Adapt a virtual machine to comply with system enforced policies and derive an optimized variant of the adapted virtual machine
First Claim
1. An apparatus for enforcing policies to manage and control one or more virtual machines, the apparatus comprising:
- a memory storing instructions; and
a processor operably coupled to the memory, the processor configured to execute the instructions to;
receive a virtual machine event request, wherein the virtual machine event request includes a start virtual machine request of a first virtual machine;
detect non-compliance of the first virtual machine in a pre-execution state by applying a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system;
adapt the first virtual machine in the pre-execution state to comply with the policy-based compliance scheme;
process the virtual machine event request after adapting the first virtual machine;
detect non-compliance of the first virtual machine in a post-execution state;
adapt the first virtual machine in the post-execution state to comply with the policy-based compliance scheme; and
analyze adaptations made to the first virtual machine in the post-execution state and derive a new optimized variant virtual machine that has at least one adaptation different from (i) the first virtual machine in the pre-execution state and (ii) the adapted first virtual machine in the post-execution state, to create a second different virtual machine, wherein deriving the new optimized variant virtual machine comprises analyzing adaptations made to respective virtual machines of a virtual machine group in post-execution states, wherein the virtual machine group comprises the adapted first virtual machine and multiple other virtual machines, and based on the analyzing, adapting the virtual machine group including the adapted first virtual machine based on commonality of adaptations made to the virtual machine group after a single or multiple executions of each virtual machine in the virtual machine group.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for controlling and managing virtual machines and other such virtual systems. VM execution approval is based on compliance with policies controlling various aspects of VM. The techniques can be employed to benefit all virtual environments, such as virtual machines, virtual appliances, and virtual applications. For ease of discussion herein, assume that a virtual machine (VM) represents each of these environments. In one particular embodiment, a systems management partition (SMP) is created inside the VM to provide a persistent and resilient storage for management information (e.g., logical and physical VM metadata). The SMP can also be used as a staging area for installing additional content or agentry on the VM when the VM is executed. Remote storage of management information can also be used. The VM management information can then be made available for pre-execution processing, including policy-based compliance testing.
-
Citations
25 Claims
-
1. An apparatus for enforcing policies to manage and control one or more virtual machines, the apparatus comprising:
-
a memory storing instructions; and a processor operably coupled to the memory, the processor configured to execute the instructions to; receive a virtual machine event request, wherein the virtual machine event request includes a start virtual machine request of a first virtual machine; detect non-compliance of the first virtual machine in a pre-execution state by applying a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system; adapt the first virtual machine in the pre-execution state to comply with the policy-based compliance scheme; process the virtual machine event request after adapting the first virtual machine;
detect non-compliance of the first virtual machine in a post-execution state;adapt the first virtual machine in the post-execution state to comply with the policy-based compliance scheme; and analyze adaptations made to the first virtual machine in the post-execution state and derive a new optimized variant virtual machine that has at least one adaptation different from (i) the first virtual machine in the pre-execution state and (ii) the adapted first virtual machine in the post-execution state, to create a second different virtual machine, wherein deriving the new optimized variant virtual machine comprises analyzing adaptations made to respective virtual machines of a virtual machine group in post-execution states, wherein the virtual machine group comprises the adapted first virtual machine and multiple other virtual machines, and based on the analyzing, adapting the virtual machine group including the adapted first virtual machine based on commonality of adaptations made to the virtual machine group after a single or multiple executions of each virtual machine in the virtual machine group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus for enforcing policies to manage and control one or more virtual machines, the apparatus comprising:
-
a memory storing instructions; and a processor operably coupled to the memory, the processor configured to execute the instructions to; receive a virtual machine event request, wherein the virtual machine event request includes a start virtual machine request of a first virtual machine; detect non-compliance of the first virtual machine in a pre-execution state by applying a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system; adapt the first virtual machine in the pre-execution state to comply with the policy-based compliance scheme; process the virtual machine event request after adapting the first virtual machine; detect non-compliance of the first virtual machine in a post-execution state; adapt the first virtual machine in the post-execution state to comply with the policy-based compliance scheme; and analyze adaptations made to the first virtual machine in the post-execution state and derive a new optimized variant virtual machine that has at least one adaptation different from (i) the first virtual machine in the pre-execution state and (ii) the adapted first virtual machine in the post-execution state, to create a plurality of different virtual machines including at least a second virtual machine and a third virtual machine, wherein deriving the new optimized variant virtual machine comprises analyzing adaptations made to respective virtual machines of a virtual machine group in post-execution states, wherein the virtual machine group comprises the adapted first virtual machine and multiple other virtual machines, and based on the analyzing, adapting the virtual machine group including the adapted first virtual machine based on commonality of adaptations made to the virtual machine group after a single or multiple executions of each virtual machine in the virtual machine group. - View Dependent Claims (24)
-
-
25. A method of enforcing policies to manage and control one or more virtual machines, the method comprising:
-
receiving a virtual machine event request, wherein the virtual machine event request includes a start virtual machine request of a first virtual machine; detecting non-compliance of the first virtual machine in a pre-execution state by applying a policy-based compliance scheme of a managed system in response to receiving the virtual machine event request, wherein the policy-based compliance scheme of the managed system includes a plurality of compliance policies which are defined to enforce system wide control of execution of virtual machines within the managed system; adapting the first virtual machine in the pre-execution state to comply with the policy-based compliance scheme; processing the virtual machine event request after adapting the first virtual machine; detecting non-compliance of the first virtual machine in a post-execution state; adapting the first virtual machine in the post-execution state to comply with the policy-based compliance scheme; and analyzing adaptations made to the first virtual machine in the post-execution state and derive a new optimized variant virtual machine that has at least one adaptation different from (i) the first virtual machine in the pre-execution state and (ii) the adapted first virtual machine in the post-execution state, to create a second different virtual machine, wherein deriving the new optimized variant virtual machine comprises analyzing adaptations made to respective virtual machines of a virtual machine group in post-execution states, wherein the virtual machine group comprises the adapted first virtual machine and multiple other virtual machines, and based on the analyzing, adapting the virtual machine group including the adapted first virtual machine based on commonality of adaptations made to the virtual machine group after a single or multiple executions of each virtual machine in the virtual machine group.
-
Specification