Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment

US 9,715,401 B2
Filed: 09/15/2008
Issued: 07/25/2017
Est. Priority Date: 09/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method for secure live migration of a virtual machine (VM) in a virtualized computing environment, the method comprising:

selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment coupled to the secure virtualized environment over an unsecured computer communications network and blocking data communications between the selected VM and other VMs in the secure virtualized computing environment;

live migrating the selected VM to the different virtualized computing environment and restarting the selected VM in the different virtualized computing environment;

establishing a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment; and

,enabling data communications between the restarted VM and the other VMs over the secure communicative link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.

Citations

6 Claims

1. A method for secure live migration of a virtual machine (VM) in a virtualized computing environment, the method comprising:
- selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment coupled to the secure virtualized environment over an unsecured computer communications network and blocking data communications between the selected VM and other VMs in the secure virtualized computing environment;
  
  live migrating the selected VM to the different virtualized computing environment and restarting the selected VM in the different virtualized computing environment;
  
  establishing a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment; and
  
  ,enabling data communications between the restarted VM and the other VMs over the secure communicative link.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - adding a tunnel between a routing core of the secure virtualized computing environment and the different virtualized computing environment; and
      
      ,responsive to an update to the routing core permitting routing of data packets from the other VMs in the secure virtualized computing environment to the restarted VM, removing the tunnel.
  - 3. The method of claim 1, wherein establishing a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment comprises:
    - configuring an Internet protocol (IP) Security (IPSec) policy for secure communications between the different virtualized computing environment and the secure virtualized computing environment; and
      
      establishing an IPSec conformant communicative link between the different virtualized computing environment and the secure virtualized computing environment according to the configured IPSec policy.
  - 4. The method of claim 1, wherein enabling data communications between the restarted VM and other the VMs over the secure communicative link further comprises:
    - determining non-managed connections persisting between the restarted VM and other communicative entities;
      
      identifying unsecured ones of the non-managed connections; and
      
      resetting the identified unsecured ones of the non-managed connections as secured connections and re-establishing the unsecured ones of the non-managed connections as secured connections.

5. A virtualized computing data processing system comprising:
- a secure virtualized computing environment comprising a host server including a hypervisor managing a plurality of virtual machines (VMs) within the secure virtualized computing environment;
  
  a different virtualized computing environment coupled to the secure virtualized environment over an unsecured computer communications network, the different virtualized computing environment comprising a host server including a hypervisor managing a plurality of VMs within the different virtualized computing environment; and
  
  live migration logic executing in a computer and communicating with each of the secure virtualized computing environment and the different virtualized computing environment, the logic comprising program code enabled to select one of the VMs in the secure virtualized computing environment for live migration to the different virtualized computing environment and to block data communications between the selected VM and other VMs in the secure virtualized computing environment, to live migrate the selected VM to the different virtualized computing environment and to restart the selected VM in the different virtualized computing environment, to establish a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment, and to enable data communications between the restarted VM and the other VMs in the secure virtualized computing environment over the secure communicative link.
- View Dependent Claims (6)
- - 6. The system of claim 5, wherein the secure communicative link is an Internet protocol (IP) Security (IPSec) conformant secure communicative link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Devine, Wesley M., Huynh, Lap T., Law, Michael S., Overby, Jr., Linwood H., Joseph, Dinakaran, Gottimukkala, Sivaram
Primary Examiner(s)
Huisman, David J

Application Number

US12/210,249
Publication Number

US 20100071025A1
Time in Patent Office

3,235 Days
Field of Search

718 1, 709221, 709223, 709224, 709226, 709230, 709238
US Class Current
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 9/45558   Hypervisor-specific managem...

G06F 9/4856   resumption being on a diffe...

Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links