Data processing apparatus and method with ownership table
US-2018129611-A1 · May 10, 2018 · US
Recovery environment for a virtual machine
US10296413B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10296413-B2 |
| Application number | US-201715447928-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 2, 2017 |
| Priority date | May 2, 2016 |
| Publication date | May 21, 2019 |
| Grant date | May 21, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for a recovery environment for a virtual machine are described herein. Generally, a recovery environment provides a secure environment in which a damaged virtual machine can undergo repair procedures without compromising the security of the damaged virtual machine. In at least some implementations, a recovery environment represents an instance of a virtual machine that is executed to wrap a damaged virtual machine to enable the damaged virtual machine to be repaired.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: one or more processors; and one or more computer-readable storage media storing computer-executable instructions that, responsive to execution by the one or more processors, cause the system to perform operations including: detecting that an error condition occurs relating to a virtual machine, the virtual machine having a particular level of access protection; and configuring a recovery virtual machine that enforces the particular level of access protection for the virtual machine and that enables the virtual machine to reduce the particular level of access protection while executing within the recovery virtual machine, the recovery virtual machine enforcing the particular level of access protection for the virtual machine while the virtual machine executing therein undergoes a repair procedure. 2. A system as described in claim 1 , wherein the virtual machine and the recovery virtual machine are hosted by a network-based service, the virtual machine is generated for a tenant device remote from the network-based service, and the recovery virtual machine is accessible to the tenant device. 3. A system as described in claim 1 , wherein the virtual machine and the recovery virtual machine are hosted by a network-based service, the virtual machine is generated for a tenant device remote from the network-based service, the recovery virtual machine is accessible to the tenant device, and the network-based service is prevented from accessing data of the virtual machine and the recovery virtual machine in unencrypted form. 4. A system as described in claim 1 , wherein the virtual machine includes a virtual storage location, and wherein said configuring the recovery virtual machine enables the recovery virtual machine to connect to the virtual storage location without copying data of the virtual storage location to the recovery virtual machine. 5. A system as described in claim 1 , wherein the virtual machine and the recovery virtual machine are hosted by a network-based service, the virtual machine is generated for a tenant device remote from the network-based service, and wherein said detecting comprises receiving an indication of the error event from the tenant device. 6. A system as described in claim 1 , wherein said configuring the recovery virtual machine comprises: saving description data that describes attributes of the virtual machine to a storage location; instantiating the recovery virtual machine; and causing the storage location to be accessible to the recovery virtual machine such that the recovery virtual machine can execute based on one or more of the attributes of the virtual machine. 7. A system as described in claim 1 , wherein said configuring the recovery virtual machine comprises: saving description data that describes attributes of the virtual machine to a storage location, the attributes including network information and storage information for the virtual machine; and causing network connectivity identified in the network information to be accessible to the recovery virtual machine, and the storage location to be accessible to the recovery virtual machine such that the recovery virtual machine can execute based on one or more of the attributes of the virtual machine to implement the recovery virtual machine. 8. A method comprising: detecting that an error condition occurs relating to a virtual machine executed by a hypervisor executing on a host, the virtual machine having a particular level of access protection secured by a secure key, wherein particular level of access protection secures access to the virtual machine prior to the error condition occurring; based on the detecting of the error condition, configuring a recovery virtual machine recovery that is executed by the hypervisor and that enforces the particular level of access protection for the virtual machine while executing within the recovery virtual machine, wherein the virtual machine is reconfigured to disable or reduce the particular level of access protection while executing within the recovery virtual machine, the recovery virtual machine enforcing the particular level of access protection for the virtual machine while the virtual machine undergoes a repair procedure while executing within the recovery virtual machine; and receiving an indication that the virtual machine is at least partially recovered, and based thereon causing the at least partially recovered virtual machine to be executed by the hypervisor and not the recovery virtual machine. 9. A method comprising as recited in claim 8 , wherein said detecting comprises receiving a notification of the error condition from a tenant device associated with the virtual machine. 10. A method as recited in claim 8 , wherein said configuring the recovery virtual machine comprises causing the recovery virtual machine to have access to network connectivity defined for the virtual machine. 11. A method as recited in claim 8 , wherein said generating the recovery virtual machine comprises: saving description data that describes attributes of the virtual machine to a storage location; and causing the storage location to be accessible to the recovery virtual machine such that the recovery virtual machine can execute based on one or more of the attributes of the virtual machine to implement the recovery virtual machine. 12. A method as recited in claim 8 , wherein said configuring the recovery virtual machine comprises: saving description data that describes attributes of the virtual machine to a storage location, the attributes including network information and storage information for the virtual machine; and causing the storage location to be accessible to the recovery virtual machine such that the recovery virtual machine can execute based on one or more of the attributes of the virtual machine. 13. A method as recited in claim 8 , wherein the recovery virtual machine secures access to the VM using the secure key. 14. A method as recited in claim 8 , wherein said causing the recovered virtual machine to be executed comprises instantiating the recovered virtual machine and causing the recovered virtual machine to execute using a repaired virtual machine definition generated for the recovered virtual machine. 15. A method as recited in claim 8 , wherein said causing the recovered virtual machine to be executed comprises causing the recovered virtual machine to execute using: a repaired virtual machine definition generated for the recovered virtual machine; and a data storage location that was previously allocated to the virtual machine prior to the error condition. 16. A method as recited in claim 8 , further comprising: writing a definition file that includes state information for the recovered virtual machine to a storage location; and enabling the recovered virtual machine to access the storage location effective to cause the recovered virtual machine to be execute at least in part using the definition file. 17. A method comprising: determining that an error condition occurs with a virtual machine; initiating a request that a recovery virtual machine be configured for executing the virtual machine; receiving a network address for the recovery virtual machine; and accessing the recovery virtual machine using the network address to perform a repair procedure on the virtual machine via interaction with the recovery virtual machine executing the virtual machine therein. 18. A method as recited in claim 17 , the configuring comprising receiving credentials, and
Assignees
Inventors
Classifications
- G06F11/0793Primary
Remedial or corrective actions (recovery from an exception in an instruction pipeline G06F9/3861; by retry G06F11/1402; for recovering from a failure of a protocol instance or entity H04L69/40) · CPC title
Isolation or security of virtual machine instances · CPC title
Memory management, e.g. access or allocation · CPC title
in a virtual computing platform, e.g. logically partitioned systems · CPC title
involving virtual machines · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10296413B2 cover?
- Techniques for a recovery environment for a virtual machine are described herein. Generally, a recovery environment provides a secure environment in which a damaged virtual machine can undergo repair procedures without compromising the security of the damaged virtual machine. In at least some implementations, a recovery environment represents an instance of a virtual machine that is executed to…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F11/0793. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 21 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).