory computer readable media that, when executed by the processing system, direct the processing system to;
  
  identify a request to transition the virtual machine from the first hypervisor to the second hypervisor;
  
  determine security trust requirements for the virtual machine;
  
  exchange trust information between the first hypervisor and the second hypervisor, wherein exchanging the trust information comprises transferring, from the first hypervisor to the second hypervisor, at least one security phrase, receiving, in the first hypervisor from the second hypervisor, a security phrase response, and comparing the security phrase response with an expected result;
  
  determine whether the second hypervisor is capable of supporting the virtual machine based on the trust information and the security trust requirements for the virtual machine; and
  
  if the second hypervisor is capable of supporting the virtual machine, initiate a handoff of the virtual machine from the first hypervisor to the second hypervisor.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The apparatus of claim 6 wherein the first hypervisor executes on a first host computing system and wherein the second hypervisor executes on a second host computing system.
  - 8. The apparatus of claim 6 wherein the processing instructions to exchange the trust information between the first hypervisor and the second hypervisor direct the processing system to obtain, in the first hypervisor from the second hypervisor, at least one of time slice information, memory resource availability information, or currently executing virtual machine information.
  - 9. The apparatus of claim 8 wherein the currently executing virtual machine information comprises operational information for each virtual machine executing on the second hypervisor.
  - 10. The apparatus of claim 6 wherein the virtual machine comprises a virtual network element configured to forward data packets in a data service.
  - 11. The apparatus of claim 6 wherein the processing instructions further direct the processing system to, prior to transferring the at least one security phrase, generate the at least one security phrase in a security trust module.

12. A computing system to transition virtual machines between hypervisors, the computing system comprising:
- a first hypervisor;
  
  a second hypervisor;
  
  a target virtual machine executing via the first hypervisor;
  
  the first hypervisor configured to;
  
  identify a request to transition the target virtual machine from the first hypervisor to the second hypervisor;
  
  determine security trust requirements for the target virtual machine;
  
  exchange trust information with the second hypervisor, wherein exchanging the trust information includes transferring at least one security phrase to the second hypervisor, receiving a security phrase response from the second hypervisor, and comparing the security phrase response with an expected result;
  
  determine whether the second hypervisor is capable of supporting the virtual machine based on the trust information and the security trust requirements for the virtual machine; and
  
  if the second hypervisor is capable of supporting the virtual machine, initiate a handoff of the virtual machine from the first hypervisor to the second hypervisor; and
  
  the second hypervisor configured to exchange the trust information with the first hypervisor, wherein exchanging the trust information comprises receiving the at least one security phrase from the first hypervisor and transferring the security phrase response to the first hypervisor.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computing system of claim 12 wherein the computing system further comprises:
    - a first host computing system configured to execute the first hypervisor; and
      
      a second host computing system configured to execute the second hypervisor.
  - 14. The computing system of claim 12 wherein the first hypervisor configured to exchange trust information with the second hypervisor is configured to receive at least one of time slice information, memory resource availability information, or currently executing virtual machine information from the second hypervisor.
  - 15. The computing system of claim 14 wherein the currently executing virtual machine information comprises operational information for each virtual machine executing on the second hypervisor.
  - 16. The computing system of claim 12 wherein the target virtual machine comprises a virtual network element configured to forward data packets for a data service, and wherein the virtual network element comprises one of a gateway or router for the data service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Marquardt, Ronald R., Paczkowski, Lyle Walter, Rajagopal, Arun
Primary Examiner(s)
Rampuria, Satish

Application Number

US14/722,801
Time in Patent Office

419 Days
Field of Search

718 1-108
US Class Current

1/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

Handoff of virtual machines based on security requirements

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Handoff of virtual machines based on security requirements

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links