Method of and system for computer system state checks

US 9,424,154 B2
Filed: 11/07/2008
Issued: 08/23/2016
Est. Priority Date: 01/10/2007
Status: Active Grant

First Claim

Patent Images

1. A method of system state analysis of a computational system comprising:

specifying a scope of state information to be captured based on a selected analysis to be performed on captured state information, wherein the scope of the state information is to include at least kernel memory information if the selected analysis is a first type of analysis, wherein the scope of the state information is to exclude kernel memory information if the selected analysis is a second type of analysis, and wherein the scope of the state information is specified for one or more selected guest machines of a plurality of guest machines running on a virtual machine layer of a computational system;

controlling the virtual machine layer to capture selective state information of the one or more selected guest machines running on the virtual machine layer, wherein the selective state information is within the specified scope of the state information; and

analyzing the captured selective state information according to the selected analysis, wherein the selected analysis includes a policy containing an attribute, and wherein the attribute is used to analyze a portion of the captured selective state information, wherein the second type of analysis is a compliance check to validate that the computational system includes a desired system configuration, and wherein the first type of analysis is to;

validate kernel data structures in the kernel memory of a kernel have not been corrupted;

validate the kernel is properly configured; and

validate the kernel includes necessary components.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for and method of system state analysis of a computational system. The method is comprised of capturing selective state information of a computational system configured to operated with one or more guest machines running on a virtual machine layer and configured to output state information. The state information is then analyzed to for compliance checking. The system for system state analysis is comprised of a storage system, computation hardware configured to run the guest machines and the virtual machine layer, guest machines, a virtual machine layer configured to output guest machine state information, a system state snapshot server configured to control the virtual machine layer for the capture of state information.

400 Citations

25 Claims

1. A method of system state analysis of a computational system comprising:
- specifying a scope of state information to be captured based on a selected analysis to be performed on captured state information, wherein the scope of the state information is to include at least kernel memory information if the selected analysis is a first type of analysis, wherein the scope of the state information is to exclude kernel memory information if the selected analysis is a second type of analysis, and wherein the scope of the state information is specified for one or more selected guest machines of a plurality of guest machines running on a virtual machine layer of a computational system;
  
  controlling the virtual machine layer to capture selective state information of the one or more selected guest machines running on the virtual machine layer, wherein the selective state information is within the specified scope of the state information; and
  
  analyzing the captured selective state information according to the selected analysis, wherein the selected analysis includes a policy containing an attribute, and wherein the attribute is used to analyze a portion of the captured selective state information, wherein the second type of analysis is a compliance check to validate that the computational system includes a desired system configuration, and wherein the first type of analysis is to;
  
  validate kernel data structures in the kernel memory of a kernel have not been corrupted;
  
  validate the kernel is properly configured; and
  
  validate the kernel includes necessary components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the attribute of the policy comprises one of a parameter, a system characteristic, a range, or specific system-related data to be compared to at least a portion of the captured selective state information.
  - 3. The method of claim 1, further comprising storing the captured selective state information within a storage system.
  - 4. The method of claim 3, wherein the storage system is a distributed disk storage system.
  - 5. The method of claim 1, wherein the controlling of the virtual machine layer is through a process executing on a single one of the guest machines.
  - 6. The method of claim 1, wherein the controlling of the virtual machine layer is through a process executing on a second computational system.
  - 7. The method of claim 1, further comprising issuing a configuration change ticket, wherein the controlling the virtual machine layer and the analyzing the captured selective state information are performed in response to the issuing of the change ticket.
  - 8. The method of claim 7, wherein a configuration change specified in the configuration change ticket is implemented before the selective state information for the one or more guest machines is captured.
  - 9. The method of claim 8, wherein the issuing of a change ticket includes change process rules and the analysis of the captured selective state information includes the change process rules.
  - 10. The method of claim 1, wherein the controlling the virtual machine layer is triggered by at least one of a scheduled system state analysis, a change to a policy, and event triggers.

11. A system for analyzing the state of a system comprising:
- one or more guest machines;
  
  a storage system;
  
  a virtual machine layer interfaced to the one or more guest machines, wherein the virtual machine layer is configured to generate state information for the one or more guest machines;
  
  a system state snapshot server configured to;
  
  specify a scope of state information to be captured based on a selected analysis to be performed on captured state information, wherein the scope of the state information is to include at least kernel memory information if the selected analysis is a first type of analysis, wherein the scope of the state information is to exclude kernel memory information if the selected analysis is a second type of analysis, and wherein the scope of the state information is specified for at least one selected guest machine of the one or more guest machines;
  
  control the virtual machine layer to capture selective state information for the at least one selected guest machine;
  
  analyze the captured selective state information; and
  
  produce a state analysis result, wherein the captured selective state information is within the specified scope of state information, wherein the captured selective state information is analyzed according to the selected analysis, and wherein the selected analysis includes a policy containing an attribute that is used to analyze a portion of the captured selective state information; and
  
  a first computational hardware unit configured to execute the one or more guest machines and the virtual machine layer and coupled to the storage system, wherein the second type of analysis is a compliance check to validate that the computational system includes a desired system configuration, and wherein the first type of analysis is to;
  
  validate kernel data structures in the kernel memory of a kernel have not been corrupted;
  
  validate the kernel is properly configured; and
  
  validate the kernel includes necessary components.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The system of claim 11, wherein the state snapshot server is configured to execute within one of the guest machines.
  - 13. The system of claim 11, wherein the attribute of the policy comprises one of a parameter, a system characteristic, a range, or specific system-related data to be compared to at least a portion of the captured selective state information.
  - 14. The system of claim 11, further comprising a second computational hardware unit, wherein the second computational hardware unit is configured to execute the state snapshot server.
  - 15. The system of claim 14, wherein the storage system and the first computational hardware communicate over a storage area network.
  - 16. The system of claim 11, wherein the system state snapshot server is configured to control the virtual machine layer to generate the selective state information upon the occurrence of at least one of a scheduled system state analysis, a change to a policy, and event triggers.
  - 17. The system of claim 11, further comprising a configuration management server configured to communicate with the state snapshot server, wherein the configuration management server is configured to issue a configuration change ticket, and wherein in response to the issuing the configuration change ticket, the state snapshot server is configured to capture the selective state information from the at least one guest machine and analyze the captured selective state information.
  - 18. The system of claim 17, wherein the system configuration change ticket indicates a system configuration change, and wherein the system configuration change is implemented before the state snapshot server captures the selective state information from the at least one guest machine and analyzes the captured selective state information.
  - 19. The system of claim 17, wherein the configuration management system is configured with change process rules.
  - 20. The system of claim 17, wherein the configuration management server uses the state analysis results in an analysis of configuration management changes.
  - 21. The system of claim 20, wherein the configuration management ticket is modified to include at least part of the state analysis results.

22. One or more processor readable storage devices having processor readable code embodied on the processor readable devices for programming one or more processors to perform operations comprising:
- specifying a scope of state information to be captured based on a selected analysis to be performed on captured state information, wherein the scope of the state information is to include at least kernel memory information if the selected analysis is a first type of analysis, wherein the scope of the state information is to exclude kernel memory information if the selected analysis is a second type of analysis, and wherein the scope of the state information is specified for one or more selected guest machines of a plurality of guest machines running on a virtual machine layer of a computational system;
  
  controlling the virtual machine layer to capture selective state information of the one or more selected guest machines running on the virtual machine layer, wherein the selective state information is within the specified scope of state information; and
  
  analyzing the captured selective state information according to the selected analysis, wherein the selected analysis includes a policy containing an attribute that is used to analyze a portion of the captured selective state information, wherein the second type of analysis is a compliance check to validate that the computational system includes a desired system configuration, and wherein the first type of analysis is to;
  
  validate kernel data structures in the kernel memory of a kernel have not been corrupted;
  
  validate the kernel is properly configured; and
  
  validate the kernel includes necessary components.
- View Dependent Claims (23, 24, 25)
- - 23. The one or more processor readable storage devices of claim 22, wherein the attribute of the policy comprises one of a parameter, a system characteristic, a range, or specific system-related data to be compared to at least a portion of the captured selective state information.
  - 24. The one or more processor readable storage devices of claim 22, the operations further comprising storing the captured selective state information within a storage system.
  - 25. The one or more processor readable storage devices of claim 22, wherein if the first type of analysis includes a system security check, the scope of the state information is to include a combination of the kernel memory information, user memory information, and file-related information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Bhargava, Rishi, Reese, David P. Jr.
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
FORMAN, JAMES Q

Application Number

US12/291,232
Publication Number

US 20130247032A1
Time in Patent Office

2,846 Days
Field of Search

718/1, 726/17
US Class Current

1/1
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3051   Monitoring arrangements for...

G06F 2009/45591   Monitoring or debugging sup...

G06F 9/45558   Hypervisor-specific managem...

Method of and system for computer system state checks

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

400 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Method of and system for computer system state checks

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

400 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others