Compliance-based adaptations in managed virtual systems
First Claim
1. A method for enforcing a policy associated with a virtual appliance, the method comprising:
- receiving a virtual appliance event request;
receiving first data about the virtual appliance in response to receiving the virtual appliance event request, wherein the first data about the virtual appliance was extracted prior to initiating the virtual appliance and prior to receiving the virtual appliance event request, and the first data was stored prior to receiving the virtual appliance event request for later processing after receiving the virtual appliance event request;
receiving second different data from an environment outside the virtual appliance in response to receiving the virtual appliance event request;
determining whether an internal non-compliance by the virtual appliance of a first policy-based compliance scheme exists based on the first data that was stored prior to receiving the virtual appliance event request;
determining whether an external non-compliance by the virtual appliance as provided in the environment of a second different policy-based compliance scheme exists based on the second different data; and
in response to determining that at least one of the internal non-compliance and the external non-compliance exists, at least one of denying the virtual appliance event request, providing a notification of non-compliance, adapting the virtual appliance, and adapting the environment.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for controlling and managing virtual machines and other such virtual systems. VM execution approval is based on compliance with policies controlling various aspects of VM. The techniques can be employed to benefit all virtual environments, such as virtual machines, virtual appliances, and virtual applications. For ease of discussion herein, assume that a virtual machine (VM) represents each of these environments. In one particular embodiment, a systems management partition (SMP) is created inside the VM to provide a persistent and resilient storage for management information (e.g., logical and physical VM metadata). The SMP can also be used as a staging area for installing additional content or agentry on the VM when the VM is executed. Remote storage of management information can also be used. The VM management information can then be made available for pre-execution processing, including policy-based compliance testing.
148 Citations
50 Claims
-
1. A method for enforcing a policy associated with a virtual appliance, the method comprising:
-
receiving a virtual appliance event request; receiving first data about the virtual appliance in response to receiving the virtual appliance event request, wherein the first data about the virtual appliance was extracted prior to initiating the virtual appliance and prior to receiving the virtual appliance event request, and the first data was stored prior to receiving the virtual appliance event request for later processing after receiving the virtual appliance event request; receiving second different data from an environment outside the virtual appliance in response to receiving the virtual appliance event request; determining whether an internal non-compliance by the virtual appliance of a first policy-based compliance scheme exists based on the first data that was stored prior to receiving the virtual appliance event request; determining whether an external non-compliance by the virtual appliance as provided in the environment of a second different policy-based compliance scheme exists based on the second different data; and in response to determining that at least one of the internal non-compliance and the external non-compliance exists, at least one of denying the virtual appliance event request, providing a notification of non-compliance, adapting the virtual appliance, and adapting the environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for enforcing a policy associated with a virtual appliance, the apparatus comprising:
-
a hardware processor, and a machine readable medium storing instructions which, when executed by the hardware processor, cause the hardware processor to; receive a virtual appliance event request; receive first data about the virtual appliance in response to receiving the virtual appliance event request, wherein the first data about the virtual appliance was extracted prior to initiating the virtual appliance and prior to receiving the virtual appliance event request, and the first data was stored prior to receiving the virtual appliance event request for later processing after receiving the virtual appliance event request; receive second different data from an environment outside the virtual appliance in response to receiving the virtual appliance event request; determine whether an internal non-compliance by the virtual appliance of a first policy-based compliance scheme exists based on the first data that was stored prior to receiving the virtual appliance event request; determine whether an external non-compliance by the virtual appliance as provided in the environment of a second different policy-based compliance scheme exists based on the second different data; and in response to determining that at least one of the internal non-compliance and the external non-compliance exists, at least one of deny the virtual appliance event request, provide a notification of non-compliance, adapt the virtual appliance, and adapt the environment. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A non-transitory machine readable medium storing a program for enforcing a policy associated with a virtual appliance, which when executed by a processor, causes the processor to:
-
receive a virtual appliance event request; receive first data about the virtual appliance in response to receiving the virtual appliance event request, wherein the first data about the virtual appliance was extracted prior to initiating the virtual appliance and prior to receiving the virtual appliance event request, and the first data was stored prior to receiving the virtual appliance event request for later processing after receiving the virtual appliance event request; receive second different data from an environment outside the virtual appliance in response to receiving the virtual appliance event request; determine whether an internal non-compliance by the virtual appliance of a first policy-based compliance scheme exists based on the first data that was stored prior to receiving the virtual appliance event request; determine whether an external non-compliance by the virtual appliance as provided in the environment of a second different policy-based compliance scheme exists based on the second different data; and in response to determining that at least one of the internal non-compliance and the external non-compliance exists, at least one of deny the virtual appliance event request, provide a notification of non-compliance, adapt the virtual appliance, and adapt the environment. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification